Examples with JWTClaimsSet com.nimbusds.jwt.JWTClaimsSet used on opensource projects

Search in sources :

Example 56 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project dhis2-core by dhis2.

the class JwtUtils method encode.

public Jwt encode(JoseHeader headers, JwtClaimsSet claims) throws JwtEncodingException {
    Assert.notNull(headers, "headers cannot be null");
    Assert.notNull(claims, "claims cannot be null");
    JWK jwk = selectJwk(headers);
    if (jwk == null) {
        throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE, "Failed to select a JWK signing key"));
    } else if (!StringUtils.hasText(jwk.getKeyID())) {
        throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE, "The \"kid\" (key ID) from the selected JWK cannot be empty"));
    }
    headers = JoseHeader.from(headers).type(JOSEObjectType.JWT.getType()).keyId(jwk.getKeyID()).build();
    claims = JwtClaimsSet.from(claims).id(UUID.randomUUID().toString()).build();
    JWSHeader jwsHeader = JWS_HEADER_CONVERTER.convert(headers);
    JWTClaimsSet jwtClaimsSet = JWT_CLAIMS_SET_CONVERTER.convert(claims);
    JWSSigner jwsSigner = this.jwsSigners.computeIfAbsent(jwk, (key) -> {
        try {
            return JWS_SIGNER_FACTORY.createJWSSigner(key);
        } catch (JOSEException ex) {
            throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE, "Failed to create a JWS Signer -> " + ex.getMessage()), ex);
        }
    });
    SignedJWT signedJwt = new SignedJWT(jwsHeader, jwtClaimsSet);
    try {
        signedJwt.sign(jwsSigner);
    } catch (JOSEException ex) {
        throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE, "Failed to sign the JWT -> " + ex.getMessage()), ex);
    }
    String jws = signedJwt.serialize();
    return new Jwt(jws, claims.getIssuedAt(), claims.getExpiresAt(), headers.getHeaders(), claims.getClaims());
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) Jwt(org.springframework.security.oauth2.jwt.Jwt) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) JOSEException(com.nimbusds.jose.JOSEException) JWSHeader(com.nimbusds.jose.JWSHeader) JWK(com.nimbusds.jose.jwk.JWK)

Example 57 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method decodeWhenUsingSecretKeyThenSuccessfullyDecodes.

@Test
public void decodeWhenUsingSecretKeyThenSuccessfullyDecodes() throws Exception {
    SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
    MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
    // @formatter:off
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    // @formatter:on
    SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
    // @formatter:off
    NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
    assertThat(decoder.decode(signedJWT.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
// @formatter:on
}
Also used : MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) SecretKey(javax.crypto.SecretKey) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) Test(org.junit.jupiter.api.Test)

Example 58 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method withPublicKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes.

// gh-8730
@Test
public void withPublicKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes() throws Exception {
    RSAPublicKey publicKey = TestKeys.DEFAULT_PUBLIC_KEY;
    RSAPrivateKey privateKey = TestKeys.DEFAULT_PRIVATE_KEY;
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType("JWS")).build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
    // @formatter:off
    NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey).signatureAlgorithm(SignatureAlgorithm.RS256).jwtProcessorCustomizer((p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))).build();
    // @formatter:on
    assertThat(decoder.decode(signedJwt.serialize()).hasClaim(JwtClaimNames.EXP)).isNotNull();
}
Also used : JOSEObjectType(com.nimbusds.jose.JOSEObjectType) Arrays(java.util.Arrays) EncodedKeySpec(java.security.spec.EncodedKeySpec) Date(java.util.Date) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions) MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) RSAPublicKey(java.security.interfaces.RSAPublicKey) BeforeAll(org.junit.jupiter.api.BeforeAll) BDDMockito.given(org.mockito.BDDMockito.given) Mockito.verifyNoMoreInteractions(org.mockito.Mockito.verifyNoMoreInteractions) Map(java.util.Map) MockWebServer(okhttp3.mockwebserver.MockWebServer) ParseException(java.text.ParseException) RestClientException(org.springframework.web.client.RestClientException) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) MediaType(org.springframework.http.MediaType) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) Instant(java.time.Instant) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) JWSHeader(com.nimbusds.jose.JWSHeader) SignedJWT(com.nimbusds.jwt.SignedJWT) KeyFactory(java.security.KeyFactory) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector) JWSSigner(com.nimbusds.jose.JWSSigner) ConcurrentMapCache(org.springframework.cache.concurrent.ConcurrentMapCache) PrivateKey(java.security.PrivateKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) JOSEObjectType(com.nimbusds.jose.JOSEObjectType) SecretKey(javax.crypto.SecretKey) OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) SecurityContext(com.nimbusds.jose.proc.SecurityContext) JWSKeySelector(com.nimbusds.jose.proc.JWSKeySelector) Cache(org.springframework.cache.Cache) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) Callable(java.util.concurrent.Callable) JWTProcessor(com.nimbusds.jwt.proc.JWTProcessor) ArgumentCaptor(org.mockito.ArgumentCaptor) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) BadJWTException(com.nimbusds.jwt.proc.BadJWTException) DefaultJWTProcessor(com.nimbusds.jwt.proc.DefaultJWTProcessor) MACSigner(com.nimbusds.jose.crypto.MACSigner) Converter(org.springframework.core.convert.converter.Converter) RequestEntity(org.springframework.http.RequestEntity) Assertions.assertThatIllegalStateException(org.assertj.core.api.Assertions.assertThatIllegalStateException) TestKeys(org.springframework.security.oauth2.jose.TestKeys) RestOperations(org.springframework.web.client.RestOperations) Mockito.verify(org.mockito.Mockito.verify) HttpStatus(org.springframework.http.HttpStatus) DefaultJOSEObjectTypeVerifier(com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier) SignatureAlgorithm(org.springframework.security.oauth2.jose.jws.SignatureAlgorithm) BadJOSEException(com.nimbusds.jose.proc.BadJOSEException) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) ResponseEntity(org.springframework.http.ResponseEntity) Collections(java.util.Collections) RSAPublicKey(java.security.interfaces.RSAPublicKey) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.jupiter.api.Test)

Example 59 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method decodeWhenUsingSecretKeyAndIncorrectAlgorithmThenThrowsJwtException.

@Test
public void decodeWhenUsingSecretKeyAndIncorrectAlgorithmThenThrowsJwtException() throws Exception {
    SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
    MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
    // @formatter:off
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    // @formatter:on
    SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
    // @formatter:off
    NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
    assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize()));
// @formatter:on
}
Also used : MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) SecretKey(javax.crypto.SecretKey) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) Test(org.junit.jupiter.api.Test)

Example 60 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method withSecretKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes.

// gh-8730
@Test
public void withSecretKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes() throws Exception {
    SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
    // @formatter:off
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256).type(new JOSEObjectType("JWS")).build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    // @formatter:on
    SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
    // @formatter:off
    NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256).jwtProcessorCustomizer((p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))).build();
    // @formatter:on
    assertThat(decoder.decode(signedJwt.serialize()).hasClaim(JwtClaimNames.EXP)).isNotNull();
}
Also used : JOSEObjectType(com.nimbusds.jose.JOSEObjectType) Arrays(java.util.Arrays) EncodedKeySpec(java.security.spec.EncodedKeySpec) Date(java.util.Date) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions) MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) RSAPublicKey(java.security.interfaces.RSAPublicKey) BeforeAll(org.junit.jupiter.api.BeforeAll) BDDMockito.given(org.mockito.BDDMockito.given) Mockito.verifyNoMoreInteractions(org.mockito.Mockito.verifyNoMoreInteractions) Map(java.util.Map) MockWebServer(okhttp3.mockwebserver.MockWebServer) ParseException(java.text.ParseException) RestClientException(org.springframework.web.client.RestClientException) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) MediaType(org.springframework.http.MediaType) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) Instant(java.time.Instant) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) JWSHeader(com.nimbusds.jose.JWSHeader) SignedJWT(com.nimbusds.jwt.SignedJWT) KeyFactory(java.security.KeyFactory) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector) JWSSigner(com.nimbusds.jose.JWSSigner) ConcurrentMapCache(org.springframework.cache.concurrent.ConcurrentMapCache) PrivateKey(java.security.PrivateKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) JOSEObjectType(com.nimbusds.jose.JOSEObjectType) SecretKey(javax.crypto.SecretKey) OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) SecurityContext(com.nimbusds.jose.proc.SecurityContext) JWSKeySelector(com.nimbusds.jose.proc.JWSKeySelector) Cache(org.springframework.cache.Cache) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) Callable(java.util.concurrent.Callable) JWTProcessor(com.nimbusds.jwt.proc.JWTProcessor) ArgumentCaptor(org.mockito.ArgumentCaptor) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) BadJWTException(com.nimbusds.jwt.proc.BadJWTException) DefaultJWTProcessor(com.nimbusds.jwt.proc.DefaultJWTProcessor) MACSigner(com.nimbusds.jose.crypto.MACSigner) Converter(org.springframework.core.convert.converter.Converter) RequestEntity(org.springframework.http.RequestEntity) Assertions.assertThatIllegalStateException(org.assertj.core.api.Assertions.assertThatIllegalStateException) TestKeys(org.springframework.security.oauth2.jose.TestKeys) RestOperations(org.springframework.web.client.RestOperations) Mockito.verify(org.mockito.Mockito.verify) HttpStatus(org.springframework.http.HttpStatus) DefaultJOSEObjectTypeVerifier(com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier) SignatureAlgorithm(org.springframework.security.oauth2.jose.jws.SignatureAlgorithm) BadJOSEException(com.nimbusds.jose.proc.BadJOSEException) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) ResponseEntity(org.springframework.http.ResponseEntity) Collections(java.util.Collections) SecretKey(javax.crypto.SecretKey) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.jupiter.api.Test)

Aggregations

JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)69 SignedJWT (com.nimbusds.jwt.SignedJWT)44 JWSHeader (com.nimbusds.jose.JWSHeader)23 Date (java.util.Date)19 Test (org.junit.Test)16 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)14 Test (org.junit.jupiter.api.Test)11 JOSEException (com.nimbusds.jose.JOSEException)9 ParseException (java.text.ParseException)9 SecretKey (javax.crypto.SecretKey)8 JWSSigner (com.nimbusds.jose.JWSSigner)7 MacAlgorithm (org.springframework.security.oauth2.jose.jws.MacAlgorithm)7 Instant (java.time.Instant)6 ArrayList (java.util.ArrayList)6 Map (java.util.Map)6 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)6 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)5 MACSigner (com.nimbusds.jose.crypto.MACSigner)5 BadJOSEException (com.nimbusds.jose.proc.BadJOSEException)5 JWT (com.nimbusds.jwt.JWT)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial