use of com.nimbusds.jose.crypto.RSASSAVerifier in project ORCID-Source by ORCID.
the class OpenIDConnectTest method checkIDTokenAndUserInfo.
//client must have openid scope.
@Test
public void checkIDTokenAndUserInfo() throws InterruptedException, JSONException, ParseException, URISyntaxException, JOSEException {
//Get id token
String clientId = getClient1ClientId();
String clientRedirectUri = getClient1RedirectUri();
String clientSecret = getClient1ClientSecret();
String userId = getUser1OrcidId();
String password = getUser1Password();
String scope = "openid";
HashMap<String, String> params = new HashMap<String, String>();
params.put("nonce", "yesMate");
String authorizationCode = getAuthorizationCode(clientId, clientRedirectUri, scope, userId, password, true, params);
assertNotNull(authorizationCode);
ClientResponse tokenResponse = getAccessTokenResponse(clientId, clientSecret, clientRedirectUri, authorizationCode);
assertEquals(200, tokenResponse.getStatus());
String body = tokenResponse.getEntity(String.class);
JSONObject tokenJSON = new JSONObject(body);
String id = tokenJSON.getString("id_token");
assertNotNull(id);
SignedJWT signedJWT = SignedJWT.parse(id);
Assert.assertEquals("https://orcid.org", signedJWT.getJWTClaimsSet().getIssuer());
Assert.assertEquals("9999-0000-0000-0004", signedJWT.getJWTClaimsSet().getSubject());
Assert.assertEquals("APP-9999999999999901", signedJWT.getJWTClaimsSet().getAudience().get(0));
Assert.assertEquals("yesMate", signedJWT.getJWTClaimsSet().getClaim("nonce"));
//get JWKS
Client client = Client.create();
WebResource webResource = client.resource(baseUri + "/oauth/jwks");
ClientResponse jwksResponse = webResource.accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);
String jwkString = jwksResponse.getEntity(String.class);
RSAKey jwk = (RSAKey) JWK.parse(jwkString);
//check sig
JWSVerifier verifier = new RSASSAVerifier(jwk);
Assert.assertTrue(signedJWT.verify(verifier));
//get userinfo
webResource = client.resource(baseUri + "/oauth/userinfo");
ClientResponse userInfo = webResource.header("Authorization", "Bearer " + tokenJSON.getString("access_token")).accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);
String userInfoString = userInfo.getEntity(String.class);
JSONObject user = new JSONObject(userInfoString);
Assert.assertEquals("9999-0000-0000-0004", user.get("sub"));
Assert.assertEquals("User One Credit name", user.get("name"));
Assert.assertEquals("One", user.get("family_name"));
Assert.assertEquals("User", user.get("given_name"));
}
use of com.nimbusds.jose.crypto.RSASSAVerifier in project hadoop by apache.
the class JWTRedirectAuthenticationHandler method validateSignature.
/**
* Verify the signature of the JWT token in this method. This method depends
* on the public key that was established during init based upon the
* provisioned public key. Override this method in subclasses in order to
* customize the signature verification behavior.
*
* @param jwtToken the token that contains the signature to be validated
* @return valid true if signature verifies successfully; false otherwise
*/
protected boolean validateSignature(SignedJWT jwtToken) {
boolean valid = false;
if (JWSObject.State.SIGNED == jwtToken.getState()) {
LOG.debug("JWT token is in a SIGNED state");
if (jwtToken.getSignature() != null) {
LOG.debug("JWT token signature is not null");
try {
JWSVerifier verifier = new RSASSAVerifier(publicKey);
if (jwtToken.verify(verifier)) {
valid = true;
LOG.debug("JWT token has been successfully verified");
} else {
LOG.warn("JWT signature verification failed.");
}
} catch (JOSEException je) {
LOG.warn("Error while validating signature", je);
}
}
}
return valid;
}
use of com.nimbusds.jose.crypto.RSASSAVerifier in project ORCID-Source by ORCID.
the class OpenIDConnectKeyServiceTest method testKeyGenAndSigning.
@Test
public void testKeyGenAndSigning() throws JOSEException, NoSuchAlgorithmException, IOException, ParseException, URISyntaxException {
OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig config = new OpenIDConnectKeyServiceConfig();
config.keyName = "IntTestKey1";
config.jsonKey = testKey;
OpenIDConnectKeyService service = new OpenIDConnectKeyService(config);
HashMap<String, Object> map = new HashMap<String, Object>();
map.put("test", "abcd1234");
JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer("me").build();
SignedJWT signed = service.sign(claims);
JWSVerifier verifier = new RSASSAVerifier(((RSAKey) service.getPublicJWK()));
Assert.assertTrue(signed.verify(verifier));
}
use of com.nimbusds.jose.crypto.RSASSAVerifier in project incubator-atlas by apache.
the class AtlasKnoxSSOAuthenticationFilter method setJwtProperties.
private void setJwtProperties() {
if (jwtProperties != null) {
authenticationProviderUrl = jwtProperties.getAuthenticationProviderUrl();
publicKey = jwtProperties.getPublicKey();
cookieName = jwtProperties.getCookieName();
originalUrlQueryParam = jwtProperties.getOriginalUrlQueryParam();
if (publicKey != null) {
verifier = new RSASSAVerifier(publicKey);
}
}
}
Aggregations