Example 6 with JWKSet
use of com.nimbusds.jose.jwk.JWKSet in project knox by apache.
the class JWKSResourceTest method testE2E.
/**
* End to End test that verifies the token acquired from JWKS endpoint.
*/
@Test
public void testE2E() throws Exception {
/* get a signed JWT token */
final JWT testToken = getTestToken("RS256");
final JWKSResource jwksResource = new JWKSResource();
jwksResource.context = context;
jwksResource.request = request;
jwksResource.init();
/* get JWKS keyset */
final Response retResponse = jwksResource.getJwksResponse();
/* following lines just verifies the token */
final JWKSet jwks = JWKSet.parse(retResponse.getEntity().toString());
Assert.assertTrue("No keys found", jwks.getKeys().size() > 0);
final JWK jwk = jwks.getKeys().get(0);
Assert.assertNotNull("No private key found", jwk.toRSAKey().toPublicKey());
final PublicKey pk = jwk.toRSAKey().toPublicKey();
final JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) pk);
Assert.assertTrue("Cannot verify the token, wrong certificate", testToken.verify(verifier));
}
Also used :
Response(javax.ws.rs.core.Response)
JWT(org.apache.knox.gateway.services.security.token.impl.JWT)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWKSet(com.nimbusds.jose.jwk.JWKSet)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
JWK(com.nimbusds.jose.jwk.JWK)
Test(org.junit.Test)
Example 7 with JWKSet
use of com.nimbusds.jose.jwk.JWKSet in project SEPA by arces-wot.
the class AuthorizationManager method init.
private boolean init(KeyStore keyStore, String keyAlias, String keyPwd) throws KeyStoreException, JOSEException {
// Load the key from the key store
RSAKey jwk = RSAKey.load(keyStore, keyAlias, keyPwd.toCharArray());
// Get the private and public keys to sign and verify
RSAPrivateKey privateKey;
RSAPublicKey publicKey;
privateKey = jwk.toRSAPrivateKey();
publicKey = jwk.toRSAPublicKey();
// Create RSA-signer with the private key
signer = new RSASSASigner(privateKey);
// Create RSA-verifier with the public key
verifier = new RSASSAVerifier(publicKey);
// Serialize the public key to be deliverer during registration
jwkPublicKey = new JsonParser().parse(jwk.toPublicJWK().toJSONString());
// Set up a JWT processor to parse the tokens and then check their signature
// and validity time window (bounded by the "iat", "nbf" and "exp" claims)
jwtProcessor = new DefaultJWTProcessor<SEPASecurityContext>();
JWKSet jws = new JWKSet(jwk);
JWKSource<SEPASecurityContext> keySource = new ImmutableJWKSet<SEPASecurityContext>(jws);
JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
JWSKeySelector<SEPASecurityContext> keySelector = new JWSVerificationKeySelector<SEPASecurityContext>(expectedJWSAlg, keySource);
jwtProcessor.setJWSKeySelector(keySelector);
return true;
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
ImmutableJWKSet(com.nimbusds.jose.jwk.source.ImmutableJWKSet)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
JWKSet(com.nimbusds.jose.jwk.JWKSet)
ImmutableJWKSet(com.nimbusds.jose.jwk.source.ImmutableJWKSet)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
JsonParser(com.google.gson.JsonParser)
Example 8 with JWKSet
use of com.nimbusds.jose.jwk.JWKSet in project SEPA by arces-wot.
the class SecurityManager method setupValidation.
private void setupValidation(RSAKey jwk) throws JOSEException {
// Get the public key to verify
RSAPublicKey publicKey = jwk.toRSAPublicKey();
// Create RSA-verifier with the public key
verifier = new RSASSAVerifier(publicKey);
// Serialize the public key to be deliverer during registration
jwkPublicKey = new JsonParser().parse(jwk.toPublicJWK().toJSONString());
logger.debug("Public key to validate JWT");
logger.debug(jwkPublicKey);
// Set up a JWT processor to parse the tokens and then check their signature
// and validity time window (bounded by the "iat", "nbf" and "exp" claims)
jwtProcessor = new DefaultJWTProcessor<SEPASecurityContext>();
JWKSet jws = new JWKSet(jwk);
JWKSource<SEPASecurityContext> keySource = new ImmutableJWKSet<SEPASecurityContext>(jws);
JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
JWSKeySelector<SEPASecurityContext> keySelector = new JWSVerificationKeySelector<SEPASecurityContext>(expectedJWSAlg, keySource);
jwtProcessor.setJWSKeySelector(keySelector);
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWKSet(com.nimbusds.jose.jwk.JWKSet)
ImmutableJWKSet(com.nimbusds.jose.jwk.source.ImmutableJWKSet)
ImmutableJWKSet(com.nimbusds.jose.jwk.source.ImmutableJWKSet)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
JsonParser(com.google.gson.JsonParser)
JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector)
Example 9 with JWKSet
use of com.nimbusds.jose.jwk.JWKSet in project iaf by ibissource.
the class JwtValidator method getKeySource.
protected JWKSource<C> getKeySource(URL jwksURL) throws IOException, ParseException {
JWKSource<C> keySource = null;
if (jwksURL.getProtocol().equals("file") || jwksURL.getProtocol().equals("jar")) {
JWKSet set = JWKSet.load(jwksURL.openStream());
keySource = new ImmutableJWKSet<C>(set);
return keySource;
} else {
// The public RSA keys to validate the signatures will be sourced from the
// OAuth 2.0 server's JWK set, published at a well-known URL. The RemoteJWKSet
// object caches the retrieved keys to speed up subsequent look-ups and can
// also gracefully handle key-rollover
ResourceRetriever retriever = new DefaultResourceRetriever(getConnectTimeout(), getReadTimeout());
// JWKSource<C> keySource = new RemoteJWKSet<C>(new URL(jwksURL),retriever);
// Implemented Seam for Dependency Injection of JWKSource for unit testing
keySource = new RemoteJWKSet<C>(jwksURL, retriever);
}
return keySource;
}
Also used :
DefaultResourceRetriever(com.nimbusds.jose.util.DefaultResourceRetriever)
ResourceRetriever(com.nimbusds.jose.util.ResourceRetriever)
ImmutableJWKSet(com.nimbusds.jose.jwk.source.ImmutableJWKSet)
JWKSet(com.nimbusds.jose.jwk.JWKSet)
RemoteJWKSet(com.nimbusds.jose.jwk.source.RemoteJWKSet)
DefaultResourceRetriever(com.nimbusds.jose.util.DefaultResourceRetriever)
Aggregations
JWKSet (com.nimbusds.jose.jwk.JWKSet)9
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)4
JWK (com.nimbusds.jose.jwk.JWK)4
RSAKey (com.nimbusds.jose.jwk.RSAKey)4
ImmutableJWKSet (com.nimbusds.jose.jwk.source.ImmutableJWKSet)4
RSAPublicKey (java.security.interfaces.RSAPublicKey)4
JOSEException (com.nimbusds.jose.JOSEException)3
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)3
SecurityContext (com.nimbusds.jose.proc.SecurityContext)3
Jwt (org.springframework.security.oauth2.jwt.Jwt)3
JsonParser (com.google.gson.JsonParser)2
JWKSource (com.nimbusds.jose.jwk.source.JWKSource)2
JWSVerificationKeySelector (com.nimbusds.jose.proc.JWSVerificationKeySelector)2
URL (java.net.URL)2
Instant (java.time.Instant)2
ImmutableList (com.google.common.collect.ImmutableList)1
JOSEObjectType (com.nimbusds.jose.JOSEObjectType)1
JWSHeader (com.nimbusds.jose.JWSHeader)1
JWSSigner (com.nimbusds.jose.JWSSigner)1
JWSVerifier (com.nimbusds.jose.JWSVerifier)1
