Examples with RSAKey com.nimbusds.jose.jwk.RSAKey used on opensource projects

Search in sources :

Example 31 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.

the class NimbusJwtClientAuthenticationParametersConverterTests method generateRsaJwk.

private static RSAKey generateRsaJwk() {
    KeyPair keyPair;
    try {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        keyPair = keyPairGenerator.generateKeyPair();
    } catch (Exception ex) {
        throw new IllegalStateException(ex);
    }
    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
    // @formatter:off
    return new RSAKey.Builder(publicKey).privateKey(privateKey).keyID(UUID.randomUUID().toString()).build();
// @formatter:on
}
Also used : KeyPair(java.security.KeyPair) RSAKey(com.nimbusds.jose.jwk.RSAKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) KeyPairGenerator(java.security.KeyPairGenerator) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) OAuth2AuthorizationException(org.springframework.security.oauth2.core.OAuth2AuthorizationException) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException)

Example 32 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.

the class NimbusJweEncoderTests method encodeWhenNestedJwsThenEncodes.

@Test
public void encodeWhenNestedJwsThenEncodes() {
    // See Nimbus example -> Nested signed and encrypted JWT
    // https://connect2id.com/products/nimbus-jose-jwt/examples/signed-and-encrypted-jwt
    RSAKey rsaJwk = TestJwks.DEFAULT_RSA_JWK;
    this.jwkList.add(rsaJwk);
    JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).build();
    JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
    // @formatter:off
    // **********************
    // Assume future API:
    // JwtEncoderParameters.with(JwsHeader jwsHeader, JweHeader jweHeader, JwtClaimsSet claims)
    // **********************
    // @formatter:on
    Jwt encodedJweNestedJws = this.jweEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet));
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.ALG)).isEqualTo(DEFAULT_JWE_HEADER.getAlgorithm());
    assertThat(encodedJweNestedJws.getHeaders().get("enc")).isEqualTo(DEFAULT_JWE_HEADER.<String>getHeader("enc"));
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.JKU)).isNull();
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.JWK)).isNull();
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.KID)).isEqualTo(rsaJwk.getKeyID());
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.X5U)).isNull();
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.X5C)).isNull();
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.X5T)).isNull();
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.X5T_S256)).isNull();
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.TYP)).isNull();
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.CTY)).isEqualTo("JWT");
    assertThat(encodedJweNestedJws.getHeaders().get(JoseHeaderNames.CRIT)).isNull();
    assertThat(encodedJweNestedJws.getIssuer()).isEqualTo(jwtClaimsSet.getIssuer());
    assertThat(encodedJweNestedJws.getSubject()).isEqualTo(jwtClaimsSet.getSubject());
    assertThat(encodedJweNestedJws.getAudience()).isEqualTo(jwtClaimsSet.getAudience());
    assertThat(encodedJweNestedJws.getExpiresAt()).isEqualTo(jwtClaimsSet.getExpiresAt());
    assertThat(encodedJweNestedJws.getNotBefore()).isEqualTo(jwtClaimsSet.getNotBefore());
    assertThat(encodedJweNestedJws.getIssuedAt()).isEqualTo(jwtClaimsSet.getIssuedAt());
    assertThat(encodedJweNestedJws.getId()).isEqualTo(jwtClaimsSet.getId());
    assertThat(encodedJweNestedJws.<String>getClaim("custom-claim-name")).isEqualTo("custom-claim-value");
    assertThat(encodedJweNestedJws.getTokenValue()).isNotNull();
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) Test(org.junit.jupiter.api.Test)

Example 33 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.

the class NimbusJweEncoderTests method encodeWhenJwtClaimsSetThenEncodes.

@Test
public void encodeWhenJwtClaimsSetThenEncodes() {
    RSAKey rsaJwk = TestJwks.DEFAULT_RSA_JWK;
    this.jwkList.add(rsaJwk);
    JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
    // @formatter:off
    // **********************
    // Assume future API:
    // JwtEncoderParameters.with(JweHeader jweHeader, JwtClaimsSet claims)
    // **********************
    // @formatter:on
    Jwt encodedJwe = this.jweEncoder.encode(JwtEncoderParameters.from(jwtClaimsSet));
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.ALG)).isEqualTo(DEFAULT_JWE_HEADER.getAlgorithm());
    assertThat(encodedJwe.getHeaders().get("enc")).isEqualTo(DEFAULT_JWE_HEADER.<String>getHeader("enc"));
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.JKU)).isNull();
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.JWK)).isNull();
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.KID)).isEqualTo(rsaJwk.getKeyID());
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.X5U)).isNull();
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.X5C)).isNull();
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.X5T)).isNull();
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.X5T_S256)).isNull();
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.TYP)).isNull();
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.CTY)).isNull();
    assertThat(encodedJwe.getHeaders().get(JoseHeaderNames.CRIT)).isNull();
    assertThat(encodedJwe.getIssuer()).isEqualTo(jwtClaimsSet.getIssuer());
    assertThat(encodedJwe.getSubject()).isEqualTo(jwtClaimsSet.getSubject());
    assertThat(encodedJwe.getAudience()).isEqualTo(jwtClaimsSet.getAudience());
    assertThat(encodedJwe.getExpiresAt()).isEqualTo(jwtClaimsSet.getExpiresAt());
    assertThat(encodedJwe.getNotBefore()).isEqualTo(jwtClaimsSet.getNotBefore());
    assertThat(encodedJwe.getIssuedAt()).isEqualTo(jwtClaimsSet.getIssuedAt());
    assertThat(encodedJwe.getId()).isEqualTo(jwtClaimsSet.getId());
    assertThat(encodedJwe.<String>getClaim("custom-claim-name")).isEqualTo("custom-claim-value");
    assertThat(encodedJwe.getTokenValue()).isNotNull();
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) Test(org.junit.jupiter.api.Test)

Example 34 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.

the class NimbusJwtEncoderTests method encodeWhenJwkUseEncryptionThenThrowJwtEncodingException.

@Test
public void encodeWhenJwkUseEncryptionThenThrowJwtEncodingException() throws Exception {
    // @formatter:off
    RSAKey rsaJwk = TestJwks.jwk(TestKeys.DEFAULT_PUBLIC_KEY, TestKeys.DEFAULT_PRIVATE_KEY).keyUse(KeyUse.ENCRYPTION).build();
    // @formatter:on
    this.jwkSource = mock(JWKSource.class);
    this.jwtEncoder = new NimbusJwtEncoder(this.jwkSource);
    given(this.jwkSource.get(any(), any())).willReturn(Collections.singletonList(rsaJwk));
    JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).build();
    JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
    assertThatExceptionOfType(JwtEncodingException.class).isThrownBy(() -> this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet))).withMessageContaining("Failed to create a JWS Signer -> The JWK use must be sig (signature) or unspecified");
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) Test(org.junit.jupiter.api.Test)

Example 35 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project spring-security by spring-projects.

the class NimbusJwtEncoderTests method encodeWhenSuccessThenDecodes.

@Test
public void encodeWhenSuccessThenDecodes() throws Exception {
    // @formatter:off
    RSAKey rsaJwk = TestJwks.jwk(TestKeys.DEFAULT_PUBLIC_KEY, TestKeys.DEFAULT_PRIVATE_KEY).keyID("rsa-jwk-1").x509CertSHA256Thumbprint(new Base64URL("x509CertSHA256Thumbprint-1")).build();
    this.jwkList.add(rsaJwk);
    // @formatter:on
    JwsHeader jwsHeader = JwsHeader.with(SignatureAlgorithm.RS256).build();
    JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();
    Jwt encodedJws = this.jwtEncoder.encode(JwtEncoderParameters.from(jwsHeader, jwtClaimsSet));
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.ALG)).isEqualTo(jwsHeader.getAlgorithm());
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.JKU)).isNull();
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.JWK)).isNull();
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.KID)).isEqualTo(rsaJwk.getKeyID());
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5U)).isNull();
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5C)).isNull();
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5T)).isNull();
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.X5T_S256)).isEqualTo(rsaJwk.getX509CertSHA256Thumbprint().toString());
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.TYP)).isNull();
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.CTY)).isNull();
    assertThat(encodedJws.getHeaders().get(JoseHeaderNames.CRIT)).isNull();
    assertThat(encodedJws.getIssuer()).isEqualTo(jwtClaimsSet.getIssuer());
    assertThat(encodedJws.getSubject()).isEqualTo(jwtClaimsSet.getSubject());
    assertThat(encodedJws.getAudience()).isEqualTo(jwtClaimsSet.getAudience());
    assertThat(encodedJws.getExpiresAt()).isEqualTo(jwtClaimsSet.getExpiresAt());
    assertThat(encodedJws.getNotBefore()).isEqualTo(jwtClaimsSet.getNotBefore());
    assertThat(encodedJws.getIssuedAt()).isEqualTo(jwtClaimsSet.getIssuedAt());
    assertThat(encodedJws.getId()).isEqualTo(jwtClaimsSet.getId());
    assertThat(encodedJws.<String>getClaim("custom-claim-name")).isEqualTo("custom-claim-value");
    NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withPublicKey(rsaJwk.toRSAPublicKey()).build();
    jwtDecoder.decode(encodedJws.getTokenValue());
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) Base64URL(com.nimbusds.jose.util.Base64URL) Test(org.junit.jupiter.api.Test)

Aggregations

RSAKey (com.nimbusds.jose.jwk.RSAKey)36 Test (org.junit.jupiter.api.Test)14 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)10 SignedJWT (com.nimbusds.jwt.SignedJWT)9 ParseException (java.text.ParseException)9 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)8 JWK (com.nimbusds.jose.jwk.JWK)8 IOException (java.io.IOException)6 JOSEException (com.nimbusds.jose.JOSEException)5 JWKSelector (com.nimbusds.jose.jwk.JWKSelector)5 SecurityContext (com.nimbusds.jose.proc.SecurityContext)5 InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)5 InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)5 JSONException (org.json.JSONException)5 RSADecrypter (com.nimbusds.jose.crypto.RSADecrypter)4 Base64URL (com.nimbusds.jose.util.Base64URL)4 RSAPublicKey (java.security.interfaces.RSAPublicKey)4 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)3 JWSVerifier (com.nimbusds.jose.JWSVerifier)3 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial