Example 31 with JWSVerifier
use of com.nimbusds.jose.JWSVerifier in project scoold by Erudika.
the class ScooldUtils method isValidJWToken.
boolean isValidJWToken(String secret, String jwt) {
try {
if (secret != null && jwt != null) {
JWSVerifier verifier = new MACVerifier(secret);
SignedJWT sjwt = SignedJWT.parse(jwt);
if (sjwt.verify(verifier)) {
Date referenceTime = new Date();
JWTClaimsSet claims = sjwt.getJWTClaimsSet();
Date expirationTime = claims.getExpirationTime();
Date notBeforeTime = claims.getNotBeforeTime();
String jti = claims.getJWTID();
boolean expired = expirationTime != null && expirationTime.before(referenceTime);
boolean notYetValid = notBeforeTime != null && notBeforeTime.after(referenceTime);
boolean jtiRevoked = isApiKeyRevoked(jti, expired);
return !(expired || notYetValid || jtiRevoked);
}
}
} catch (JOSEException e) {
logger.warn(null, e);
} catch (ParseException ex) {
logger.warn(null, ex);
}
return false;
}
Also used :
MACVerifier(com.nimbusds.jose.crypto.MACVerifier)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ParseException(java.text.ParseException)
JOSEException(com.nimbusds.jose.JOSEException)
Date(java.util.Date)
Example 32 with JWSVerifier
use of com.nimbusds.jose.JWSVerifier in project ORCID-Source by ORCID.
the class OpenIDConnectTest method checkJWT.
private SignedJWT checkJWT(String id) throws ParseException, JOSEException, InvalidHashException {
SignedJWT signedJWT = SignedJWT.parse(id);
Assert.assertEquals("https://orcid.org", signedJWT.getJWTClaimsSet().getIssuer());
Assert.assertEquals("https://orcid.org/9999-0000-0000-0004", signedJWT.getJWTClaimsSet().getSubject());
Assert.assertEquals("9999-0000-0000-0004", signedJWT.getJWTClaimsSet().getClaim("id_path"));
Assert.assertEquals("APP-9999999999999901", signedJWT.getJWTClaimsSet().getAudience().get(0));
Assert.assertEquals("yesMate", signedJWT.getJWTClaimsSet().getClaim("nonce"));
Assert.assertEquals("User One Credit name", signedJWT.getJWTClaimsSet().getClaim("name"));
Assert.assertEquals("One", signedJWT.getJWTClaimsSet().getClaim("family_name"));
Assert.assertEquals("User", signedJWT.getJWTClaimsSet().getClaim("given_name"));
// get JWKS
Client client = Client.create();
WebResource webResource = client.resource(baseUri + "/oauth/jwks");
ClientResponse jwksResponse = webResource.accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);
String jwkString = jwksResponse.getEntity(String.class);
RSAKey jwk = (RSAKey) JWKSet.parse(jwkString).getKeyByKeyId(signedJWT.getHeader().getKeyID());
// check sig
JWSVerifier verifier = new RSASSAVerifier(jwk);
Assert.assertTrue(signedJWT.verify(verifier));
return signedJWT;
}
Also used :
ClientResponse(com.sun.jersey.api.client.ClientResponse)
RSAKey(com.nimbusds.jose.jwk.RSAKey)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
WebResource(com.sun.jersey.api.client.WebResource)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Client(com.sun.jersey.api.client.Client)
Example 33 with JWSVerifier
use of com.nimbusds.jose.JWSVerifier in project ORCID-Source by ORCID.
the class OpenIDConnectKeyServiceTest method testKeyGenAndSigning.
@Test
public void testKeyGenAndSigning() throws JOSEException, NoSuchAlgorithmException, IOException, ParseException, URISyntaxException {
OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig config = new OpenIDConnectKeyServiceConfig();
config.keyName = "IntTestKey1";
config.jsonKey = testKey;
OpenIDConnectKeyService service = new OpenIDConnectKeyService(config);
HashMap<String, Object> map = new HashMap<String, Object>();
map.put("test", "abcd1234");
JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer("me").build();
SignedJWT signed = service.sign(claims);
JWSVerifier verifier = new RSASSAVerifier(((RSAKey) service.getPublicJWK().getKeyByKeyId(signed.getHeader().getKeyID())));
Assert.assertTrue(signed.verify(verifier));
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
HashMap(java.util.HashMap)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
OpenIDConnectKeyServiceConfig(org.orcid.core.oauth.openid.OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig)
OpenIDConnectKeyServiceConfig(org.orcid.core.oauth.openid.OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig)
Test(org.junit.Test)
Example 34 with JWSVerifier
use of com.nimbusds.jose.JWSVerifier in project knox by apache.
the class JWTTokenTest method testTokenSignature.
@Test
public void testTokenSignature() throws Exception {
String[] claims = new String[6];
claims[0] = "KNOXSSO";
claims[1] = "john.doe@example.com";
claims[2] = "https://login.example.com";
claims[3] = Long.toString((System.currentTimeMillis() / 1000) + 300);
claims[4] = "E0LDZulQ0XE_otJ5aoQtQu-RnXv8hU-M9U4dD7vDioA";
claims[5] = null;
JWT token = new JWTToken("RS256", claims);
assertEquals("KNOXSSO", token.getIssuer());
assertEquals("john.doe@example.com", token.getSubject());
assertEquals("https://login.example.com", token.getAudience());
// Sign the token
JWSSigner signer = new RSASSASigner(privateKey);
token.sign(signer);
assertTrue(token.getSignaturePayload().length > 0);
// Verify the signature
JWSVerifier verifier = new RSASSAVerifier(publicKey);
assertTrue(token.verify(verifier));
}
Also used :
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
JWSSigner(com.nimbusds.jose.JWSSigner)
Test(org.junit.Test)
Example 35 with JWSVerifier
use of com.nimbusds.jose.JWSVerifier in project knox by apache.
the class DefaultTokenAuthorityService method verifyTokenUsingRSA.
private boolean verifyTokenUsingRSA(JWT token, RSAPublicKey publicKey) throws TokenServiceException {
try {
PublicKey key = publicKey;
if (key == null) {
key = keystoreService.getSigningKeystore().getCertificate(getSigningKeyAlias()).getPublicKey();
}
final JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) key);
// consider jwk for specifying the key too
return token.verify(verifier);
} catch (KeyStoreException | KeystoreServiceException e) {
throw new TokenServiceException("Cannot verify token.", e);
}
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
KeyStoreException(java.security.KeyStoreException)
KeystoreServiceException(org.apache.knox.gateway.services.security.KeystoreServiceException)
TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException)
Aggregations
JWSVerifier (com.nimbusds.jose.JWSVerifier)53
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)34
SignedJWT (com.nimbusds.jwt.SignedJWT)27
JOSEException (com.nimbusds.jose.JOSEException)20
RSAPublicKey (java.security.interfaces.RSAPublicKey)14
ParseException (java.text.ParseException)14
MACVerifier (com.nimbusds.jose.crypto.MACVerifier)10
JWSObject (com.nimbusds.jose.JWSObject)9
RSAKey (com.nimbusds.jose.jwk.RSAKey)8
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)8
Date (java.util.Date)8
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)6
ECDSAVerifier (com.nimbusds.jose.crypto.ECDSAVerifier)6
JWSVerificationKeySelector (com.nimbusds.jose.proc.JWSVerificationKeySelector)6
IOException (java.io.IOException)6
PublicKey (java.security.PublicKey)5
ECPublicKey (java.security.interfaces.ECPublicKey)5
Test (org.junit.Test)5
DefaultJWSVerifierFactory (com.nimbusds.jose.crypto.factories.DefaultJWSVerifierFactory)4
JWKSet (com.nimbusds.jose.jwk.JWKSet)4
