use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.
the class NimbusJwtClientAuthenticationParametersConverterTests method generateRsaJwk.
private static RSAKey generateRsaJwk() {
KeyPair keyPair;
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
keyPair = keyPairGenerator.generateKeyPair();
} catch (Exception ex) {
throw new IllegalStateException(ex);
}
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
// @formatter:off
return new RSAKey.Builder(publicKey).privateKey(privateKey).keyID(UUID.randomUUID().toString()).build();
// @formatter:on
}
use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.
the class NimbusJweEncoderTests method encodeWhenNestedJwsThenEncodes.
@Test
public void encodeWhenNestedJwsThenEncodes() {
// See Nimbus example -> Nested signed and encrypted JWT
// https://connect2id.com/products/nimbus-jose-jwt/examples/signed-and-encrypted-jwt
RSAKey rsaJwk = TestJwks.DEFAULT_RSA_JWK;
this.jwkList.add(rsaJwk);
JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).build();
JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
// @formatter:off
// **********************
// Assume future API:
// JwtEncoderParameters.with(JwsHeader jwsHeader, JweHeader jweHeader, JwtClaimsSet claims)
// **********************
// @formatter:on
Jwt encodedJweNestedJws = this.jweEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet));
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.ALG)).isEqualTo(DEFAULT_JWE_HEADER.getAlgorithm());
assertThat(encodedJweNestedJws.getHeaders().get("enc")).isEqualTo(DEFAULT_JWE_HEADER.<String>getHeader("enc"));
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.JKU)).isNull();
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.JWK)).isNull();
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.KID)).isEqualTo(rsaJwk.getKeyID());
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.X5U)).isNull();
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.X5C)).isNull();
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.X5T)).isNull();
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.X5T_S256)).isNull();
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.TYP)).isNull();
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.CTY)).isEqualTo("JWT");
assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.CRIT)).isNull();
assertThat(encodedJweNestedJws.getIssuer()).isEqualTo(jwtClaimsSet.getIssuer());
assertThat(encodedJweNestedJws.getSubject()).isEqualTo(jwtClaimsSet.getSubject());
assertThat(encodedJweNestedJws.getAudience()).isEqualTo(jwtClaimsSet.getAudience());
assertThat(encodedJweNestedJws.getExpiresAt()).isEqualTo(jwtClaimsSet.getExpiresAt());
assertThat(encodedJweNestedJws.getNotBefore()).isEqualTo(jwtClaimsSet.getNotBefore());
assertThat(encodedJweNestedJws.getIssuedAt()).isEqualTo(jwtClaimsSet.getIssuedAt());
assertThat(encodedJweNestedJws.getId()).isEqualTo(jwtClaimsSet.getId());
assertThat(encodedJweNestedJws.<String>getClaim("custom-claim-name")).isEqualTo("custom-claim-value");
assertThat(encodedJweNestedJws.getTokenValue()).isNotNull();
}
use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.
the class NimbusJweEncoderTests method encodeWhenJwtClaimsSetThenEncodes.
@Test
public void encodeWhenJwtClaimsSetThenEncodes() {
RSAKey rsaJwk = TestJwks.DEFAULT_RSA_JWK;
this.jwkList.add(rsaJwk);
JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
// @formatter:off
// **********************
// Assume future API:
// JwtEncoderParameters.with(JweHeader jweHeader, JwtClaimsSet claims)
// **********************
// @formatter:on
Jwt encodedJwe = this.jweEncoder.encode(JwtEncoderParameters.from(jwtClaimsSet));
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.ALG)).isEqualTo(DEFAULT_JWE_HEADER.getAlgorithm());
assertThat(encodedJwe.getHeaders().get("enc")).isEqualTo(DEFAULT_JWE_HEADER.<String>getHeader("enc"));
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.JKU)).isNull();
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.JWK)).isNull();
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.KID)).isEqualTo(rsaJwk.getKeyID());
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.X5U)).isNull();
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.X5C)).isNull();
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.X5T)).isNull();
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.X5T_S256)).isNull();
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.TYP)).isNull();
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.CTY)).isNull();
assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.CRIT)).isNull();
assertThat(encodedJwe.getIssuer()).isEqualTo(jwtClaimsSet.getIssuer());
assertThat(encodedJwe.getSubject()).isEqualTo(jwtClaimsSet.getSubject());
assertThat(encodedJwe.getAudience()).isEqualTo(jwtClaimsSet.getAudience());
assertThat(encodedJwe.getExpiresAt()).isEqualTo(jwtClaimsSet.getExpiresAt());
assertThat(encodedJwe.getNotBefore()).isEqualTo(jwtClaimsSet.getNotBefore());
assertThat(encodedJwe.getIssuedAt()).isEqualTo(jwtClaimsSet.getIssuedAt());
assertThat(encodedJwe.getId()).isEqualTo(jwtClaimsSet.getId());
assertThat(encodedJwe.<String>getClaim("custom-claim-name")).isEqualTo("custom-claim-value");
assertThat(encodedJwe.getTokenValue()).isNotNull();
}
use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.
the class NimbusJwtEncoderTests method encodeWhenJwkUseEncryptionThenThrowJwtEncodingException.
@Test
public void encodeWhenJwkUseEncryptionThenThrowJwtEncodingException() throws Exception {
// @formatter:off
RSAKey rsaJwk = TestJwks.jwk(TestKeys.DEFAULT_PUBLIC_KEY, TestKeys.DEFAULT_PRIVATE_KEY).keyUse(KeyUse.ENCRYPTION).build();
// @formatter:on
this.jwkSource = mock(JWKSource.class);
this.jwtEncoder = new NimbusJwtEncoder(this.jwkSource);
given(this.jwkSource.get(any(), any())).willReturn(Collections.singletonList(rsaJwk));
JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).build();
JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
assertThatExceptionOfType(JwtEncodingException.class).isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet))).withMessageContaining("Failed to create a JWS Signer -> The JWK use must be sig (signature) or unspecified");
}
use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.
the class NimbusJwtEncoderTests method encodeWhenSuccessThenDecodes.
@Test
public void encodeWhenSuccessThenDecodes() throws Exception {
// @formatter:off
RSAKey rsaJwk = TestJwks.jwk(TestKeys.DEFAULT_PUBLIC_KEY, TestKeys.DEFAULT_PRIVATE_KEY).keyID("rsa-jwk-1").x509CertSHA256Thumbprint(new Base64URL("x509CertSHA256Thumbprint-1")).build();
this.jwkList.add(rsaJwk);
// @formatter:on
JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).build();
JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
Jwt encodedJws = this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet));
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.ALG)).isEqualTo(jwsHeader.getAlgorithm());
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.JKU)).isNull();
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.JWK)).isNull();
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.KID)).isEqualTo(rsaJwk.getKeyID());
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5U)).isNull();
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5C)).isNull();
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5T)).isNull();
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5T_S256)).isEqualTo(rsaJwk.getX509CertSHA256Thumbprint().toString());
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.TYP)).isNull();
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.CTY)).isNull();
assertThat(encodedJws.getHeaders().get(JoseHeaderNames.CRIT)).isNull();
assertThat(encodedJws.getIssuer()).isEqualTo(jwtClaimsSet.getIssuer());
assertThat(encodedJws.getSubject()).isEqualTo(jwtClaimsSet.getSubject());
assertThat(encodedJws.getAudience()).isEqualTo(jwtClaimsSet.getAudience());
assertThat(encodedJws.getExpiresAt()).isEqualTo(jwtClaimsSet.getExpiresAt());
assertThat(encodedJws.getNotBefore()).isEqualTo(jwtClaimsSet.getNotBefore());
assertThat(encodedJws.getIssuedAt()).isEqualTo(jwtClaimsSet.getIssuedAt());
assertThat(encodedJws.getId()).isEqualTo(jwtClaimsSet.getId());
assertThat(encodedJws.<String>getClaim("custom-claim-name")).isEqualTo("custom-claim-value");
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withPublicKey(rsaJwk.toRSAPublicKey()).build();
jwtDecoder.decode(encodedJws.getTokenValue());
}
Aggregations