Examples with RSAKey com.nimbusds.jose.jwk.RSAKey used on opensource projects

Example 1 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.

the class NimbusJwtClientAuthenticationParametersConverterTests method convertWhenPrivateKeyJwtClientAuthenticationMethodThenCustomized.

@Test
public void convertWhenPrivateKeyJwtClientAuthenticationMethodThenCustomized() throws Exception {
    RSAKey rsaJwk = TestJwks.DEFAULT_RSA_JWK;
    given(this.jwkResolver.apply(any())).willReturn(rsaJwk);
    // @formatter:off
    ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().clientAuthenticationMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT).build();
    // @formatter:on
    OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
    MultiValueMap<String, String> parameters = this.converter.convert(clientCredentialsGrantRequest);
    assertThat(parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION_TYPE)).isEqualTo("urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
    String encodedJws = parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION);
    assertThat(encodedJws).isNotNull();
    NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withPublicKey(rsaJwk.toRSAPublicKey()).build();
    Jwt jws = jwtDecoder.decode(encodedJws);
    assertThat(jws.getHeaders().get(JoseHeaderNames.ALG)).isEqualTo(SignatureAlgorithm.RS256.getName());
    assertThat(jws.getHeaders().get(JoseHeaderNames.KID)).isEqualTo(rsaJwk.getKeyID());
    assertThat(jws.<String>getClaim(JwtClaimNames.ISS)).isEqualTo(clientRegistration.getClientId());
    assertThat(jws.getSubject()).isEqualTo(clientRegistration.getClientId());
    assertThat(jws.getAudience()).isEqualTo(Collections.singletonList(clientRegistration.getProviderDetails().getTokenUri()));
    assertThat(jws.getId()).isNotNull();
    assertThat(jws.getIssuedAt()).isNotNull();
    assertThat(jws.getExpiresAt()).isNotNull();
}

Example 2 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.

the class NimbusJwtClientAuthenticationParametersConverterTests method convertWhenClientKeyChangesThenNewKeyUsed.

// gh-9814
@Test
public void convertWhenClientKeyChangesThenNewKeyUsed() throws Exception {
    // @formatter:off
    ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials().clientAuthenticationMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT).build();
    // @formatter:on
    RSAKey rsaJwk1 = TestJwks.DEFAULT_RSA_JWK;
    given(this.jwkResolver.apply(eq(clientRegistration))).willReturn(rsaJwk1);
    OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest(clientRegistration);
    MultiValueMap<String, String> parameters = this.converter.convert(clientCredentialsGrantRequest);
    String encodedJws = parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION);
    NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withPublicKey(rsaJwk1.toRSAPublicKey()).build();
    jwtDecoder.decode(encodedJws);
    RSAKey rsaJwk2 = generateRsaJwk();
    given(this.jwkResolver.apply(eq(clientRegistration))).willReturn(rsaJwk2);
    parameters = this.converter.convert(clientCredentialsGrantRequest);
    encodedJws = parameters.getFirst(OAuth2ParameterNames.CLIENT_ASSERTION);
    jwtDecoder = NimbusJwtDecoder.withPublicKey(rsaJwk2.toRSAPublicKey()).build();
    jwtDecoder.decode(encodedJws);
}

Example 3 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.

the class NimbusJwtEncoderTests method encodeWhenJwkSelectWithProvidedKidThenSelected.

@Test
public void encodeWhenJwkSelectWithProvidedKidThenSelected() {
    // @formatter:off
    RSAKey rsaJwk1 = TestJwks.jwk(TestKeys.DEFAULT_PUBLIC_KEY, TestKeys.DEFAULT_PRIVATE_KEY).keyID("rsa-jwk-1").build();
    this.jwkList.add(rsaJwk1);
    RSAKey rsaJwk2 = TestJwks.jwk(TestKeys.DEFAULT_PUBLIC_KEY, TestKeys.DEFAULT_PRIVATE_KEY).keyID("rsa-jwk-2").build();
    this.jwkList.add(rsaJwk2);
    // @formatter:on
    JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).keyId(rsaJwk2.getKeyID()).build();
    JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
    Jwt encodedJws = this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet));
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.KID)).isEqualTo(rsaJwk2.getKeyID());
}

Example 4 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.

the class NimbusJwtEncoderTests method encodeWhenKeysRotatedThenNewKeyUsed.

@Test
public void encodeWhenKeysRotatedThenNewKeyUsed() throws Exception {
    TestJWKSource jwkSource = new TestJWKSource();
    JWKSource<SecurityContext> jwkSourceDelegate = spy(new JWKSource<SecurityContext>() {

        @Override
        public List<JWK> get(JWKSelector jwkSelector, SecurityContext context) {
            return jwkSource.get(jwkSelector, context);
        }
    });
    NimbusJwtEncoder jwtEncoder = new NimbusJwtEncoder(jwkSourceDelegate);
    JwkListResultCaptor jwkListResultCaptor = new JwkListResultCaptor();
    willAnswer(jwkListResultCaptor).given(jwkSourceDelegate).get(any(), any());
    JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).build();
    JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
    Jwt encodedJws = jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet));
    JWK jwk1 = jwkListResultCaptor.getResult().get(0);
    NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withPublicKey(((RSAKey) jwk1).toRSAPublicKey()).build();
    jwtDecoder.decode(encodedJws.getTokenValue());
    // Simulate key rotation
    jwkSource.rotate();
    encodedJws = jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet));
    JWK jwk2 = jwkListResultCaptor.getResult().get(0);
    jwtDecoder = NimbusJwtDecoder.withPublicKey(((RSAKey) jwk2).toRSAPublicKey()).build();
    jwtDecoder.decode(encodedJws.getTokenValue());
    assertThat(jwk1.getKeyID()).isNotEqualTo(jwk2.getKeyID());
}

Example 5 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.

the class NimbusJwtEncoderTests method encodeWhenJwkSelectWithProvidedX5TS256ThenSelected.

@Test
public void encodeWhenJwkSelectWithProvidedX5TS256ThenSelected() {
    // @formatter:off
    RSAKey rsaJwk1 = TestJwks.jwk(TestKeys.DEFAULT_PUBLIC_KEY, TestKeys.DEFAULT_PRIVATE_KEY).x509CertSHA256Thumbprint(new Base64URL("x509CertSHA256Thumbprint-1")).keyID(null).build();
    this.jwkList.add(rsaJwk1);
    RSAKey rsaJwk2 = TestJwks.jwk(TestKeys.DEFAULT_PUBLIC_KEY, TestKeys.DEFAULT_PRIVATE_KEY).x509CertSHA256Thumbprint(new Base64URL("x509CertSHA256Thumbprint-2")).keyID(null).build();
    this.jwkList.add(rsaJwk2);
    // @formatter:on
    JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).x509SHA256Thumbprint(rsaJwk1.getX509CertSHA256Thumbprint().toString()).build();
    JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
    Jwt encodedJws = this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet));
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5T_S256)).isEqualTo(rsaJwk1.getX509CertSHA256Thumbprint().toString());
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.KID)).isNull();
}