use of com.nimbusds.jose.JWSHeader in project carbon-apimgt by wso2.
the class JWTWithRSASignatureImpl method rsaSignAndSerialize.
/**
* {@inheritDoc}
*/
@Override
public String rsaSignAndSerialize(RSAPrivateKey rsaPrivateKey, JWTClaimsSet claimsSet) throws APIManagementException {
if (rsaPrivateKey == null) {
throw new IllegalArgumentException("The private key must not be null");
}
if (claimsSet == null) {
throw new IllegalArgumentException("The JWTClaimsSet must not be null");
}
JWSSigner signer = new RSASSASigner(rsaPrivateKey);
SignedJWT jwt = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);
try {
jwt.sign(signer);
} catch (JOSEException e) {
throw new APIManagementException("Error signing JWT ", e);
}
return jwt.serialize();
}
use of com.nimbusds.jose.JWSHeader in project java-docs-samples by GoogleCloudPlatform.
the class BuildIapRequest method getSignedJwt.
private static String getSignedJwt(ServiceAccountCredentials credentials, String iapClientId) throws Exception {
Instant now = Instant.now(clock);
long expirationTime = now.getEpochSecond() + EXPIRATION_TIME_IN_SECONDS;
// generate jwt signed by service account
// header must contain algorithm ("alg") and key ID ("kid")
JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(credentials.getPrivateKeyId()).build();
// set required claims
JWTClaimsSet claims = new JWTClaimsSet.Builder().audience(OAUTH_TOKEN_URI).issuer(credentials.getClientEmail()).subject(credentials.getClientEmail()).issueTime(Date.from(now)).expirationTime(Date.from(Instant.ofEpochSecond(expirationTime))).claim("target_audience", iapClientId).build();
// sign using service account private key
JWSSigner signer = new RSASSASigner(credentials.getPrivateKey());
SignedJWT signedJwt = new SignedJWT(jwsHeader, claims);
signedJwt.sign(signer);
return signedJwt.serialize();
}
use of com.nimbusds.jose.JWSHeader in project java-docs-samples by GoogleCloudPlatform.
the class VerifyIapRequestHeader method verifyJwt.
private boolean verifyJwt(String jwtToken, String expectedAudience) throws Exception {
// parse signed token into header / claims
SignedJWT signedJwt = SignedJWT.parse(jwtToken);
JWSHeader jwsHeader = signedJwt.getHeader();
// header must have algorithm("alg") and "kid"
Preconditions.checkNotNull(jwsHeader.getAlgorithm());
Preconditions.checkNotNull(jwsHeader.getKeyID());
JWTClaimsSet claims = signedJwt.getJWTClaimsSet();
// claims must have audience, issuer
Preconditions.checkArgument(claims.getAudience().contains(expectedAudience));
Preconditions.checkArgument(claims.getIssuer().equals(IAP_ISSUER_URL));
// claim must have issued at time in the past
Date currentTime = Date.from(Instant.now(clock));
Preconditions.checkArgument(claims.getIssueTime().before(currentTime));
// claim must have expiration time in the future
Preconditions.checkArgument(claims.getExpirationTime().after(currentTime));
// must have subject, email
Preconditions.checkNotNull(claims.getSubject());
Preconditions.checkNotNull(claims.getClaim("email"));
// verify using public key : lookup with key id, algorithm name provided
ECPublicKey publicKey = getKey(jwsHeader.getKeyID(), jwsHeader.getAlgorithm().getName());
Preconditions.checkNotNull(publicKey);
JWSVerifier jwsVerifier = new ECDSAVerifier(publicKey);
return signedJwt.verify(jwsVerifier);
}
use of com.nimbusds.jose.JWSHeader in project Payara by payara.
the class AzureSecretsConfigSource method buildJwt.
private static SignedJWT buildJwt(final String issuer, final String audience, final String thumbprint) {
Instant now = Instant.now();
Instant expiry = now.plus(1, ChronoUnit.MINUTES);
JWTClaimsSet claims = new JWTClaimsSet.Builder().subject(issuer).audience(audience).expirationTime(Date.from(expiry)).issueTime(Date.from(now)).issuer(issuer).build();
byte[] bytes = DatatypeConverter.parseHexBinary(thumbprint);
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).x509CertThumbprint(Base64URL.encode(bytes)).build();
return new SignedJWT(header, claims);
}
use of com.nimbusds.jose.JWSHeader in project tomee by apache.
the class Tokens method asToken.
public static String asToken(final String claims) throws Exception {
final PrivateKey pk = readPrivateKey("/testkey.pem");
try {
final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build();
final JWTClaimsSet claimsSet = JWTClaimsSet.parse(claims);
final SignedJWT jwt = new SignedJWT(header, claimsSet);
jwt.sign(new RSASSASigner(pk));
return jwt.serialize();
} catch (Exception e) {
throw new RuntimeException("Could not sign JWT");
}
}
Aggregations