Examples with JWSSigner - com.nimbusds.jose.JWSSigner

Example 6 with JWSSigner

use of com.nimbusds.jose.JWSSigner in project carbon-apimgt by wso2.

the class InternalAPIKeyGenerator method buildSignature.

protected void buildSignature(SignedJWT assertion) throws APIManagementException {
    // get super tenant's key store manager
    KeyStoreManager tenantKSM = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
    try {
        PrivateKey privateKey = tenantKSM.getDefaultPrivateKey();
        JWSSigner jwsSigner = new RSASSASigner(privateKey);
        assertion.sign(jwsSigner);
    } catch (Exception e) {
        throw new APIManagementException("Error while signing Api Key", e);
    }
}

Also used : KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager) PrivateKey(java.security.PrivateKey) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) JWSSigner(com.nimbusds.jose.JWSSigner) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)

Example 7 with JWSSigner

use of com.nimbusds.jose.JWSSigner in project quickstart by wildfly.

the class TokenUtil method generateJWT.

public static String generateJWT(final String principal, final String birthdate, final String... groups) throws Exception {
    PrivateKey privateKey = loadPrivateKey("private.pem");
    JWSSigner signer = new RSASSASigner(privateKey);
    JsonArrayBuilder groupsBuilder = Json.createArrayBuilder();
    for (String group : groups) {
        groupsBuilder.add(group);
    }
    long currentTime = System.currentTimeMillis() / 1000;
    JsonObjectBuilder claimsBuilder = Json.createObjectBuilder().add("sub", principal).add("upn", principal).add("iss", "quickstart-jwt-issuer").add("aud", "jwt-audience").add("groups", groupsBuilder.build()).add("birthdate", birthdate).add("jti", UUID.randomUUID().toString()).add("iat", currentTime).add("exp", currentTime + 14400);
    JWSObject jwsObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType("jwt")).keyID("Test Key").build(), new Payload(claimsBuilder.build().toString()));
    jwsObject.sign(signer);
    return jwsObject.serialize();
}

Also used : JOSEObjectType(com.nimbusds.jose.JOSEObjectType) PrivateKey(java.security.PrivateKey) JsonArrayBuilder(javax.json.JsonArrayBuilder) JsonObjectBuilder(javax.json.JsonObjectBuilder) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) Payload(com.nimbusds.jose.Payload) JsonArrayBuilder(javax.json.JsonArrayBuilder) JsonObjectBuilder(javax.json.JsonObjectBuilder) JWSObject(com.nimbusds.jose.JWSObject) JWSSigner(com.nimbusds.jose.JWSSigner)

Example 8 with JWSSigner

use of com.nimbusds.jose.JWSSigner in project flow by vaadin.

the class JwtSecurityContextRepository method encodeJwt.

private String encodeJwt(Authentication authentication) throws JOSEException {
    if (authentication == null || trustResolver.isAnonymous(authentication)) {
        return null;
    }
    final Date now = new Date();
    final List<String> roles = authentication.getAuthorities().stream().map(Objects::toString).filter(a -> a.startsWith(ROLE_AUTHORITY_PREFIX)).map(a -> a.substring(ROLE_AUTHORITY_PREFIX.length())).collect(Collectors.toList());
    SignedJWT signedJWT;
    JWSHeader jwsHeader = new JWSHeader(jwsAlgorithm);
    JWKSelector jwkSelector = new JWKSelector(JWKMatcher.forJWSHeader(jwsHeader));
    List<JWK> jwks = jwkSource.get(jwkSelector, null);
    JWK jwk = jwks.get(0);
    JWSSigner signer = new DefaultJWSSignerFactory().createJWSSigner(jwk, jwsAlgorithm);
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject(authentication.getName()).issuer(issuer).issueTime(now).expirationTime(new Date(now.getTime() + expiresIn * 1000)).claim(ROLES_CLAIM, roles).build();
    signedJWT = new SignedJWT(jwsHeader, claimsSet);
    signedJWT.sign(signer);
    return signedJWT.serialize();
}

Also used : JwtAuthenticationConverter(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter) JWSKeySelector(com.nimbusds.jose.proc.JWSKeySelector) JWKSelector(com.nimbusds.jose.jwk.JWKSelector) HttpRequestResponseHolder(org.springframework.security.web.context.HttpRequestResponseHolder) Date(java.util.Date) NimbusJwtDecoder(org.springframework.security.oauth2.jwt.NimbusJwtDecoder) JOSEException(com.nimbusds.jose.JOSEException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SaveContextOnUpdateOrErrorResponseWrapper(org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper) HttpServletRequest(javax.servlet.http.HttpServletRequest) DefaultJWTProcessor(com.nimbusds.jwt.proc.DefaultJWTProcessor) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) Jwt(org.springframework.security.oauth2.jwt.Jwt) JwtGrantedAuthoritiesConverter(org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) JwtValidators(org.springframework.security.oauth2.jwt.JwtValidators) DefaultJWSSignerFactory(com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory) HttpServletResponse(javax.servlet.http.HttpServletResponse) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) Collectors(java.util.stream.Collectors) JWSHeader(com.nimbusds.jose.JWSHeader) SignedJWT(com.nimbusds.jwt.SignedJWT) JWK(com.nimbusds.jose.jwk.JWK) Objects(java.util.Objects) List(java.util.List) JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver) JWSSigner(com.nimbusds.jose.JWSSigner) JwtDecoder(org.springframework.security.oauth2.jwt.JwtDecoder) SecurityContext(org.springframework.security.core.context.SecurityContext) JwtException(org.springframework.security.oauth2.jwt.JwtException) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) Log(org.apache.commons.logging.Log) LogFactory(org.apache.commons.logging.LogFactory) AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl) JWKMatcher(com.nimbusds.jose.jwk.JWKMatcher) Authentication(org.springframework.security.core.Authentication) JWKSelector(com.nimbusds.jose.jwk.JWKSelector) SignedJWT(com.nimbusds.jwt.SignedJWT) Date(java.util.Date) DefaultJWSSignerFactory(com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader) JWK(com.nimbusds.jose.jwk.JWK)

Example 9 with JWSSigner

use of com.nimbusds.jose.JWSSigner in project knox by apache.

the class JWTTestUtils method getJWT.

public static SignedJWT getJWT(final String issuer, final String sub, final String aud, final Date expires, final Date nbf, final RSAPrivateKey privateKey, final String signatureAlgorithm, final String knoxId) throws Exception {
    JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
    builder.issuer(issuer).subject(sub).audience(aud).expirationTime(expires).notBeforeTime(nbf).claim("scope", "openid");
    if (knoxId != null) {
        builder.claim(JWTToken.KNOX_ID_CLAIM, knoxId);
    }
    JWTClaimsSet claims = builder.build();
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.parse(signatureAlgorithm)).build();
    SignedJWT signedJWT = new SignedJWT(header, claims);
    JWSSigner signer = new RSASSASigner(privateKey);
    signedJWT.sign(signer);
    return signedJWT;
}

Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 10 with JWSSigner

use of com.nimbusds.jose.JWSSigner in project knox by apache.

the class DefaultTokenAuthorityService method signTokenWithRSA.

private void signTokenWithRSA(final JWT token, String signingKeystoreName, String signingKeystoreAlias, char[] signingKeystorePassphrase) throws TokenServiceException {
    try {
        final RSAPrivateKey key = getSigningKey(signingKeystoreName, signingKeystoreAlias, signingKeystorePassphrase);
        // allowWeakKey to not break existing 1024 bit certificates
        final JWSSigner signer = new RSASSASigner(key, true);
        token.sign(signer);
    } catch (KeystoreServiceException e) {
        throw new TokenServiceException(e);
    }
}

Also used : RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) KeystoreServiceException(org.apache.knox.gateway.services.security.KeystoreServiceException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWSSigner(com.nimbusds.jose.JWSSigner) TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException)

Aggregations

JWSSigner (com.nimbusds.jose.JWSSigner)29 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)21 JWSHeader (com.nimbusds.jose.JWSHeader)18 SignedJWT (com.nimbusds.jwt.SignedJWT)18 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)13 JOSEException (com.nimbusds.jose.JOSEException)5 MACSigner (com.nimbusds.jose.crypto.MACSigner)5 PrivateKey (java.security.PrivateKey)5 Date (java.util.Date)4 JOSEObjectType (com.nimbusds.jose.JOSEObjectType)3 JWSObject (com.nimbusds.jose.JWSObject)3 Payload (com.nimbusds.jose.Payload)3 JWK (com.nimbusds.jose.jwk.JWK)3 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)3 JsonArrayBuilder (javax.json.JsonArrayBuilder)3 JsonObjectBuilder (javax.json.JsonObjectBuilder)3 TokenServiceException (org.apache.knox.gateway.services.security.token.TokenServiceException)3 JWT (org.apache.knox.gateway.services.security.token.impl.JWT)3 JWTToken (org.apache.knox.gateway.services.security.token.impl.JWTToken)3 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)2