use of com.nimbusds.jose.jwk.JWK in project spring-security by spring-projects.
the class DefaultAuthorizationCodeTokenResponseClientTests method getTokenResponseWhenAuthenticationPrivateKeyJwtThenFormParametersAreSent.
@Test
public void getTokenResponseWhenAuthenticationPrivateKeyJwtThenFormParametersAreSent() throws Exception {
// @formatter:off
String accessTokenSuccessResponse = "{\n" + " \"access_token\": \"access-token-1234\",\n" + " \"token_type\": \"bearer\",\n" + " \"expires_in\": \"3600\"\n" + "}\n";
// @formatter:on
this.server.enqueue(jsonResponse(accessTokenSuccessResponse));
// @formatter:off
ClientRegistration clientRegistration = this.clientRegistration.clientAuthenticationMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT).build();
// @formatter:on
// Configure Jwt client authentication converter
JWK jwk = TestJwks.DEFAULT_RSA_JWK;
Function<ClientRegistration, JWK> jwkResolver = (registration) -> jwk;
configureJwtClientAuthenticationConverter(jwkResolver);
this.tokenResponseClient.getTokenResponse(authorizationCodeGrantRequest(clientRegistration));
RecordedRequest recordedRequest = this.server.takeRequest();
assertThat(recordedRequest.getHeader(HttpHeaders.AUTHORIZATION)).isNull();
String formParameters = recordedRequest.getBody().readUtf8();
assertThat(formParameters).contains("client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer");
assertThat(formParameters).contains("client_assertion=");
}
use of com.nimbusds.jose.jwk.JWK in project spring-security by spring-projects.
the class NimbusJwtEncoder method selectJwk.
private JWK selectJwk(JwsHeader headers) {
List<JWK> jwks;
try {
JWKSelector jwkSelector = new JWKSelector(createJwkMatcher(headers));
jwks = this.jwkSource.get(jwkSelector, null);
} catch (Exception ex) {
throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE, "Failed to select a JWK signing key -> " + ex.getMessage()), ex);
}
if (jwks.size() > 1) {
throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE, "Found multiple JWK signing keys for algorithm '" + headers.getAlgorithm().getName() + "'"));
}
if (jwks.isEmpty()) {
throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE, "Failed to select a JWK signing key"));
}
return jwks.get(0);
}
use of com.nimbusds.jose.jwk.JWK in project spring-security by spring-projects.
the class NimbusJwtEncoderTests method encodeWhenKeysRotatedThenNewKeyUsed.
@Test
public void encodeWhenKeysRotatedThenNewKeyUsed() throws Exception {
TestJWKSource jwkSource = new TestJWKSource();
JWKSource<SecurityContext> jwkSourceDelegate = spy(new JWKSource<SecurityContext>() {
@Override
public List<JWK> get(JWKSelector jwkSelector, SecurityContext context) {
return jwkSource.get(jwkSelector, context);
}
});
NimbusJwtEncoder jwtEncoder = new NimbusJwtEncoder(jwkSourceDelegate);
JwkListResultCaptor jwkListResultCaptor = new JwkListResultCaptor();
willAnswer(jwkListResultCaptor).given(jwkSourceDelegate).get(any(), any());
JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).build();
JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
Jwt encodedJws = jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet));
JWK jwk1 = jwkListResultCaptor.getResult().get(0);
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withPublicKey(((RSAKey) jwk1).toRSAPublicKey()).build();
jwtDecoder.decode(encodedJws.getTokenValue());
// Simulate key rotation
jwkSource.rotate();
encodedJws = jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet));
JWK jwk2 = jwkListResultCaptor.getResult().get(0);
jwtDecoder = NimbusJwtDecoder.withPublicKey(((RSAKey) jwk2).toRSAPublicKey()).build();
jwtDecoder.decode(encodedJws.getTokenValue());
assertThat(jwk1.getKeyID()).isNotEqualTo(jwk2.getKeyID());
}
use of com.nimbusds.jose.jwk.JWK in project oxAuth by GluuFederation.
the class CrossEncryptionTest method decryptAndValidateSignatureWithNimbus.
private void decryptAndValidateSignatureWithNimbus(String jweString) throws ParseException, JOSEException {
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JWEObject jweObject = JWEObject.parse(jweString);
jweObject.decrypt(new RSADecrypter(rsaPrivateKey));
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
assertNotNull("Payload not a signed JWT", signedJWT);
RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson);
assertTrue(signedJWT.verify(new RSASSAVerifier(senderJWK)));
assertEquals("testing", signedJWT.getJWTClaimsSet().getSubject());
System.out.println("Nimbus decrypt and nested jwt signature verification succeed: " + signedJWT.getJWTClaimsSet().toJSONObject());
}
use of com.nimbusds.jose.jwk.JWK in project oxAuth by GluuFederation.
the class CrossEncryptionTest method testDecryptNimbusJoseJwt.
private boolean testDecryptNimbusJoseJwt(String jwe) {
try {
EncryptedJWT encryptedJwt = EncryptedJWT.parse(jwe);
// EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithGluu());
// EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithNimbus());
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JWEDecrypter decrypter = new RSADecrypter(rsaPrivateKey);
decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
encryptedJwt.decrypt(decrypter);
final String decryptedPayload = new String(Base64Util.base64urldecode(encryptedJwt.getPayload().toString()));
System.out.println("Nimbusds decrypt succeed: " + decryptedPayload);
if (isJsonEqual(decryptedPayload, PAYLOAD)) {
return true;
}
} catch (Exception e) {
System.out.println("Nimbusds decrypt failed: " + e.getMessage());
e.printStackTrace();
}
return false;
}
Aggregations