Search in sources :

Example 1 with JWSSigner

use of com.nimbusds.jose.JWSSigner in project ratauth by alfa-laboratory.

the class HS256TokenProcessor method createToken.

@Override
@SneakyThrows
public String createToken(String clientId, String secret, String identifier, Date created, Date expiresIn, Set<String> audience, Set<String> scopes, Collection<String> authContext, String userId, Map<String, Object> userInfo) {
    final JWSSigner signer = new MACSigner(Base64.getDecoder().decode(secret));
    final List<String> aud = new ArrayList<>(audience);
    aud.add(clientId);
    // Prepare JWT with claims set
    JWTClaimsSet.Builder jwtBuilder = new JWTClaimsSet.Builder().issuer(issuer).subject(userId).expirationTime(expiresIn).audience(aud).claim(SCOPE, scopes).claim(CLIENT_ID, clientId).claim(ACR_VALUES, authContext).jwtID(identifier).issueTime(created);
    userInfo.forEach(jwtBuilder::claim);
    SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), jwtBuilder.build());
    // Apply the HMAC protection
    signedJWT.sign(signer);
    // eyJhbGciOiJIUzI1NiJ9.SGVsbG8sIHdvcmxkIQ.onO9Ihudz3WkiauDO2Uhyuz0Y18UASXlSc1eS0NkWyA
    return signedJWT.serialize();
}
Also used : MACSigner(com.nimbusds.jose.crypto.MACSigner) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader) SneakyThrows(lombok.SneakyThrows)

Example 2 with JWSSigner

use of com.nimbusds.jose.JWSSigner in project ORCID-Source by ORCID.

the class OpenIDConnectKeyService method sign.

/**
 * Get the private key for signing
 *
 * @return
 * @throws JOSEException
 */
public SignedJWT sign(JWTClaimsSet claims) throws JOSEException {
    JWSSigner signer = new RSASSASigner(privateJWK);
    JWSHeader.Builder head = new JWSHeader.Builder(defaultAlg);
    head.keyID(getDefaultKeyID());
    SignedJWT signedJWT = new SignedJWT(head.build(), claims);
    signedJWT.sign(signer);
    return signedJWT;
/* For HMAC we could do the following.  This may be useful for the implicit flow:
        ClientDetailsEntity clientEntity = clientDetailsEntityCacheManager.retrieve(authentication.getOAuth2Request().getClientId());
        JWSSigner signer = new MACSigner(StringUtils.rightPad(clientEntity.getDecryptedClientSecret(), 32, "#").getBytes());
        signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claims.build());
        signedJWT.sign(signer);     
         */
}
Also used : RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 3 with JWSSigner

use of com.nimbusds.jose.JWSSigner in project knox by apache.

the class JWTTokenTest method testTokenSignatureRS512.

@Test
public void testTokenSignatureRS512() throws Exception {
    String[] claims = new String[4];
    claims[0] = "KNOXSSO";
    claims[1] = "john.doe@example.com";
    claims[2] = "https://login.example.com";
    claims[3] = Long.toString((System.currentTimeMillis() / 1000) + 300);
    JWT token = new JWTToken(JWSAlgorithm.RS512.getName(), claims);
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertEquals("https://login.example.com", token.getAudience());
    assertTrue(token.getHeader().contains(JWSAlgorithm.RS512.getName()));
    // Sign the token
    JWSSigner signer = new RSASSASigner(privateKey);
    token.sign(signer);
    assertTrue(token.getSignaturePayload().length > 0);
    // Verify the signature
    JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
    assertTrue(token.verify(verifier));
}
Also used : RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) JWSVerifier(com.nimbusds.jose.JWSVerifier) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) JWSSigner(com.nimbusds.jose.JWSSigner) Test(org.junit.Test)

Example 4 with JWSSigner

use of com.nimbusds.jose.JWSSigner in project ovirt-engine by oVirt.

the class OpenIdUtils method createJWT.

/**
 * Create a Java web token and sign with the RSA key. Used by the openid userinfo endpoint to send userinfo back.
 */
public static String createJWT(HttpServletRequest request, SsoSession ssoSession, String clientId) throws JOSEException {
    // Create RSA-signer with the private key
    JWSSigner signer = new RSASSASigner(keyPair.getPrivate());
    SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), createJWTClaimSet(request, ssoSession, clientId));
    signedJWT.sign(signer);
    return signedJWT.serialize();
}
Also used : RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 5 with JWSSigner

use of com.nimbusds.jose.JWSSigner in project spring-security by spring-projects.

the class NimbusReactiveJwtDecoderTests method signedJwt.

private SignedJWT signedJwt(SecretKey secretKey, MacAlgorithm jwsAlgorithm, JWTClaimsSet claimsSet) throws Exception {
    SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.parse(jwsAlgorithm.getName())), claimsSet);
    JWSSigner signer = new MACSigner(secretKey);
    signedJWT.sign(signer);
    return signedJWT;
}
Also used : MACSigner(com.nimbusds.jose.crypto.MACSigner) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader)

Aggregations

JWSSigner (com.nimbusds.jose.JWSSigner)15 JWSHeader (com.nimbusds.jose.JWSHeader)11 SignedJWT (com.nimbusds.jwt.SignedJWT)11 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)10 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)6 JOSEException (com.nimbusds.jose.JOSEException)4 MACSigner (com.nimbusds.jose.crypto.MACSigner)3 JWSVerifier (com.nimbusds.jose.JWSVerifier)2 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)2 Date (java.util.Date)2 Test (org.junit.Test)2 JOSEObjectType (com.nimbusds.jose.JOSEObjectType)1 JWSObject (com.nimbusds.jose.JWSObject)1 Payload (com.nimbusds.jose.Payload)1 JWK (com.nimbusds.jose.jwk.JWK)1 GeneralSecurityException (java.security.GeneralSecurityException)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 Instant (java.time.Instant)1 JsonArrayBuilder (javax.json.JsonArrayBuilder)1 JsonObjectBuilder (javax.json.JsonObjectBuilder)1