use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project gravitee-access-management by gravitee-io.
the class JWEEllipticCurveTest method encryptIdToken.
@Test
public void encryptIdToken() {
try {
// prepare encryption private & public key
com.nimbusds.jose.jwk.ECKey jwk = new ECKeyGenerator(this.crv).generate();
ECKey key = new ECKey();
key.setKid("ecEnc");
key.setUse("enc");
key.setCrv(jwk.getCurve().getName());
key.setX(jwk.getX().toString());
key.setY(jwk.getY().toString());
Client client = new Client();
client.setIdTokenEncryptedResponseAlg(alg);
client.setIdTokenEncryptedResponseEnc(enc);
when(jwkService.getKeys(client)).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.filter(any(), any())).thenReturn(Maybe.just(key));
TestObserver testObserver = jweService.encryptIdToken("JWT", client).test();
testObserver.assertNoErrors();
testObserver.assertComplete();
testObserver.assertValue(jweString -> {
JWEObject jwe = JWEObject.parse((String) jweString);
jwe.decrypt(new ECDHDecrypter(jwk));
return "JWT".equals(jwe.getPayload().toString());
});
} catch (JOSEException e) {
fail(e.getMessage());
}
}
use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project gravitee-access-management by gravitee-io.
the class JWEEllipticCurveTest method encryptUserinfo.
@Test
public void encryptUserinfo() {
try {
// prepare encryption private & public key
com.nimbusds.jose.jwk.ECKey jwk = new ECKeyGenerator(this.crv).generate();
ECKey key = new ECKey();
key.setKid("ecEnc");
key.setUse("enc");
key.setCrv(jwk.getCurve().getName());
key.setX(jwk.getX().toString());
key.setY(jwk.getY().toString());
Client client = new Client();
client.setUserinfoEncryptedResponseAlg(alg);
client.setUserinfoEncryptedResponseEnc(enc);
when(jwkService.getKeys(client)).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.filter(any(), any())).thenReturn(Maybe.just(key));
TestObserver testObserver = jweService.encryptUserinfo("JWT", client).test();
testObserver.assertNoErrors();
testObserver.assertComplete();
testObserver.assertValue(jweString -> {
JWEObject jwe = JWEObject.parse((String) jweString);
jwe.decrypt(new ECDHDecrypter(jwk));
return "JWT".equals(jwe.getPayload().toString());
});
} catch (JOSEException e) {
fail(e.getMessage());
}
}
use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.
the class TokenHandlerTest method shouldReturn200ForSuccessfulTokenRequest.
@ParameterizedTest
@MethodSource("validVectorValues")
public void shouldReturn200ForSuccessfulTokenRequest(String vectorValue) throws JOSEException {
KeyPair keyPair = generateRsaKeyPair();
UserProfile userProfile = generateUserProfile();
SignedJWT signedJWT = generateIDToken(CLIENT_ID, PUBLIC_SUBJECT, "issuer-url", new ECKeyGenerator(Curve.P_256).algorithm(JWSAlgorithm.ES256).generate());
OIDCTokenResponse tokenResponse = new OIDCTokenResponse(new OIDCTokens(signedJWT, accessToken, refreshToken));
PrivateKeyJWT privateKeyJWT = generatePrivateKeyJWT(keyPair.getPrivate());
ClientRegistry clientRegistry = generateClientRegistry(keyPair);
when(tokenService.validateTokenRequestParams(anyString())).thenReturn(Optional.empty());
when(clientService.getClient(eq(CLIENT_ID))).thenReturn(Optional.of(clientRegistry));
when(tokenService.validatePrivateKeyJWT(anyString(), eq(clientRegistry.getPublicKey()), eq(BASE_URI), eq(CLIENT_ID))).thenReturn(Optional.empty());
String authCode = new AuthorizationCode().toString();
when(authorisationCodeService.getExchangeDataForCode(authCode)).thenReturn(Optional.of(new AuthCodeExchangeData().setEmail(TEST_EMAIL).setClientSessionId(CLIENT_SESSION_ID)));
AuthenticationRequest authenticationRequest = generateAuthRequest(JsonArrayHelper.jsonArrayOf(vectorValue));
VectorOfTrust vtr = VectorOfTrust.parseFromAuthRequestAttribute(authenticationRequest.getCustomParameter("vtr"));
when(clientSessionService.getClientSession(CLIENT_SESSION_ID)).thenReturn(new ClientSession(authenticationRequest.toParameters(), LocalDateTime.now(), vtr));
when(dynamoService.getUserProfileByEmail(eq(TEST_EMAIL))).thenReturn(userProfile);
when(tokenService.generateTokenResponse(CLIENT_ID, INTERNAL_SUBJECT, SCOPES, Map.of("nonce", NONCE), PUBLIC_SUBJECT, vtr.retrieveVectorOfTrustForToken(), userProfile.getClientConsent(), clientRegistry.isConsentRequired(), null)).thenReturn(tokenResponse);
APIGatewayProxyResponseEvent result = generateApiGatewayRequest(privateKeyJWT, authCode);
assertThat(result, hasStatus(200));
assertTrue(result.getBody().contains(refreshToken.getValue()));
assertTrue(result.getBody().contains(accessToken.getValue()));
}
use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method createSignedAccessTokenWithIdentityClaims.
private AccessToken createSignedAccessTokenWithIdentityClaims(OIDCClaimsRequest identityClaims) {
try {
LocalDateTime localDateTime = LocalDateTime.now().plusMinutes(3);
Date expiryDate = Date.from(localDateTime.atZone(ZoneId.of("UTC")).toInstant());
ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
ECDSASigner signer = new ECDSASigner(ecSigningKey);
SignedJWT signedJWT = TokenGeneratorHelper.generateSignedToken(CLIENT_ID, BASE_URL, SCOPES, signer, SUBJECT, ecSigningKey.getKeyID(), expiryDate, identityClaims);
return new BearerAccessToken(signedJWT.serialize());
} catch (JOSEException e) {
throw new RuntimeException(e);
}
}
use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.
the class UserInfoServiceTest method createSignedAccessToken.
private AccessToken createSignedAccessToken() throws JOSEException {
ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
ECDSASigner signer = new ECDSASigner(ecSigningKey);
SignedJWT signedJWT = TokenGeneratorHelper.generateSignedToken(CLIENT_ID, BASE_URL, SCOPES, signer, SUBJECT, ecSigningKey.getKeyID());
return new BearerAccessToken(signedJWT.serialize());
}
Aggregations