Examples with ECKeyGenerator com.nimbusds.jose.jwk.gen.ECKeyGenerator used on opensource projects

Search in sources :

Example 21 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class AuthoriseAccessTokenHandlerTest method createSignedExpiredAccessToken.

private SignedJWT createSignedExpiredAccessToken(List<String> scopes) throws JOSEException {
    Date expiryDate = NowHelper.nowMinus(2, ChronoUnit.MINUTES);
    ECKey ecJWK = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).generate();
    JWSSigner signer = new ECDSASigner(ecJWK);
    return TokenGeneratorHelper.generateSignedToken(CLIENT_ID, "http://example.com", scopes, signer, SUBJECT, "14342354354353", expiryDate);
}
Also used : ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ECKey(com.nimbusds.jose.jwk.ECKey) JWSSigner(com.nimbusds.jose.JWSSigner) Date(java.util.Date)

Example 22 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class AuthoriseAccessTokenHandlerTest method createSignedAccessToken.

private SignedJWT createSignedAccessToken(List<String> scopes) throws JOSEException {
    ECKey ecJWK = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).generate();
    JWSSigner signer = new ECDSASigner(ecJWK);
    return TokenGeneratorHelper.generateSignedToken(CLIENT_ID, "http://example.com", scopes, signer, SUBJECT, "14342354354353");
}
Also used : ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ECKey(com.nimbusds.jose.jwk.ECKey) JWSSigner(com.nimbusds.jose.JWSSigner)

Example 23 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class LogoutHandlerTest method shouldRedirectToDefaultLogoutUriWithErrorMessageWhenSignaturenIdTokenIsInvalid.

@Test
public void shouldRedirectToDefaultLogoutUriWithErrorMessageWhenSignaturenIdTokenIsInvalid() throws URISyntaxException, JOSEException {
    ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).algorithm(JWSAlgorithm.ES256).generate();
    SignedJWT signedJWT = TokenGeneratorHelper.generateIDToken("invalid-client-id", new Subject(), "http://localhost-rp", ecSigningKey);
    when(tokenValidationService.isTokenSignatureValid(signedJWT.serialize())).thenReturn(false);
    APIGatewayProxyRequestEvent event = generateRequestEvent(Map.of("id_token_hint", signedJWT.serialize(), "post_logout_redirect_uri", CLIENT_LOGOUT_URI.toString()));
    session.getClientSessions().add(CLIENT_SESSION_ID);
    generateSessionFromCookie(session);
    setupClientSessionToken(signedJWT);
    APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
    assertThat(response, hasStatus(302));
    ErrorObject errorObject = new ErrorObject(OAuth2Error.INVALID_REQUEST_CODE, "unable to validate id_token_hint");
    URIBuilder uriBuilder = new URIBuilder(DEFAULT_LOGOUT_URI);
    uriBuilder.addParameter("error_code", errorObject.getCode());
    uriBuilder.addParameter("error_description", errorObject.getDescription());
    URI expectedUri = uriBuilder.build();
    assertThat(response.getHeaders().get(ResponseHeaders.LOCATION), equalTo(expectedUri.toString()));
    verify(auditService).submitAuditEvent(OidcAuditableEvent.LOG_OUT_SUCCESS, "aws-session-id", SESSION_ID, AuditService.UNKNOWN, AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_SESSION_ID);
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ECKey(com.nimbusds.jose.jwk.ECKey) SignedJWT(com.nimbusds.jwt.SignedJWT) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) URI(java.net.URI) Subject(com.nimbusds.oauth2.sdk.id.Subject) URIBuilder(org.apache.http.client.utils.URIBuilder) Test(org.junit.jupiter.api.Test)

Example 24 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class LogoutHandlerTest method setUp.

@BeforeEach
public void setUp() throws JOSEException {
    handler = new LogoutHandler(configurationService, sessionService, dynamoClientService, clientSessionService, tokenValidationService, auditService, backChannelLogoutService);
    when(configurationService.getDefaultLogoutURI()).thenReturn(DEFAULT_LOGOUT_URI);
    ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).algorithm(JWSAlgorithm.ES256).generate();
    signedIDToken = TokenGeneratorHelper.generateIDToken("client-id", SUBJECT, "http://localhost-rp", ecSigningKey);
    session = generateSession().setEmailAddress(EMAIL);
    when(context.getAwsRequestId()).thenReturn("aws-session-id");
}
Also used : ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ECKey(com.nimbusds.jose.jwk.ECKey) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 25 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class LogoutHandlerTest method shouldRedirectToDefaultLogoutUriWithErrorMessageWhenClientIsNotFoundInClientRegistry.

@Test
public void shouldRedirectToDefaultLogoutUriWithErrorMessageWhenClientIsNotFoundInClientRegistry() throws JOSEException, URISyntaxException {
    ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).algorithm(JWSAlgorithm.ES256).generate();
    SignedJWT signedJWT = TokenGeneratorHelper.generateIDToken("invalid-client-id", SUBJECT, "http://localhost-rp", ecSigningKey);
    when(tokenValidationService.isTokenSignatureValid(signedJWT.serialize())).thenReturn(true);
    APIGatewayProxyRequestEvent event = generateRequestEvent(Map.of("id_token_hint", signedJWT.serialize(), "post_logout_redirect_uri", CLIENT_LOGOUT_URI.toString(), "state", STATE.toString()));
    session.getClientSessions().add(CLIENT_SESSION_ID);
    generateSessionFromCookie(session);
    setupClientSessionToken(signedJWT);
    APIGatewayProxyResponseEvent response = handler.handleRequest(event, context);
    assertThat(response, hasStatus(302));
    ErrorObject errorObject = new ErrorObject(OAuth2Error.UNAUTHORIZED_CLIENT_CODE, "client not found");
    URIBuilder uriBuilder = new URIBuilder(DEFAULT_LOGOUT_URI);
    uriBuilder.addParameter("state", STATE.getValue());
    uriBuilder.addParameter("error_code", errorObject.getCode());
    uriBuilder.addParameter("error_description", errorObject.getDescription());
    URI expectedUri = uriBuilder.build();
    assertThat(response.getHeaders().get(ResponseHeaders.LOCATION), equalTo(expectedUri.toString()));
    verify(auditService).submitAuditEvent(OidcAuditableEvent.LOG_OUT_SUCCESS, "aws-session-id", SESSION_ID, "invalid-client-id", AuditService.UNKNOWN, AuditService.UNKNOWN, "123.123.123.123", AuditService.UNKNOWN, PERSISTENT_SESSION_ID);
}
Also used : APIGatewayProxyRequestEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyRequestEvent) ErrorObject(com.nimbusds.oauth2.sdk.ErrorObject) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ECKey(com.nimbusds.jose.jwk.ECKey) SignedJWT(com.nimbusds.jwt.SignedJWT) APIGatewayProxyResponseEvent(com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent) URI(java.net.URI) URIBuilder(org.apache.http.client.utils.URIBuilder) Test(org.junit.jupiter.api.Test)

Aggregations

ECKeyGenerator (com.nimbusds.jose.jwk.gen.ECKeyGenerator)28 ECDSASigner (com.nimbusds.jose.crypto.ECDSASigner)18 SignedJWT (com.nimbusds.jwt.SignedJWT)17 ECKey (com.nimbusds.jose.jwk.ECKey)13 SignRequest (com.amazonaws.services.kms.model.SignRequest)6 SignResult (com.amazonaws.services.kms.model.SignResult)6 Test (org.junit.jupiter.api.Test)6 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)5 JOSEException (com.nimbusds.jose.JOSEException)5 JWSHeader (com.nimbusds.jose.JWSHeader)5 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)5 JWEObject (com.nimbusds.jose.JWEObject)4 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4 JWSSigner (com.nimbusds.jose.JWSSigner)3 RSAKeyGenerator (com.nimbusds.jose.jwk.gen.RSAKeyGenerator)3 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)3 PrivateKeyJWT (com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)3 OIDCTokenResponse (com.nimbusds.openid.connect.sdk.OIDCTokenResponse)3 OIDCTokens (com.nimbusds.openid.connect.sdk.token.OIDCTokens)3 KeyPair (java.security.KeyPair)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial