Examples with RSASSASigner - com.nimbusds.jose.crypto.RSASSASigner

Example 36 with RSASSASigner

use of com.nimbusds.jose.crypto.RSASSASigner in project Payara by payara.

the class GCPSecretsConfigSource method bootstrap.

@Override
public void bootstrap() {
    String clientEmail = null;
    String privateKey = null;
    try {
        final File tokenFile = getTokenFile();
        if (tokenFile == null) {
            LOGGER.warning("Couldn't find token file, make sure it's configured.");
        } else {
            try (JsonParser parser = Json.createParser(new FileInputStream(getTokenFile()))) {
                while (parser.hasNext()) {
                    JsonParser.Event parseEvent = parser.next();
                    if (parseEvent == Event.KEY_NAME) {
                        final String keyName = parser.getString();
                        parser.next();
                        switch(keyName) {
                            case "client_email":
                                clientEmail = parser.getString();
                                break;
                            case "private_key":
                                privateKey = parser.getString();
                                break;
                        }
                        if (clientEmail != null && privateKey != null) {
                            break;
                        }
                    }
                }
                if (clientEmail == null || privateKey == null) {
                    throw new PropertyVetoException("Error reading JSON key file", new PropertyChangeEvent(configuration, "jsonKeyFile", null, null));
                }
            }
        }
    } catch (Exception ex) {
        LOGGER.log(Level.WARNING, "Couldn't find or read the GCP key file, make sure it exists.", ex);
    }
    Map<String, String> data = new HashMap<>();
    data.put("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
    if (clientEmail != null && privateKey != null) {
        try {
            final SignedJWT jwt = buildJwt(// issuer
            clientEmail, // scope
            "https://www.googleapis.com/auth/cloud-platform");
            jwt.sign(new RSASSASigner(parsePrivateKey(privateKey)));
            data.put("assertion", jwt.serialize());
        } catch (NoSuchAlgorithmException | InvalidKeySpecException | JOSEException e) {
            LOGGER.log(Level.WARNING, "An error occurred while signing the GCP auth token", e);
        }
    }
    this.authClient = new OAuth2Client(AUTH_URL, data);
}

Also used : PropertyChangeEvent(java.beans.PropertyChangeEvent) HashMap(java.util.HashMap) OAuth2Client(fish.payara.microprofile.config.extensions.oauth.OAuth2Client) SignedJWT(com.nimbusds.jwt.SignedJWT) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) FileInputStream(java.io.FileInputStream) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) JOSEException(com.nimbusds.jose.JOSEException) PropertyVetoException(java.beans.PropertyVetoException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) PropertyVetoException(java.beans.PropertyVetoException) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) Event(javax.json.stream.JsonParser.Event) File(java.io.File) JOSEException(com.nimbusds.jose.JOSEException) JsonParser(javax.json.stream.JsonParser)

Example 37 with RSASSASigner

use of com.nimbusds.jose.crypto.RSASSASigner in project quickstart by wildfly.

the class JwtManager method createJwt.

public String createJwt(final String subject, final String[] roles) throws Exception {
    JWSSigner signer = new RSASSASigner(privateKey);
    JsonArrayBuilder rolesBuilder = Json.createArrayBuilder();
    for (String role : roles) {
        rolesBuilder.add(role);
    }
    JsonObjectBuilder claimsBuilder = Json.createObjectBuilder().add("sub", subject).add("iss", ISSUER).add("aud", AUDIENCE).add(CLAIM_ROLES, rolesBuilder.build()).add("exp", ((System.currentTimeMillis() / 1000) + TOKEN_VALIDITY));
    JWSObject jwsObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType("jwt")).build(), new Payload(claimsBuilder.build().toString()));
    jwsObject.sign(signer);
    return jwsObject.serialize();
}

Also used : JOSEObjectType(com.nimbusds.jose.JOSEObjectType) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) Payload(com.nimbusds.jose.Payload) JsonArrayBuilder(javax.json.JsonArrayBuilder) JsonObjectBuilder(javax.json.JsonObjectBuilder) JWSObject(com.nimbusds.jose.JWSObject) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader)

Aggregations

RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)37 SignedJWT (com.nimbusds.jwt.SignedJWT)23 JWSHeader (com.nimbusds.jose.JWSHeader)20 JWSSigner (com.nimbusds.jose.JWSSigner)15 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)13 JSONObject (net.minidev.json.JSONObject)10 JWSObject (com.nimbusds.jose.JWSObject)9 Payload (com.nimbusds.jose.Payload)9 PrivateKey (java.security.PrivateKey)6 JOSEException (com.nimbusds.jose.JOSEException)5 ArrayList (java.util.ArrayList)4 HashMap (java.util.HashMap)4 MockResponse (okhttp3.mockwebserver.MockResponse)4 MockWebServer (okhttp3.mockwebserver.MockWebServer)4 Test (org.junit.jupiter.api.Test)4 Authentication (org.springframework.security.core.Authentication)4 JOSEObjectType (com.nimbusds.jose.JOSEObjectType)3 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)3 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)3 Date (java.util.Date)3