Examples with JWSVerifier com.nimbusds.jose.JWSVerifier used on opensource projects

Search in sources :

Example 51 with JWSVerifier

use of com.nimbusds.jose.JWSVerifier in project OpenConext-oidcng by OpenConext.

the class AbstractIntegrationTest method verifySignedJWT.

protected JWTClaimsSet verifySignedJWT(String token, int port) throws MalformedURLException, JOSEException, ParseException {
    JWKSource keySource = new RemoteJWKSet(new URL("http://localhost:" + port + "/oidc/certs"));
    List<JWK> list = keySource.get(new JWKSelector(new JWKMatcher.Builder().build()), null);
    SignedJWT signedJWT = SignedJWT.parse(token);
    RSAKey rsaKey = (RSAKey) list.stream().filter(jwk -> jwk.getKeyID().equals(signedJWT.getHeader().getKeyID())).findAny().get();
    assertFalse(rsaKey.isPrivate());
    JWSVerifier verifier = new RSASSAVerifier(rsaKey);
    boolean verified = signedJWT.verify(verifier);
    assertTrue(verified);
    return signedJWT.getJWTClaimsSet();
}
Also used : JWKSelector(com.nimbusds.jose.jwk.JWKSelector) UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder) Arrays(java.util.Arrays) XPathExpressionException(javax.xml.xpath.XPathExpressionException) JWKSelector(com.nimbusds.jose.jwk.JWKSelector) URL(java.net.URL) Date(java.util.Date) JOSEException(com.nimbusds.jose.JOSEException) Autowired(org.springframework.beans.factory.annotation.Autowired) ActiveProfiles(org.springframework.test.context.ActiveProfiles) GeneralSecurityException(java.security.GeneralSecurityException) ByteArrayInputStream(java.io.ByteArrayInputStream) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) RequestSpecification(io.restassured.specification.RequestSpecification) Document(org.w3c.dom.Document) JWT(com.nimbusds.jwt.JWT) Map(java.util.Map) SpringRunner(org.springframework.test.context.junit4.SpringRunner) ParseException(java.text.ParseException) MongoTemplate(org.springframework.data.mongodb.core.MongoTemplate) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) SignedJWT(com.nimbusds.jwt.SignedJWT) Collectors(java.util.stream.Collectors) JWK(com.nimbusds.jose.jwk.JWK) ZoneId(java.time.ZoneId) JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector) List(java.util.List) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) SigningKey(oidc.model.SigningKey) CollectionUtils(org.springframework.util.CollectionUtils) Assert.assertFalse(org.junit.Assert.assertFalse) SAXException(org.xml.sax.SAXException) TokenGenerator(oidc.secure.TokenGenerator) RestAssured.given(io.restassured.RestAssured.given) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) RestAssured(io.restassured.RestAssured) UserConsent(oidc.model.UserConsent) CodeChallengeMethod(com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod) AuthorizationCode(oidc.model.AuthorizationCode) JWSKeySelector(com.nimbusds.jose.proc.JWSKeySelector) XPath(javax.xml.xpath.XPath) GrantType(com.nimbusds.oauth2.sdk.GrantType) BulkOperations(org.springframework.data.mongodb.core.BulkOperations) XPathConstants(javax.xml.xpath.XPathConstants) RunWith(org.junit.runner.RunWith) LocalDateTime(java.time.LocalDateTime) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SimpleDateFormat(java.text.SimpleDateFormat) HashMap(java.util.HashMap) RemoteJWKSet(com.nimbusds.jose.jwk.source.RemoteJWKSet) Node(org.w3c.dom.Node) OpenIDClient(oidc.model.OpenIDClient) DefaultJWTProcessor(com.nimbusds.jwt.proc.DefaultJWTProcessor) SymmetricKey(oidc.model.SymmetricKey) Before(org.junit.Before) JWSVerifier(com.nimbusds.jose.JWSVerifier) ConfigurableJWTProcessor(com.nimbusds.jwt.proc.ConfigurableJWTProcessor) SequenceRepository(oidc.repository.SequenceRepository) NodeList(org.w3c.dom.NodeList) MalformedURLException(java.net.MalformedURLException) ClaimsRequest(com.nimbusds.openid.connect.sdk.ClaimsRequest) Assert.assertNotNull(org.junit.Assert.assertNotNull) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) Assert.assertTrue(org.junit.Assert.assertTrue) IOException(java.io.IOException) Sequence(oidc.model.Sequence) Criteria(org.springframework.data.mongodb.core.query.Criteria) Query(org.springframework.data.mongodb.core.query.Query) LocalServerPort(org.springframework.boot.web.server.LocalServerPort) XPathFactory(javax.xml.xpath.XPathFactory) AccessToken(oidc.model.AccessToken) RSAKey(com.nimbusds.jose.jwk.RSAKey) Response(io.restassured.response.Response) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) BadJOSEException(com.nimbusds.jose.proc.BadJOSEException) DocumentBuilder(javax.xml.parsers.DocumentBuilder) JWKMatcher(com.nimbusds.jose.jwk.JWKMatcher) MapTypeReference(oidc.endpoints.MapTypeReference) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) RefreshToken(oidc.model.RefreshToken) StringUtils(org.springframework.util.StringUtils) RSAKey(com.nimbusds.jose.jwk.RSAKey) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) JWSVerifier(com.nimbusds.jose.JWSVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) RemoteJWKSet(com.nimbusds.jose.jwk.source.RemoteJWKSet) URL(java.net.URL) JWK(com.nimbusds.jose.jwk.JWK) JWKMatcher(com.nimbusds.jose.jwk.JWKMatcher)

Example 52 with JWSVerifier

use of com.nimbusds.jose.JWSVerifier in project java-sdk by hyperwallet.

the class HyperwalletEncryption method decrypt.

public String decrypt(String body) throws ParseException, IOException, JOSEException {
    JWK privateKeyToDecrypt = getKeyByAlgorithm(loadKeySet(clientPrivateKeySetLocation), encryptionAlgorithm);
    JWK publicKeyToSign = getKeyByAlgorithm(loadKeySet(hyperwalletKeySetLocation), signAlgorithm);
    JWEDecrypter jweDecrypter = getJWEDecrypter(privateKeyToDecrypt);
    JWSVerifier jwsVerifier = getJWSVerifier(publicKeyToSign);
    JWEObject jweObject = JWEObject.parse(body);
    jweObject.decrypt(jweDecrypter);
    JWSObject jwsObject = jweObject.getPayload().toJWSObject();
    verifySignatureExpirationDate(jwsObject.getHeader().getCustomParam(EXPIRATION));
    boolean verifyStatus = jwsObject.verify(jwsVerifier);
    if (!verifyStatus) {
        throw new HyperwalletException("JWS signature is incorrect");
    }
    return jwsObject.getPayload().toString();
}
Also used : JWEDecrypter(com.nimbusds.jose.JWEDecrypter) JWEObject(com.nimbusds.jose.JWEObject) HyperwalletException(com.hyperwallet.clientsdk.HyperwalletException) JWSVerifier(com.nimbusds.jose.JWSVerifier) JWSObject(com.nimbusds.jose.JWSObject) JWK(com.nimbusds.jose.jwk.JWK)

Example 53 with JWSVerifier

use of com.nimbusds.jose.JWSVerifier in project di-ipv-cri-uk-passport-back by alphagov.

the class DcsCryptographyServiceTest method shouldPreparePayloadForDcsRequest.

@Test
void shouldPreparePayloadForDcsRequest() throws JOSEException, InvalidKeySpecException, NoSuchAlgorithmException, CertificateException, ParseException, JsonProcessingException {
    when(configurationService.getPassportCriSigningKey()).thenReturn(getSigningPrivateKey());
    when(configurationService.makeThumbprints()).thenReturn(new Thumbprints(SHA_1_THUMBPRINT, SHA_256_THUMBPRINT));
    when(configurationService.getDcsEncryptionCert()).thenReturn(getEncryptionCertificate());
    PassportAttributes passportAttributes = new PassportAttributes("PASSPORT_NUMBER", "SURNAME", List.of("FORENAMES"), LocalDate.now(), LocalDate.now());
    JWSObject preparedPayload = underTest.preparePayload(passportAttributes);
    JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) getSigningPublicKey(getSigningPrivateKey()));
    JWEObject encryptedContents = JWEObject.parse(preparedPayload.getPayload().toString());
    RSADecrypter rsaDecrypter = new RSADecrypter(getEncryptionPrivateKey());
    encryptedContents.decrypt(rsaDecrypter);
    JWSObject decryptedPassportDetails = JWSObject.parse(encryptedContents.getPayload().toString());
    assertTrue(decryptedPassportDetails.verify(verifier));
    String expected = objectMapper.writeValueAsString(passportAttributes);
    assertEquals(expected, decryptedPassportDetails.getPayload().toString());
}
Also used : PassportAttributes(uk.gov.di.ipv.cri.passport.library.domain.PassportAttributes) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) JWEObject(com.nimbusds.jose.JWEObject) JWSVerifier(com.nimbusds.jose.JWSVerifier) Thumbprints(uk.gov.di.ipv.cri.passport.library.domain.Thumbprints) JWSObject(com.nimbusds.jose.JWSObject) RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter) Test(org.junit.jupiter.api.Test)

Aggregations

JWSVerifier (com.nimbusds.jose.JWSVerifier)53 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)34 SignedJWT (com.nimbusds.jwt.SignedJWT)27 JOSEException (com.nimbusds.jose.JOSEException)20 RSAPublicKey (java.security.interfaces.RSAPublicKey)14 ParseException (java.text.ParseException)14 MACVerifier (com.nimbusds.jose.crypto.MACVerifier)10 JWSObject (com.nimbusds.jose.JWSObject)9 RSAKey (com.nimbusds.jose.jwk.RSAKey)8 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)8 Date (java.util.Date)8 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)6 ECDSAVerifier (com.nimbusds.jose.crypto.ECDSAVerifier)6 JWSVerificationKeySelector (com.nimbusds.jose.proc.JWSVerificationKeySelector)6 IOException (java.io.IOException)6 PublicKey (java.security.PublicKey)5 ECPublicKey (java.security.interfaces.ECPublicKey)5 Test (org.junit.Test)5 DefaultJWSVerifierFactory (com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory)4 JWKSet (com.nimbusds.jose.jwk.JWKSet)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial