Examples with JWTClaimsSet com.nimbusds.jwt.JWTClaimsSet used on opensource projects

Example 61 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project spring-security by spring-projects.

the class NimbusReactiveJwtDecoderTests method decodeWhenSecretKeyThenSuccess.

@Test
public void decodeWhenSecretKeyThenSuccess() throws Exception {
    SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
    MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
    // @formatter:off
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    // @formatter:on
    SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
    // @formatter:off
    this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(macAlgorithm).build();
    Jwt jwt = this.decoder.decode(signedJWT.serialize()).block();
    // @formatter:on
    assertThat(jwt.getSubject()).isEqualTo("test-subject");
}

Example 62 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project spring-security by spring-projects.

the class NimbusJwtEncoder method serialize.

private String serialize(JwsHeader headers, JwtClaimsSet claims, JWK jwk) {
    JWSHeader jwsHeader = convert(headers);
    JWTClaimsSet jwtClaimsSet = convert(claims);
    JWSSigner jwsSigner = this.jwsSigners.computeIfAbsent(jwk, NimbusJwtEncoder::createSigner);
    SignedJWT signedJwt = new SignedJWT(jwsHeader, jwtClaimsSet);
    try {
        signedJwt.sign(jwsSigner);
    } catch (JOSEException ex) {
        throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE, "Failed to sign the JWT -> " + ex.getMessage()), ex);
    }
    return signedJwt.serialize();
}

Example 63 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project tomee by apache.

the class Tokens method asToken.

public static String asToken(final String claims) throws Exception {
    final PrivateKey pk = readPrivateKey("/testkey.pem");
    try {
        final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build();
        final JWTClaimsSet claimsSet = JWTClaimsSet.parse(claims);
        final SignedJWT jwt = new SignedJWT(header, claimsSet);
        jwt.sign(new RSASSASigner(pk));
        return jwt.serialize();
    } catch (Exception e) {
        throw new RuntimeException("Could not sign JWT");
    }
}

Example 64 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project tomee by apache.

the class TokenUtils method generateTokenString.

/**
 * Utility method to generate a JWT string from a JSON resource file that is signed by the privateKey.pem
 * test resource key, possibly with invalid fields.
 *
 * @param jsonResName   - name of test resources file
 * @param invalidClaims - the set of claims that should be added with invalid values to test failure modes
 * @param timeClaims    - used to return the exp, iat, auth_time claims
 * @return the JWT string
 * @throws Exception on parse failure
 */
public static String generateTokenString(String jsonResName, Set<InvalidClaims> invalidClaims, Map<String, Long> timeClaims) throws Exception {
    if (invalidClaims == null) {
        invalidClaims = Collections.emptySet();
    }
    InputStream contentIS = TokenUtils.class.getResourceAsStream(jsonResName);
    byte[] tmp = new byte[4096];
    int length = contentIS.read(tmp);
    byte[] content = new byte[length];
    System.arraycopy(tmp, 0, content, 0, length);
    JSONParser parser = new JSONParser(DEFAULT_PERMISSIVE_MODE);
    JSONObject jwtContent = (JSONObject) parser.parse(content);
    // Change the issuer to INVALID_ISSUER for failure testing if requested
    if (invalidClaims.contains(InvalidClaims.ISSUER)) {
        jwtContent.put(Claims.iss.name(), "INVALID_ISSUER");
    }
    long currentTimeInSecs = currentTimeInSecs();
    long exp = currentTimeInSecs + 300;
    // Check for an input exp to override the default of now + 300 seconds
    if (timeClaims != null && timeClaims.containsKey(Claims.exp.name())) {
        exp = timeClaims.get(Claims.exp.name());
    }
    jwtContent.put(Claims.iat.name(), currentTimeInSecs);
    jwtContent.put(Claims.auth_time.name(), currentTimeInSecs);
    // If the exp claim is not updated, it will be an old value that should be seen as expired
    if (!invalidClaims.contains(InvalidClaims.EXP)) {
        jwtContent.put(Claims.exp.name(), exp);
    }
    if (timeClaims != null) {
        timeClaims.put(Claims.iat.name(), currentTimeInSecs);
        timeClaims.put(Claims.auth_time.name(), currentTimeInSecs);
        timeClaims.put(Claims.exp.name(), exp);
    }
    PrivateKey pk;
    if (invalidClaims.contains(InvalidClaims.SIGNER)) {
        // Generate a new random private key to sign with to test invalid signatures
        KeyPair keyPair = generateKeyPair(2048);
        pk = keyPair.getPrivate();
    } else {
        // Use the test private key associated with the test public key for a valid signature
        pk = readPrivateKey("/privateKey.pem");
    }
    // Create RSA-signer with the private key
    JWSSigner signer = new RSASSASigner(pk);
    JWTClaimsSet claimsSet = JWTClaimsSet.parse(jwtContent);
    JWSAlgorithm alg = JWSAlgorithm.RS256;
    if (invalidClaims.contains(InvalidClaims.ALG)) {
        alg = JWSAlgorithm.HS256;
        SecureRandom random = new SecureRandom();
        BigInteger secret = BigInteger.probablePrime(256, random);
        signer = new MACSigner(secret.toByteArray());
    }
    JWSHeader jwtHeader = new JWSHeader.Builder(alg).keyID("/privateKey.pem").type(JOSEObjectType.JWT).build();
    SignedJWT signedJWT = new SignedJWT(jwtHeader, claimsSet);
    signedJWT.sign(signer);
    return signedJWT.serialize();
}

Example 65 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project tomee by apache.

the class BookstoreTest method token.

private String token(boolean managerUser) {
    JSONObject claims = new JSONObject();
    claims.put(Claims.iss.name(), "https://server.example.com");
    claims.put(Claims.upn.name(), managerUser ? "alice@example.com" : "bob@exmaple.com");
    long currentTimeInSecs = System.currentTimeMillis() / 1000;
    claims.put(Claims.iat.name(), currentTimeInSecs);
    claims.put(Claims.auth_time.name(), currentTimeInSecs);
    claims.put(Claims.exp.name(), currentTimeInSecs + 300);
    claims.put(Claims.jti.name(), "a-123");
    claims.put(Claims.sub.name(), "24400320");
    claims.put(Claims.preferred_username.name(), managerUser ? "alice" : "bob");
    claims.put(Claims.aud.name(), "s6BhdRkqt3");
    List<String> groups = new ArrayList<>();
    if (managerUser) {
        groups.add("manager");
        groups.add("reader");
    } else {
        groups.add("reader");
    }
    claims.put(Claims.groups.name(), groups);
    try {
        PrivateKey pk = readPrivateKey("/privateKey.pem");
        JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("/privateKey.pem").type(JOSEObjectType.JWT).build();
        JWTClaimsSet claimsSet = JWTClaimsSet.parse(claims);
        SignedJWT jwt = new SignedJWT(header, claimsSet);
        jwt.sign(new RSASSASigner(pk));
        return jwt.serialize();
    } catch (Exception e) {
        throw new RuntimeException("Could not sign JWT");
    }
}