Examples with JWTClaimsSet com.nimbusds.jwt.JWTClaimsSet used on opensource projects

Search in sources :

Example 46 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project pac4j by pac4j.

the class AzureAdProfile method isExpired.

@Override
public boolean isExpired() {
    try {
        JWT jwt = this.getIdToken();
        JWTClaimsSet claims = jwt.getJWTClaimsSet();
        Date expiresOn = claims.getExpirationTime();
        Calendar now = Calendar.getInstance();
        now.add(Calendar.SECOND, idTokenExpireAdvance);
        if (expiresOn.before(now.getTime())) {
            return true;
        }
    } catch (ParseException e) {
        throw new TechnicalException(e);
    }
    return false;
}
Also used : TechnicalException(org.pac4j.core.exception.TechnicalException) JWT(com.nimbusds.jwt.JWT) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) Calendar(java.util.Calendar) ParseException(java.text.ParseException) Date(java.util.Date)

Example 47 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project java-docs-samples by GoogleCloudPlatform.

the class BuildIapRequest method getSignedJwt.

private static String getSignedJwt(ServiceAccountCredentials credentials, String iapClientId) throws Exception {
    Instant now = Instant.now(clock);
    long expirationTime = now.getEpochSecond() + EXPIRATION_TIME_IN_SECONDS;
    // generate jwt signed by service account
    // header must contain algorithm ("alg") and key ID ("kid")
    JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(credentials.getPrivateKeyId()).build();
    // set required claims
    JWTClaimsSet claims = new JWTClaimsSet.Builder().audience(OAUTH_TOKEN_URI).issuer(credentials.getClientEmail()).subject(credentials.getClientEmail()).issueTime(Date.from(now)).expirationTime(Date.from(Instant.ofEpochSecond(expirationTime))).claim("target_audience", iapClientId).build();
    // sign using service account private key
    JWSSigner signer = new RSASSASigner(credentials.getPrivateKey());
    SignedJWT signedJwt = new SignedJWT(jwsHeader, claims);
    signedJwt.sign(signer);
    return signedJwt.serialize();
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) Instant(java.time.Instant) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 48 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project java-docs-samples by GoogleCloudPlatform.

the class VerifyIapRequestHeader method verifyJwt.

private boolean verifyJwt(String jwtToken, String expectedAudience) throws Exception {
    // parse signed token into header / claims
    SignedJWT signedJwt = SignedJWT.parse(jwtToken);
    JWSHeader jwsHeader = signedJwt.getHeader();
    // header must have algorithm("alg") and "kid"
    Preconditions.checkNotNull(jwsHeader.getAlgorithm());
    Preconditions.checkNotNull(jwsHeader.getKeyID());
    JWTClaimsSet claims = signedJwt.getJWTClaimsSet();
    // claims must have audience, issuer
    Preconditions.checkArgument(claims.getAudience().contains(expectedAudience));
    Preconditions.checkArgument(claims.getIssuer().equals(IAP_ISSUER_URL));
    // claim must have issued at time in the past
    Date currentTime = Date.from(Instant.now(clock));
    Preconditions.checkArgument(claims.getIssueTime().before(currentTime));
    // claim must have expiration time in the future
    Preconditions.checkArgument(claims.getExpirationTime().after(currentTime));
    // must have subject, email
    Preconditions.checkNotNull(claims.getSubject());
    Preconditions.checkNotNull(claims.getClaim("email"));
    // verify using public key : lookup with key id, algorithm name provided
    ECPublicKey publicKey = getKey(jwsHeader.getKeyID(), jwsHeader.getAlgorithm().getName());
    Preconditions.checkNotNull(publicKey);
    JWSVerifier jwsVerifier = new ECDSAVerifier(publicKey);
    return signedJwt.verify(jwsVerifier);
}
Also used : ECDSAVerifier(com.nimbusds.jose.crypto.ECDSAVerifier) ECPublicKey(java.security.interfaces.ECPublicKey) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JWSVerifier(com.nimbusds.jose.JWSVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSHeader(com.nimbusds.jose.JWSHeader) Date(java.util.Date)

Example 49 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project registry by hortonworks.

the class TestJWTAuthenticationHandler method getJWT.

protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) throws Exception {
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject(sub).issueTime(new Date(new Date().getTime())).issuer("https://c2id.com").claim("scope", "openid").audience("bar").expirationTime(expires).build();
    List<String> aud = new ArrayList<String>();
    aud.add("bar");
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build();
    SignedJWT signedJWT = new SignedJWT(header, claimsSet);
    JWSSigner signer = new RSASSASigner(privateKey);
    signedJWT.sign(signer);
    return signedJWT;
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) ArrayList(java.util.ArrayList) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT) Date(java.util.Date)

Example 50 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project knox by apache.

the class JWTToken method getClaims.

/* (non-Javadoc)
   * @see org.apache.knox.gateway.services.security.token.impl.JWT#getPayloadToSign()
   */
@Override
public String getClaims() {
    String c = null;
    JWTClaimsSet claims = null;
    try {
        claims = (JWTClaimsSet) jwt.getJWTClaimsSet();
        c = claims.toJSONObject().toJSONString();
    } catch (ParseException e) {
        log.unableToParseToken(e);
    }
    return c;
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) ParseException(java.text.ParseException)

Aggregations

JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)69 SignedJWT (com.nimbusds.jwt.SignedJWT)44 JWSHeader (com.nimbusds.jose.JWSHeader)23 Date (java.util.Date)19 Test (org.junit.Test)16 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)14 Test (org.junit.jupiter.api.Test)11 JOSEException (com.nimbusds.jose.JOSEException)9 ParseException (java.text.ParseException)9 SecretKey (javax.crypto.SecretKey)8 JWSSigner (com.nimbusds.jose.JWSSigner)7 MacAlgorithm (org.springframework.security.oauth2.jose.jws.MacAlgorithm)7 Instant (java.time.Instant)6 ArrayList (java.util.ArrayList)6 Map (java.util.Map)6 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)6 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)5 MACSigner (com.nimbusds.jose.crypto.MACSigner)5 BadJOSEException (com.nimbusds.jose.proc.BadJOSEException)5 JWT (com.nimbusds.jwt.JWT)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial