Examples with JWTClaimsSet com.nimbusds.jwt.JWTClaimsSet used on opensource projects

Example 41 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project nifi by apache.

the class KnoxService method validateExpiration.

/**
 * Validate the jwt expiration.
 *
 * @param jwtToken knox jwt
 * @return whether this jwt is not expired
 * @throws ParseException if the payload of the jwt doesn't represent a valid json object and a jwt claims set
 */
private boolean validateExpiration(final SignedJWT jwtToken) throws ParseException {
    boolean valid = false;
    final JWTClaimsSet claimsSet = jwtToken.getJWTClaimsSet();
    if (claimsSet == null) {
        logger.error("Claims set is missing from Knox JWT.");
        return false;
    }
    final Date now = new Date();
    final Date expiration = claimsSet.getExpirationTime();
    // the token is not expired if the expiration isn't present or the expiration is after now
    if (expiration == null || now.before(expiration)) {
        valid = true;
    }
    if (!valid) {
        logger.error("The Knox JWT is expired.");
    }
    return valid;
}

Example 42 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project nifi by apache.

the class KnoxServiceTest method testPlainJwt.

@Test(expected = ParseException.class)
public void testPlainJwt() throws Exception {
    final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    final KeyPair pair = keyGen.generateKeyPair();
    final RSAPublicKey publicKey = (RSAPublicKey) pair.getPublic();
    final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.SECONDS));
    final JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("user-1").expirationTime(expiration).build();
    final PlainJWT plainJWT = new PlainJWT(claimsSet);
    final KnoxConfiguration configuration = getConfiguration(publicKey);
    final KnoxService service = new KnoxService(configuration);
    service.getAuthenticationFromToken(plainJWT.serialize());
}

Example 43 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project SEPA by arces-wot.

the class AuthorizationManager method validateToken.

public Response validateToken(String accessToken) {
    logger.debug("Validate token");
    // Parse and verify the token
    SignedJWT signedJWT = null;
    try {
        signedJWT = SignedJWT.parse(accessToken);
    } catch (ParseException e) {
        return new ErrorResponse(HttpStatus.SC_UNAUTHORIZED, e.getMessage());
    }
    try {
        if (!signedJWT.verify(verifier))
            return new ErrorResponse(HttpStatus.SC_UNAUTHORIZED);
    } catch (JOSEException e) {
        return new ErrorResponse(HttpStatus.SC_UNAUTHORIZED, e.getMessage());
    }
    // Process the token
    JWTClaimsSet claimsSet;
    try {
        claimsSet = jwtProcessor.process(accessToken, context);
    } catch (ParseException | BadJOSEException | JOSEException e) {
        return new ErrorResponse(HttpStatus.SC_UNAUTHORIZED, e.getMessage());
    }
    // Check token expiration
    Date now = new Date();
    if (now.after(claimsSet.getExpirationTime()))
        return new ErrorResponse(0, HttpStatus.SC_UNAUTHORIZED, "Token is expired " + claimsSet.getExpirationTime());
    if (now.before(claimsSet.getNotBeforeTime()))
        return new ErrorResponse(0, HttpStatus.SC_UNAUTHORIZED, "Token can not be used before: " + claimsSet.getNotBeforeTime());
    return new JWTResponse(accessToken, "bearer", now.getTime() - claimsSet.getExpirationTime().getTime());
}

Example 44 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project ORCID-Source by ORCID.

the class OpenIDConnectKeyServiceTest method testKeyGenAndSigning.

@Test
public void testKeyGenAndSigning() throws JOSEException, NoSuchAlgorithmException, IOException, ParseException, URISyntaxException {
    OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig config = new OpenIDConnectKeyServiceConfig();
    config.keyName = "IntTestKey1";
    config.jsonKey = testKey;
    OpenIDConnectKeyService service = new OpenIDConnectKeyService(config);
    HashMap<String, Object> map = new HashMap<String, Object>();
    map.put("test", "abcd1234");
    JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer("me").build();
    SignedJWT signed = service.sign(claims);
    JWSVerifier verifier = new RSASSAVerifier(((RSAKey) service.getPublicJWK().getKeyByKeyId(signed.getHeader().getKeyID())));
    Assert.assertTrue(signed.verify(verifier));
}

Example 45 with JWTClaimsSet

use of com.nimbusds.jwt.JWTClaimsSet in project gravitee-management-rest-api by gravitee-io.

the class ReferenceSerializer method serialize.

public String serialize(IdentityReference reference) throws Exception {
    // Create HMAC signer
    JWSSigner signer = new MACSigner(secretKey.getEncoded());
    // Prepare JWT with claims set
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject(reference.getReference()).issuer(reference.getSource()).build();
    SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
    // Apply the HMAC protection
    signedJWT.sign(signer);
    // Create JWE object with signed JWT as payload
    JWEObject jweObject = new JWEObject(new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A256GCM).contentType(// required to signal nested JWT
    "JWT").build(), new Payload(signedJWT));
    // Perform encryption
    jweObject.encrypt(new DirectEncrypter(secretKey.getEncoded()));
    // Serialize to compact form
    return new String(Base64.getEncoder().encode(jweObject.serialize().getBytes()));
}