Examples with SecurityContext com.nimbusds.jose.proc.SecurityContext used on opensource projects

Search in sources :

Example 6 with SecurityContext

use of com.nimbusds.jose.proc.SecurityContext in project midpoint by Evolveum.

the class OidcResourceServerModuleWebSecurityConfiguration method buildInternal.

private static OidcResourceServerModuleWebSecurityConfiguration buildInternal(OidcAuthenticationModuleType modelType, String prefixOfSequence) {
    OidcResourceServerModuleWebSecurityConfiguration configuration = new OidcResourceServerModuleWebSecurityConfiguration();
    build(configuration, modelType, prefixOfSequence);
    OidcResourceServerAuthenticationModuleType resourceServer = modelType.getResourceServer();
    if (resourceServer.getTrustingAsymmetricCertificate() != null || resourceServer.getKeyStoreTrustingAsymmetricKey() != null) {
        NimbusJwtDecoder.PublicKeyJwtDecoderBuilder builder;
        if (resourceServer.getKeyStoreTrustingAsymmetricKey() != null) {
            builder = initializePublicKeyDecoderFromKeyStore(resourceServer.getKeyStoreTrustingAsymmetricKey());
        } else {
            builder = initializePublicKeyDecoderFromCertificate(resourceServer.getTrustingAsymmetricCertificate());
        }
        if (resourceServer.getTrustedAlgorithm() != null) {
            builder.signatureAlgorithm(SignatureAlgorithm.from(resourceServer.getTrustedAlgorithm()));
        }
        configuration.decoder = builder.build();
    } else if (resourceServer.getSingleSymmetricKey() != null) {
        try {
            byte[] key;
            String clearValue = protector.decryptString(resourceServer.getSingleSymmetricKey());
            if (Base64.isBase64(clearValue)) {
                boolean isBase64Url = clearValue.contains("-") || clearValue.contains("_");
                key = Base64Utility.decode(clearValue, isBase64Url);
            } else {
                key = protector.decryptString(resourceServer.getSingleSymmetricKey()).getBytes();
            }
            String algorithm = MacAlgorithm.HS256.getName();
            if (resourceServer.getTrustedAlgorithm() != null) {
                algorithm = resourceServer.getTrustedAlgorithm();
            }
            NimbusJwtDecoder.SecretKeyJwtDecoderBuilder builder = NimbusJwtDecoder.withSecretKey(new SecretKeySpec(key, algorithm));
            builder.macAlgorithm(MacAlgorithm.from(algorithm));
            configuration.decoder = builder.build();
        } catch (EncryptionException e) {
            throw new OAuth2AuthenticationException(new OAuth2Error("missing_key"), "Unable get single symmetric key", e);
        } catch (Base64Exception e) {
            e.printStackTrace();
        }
    } else if (resourceServer.getJwkSetUri() != null) {
        if (resourceServer.getTrustedAlgorithm() != null) {
            configuration.decoder = NimbusJwtDecoder.withJwkSetUri(resourceServer.getJwkSetUri()).jwsAlgorithm(SignatureAlgorithm.from(resourceServer.getTrustedAlgorithm())).build();
        } else {
            try {
                JWSKeySelector<SecurityContext> jwsKeySelector = JWSAlgorithmFamilyJWSKeySelector.fromJWKSetURL(new URL(resourceServer.getJwkSetUri()));
                DefaultJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>();
                jwtProcessor.setJWSKeySelector(jwsKeySelector);
                configuration.decoder = new NimbusJwtDecoder(jwtProcessor);
            } catch (KeySourceException | MalformedURLException e) {
                e.printStackTrace();
            }
        }
    } else if (resourceServer.getIssuerUri() != null) {
        configuration.decoder = JwtDecoders.fromIssuerLocation(resourceServer.getIssuerUri());
    }
    return configuration;
}
Also used : MalformedURLException(java.net.MalformedURLException) NimbusJwtDecoder(org.springframework.security.oauth2.jwt.NimbusJwtDecoder) URL(java.net.URL) DefaultJWTProcessor(com.nimbusds.jwt.proc.DefaultJWTProcessor) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Base64Exception(org.apache.cxf.common.util.Base64Exception) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException) SecurityContext(com.nimbusds.jose.proc.SecurityContext) KeySourceException(com.nimbusds.jose.KeySourceException)

Example 7 with SecurityContext

use of com.nimbusds.jose.proc.SecurityContext in project dhis2-core by dhis2.

the class JwtBearerTokenTest method setUpClass.

@BeforeAll
static void setUpClass() throws JOSEException {
    DhisWebApiWebSecurityConfig.setApiContextPath("");
    JWKSource<SecurityContext> jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(new JWKSet(ImmutableList.of(RSA_KEY)));
    jwsEncoder = new JwtUtils(jwkSource);
    jwtDecoder = NimbusJwtDecoder.withPublicKey(RSA_KEY.toRSAPublicKey()).build();
}
Also used : BeforeEach(org.junit.jupiter.api.BeforeEach) SecurityContext(com.nimbusds.jose.proc.SecurityContext) ConfigurationKey(org.hisp.dhis.external.conf.ConfigurationKey) NimbusJwtDecoder(org.springframework.security.oauth2.jwt.NimbusJwtDecoder) Contracts.assertNotNull(org.hibernate.validator.internal.util.Contracts.assertNotNull) JOSEException(com.nimbusds.jose.JOSEException) Autowired(org.springframework.beans.factory.annotation.Autowired) DhisOidcProviderRepository(org.hisp.dhis.security.oidc.DhisOidcProviderRepository) JWKSet(com.nimbusds.jose.jwk.JWKSet) JwtClaimsSet(org.hisp.dhis.webapi.security.utils.JwtClaimsSet) TestJwks(org.hisp.dhis.webapi.security.utils.TestJwks) TestJwtClaimsSets(org.hisp.dhis.webapi.security.utils.TestJwtClaimsSets) Dhis2JwtAuthenticationManagerResolver(org.hisp.dhis.security.jwt.Dhis2JwtAuthenticationManagerResolver) ImmutableList(com.google.common.collect.ImmutableList) BeforeAll(org.junit.jupiter.api.BeforeAll) JsonError(org.hisp.dhis.webapi.json.domain.JsonError) DhisWebApiWebSecurityConfig(org.hisp.dhis.webapi.security.config.DhisWebApiWebSecurityConfig) JoseHeaderNames(org.hisp.dhis.webapi.security.utils.JoseHeaderNames) User(org.hisp.dhis.user.User) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) JwtTokenHeader(org.hisp.dhis.webapi.WebClient.JwtTokenHeader) Jwt(org.springframework.security.oauth2.jwt.Jwt) JsonUser(org.hisp.dhis.webapi.json.domain.JsonUser) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) Properties(java.util.Properties) TestJoseHeaders(org.hisp.dhis.webapi.security.utils.TestJoseHeaders) JoseHeader(org.hisp.dhis.webapi.security.utils.JoseHeader) DhisControllerWithJwtTokenAuthTest(org.hisp.dhis.webapi.DhisControllerWithJwtTokenAuthTest) GenericOidcProviderConfigParser(org.hisp.dhis.security.oidc.GenericOidcProviderConfigParser) Test(org.junit.jupiter.api.Test) HttpStatus(org.springframework.http.HttpStatus) RSAKey(com.nimbusds.jose.jwk.RSAKey) JwtUtils(org.hisp.dhis.webapi.security.utils.JwtUtils) DhisOidcClientRegistration(org.hisp.dhis.security.oidc.DhisOidcClientRegistration) GoogleProvider(org.hisp.dhis.security.oidc.provider.GoogleProvider) JWKSet(com.nimbusds.jose.jwk.JWKSet) SecurityContext(com.nimbusds.jose.proc.SecurityContext) JwtUtils(org.hisp.dhis.webapi.security.utils.JwtUtils) BeforeAll(org.junit.jupiter.api.BeforeAll)

Example 8 with SecurityContext

use of com.nimbusds.jose.proc.SecurityContext in project dhis2-core by dhis2.

the class JwtUtils method jwkSource.

public JWKSource<SecurityContext> jwkSource() {
    RSAKey rsaKey = Jwks.generateRsa();
    JWKSet jwkSet = new JWKSet(rsaKey);
    return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
}
Also used : SecurityContext(com.nimbusds.jose.proc.SecurityContext) JWKSelector(com.nimbusds.jose.jwk.JWKSelector) URL(java.net.URL) Date(java.util.Date) JOSEException(com.nimbusds.jose.JOSEException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JWKSet(com.nimbusds.jose.jwk.JWKSet) JWSSignerFactory(com.nimbusds.jose.produce.JWSSignerFactory) Map(java.util.Map) Base64URL(com.nimbusds.jose.util.Base64URL) Jwt(org.springframework.security.oauth2.jwt.Jwt) Base64(com.nimbusds.jose.util.Base64) Converter(org.springframework.core.convert.converter.Converter) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) DefaultJWSSignerFactory(com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) Set(java.util.Set) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) UUID(java.util.UUID) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) JWSHeader(com.nimbusds.jose.JWSHeader) SignedJWT(com.nimbusds.jwt.SignedJWT) JWK(com.nimbusds.jose.jwk.JWK) KeySourceException(com.nimbusds.jose.KeySourceException) List(java.util.List) JWSSigner(com.nimbusds.jose.JWSSigner) RSAKey(com.nimbusds.jose.jwk.RSAKey) JSONObject(net.minidev.json.JSONObject) CollectionUtils(org.springframework.util.CollectionUtils) JOSEObjectType(com.nimbusds.jose.JOSEObjectType) JWKMatcher(com.nimbusds.jose.jwk.JWKMatcher) Assert(org.springframework.util.Assert) StringUtils(org.springframework.util.StringUtils) RSAKey(com.nimbusds.jose.jwk.RSAKey) JWKSet(com.nimbusds.jose.jwk.JWKSet)

Example 9 with SecurityContext

use of com.nimbusds.jose.proc.SecurityContext in project spring-security by spring-projects.

the class JwtDecoderProviderConfigurationUtilsTests method getSignatureAlgorithmsWhenJwkSetSpecifiesFamilyThenUses.

@Test
public void getSignatureAlgorithmsWhenJwkSetSpecifiesFamilyThenUses() throws Exception {
    JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
    // Test parameters are from Anders Rundgren, public only
    ECKey ecKey = new ECKey.Builder(Curve.P_256, new Base64URL("3l2Da_flYc-AuUTm2QzxgyvJxYM_2TeB9DMlwz7j1PE"), new Base64URL("-kjT7Wrfhwsi9SG6H4UXiyUiVE9GHCLauslksZ3-_t0")).keyUse(KeyUse.SIGNATURE).build();
    RSAKey rsaKey = new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyUse(KeyUse.ENCRYPTION).build();
    given(jwkSource.get(any(JWKSelector.class), isNull())).willReturn(Arrays.asList(ecKey, rsaKey));
    Set<SignatureAlgorithm> algorithms = JwtDecoderProviderConfigurationUtils.getSignatureAlgorithms(jwkSource);
    assertThat(algorithms).contains(SignatureAlgorithm.ES256, SignatureAlgorithm.ES384, SignatureAlgorithm.ES512);
}
Also used : JWKSelector(com.nimbusds.jose.jwk.JWKSelector) RSAKey(com.nimbusds.jose.jwk.RSAKey) SecurityContext(com.nimbusds.jose.proc.SecurityContext) ECKey(com.nimbusds.jose.jwk.ECKey) SignatureAlgorithm(org.springframework.security.oauth2.jose.jws.SignatureAlgorithm) Base64URL(com.nimbusds.jose.util.Base64URL) Test(org.junit.jupiter.api.Test)

Aggregations

SecurityContext (com.nimbusds.jose.proc.SecurityContext)9 RSAKey (com.nimbusds.jose.jwk.RSAKey)6 Test (org.junit.jupiter.api.Test)6 JWKSelector (com.nimbusds.jose.jwk.JWKSelector)5 JWK (com.nimbusds.jose.jwk.JWK)3 JWKSet (com.nimbusds.jose.jwk.JWKSet)3 SignatureAlgorithm (org.springframework.security.oauth2.jose.jws.SignatureAlgorithm)3 Jwt (org.springframework.security.oauth2.jwt.Jwt)3 JOSEException (com.nimbusds.jose.JOSEException)2 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)2 KeySourceException (com.nimbusds.jose.KeySourceException)2 JWKSource (com.nimbusds.jose.jwk.source.JWKSource)2 Base64URL (com.nimbusds.jose.util.Base64URL)2 URL (java.net.URL)2 Instant (java.time.Instant)2 List (java.util.List)2 NimbusJwtDecoder (org.springframework.security.oauth2.jwt.NimbusJwtDecoder)2 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)1 ImmutableList (com.google.common.collect.ImmutableList)1 Algorithm (com.nimbusds.jose.Algorithm)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial