Examples with RSASSASigner - com.nimbusds.jose.crypto.RSASSASigner

Example 21 with RSASSASigner

use of com.nimbusds.jose.crypto.RSASSASigner in project knox by apache.

the class JWTTokenTest method testTokenSignature.

@Test
public void testTokenSignature() throws Exception {
    String[] claims = new String[4];
    claims[0] = "KNOXSSO";
    claims[1] = "john.doe@example.com";
    claims[2] = "https://login.example.com";
    claims[3] = Long.toString((System.currentTimeMillis() / 1000) + 300);
    JWT token = new JWTToken("RS256", claims);
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertEquals("https://login.example.com", token.getAudience());
    // Sign the token
    JWSSigner signer = new RSASSASigner(privateKey);
    token.sign(signer);
    assertTrue(token.getSignaturePayload().length > 0);
    // Verify the signature
    JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
    assertTrue(token.verify(verifier));
}

Also used : RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) JWSVerifier(com.nimbusds.jose.JWSVerifier) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) JWSSigner(com.nimbusds.jose.JWSSigner) Test(org.junit.Test)

Example 22 with RSASSASigner

use of com.nimbusds.jose.crypto.RSASSASigner in project knox by apache.

the class DefaultTokenAuthorityService method issueToken.

@Override
public JWT issueToken(Principal p, List<String> audiences, String algorithm, long expires) throws TokenServiceException {
    String[] claimArray = new String[4];
    claimArray[0] = "KNOXSSO";
    claimArray[1] = p.getName();
    claimArray[2] = null;
    if (expires == -1) {
        claimArray[3] = null;
    } else {
        claimArray[3] = String.valueOf(expires);
    }
    JWT token = null;
    if (SUPPORTED_SIG_ALGS.contains(algorithm)) {
        token = new JWTToken(algorithm, claimArray, audiences);
        RSAPrivateKey key;
        char[] passphrase = null;
        try {
            passphrase = getSigningKeyPassphrase();
        } catch (AliasServiceException e) {
            throw new TokenServiceException(e);
        }
        try {
            key = (RSAPrivateKey) ks.getSigningKey(getSigningKeyAlias(), passphrase);
            JWSSigner signer = new RSASSASigner(key);
            token.sign(signer);
        } catch (KeystoreServiceException e) {
            throw new TokenServiceException(e);
        }
    } else {
        throw new TokenServiceException("Cannot issue token - Unsupported algorithm");
    }
    return token;
}

Also used : JWT(org.apache.knox.gateway.services.security.token.impl.JWT) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) KeystoreServiceException(org.apache.knox.gateway.services.security.KeystoreServiceException) JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWSSigner(com.nimbusds.jose.JWSSigner) TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException)

Example 23 with RSASSASigner

use of com.nimbusds.jose.crypto.RSASSASigner in project knox by apache.

the class AbstractJWTFilterTest method getJWT.

protected SignedJWT getJWT(String issuer, String sub, String aud, Date expires, Date nbf, RSAPrivateKey privateKey, String signatureAlgorithm) throws Exception {
    List<String> audiences = new ArrayList<String>();
    if (aud != null) {
        audiences.add(aud);
    }
    JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer(issuer).subject(sub).audience(aud).expirationTime(expires).notBeforeTime(nbf).claim("scope", "openid").build();
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.parse(signatureAlgorithm)).build();
    SignedJWT signedJWT = new SignedJWT(header, claims);
    JWSSigner signer = new RSASSASigner(privateKey);
    signedJWT.sign(signer);
    return signedJWT;
}

Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) ArrayList(java.util.ArrayList) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT)

Example 24 with RSASSASigner

use of com.nimbusds.jose.crypto.RSASSASigner in project spring-security by spring-projects.

the class OAuth2ResourceServerConfigurerTests method jwtFromIssuer.

private String jwtFromIssuer(String issuer) throws Exception {
    Map<String, Object> claims = new HashMap<>();
    claims.put(JwtClaimNames.ISS, issuer);
    claims.put(JwtClaimNames.SUB, "test-subject");
    claims.put("scope", "message:read");
    JWSObject jws = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("1").build(), new Payload(new JSONObject(claims)));
    jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
    return jws.serialize();
}

Also used : JSONObject(net.minidev.json.JSONObject) HashMap(java.util.HashMap) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) JWSObject(com.nimbusds.jose.JWSObject) JSONObject(net.minidev.json.JSONObject) Payload(com.nimbusds.jose.Payload) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) JWSObject(com.nimbusds.jose.JWSObject) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 25 with RSASSASigner

use of com.nimbusds.jose.crypto.RSASSASigner in project oxAuth by GluuFederation.

the class CrossEncryptionTest method nestedJWT.

@Test
public void nestedJWT() throws Exception {
    RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson);
    RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
    // Create JWT
    SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(senderJWK.getKeyID()).build(), new JWTClaimsSet.Builder().subject("testi").issuer("https:devgluu.saminet.local").build());
    signedJWT.sign(new RSASSASigner(senderJWK));
    JWEObject jweObject = new JWEObject(new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A128GCM).contentType(// required to indicate nested JWT
    "JWT").build(), new Payload(signedJWT));
    // Encrypt with the recipient's public key
    RSAEncrypter encrypter = new RSAEncrypter(recipientPublicJWK);
    jweObject.encrypt(encrypter);
    final String jweString = jweObject.serialize();
    decryptAndValidateSignatureWithGluu(jweString);
}

Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) RSAEncrypter(com.nimbusds.jose.crypto.RSAEncrypter) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT) Test(org.testng.annotations.Test)

Aggregations

RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)37 SignedJWT (com.nimbusds.jwt.SignedJWT)23 JWSHeader (com.nimbusds.jose.JWSHeader)20 JWSSigner (com.nimbusds.jose.JWSSigner)15 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)13 JSONObject (net.minidev.json.JSONObject)10 JWSObject (com.nimbusds.jose.JWSObject)9 Payload (com.nimbusds.jose.Payload)9 PrivateKey (java.security.PrivateKey)6 JOSEException (com.nimbusds.jose.JOSEException)5 ArrayList (java.util.ArrayList)4 HashMap (java.util.HashMap)4 MockResponse (okhttp3.mockwebserver.MockResponse)4 MockWebServer (okhttp3.mockwebserver.MockWebServer)4 Test (org.junit.jupiter.api.Test)4 Authentication (org.springframework.security.core.Authentication)4 JOSEObjectType (com.nimbusds.jose.JOSEObjectType)3 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)3 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)3 Date (java.util.Date)3