Search in sources :

Example 1 with RSASSAVerifier

use of com.nimbusds.jose.crypto.RSASSAVerifier in project ORCID-Source by ORCID.

the class OpenIDConnectTest method checkIDTokenAndUserInfo.

//client must have openid scope.
@Test
public void checkIDTokenAndUserInfo() throws InterruptedException, JSONException, ParseException, URISyntaxException, JOSEException {
    //Get id token
    String clientId = getClient1ClientId();
    String clientRedirectUri = getClient1RedirectUri();
    String clientSecret = getClient1ClientSecret();
    String userId = getUser1OrcidId();
    String password = getUser1Password();
    String scope = "openid";
    HashMap<String, String> params = new HashMap<String, String>();
    params.put("nonce", "yesMate");
    String authorizationCode = getAuthorizationCode(clientId, clientRedirectUri, scope, userId, password, true, params);
    assertNotNull(authorizationCode);
    ClientResponse tokenResponse = getAccessTokenResponse(clientId, clientSecret, clientRedirectUri, authorizationCode);
    assertEquals(200, tokenResponse.getStatus());
    String body = tokenResponse.getEntity(String.class);
    JSONObject tokenJSON = new JSONObject(body);
    String id = tokenJSON.getString("id_token");
    assertNotNull(id);
    SignedJWT signedJWT = SignedJWT.parse(id);
    Assert.assertEquals("https://orcid.org", signedJWT.getJWTClaimsSet().getIssuer());
    Assert.assertEquals("9999-0000-0000-0004", signedJWT.getJWTClaimsSet().getSubject());
    Assert.assertEquals("APP-9999999999999901", signedJWT.getJWTClaimsSet().getAudience().get(0));
    Assert.assertEquals("yesMate", signedJWT.getJWTClaimsSet().getClaim("nonce"));
    //get JWKS         
    Client client = Client.create();
    WebResource webResource = client.resource(baseUri + "/oauth/jwks");
    ClientResponse jwksResponse = webResource.accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);
    String jwkString = jwksResponse.getEntity(String.class);
    RSAKey jwk = (RSAKey) JWK.parse(jwkString);
    //check sig
    JWSVerifier verifier = new RSASSAVerifier(jwk);
    Assert.assertTrue(signedJWT.verify(verifier));
    //get userinfo
    webResource = client.resource(baseUri + "/oauth/userinfo");
    ClientResponse userInfo = webResource.header("Authorization", "Bearer " + tokenJSON.getString("access_token")).accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);
    String userInfoString = userInfo.getEntity(String.class);
    JSONObject user = new JSONObject(userInfoString);
    Assert.assertEquals("9999-0000-0000-0004", user.get("sub"));
    Assert.assertEquals("User One Credit name", user.get("name"));
    Assert.assertEquals("One", user.get("family_name"));
    Assert.assertEquals("User", user.get("given_name"));
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) RSAKey(com.nimbusds.jose.jwk.RSAKey) JSONObject(org.codehaus.jettison.json.JSONObject) HashMap(java.util.HashMap) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) JWSVerifier(com.nimbusds.jose.JWSVerifier) WebResource(com.sun.jersey.api.client.WebResource) SignedJWT(com.nimbusds.jwt.SignedJWT) Client(com.sun.jersey.api.client.Client) Test(org.junit.Test)

Example 2 with RSASSAVerifier

use of com.nimbusds.jose.crypto.RSASSAVerifier in project hadoop by apache.

the class JWTRedirectAuthenticationHandler method validateSignature.

/**
   * Verify the signature of the JWT token in this method. This method depends
   * on the public key that was established during init based upon the
   * provisioned public key. Override this method in subclasses in order to
   * customize the signature verification behavior.
   *
   * @param jwtToken the token that contains the signature to be validated
   * @return valid true if signature verifies successfully; false otherwise
   */
protected boolean validateSignature(SignedJWT jwtToken) {
    boolean valid = false;
    if (JWSObject.State.SIGNED == jwtToken.getState()) {
        LOG.debug("JWT token is in a SIGNED state");
        if (jwtToken.getSignature() != null) {
            LOG.debug("JWT token signature is not null");
            try {
                JWSVerifier verifier = new RSASSAVerifier(publicKey);
                if (jwtToken.verify(verifier)) {
                    valid = true;
                    LOG.debug("JWT token has been successfully verified");
                } else {
                    LOG.warn("JWT signature verification failed.");
                }
            } catch (JOSEException je) {
                LOG.warn("Error while validating signature", je);
            }
        }
    }
    return valid;
}
Also used : RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) JWSVerifier(com.nimbusds.jose.JWSVerifier) JOSEException(com.nimbusds.jose.JOSEException)

Example 3 with RSASSAVerifier

use of com.nimbusds.jose.crypto.RSASSAVerifier in project ORCID-Source by ORCID.

the class OpenIDConnectKeyServiceTest method testKeyGenAndSigning.

@Test
public void testKeyGenAndSigning() throws JOSEException, NoSuchAlgorithmException, IOException, ParseException, URISyntaxException {
    OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig config = new OpenIDConnectKeyServiceConfig();
    config.keyName = "IntTestKey1";
    config.jsonKey = testKey;
    OpenIDConnectKeyService service = new OpenIDConnectKeyService(config);
    HashMap<String, Object> map = new HashMap<String, Object>();
    map.put("test", "abcd1234");
    JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer("me").build();
    SignedJWT signed = service.sign(claims);
    JWSVerifier verifier = new RSASSAVerifier(((RSAKey) service.getPublicJWK()));
    Assert.assertTrue(signed.verify(verifier));
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) HashMap(java.util.HashMap) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) JWSVerifier(com.nimbusds.jose.JWSVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) OpenIDConnectKeyServiceConfig(org.orcid.core.oauth.openid.OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig) OpenIDConnectKeyServiceConfig(org.orcid.core.oauth.openid.OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig) Test(org.junit.Test)

Example 4 with RSASSAVerifier

use of com.nimbusds.jose.crypto.RSASSAVerifier in project incubator-atlas by apache.

the class AtlasKnoxSSOAuthenticationFilter method setJwtProperties.

private void setJwtProperties() {
    if (jwtProperties != null) {
        authenticationProviderUrl = jwtProperties.getAuthenticationProviderUrl();
        publicKey = jwtProperties.getPublicKey();
        cookieName = jwtProperties.getCookieName();
        originalUrlQueryParam = jwtProperties.getOriginalUrlQueryParam();
        if (publicKey != null) {
            verifier = new RSASSAVerifier(publicKey);
        }
    }
}
Also used : RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)

Aggregations

RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)4 JWSVerifier (com.nimbusds.jose.JWSVerifier)3 RSAKey (com.nimbusds.jose.jwk.RSAKey)2 SignedJWT (com.nimbusds.jwt.SignedJWT)2 HashMap (java.util.HashMap)2 Test (org.junit.Test)2 JOSEException (com.nimbusds.jose.JOSEException)1 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 Client (com.sun.jersey.api.client.Client)1 ClientResponse (com.sun.jersey.api.client.ClientResponse)1 WebResource (com.sun.jersey.api.client.WebResource)1 JSONObject (org.codehaus.jettison.json.JSONObject)1 OpenIDConnectKeyServiceConfig (org.orcid.core.oauth.openid.OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig)1