Search in sources :

Example 1 with Resource

use of com.nimbusds.jose.util.Resource in project ddf by codice.

the class OidcTokenValidatorTest method setup.

@Before
public void setup() throws Exception {
    // Generate the RSA key pair
    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
    gen.initialize(2048);
    KeyPair keyPair = gen.generateKeyPair();
    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
    JWK sigJwk = new RSAKey.Builder(publicKey).privateKey(privateKey).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).build();
    String jwk = "{\"keys\": [" + sigJwk.toPublicJWK().toJSONString() + "] }";
    when(oidcProviderMetadata.getIDTokenJWSAlgs()).thenReturn(ImmutableList.of(JWSAlgorithm.RS256));
    when(oidcProviderMetadata.getIssuer()).thenReturn(new Issuer("http://localhost:8080/auth/realms/master"));
    when(oidcProviderMetadata.getJWKSetURI()).thenReturn(new URI("http://localhost:8080/auth/realms/master/protocol/openid-connect/certs"));
    Resource resource = new Resource(jwk, APPLICATION_JSON);
    when(resourceRetriever.retrieveResource(any())).thenReturn(resource);
    when(configuration.getClientId()).thenReturn("ddf-client");
    when(configuration.getSecret()).thenReturn("secret");
    when(configuration.isUseNonce()).thenReturn(true);
    when(configuration.findProviderMetadata()).thenReturn(oidcProviderMetadata);
    when(configuration.findResourceRetriever()).thenReturn(resourceRetriever);
    validAlgorithm = Algorithm.RSA256(publicKey, privateKey);
    invalidAlgorithm = Algorithm.HMAC256("WRONG");
    when(oidcClient.getNonceSessionAttributeName()).thenReturn(NONCE_SESSION_ATTRIBUTE);
}
Also used : KeyPair(java.security.KeyPair) RSAPublicKey(java.security.interfaces.RSAPublicKey) Issuer(com.nimbusds.oauth2.sdk.id.Issuer) Resource(com.nimbusds.jose.util.Resource) KeyPairGenerator(java.security.KeyPairGenerator) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) URI(java.net.URI) JWK(com.nimbusds.jose.jwk.JWK) Before(org.junit.Before)

Example 2 with Resource

use of com.nimbusds.jose.util.Resource in project ddf by codice.

the class OAuthSecurityImplTest method setUp.

@Before
public void setUp() throws Exception {
    // Generate the RSA key pair to sign tokens
    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
    gen.initialize(2048);
    KeyPair keyPair = gen.generateKeyPair();
    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
    JWK sigJwk = new RSAKey.Builder(publicKey).privateKey(privateKey).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).build();
    String jwk = "{\"keys\": [" + sigJwk.toPublicJWK().toJSONString() + "] }";
    validAlgorithm = Algorithm.RSA256(publicKey, privateKey);
    invalidAlgorithm = Algorithm.HMAC256("WRONG");
    ResourceRetriever resourceRetriever = mock(ResourceRetriever.class);
    Resource jwkResource = new Resource(jwk, APPLICATION_JSON);
    when(resourceRetriever.retrieveResource(eq(new URL(JWK_ENDPOINT)))).thenReturn(jwkResource);
    String content = IOUtils.toString(Objects.requireNonNull(getClass().getClassLoader().getResourceAsStream("metadata.json")), StandardCharsets.UTF_8);
    Resource metadataResource = new Resource(content, APPLICATION_JSON);
    when(resourceRetriever.retrieveResource(eq(new URL(METADATA_ENDPOINT)))).thenReturn(metadataResource);
    tokenStorage = mock(TokenStorage.class);
    oauthSecurity = new OAuthSecurityWithMockWebclient(tokenStorage);
    oauthSecurity.setResourceRetriever(resourceRetriever);
}
Also used : KeyPair(java.security.KeyPair) RSAPublicKey(java.security.interfaces.RSAPublicKey) ResourceRetriever(com.nimbusds.jose.util.ResourceRetriever) Resource(com.nimbusds.jose.util.Resource) KeyPairGenerator(java.security.KeyPairGenerator) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) TokenStorage(org.codice.ddf.security.token.storage.api.TokenStorage) URL(java.net.URL) JWK(com.nimbusds.jose.jwk.JWK) Before(org.junit.Before)

Example 3 with Resource

use of com.nimbusds.jose.util.Resource in project ddf by codice.

the class OAuthPluginTest method setUp.

@Before
public void setUp() throws Exception {
    // Generate the RSA key pair to sign tokens
    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
    gen.initialize(2048);
    KeyPair keyPair = gen.generateKeyPair();
    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
    JWK sigJwk = new RSAKey.Builder(publicKey).privateKey(privateKey).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).build();
    String jwk = "{\"keys\": [" + sigJwk.toPublicJWK().toJSONString() + "] }";
    validAlgorithm = Algorithm.RSA256(publicKey, privateKey);
    invalidAlgorithm = Algorithm.HMAC256("WRONG");
    ResourceRetriever resourceRetriever = mock(ResourceRetriever.class);
    Resource jwkResource = new Resource(jwk, APPLICATION_JSON);
    when(resourceRetriever.retrieveResource(eq(new URL(JWK_ENDPOINT)))).thenReturn(jwkResource);
    String content = IOUtils.toString(Objects.requireNonNull(getClass().getClassLoader().getResourceAsStream("metadata.json")), StandardCharsets.UTF_8);
    Resource metadataResource = new Resource(content, APPLICATION_JSON);
    when(resourceRetriever.retrieveResource(eq(new URL(METADATA_ENDPOINT)))).thenReturn(metadataResource);
    tokenStorage = mock(TokenStorage.class);
    oauthPlugin = new OAuthPluginWithMockWebClient(tokenStorage);
    oauthPlugin.setResourceRetriever(resourceRetriever);
}
Also used : KeyPair(java.security.KeyPair) RSAPublicKey(java.security.interfaces.RSAPublicKey) ResourceRetriever(com.nimbusds.jose.util.ResourceRetriever) Resource(com.nimbusds.jose.util.Resource) KeyPairGenerator(java.security.KeyPairGenerator) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) TokenStorage(org.codice.ddf.security.token.storage.api.TokenStorage) URL(java.net.URL) DISCOVERY_URL(org.codice.ddf.security.token.storage.api.TokenStorage.DISCOVERY_URL) JWK(com.nimbusds.jose.jwk.JWK) Before(org.junit.Before)

Example 4 with Resource

use of com.nimbusds.jose.util.Resource in project ddf by codice.

the class OidcRealmTest method setup.

@Before
public void setup() throws Exception {
    realm = new OidcRealm();
    // Generate the RSA key pair
    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
    gen.initialize(2048);
    KeyPair keyPair = gen.generateKeyPair();
    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
    validAlgorithm = Algorithm.RSA256(publicKey, privateKey);
    invalidAlgorithm = Algorithm.HMAC256("WRONG");
    JWK sigJwk = new RSAKey.Builder(publicKey).privateKey(privateKey).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).build();
    String jwk = "{\"keys\": [" + sigJwk.toPublicJWK().toJSONString() + "] }";
    OIDCProviderMetadata oidcProviderMetadata = mock(OIDCProviderMetadata.class);
    when(oidcProviderMetadata.getIDTokenJWSAlgs()).thenReturn(ImmutableList.of(JWSAlgorithm.RS256));
    when(oidcProviderMetadata.getIssuer()).thenReturn(new Issuer("http://localhost:8080/auth/realms/master"));
    when(oidcProviderMetadata.getJWKSetURI()).thenReturn(new URI("http://localhost:8080/auth/realms/master/protocol/openid-connect/certs"));
    ResourceRetriever resourceRetriever = mock(ResourceRetriever.class);
    Resource resource = new Resource(jwk, APPLICATION_JSON);
    when(resourceRetriever.retrieveResource(any())).thenReturn(resource);
    OidcConfiguration configuration = mock(OidcConfiguration.class);
    when(configuration.getClientId()).thenReturn("ddf-client");
    when(configuration.getSecret()).thenReturn("secret");
    when(configuration.isUseNonce()).thenReturn(true);
    when(configuration.getResponseType()).thenReturn("code");
    when(configuration.findProviderMetadata()).thenReturn(oidcProviderMetadata);
    when(configuration.findResourceRetriever()).thenReturn(resourceRetriever);
    OidcHandlerConfiguration handlerConfiguration = mock(OidcHandlerConfiguration.class);
    when(handlerConfiguration.getOidcConfiguration()).thenReturn(configuration);
    when(handlerConfiguration.getOidcClient(any())).thenReturn(mock(OidcClient.class));
    realm.setOidcHandlerConfiguration(handlerConfiguration);
    realm.setUsernameAttributeList(Collections.singletonList("preferred_username"));
    JWT jwt = mock(JWT.class);
    AccessToken accessToken = new BearerAccessToken(getAccessTokenBuilder().sign(validAlgorithm));
    AuthorizationCode authorizationCode = new AuthorizationCode();
    WebContext webContext = getWebContext();
    oidcCredentials = mock(OidcCredentials.class);
    when(oidcCredentials.getIdToken()).thenReturn(jwt);
    when(oidcCredentials.getIdToken()).thenReturn(jwt);
    when(oidcCredentials.getAccessToken()).thenReturn(accessToken);
    when(oidcCredentials.getCode()).thenReturn(authorizationCode);
    authenticationToken = mock(OidcAuthenticationToken.class);
    when(authenticationToken.getCredentials()).thenReturn(oidcCredentials);
    when(authenticationToken.getContext()).thenReturn(webContext);
}
Also used : OidcHandlerConfiguration(org.codice.ddf.security.handler.api.OidcHandlerConfiguration) AuthorizationCode(com.nimbusds.oauth2.sdk.AuthorizationCode) KeyPair(java.security.KeyPair) WebContext(org.pac4j.core.context.WebContext) Issuer(com.nimbusds.oauth2.sdk.id.Issuer) ResourceRetriever(com.nimbusds.jose.util.ResourceRetriever) JWT(com.nimbusds.jwt.JWT) SignedJWT(com.nimbusds.jwt.SignedJWT) Resource(com.nimbusds.jose.util.Resource) OidcAuthenticationToken(org.codice.ddf.security.handler.OidcAuthenticationToken) KeyPairGenerator(java.security.KeyPairGenerator) URI(java.net.URI) OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) OidcCredentials(org.pac4j.oidc.credentials.OidcCredentials) RSAPublicKey(java.security.interfaces.RSAPublicKey) OidcClient(org.pac4j.oidc.client.OidcClient) AccessToken(com.nimbusds.oauth2.sdk.token.AccessToken) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) OIDCProviderMetadata(com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWK(com.nimbusds.jose.jwk.JWK) Before(org.junit.Before)

Aggregations

JWK (com.nimbusds.jose.jwk.JWK)4 Resource (com.nimbusds.jose.util.Resource)4 KeyPair (java.security.KeyPair)4 KeyPairGenerator (java.security.KeyPairGenerator)4 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)4 RSAPublicKey (java.security.interfaces.RSAPublicKey)4 Before (org.junit.Before)4 ResourceRetriever (com.nimbusds.jose.util.ResourceRetriever)3 Issuer (com.nimbusds.oauth2.sdk.id.Issuer)2 URI (java.net.URI)2 URL (java.net.URL)2 TokenStorage (org.codice.ddf.security.token.storage.api.TokenStorage)2 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)2 JWT (com.nimbusds.jwt.JWT)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)1 AccessToken (com.nimbusds.oauth2.sdk.token.AccessToken)1 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)1 OIDCProviderMetadata (com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata)1 OidcAuthenticationToken (org.codice.ddf.security.handler.OidcAuthenticationToken)1