use of com.nimbusds.jose.jwk.JWKSet in project knox by apache.
the class JWKSResourceTest method testE2E.
/**
* End to End test that verifies the token acquired from JWKS endpoint.
*/
@Test
public void testE2E() throws Exception {
/* get a signed JWT token */
final JWT testToken = getTestToken("RS256");
final JWKSResource jwksResource = new JWKSResource();
jwksResource.context = context;
jwksResource.request = request;
jwksResource.init();
/* get JWKS keyset */
final Response retResponse = jwksResource.getJwksResponse();
/* following lines just verifies the token */
final JWKSet jwks = JWKSet.parse(retResponse.getEntity().toString());
Assert.assertTrue("No keys found", jwks.getKeys().size() > 0);
final JWK jwk = jwks.getKeys().get(0);
Assert.assertNotNull("No private key found", jwk.toRSAKey().toPublicKey());
final PublicKey pk = jwk.toRSAKey().toPublicKey();
final JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) pk);
Assert.assertTrue("Cannot verify the token, wrong certificate", testToken.verify(verifier));
}
use of com.nimbusds.jose.jwk.JWKSet in project SEPA by arces-wot.
the class AuthorizationManager method init.
private boolean init(KeyStore keyStore, String keyAlias, String keyPwd) throws KeyStoreException, JOSEException {
// Load the key from the key store
RSAKey jwk = RSAKey.load(keyStore, keyAlias, keyPwd.toCharArray());
// Get the private and public keys to sign and verify
RSAPrivateKey privateKey;
RSAPublicKey publicKey;
privateKey = jwk.toRSAPrivateKey();
publicKey = jwk.toRSAPublicKey();
// Create RSA-signer with the private key
signer = new RSASSASigner(privateKey);
// Create RSA-verifier with the public key
verifier = new RSASSAVerifier(publicKey);
// Serialize the public key to be deliverer during registration
jwkPublicKey = new JsonParser().parse(jwk.toPublicJWK().toJSONString());
// Set up a JWT processor to parse the tokens and then check their signature
// and validity time window (bounded by the "iat", "nbf" and "exp" claims)
jwtProcessor = new DefaultJWTProcessor<SEPASecurityContext>();
JWKSet jws = new JWKSet(jwk);
JWKSource<SEPASecurityContext> keySource = new ImmutableJWKSet<SEPASecurityContext>(jws);
JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
JWSKeySelector<SEPASecurityContext> keySelector = new JWSVerificationKeySelector<SEPASecurityContext>(expectedJWSAlg, keySource);
jwtProcessor.setJWSKeySelector(keySelector);
return true;
}
use of com.nimbusds.jose.jwk.JWKSet in project SEPA by arces-wot.
the class SecurityManager method setupValidation.
private void setupValidation(RSAKey jwk) throws JOSEException {
// Get the public key to verify
RSAPublicKey publicKey = jwk.toRSAPublicKey();
// Create RSA-verifier with the public key
verifier = new RSASSAVerifier(publicKey);
// Serialize the public key to be deliverer during registration
jwkPublicKey = new JsonParser().parse(jwk.toPublicJWK().toJSONString());
logger.debug("Public key to validate JWT");
logger.debug(jwkPublicKey);
// Set up a JWT processor to parse the tokens and then check their signature
// and validity time window (bounded by the "iat", "nbf" and "exp" claims)
jwtProcessor = new DefaultJWTProcessor<SEPASecurityContext>();
JWKSet jws = new JWKSet(jwk);
JWKSource<SEPASecurityContext> keySource = new ImmutableJWKSet<SEPASecurityContext>(jws);
JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
JWSKeySelector<SEPASecurityContext> keySelector = new JWSVerificationKeySelector<SEPASecurityContext>(expectedJWSAlg, keySource);
jwtProcessor.setJWSKeySelector(keySelector);
}
use of com.nimbusds.jose.jwk.JWKSet in project iaf by ibissource.
the class JwtValidator method getKeySource.
protected JWKSource<C> getKeySource(URL jwksURL) throws IOException, ParseException {
JWKSource<C> keySource = null;
if (jwksURL.getProtocol().equals("file") || jwksURL.getProtocol().equals("jar")) {
JWKSet set = JWKSet.load(jwksURL.openStream());
keySource = new ImmutableJWKSet<C>(set);
return keySource;
} else {
// The public RSA keys to validate the signatures will be sourced from the
// OAuth 2.0 server's JWK set, published at a well-known URL. The RemoteJWKSet
// object caches the retrieved keys to speed up subsequent look-ups and can
// also gracefully handle key-rollover
ResourceRetriever retriever = new DefaultResourceRetriever(getConnectTimeout(), getReadTimeout());
// JWKSource<C> keySource = new RemoteJWKSet<C>(new URL(jwksURL),retriever);
// Implemented Seam for Dependency Injection of JWKSource for unit testing
keySource = new RemoteJWKSet<C>(jwksURL, retriever);
}
return keySource;
}
Aggregations