Search in sources :

Example 6 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project perry by ca-cwds.

the class JwtService method generate.

public String generate(String id, String subject, Map<String, String> customJwtClaimsMap) {
    try {
        JWTClaimsSet claimsSet = prepareClaims(id, subject, customJwtClaimsMap);
        SignedJWT signedJWT = sign(claimsSet);
        String token;
        if (configuration.isEncryptionEnabled()) {
            JWEObject jweObject = encrypt(signedJWT);
            token = jweObject.serialize();
        } else {
            token = signedJWT.serialize();
        }
        return removeHeader(token);
    } catch (Exception e) {
        throw new JwtException(e);
    }
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JWEObject(com.nimbusds.jose.JWEObject) SignedJWT(com.nimbusds.jwt.SignedJWT) GeneralSecurityException(java.security.GeneralSecurityException)

Example 7 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project perry by ca-cwds.

the class JwtService method validate.

public String validate(String token) throws JwtException {
    try {
        String tokenWithHeader = addHeader(token);
        SignedJWT signedJWT;
        if (configuration.isEncryptionEnabled()) {
            signedJWT = decrypt(tokenWithHeader);
        } else {
            signedJWT = SignedJWT.parse(tokenWithHeader);
        }
        validateSignature(signedJWT);
        JWTClaimsSet claimsSet = signedJWT.getJWTClaimsSet();
        validateClaims(claimsSet);
        return claimsSet.getStringClaim(IDENTITY_CLAIM);
    } catch (Exception e) {
        throw new JwtException(e);
    }
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) GeneralSecurityException(java.security.GeneralSecurityException)

Example 8 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project nifi by apache.

the class KnoxService method validateAudience.

/**
 * Validate the jwt audience.
 *
 * @param jwtToken knox jwt
 * @return whether this jwt audience is valid
 * @throws ParseException if the payload of the jwt doesn't represent a valid json object and a jwt claims set
 */
private boolean validateAudience(final SignedJWT jwtToken) throws ParseException {
    if (audiences == null) {
        return true;
    }
    final JWTClaimsSet claimsSet = jwtToken.getJWTClaimsSet();
    if (claimsSet == null) {
        logger.error("Claims set is missing from Knox JWT.");
        return false;
    }
    final List<String> tokenAudiences = claimsSet.getAudience();
    if (tokenAudiences == null) {
        logger.error("Audience is missing from the Knox JWT.");
        return false;
    }
    boolean valid = false;
    for (final String tokenAudience : tokenAudiences) {
        // ensure one of the audiences is matched
        if (audiences.contains(tokenAudience)) {
            valid = true;
            break;
        }
    }
    if (!valid) {
        logger.error(String.format("The Knox JWT does not have the required audience(s). Required one of [%s]. Present in JWT [%s].", StringUtils.join(audiences, ", "), StringUtils.join(tokenAudiences, ", ")));
    }
    return valid;
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)

Example 9 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project nifi by apache.

the class StandardOidcIdentityProvider method lookupEmail.

private String lookupEmail(final BearerAccessToken bearerAccessToken) throws IOException {
    try {
        // build the user request
        final UserInfoRequest request = new UserInfoRequest(oidcProviderMetadata.getUserInfoEndpointURI(), bearerAccessToken);
        final HTTPRequest tokenHttpRequest = request.toHTTPRequest();
        tokenHttpRequest.setConnectTimeout(oidcConnectTimeout);
        tokenHttpRequest.setReadTimeout(oidcReadTimeout);
        // send the user request
        final UserInfoResponse response = UserInfoResponse.parse(request.toHTTPRequest().send());
        // interpret the details
        if (response.indicatesSuccess()) {
            final UserInfoSuccessResponse successResponse = (UserInfoSuccessResponse) response;
            final JWTClaimsSet claimsSet;
            if (successResponse.getUserInfo() != null) {
                claimsSet = successResponse.getUserInfo().toJWTClaimsSet();
            } else {
                claimsSet = successResponse.getUserInfoJWT().getJWTClaimsSet();
            }
            final String email = claimsSet.getStringClaim(EMAIL_CLAIM_NAME);
            // ensure we were able to get the user email
            if (StringUtils.isBlank(email)) {
                throw new IllegalStateException("Unable to extract email from the UserInfo token.");
            } else {
                return email;
            }
        } else {
            final UserInfoErrorResponse errorResponse = (UserInfoErrorResponse) response;
            throw new RuntimeException("An error occurred while invoking the UserInfo endpoint: " + errorResponse.getErrorObject().getDescription());
        }
    } catch (final ParseException | java.text.ParseException e) {
        throw new RuntimeException("Unable to parse the response from the UserInfo token request: " + e.getMessage());
    }
}
Also used : HTTPRequest(com.nimbusds.oauth2.sdk.http.HTTPRequest) UserInfoSuccessResponse(com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) UserInfoErrorResponse(com.nimbusds.openid.connect.sdk.UserInfoErrorResponse) UserInfoRequest(com.nimbusds.openid.connect.sdk.UserInfoRequest) ParseException(com.nimbusds.oauth2.sdk.ParseException) UserInfoResponse(com.nimbusds.openid.connect.sdk.UserInfoResponse)

Example 10 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project cas by apereo.

the class JWTTokenTicketBuilderTests method verifyJwtForServiceTicket.

@Test
public void verifyJwtForServiceTicket() throws Exception {
    final String jwt = tokenTicketBuilder.build("ST-123455", CoreAuthenticationTestUtils.getService());
    assertNotNull(jwt);
    final Object result = tokenCipherExecutor.decode(jwt);
    final JWTClaimsSet claims = JWTClaimsSet.parse(result.toString());
    assertEquals("casuser", claims.getSubject());
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Aggregations

JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)69 SignedJWT (com.nimbusds.jwt.SignedJWT)44 JWSHeader (com.nimbusds.jose.JWSHeader)23 Date (java.util.Date)19 Test (org.junit.Test)16 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)14 Test (org.junit.jupiter.api.Test)11 JOSEException (com.nimbusds.jose.JOSEException)9 ParseException (java.text.ParseException)9 SecretKey (javax.crypto.SecretKey)8 JWSSigner (com.nimbusds.jose.JWSSigner)7 MacAlgorithm (org.springframework.security.oauth2.jose.jws.MacAlgorithm)7 Instant (java.time.Instant)6 ArrayList (java.util.ArrayList)6 Map (java.util.Map)6 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)6 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)5 MACSigner (com.nimbusds.jose.crypto.MACSigner)5 BadJOSEException (com.nimbusds.jose.proc.BadJOSEException)5 JWT (com.nimbusds.jwt.JWT)5