Examples with JWTClaimsSet - com.nimbusds.jwt.JWTClaimsSet

Example 51 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project knox by apache.

the class AbstractJWTFilterTest method getJWT.

protected SignedJWT getJWT(String issuer, String sub, String aud, Date expires, Date nbf, RSAPrivateKey privateKey, String signatureAlgorithm) throws Exception {
    List<String> audiences = new ArrayList<String>();
    if (aud != null) {
        audiences.add(aud);
    }
    JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer(issuer).subject(sub).audience(aud).expirationTime(expires).notBeforeTime(nbf).claim("scope", "openid").build();
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.parse(signatureAlgorithm)).build();
    SignedJWT signedJWT = new SignedJWT(header, claims);
    JWSSigner signer = new RSASSASigner(privateKey);
    signedJWT.sign(signer);
    return signedJWT;
}

Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) ArrayList(java.util.ArrayList) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT)

Example 52 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project cloudconductor-agent-redhat by cinovo.

the class RefreshJWTJob method run.

@Override
public void run() {
    RefreshJWTJob.LOGGER.debug("Start RefreshJWTJob");
    String newJWT = null;
    long period = 1000 * 60;
    try {
        newJWT = ServerCom.getJWT();
        if (newJWT != null) {
            JWTClaimsSet claimsSet = SignedJWT.parse(newJWT).getJWTClaimsSet();
            AgentState.info().setJWT(newJWT);
            period = JWTHelper.calcNextRefreshInMillis(claimsSet);
            RefreshJWTJob.LOGGER.debug("Authentication successful!");
        } else {
            RefreshJWTJob.LOGGER.error("Authentication failed: Missing JWT!");
            throw new CloudConductorException("Missing JWT!");
        }
    } catch (CloudConductorException e) {
        RefreshJWTJob.LOGGER.error("Error refreshing JWT: ", e);
    } catch (ParseException e) {
        RefreshJWTJob.LOGGER.error("Error parsing new JWT '" + newJWT + "': ", e);
    } finally {
        SchedulerService.instance.executeOnce(new RefreshJWTJob(), period, TimeUnit.MILLISECONDS);
        RefreshJWTJob.LOGGER.debug("Scheduled next refresh of JWT in " + period + " ms");
        RefreshJWTJob.LOGGER.debug("Finished RefreshJWTJob");
    }
}

Also used : CloudConductorException(de.cinovo.cloudconductor.api.lib.exceptions.CloudConductorException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) ParseException(java.text.ParseException)

Example 53 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project oxAuth by GluuFederation.

the class JwtCrossCheckTest method createNimbusJwt.

private static String createNimbusJwt(OxAuthCryptoProvider cryptoProvider, String kid, SignatureAlgorithm signatureAlgorithm) throws Exception {
    final AlgorithmFamily family = signatureAlgorithm.getFamily();
    JWSSigner signer = null;
    switch(family) {
        case RSA:
            signer = new RSASSASigner(RSAKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray()));
            break;
        case EC:
            signer = new com.nimbusds.jose.crypto.ECDSASigner(ECKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray()));
            break;
    }
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5").issuer("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5").expirationTime(new Date(1575559276888000L)).issueTime(new Date(1575559276888000L)).audience("https://gomer-vbox/oxauth/restv1/token").build();
    SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(signatureAlgorithm.getJwsAlgorithm()).keyID(kid).build(), claimsSet);
    signedJWT.sign(signer);
    return signedJWT.serialize();
}

Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) AlgorithmFamily(org.gluu.oxauth.model.crypto.signature.AlgorithmFamily) Date(java.util.Date) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 54 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project connect-android-sdk by telenordigital.

the class IdTokenValidatorTest method expiredTimeThrows.

@Test(expected = ConnectException.class)
public void expiredTimeThrows() throws Exception {
    BDDMockito.given(ConnectSdk.getConnectApiUrl()).willReturn(HttpUrl.parse("https://connect.telenordigital.com"));
    BDDMockito.given(ConnectSdk.getClientId()).willReturn("connect-tests");
    BDDMockito.given(ConnectSdk.getExpectedIssuer()).willReturn("https://connect.telenordigital.com/oauth");
    JWTClaimsSet claimsSet = new JWTClaimsSet();
    claimsSet.setIssuer("https://connect.telenordigital.com/oauth");
    claimsSet.setAudience("connect-tests");
    claimsSet.setExpirationTime(twoHoursAgo);
    claimsSet.setIssueTime(now);
    SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.ES256), claimsSet);
    signedJWT.sign(new ECDSASigner(new BigInteger("123")));
    IdToken idToken = new IdToken(signedJWT.serialize());
    IdTokenValidator.validate(idToken, null);
}

Also used : IdToken(com.telenor.connect.id.IdToken) ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) BigInteger(java.math.BigInteger) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSHeader(com.nimbusds.jose.JWSHeader) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 55 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project scoold by Erudika.

the class ScooldUtils method isValidJWToken.

boolean isValidJWToken(String secret, String jwt) {
    try {
        if (secret != null && jwt != null) {
            JWSVerifier verifier = new MACVerifier(secret);
            SignedJWT sjwt = SignedJWT.parse(jwt);
            if (sjwt.verify(verifier)) {
                Date referenceTime = new Date();
                JWTClaimsSet claims = sjwt.getJWTClaimsSet();
                Date expirationTime = claims.getExpirationTime();
                Date notBeforeTime = claims.getNotBeforeTime();
                String jti = claims.getJWTID();
                boolean expired = expirationTime != null && expirationTime.before(referenceTime);
                boolean notYetValid = notBeforeTime != null && notBeforeTime.after(referenceTime);
                boolean jtiRevoked = isApiKeyRevoked(jti, expired);
                return !(expired || notYetValid || jtiRevoked);
            }
        }
    } catch (JOSEException e) {
        logger.warn(null, e);
    } catch (ParseException ex) {
        logger.warn(null, ex);
    }
    return false;
}

Also used : MACVerifier(com.nimbusds.jose.crypto.MACVerifier) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JWSVerifier(com.nimbusds.jose.JWSVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) ParseException(java.text.ParseException) JOSEException(com.nimbusds.jose.JOSEException) Date(java.util.Date)

Aggregations

JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)69 SignedJWT (com.nimbusds.jwt.SignedJWT)44 JWSHeader (com.nimbusds.jose.JWSHeader)23 Date (java.util.Date)19 Test (org.junit.Test)16 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)14 Test (org.junit.jupiter.api.Test)11 JOSEException (com.nimbusds.jose.JOSEException)9 ParseException (java.text.ParseException)9 SecretKey (javax.crypto.SecretKey)8 JWSSigner (com.nimbusds.jose.JWSSigner)7 MacAlgorithm (org.springframework.security.oauth2.jose.jws.MacAlgorithm)7 Instant (java.time.Instant)6 ArrayList (java.util.ArrayList)6 Map (java.util.Map)6 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)6 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)5 MACSigner (com.nimbusds.jose.crypto.MACSigner)5 BadJOSEException (com.nimbusds.jose.proc.BadJOSEException)5 JWT (com.nimbusds.jwt.JWT)5