Example 46 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project ratauth by alfa-laboratory.
the class HS256TokenProcessor method extractInfo.
@Override
@SneakyThrows
public Map<String, Object> extractInfo(String jwt, String secret) {
SignedJWT signedJWT = SignedJWT.parse(jwt);
final JWSVerifier verifier = new MACVerifier(Base64.getDecoder().decode(secret));
if (!signedJWT.verify(verifier))
throw new JWTVerificationException("User info extraction error");
return signedJWT.getJWTClaimsSet().getClaims();
}
Also used :
MACVerifier(com.nimbusds.jose.crypto.MACVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
SignedJWT(com.nimbusds.jwt.SignedJWT)
SneakyThrows(lombok.SneakyThrows)
Example 47 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project ratauth by alfa-laboratory.
the class HS256TokenProcessor method createToken.
@Override
@SneakyThrows
public String createToken(String clientId, String secret, String identifier, Date created, Date expiresIn, Set<String> audience, Set<String> scopes, Collection<String> authContext, String userId, Map<String, Object> userInfo) {
final JWSSigner signer = new MACSigner(Base64.getDecoder().decode(secret));
final List<String> aud = new ArrayList<>(audience);
aud.add(clientId);
// Prepare JWT with claims set
JWTClaimsSet.Builder jwtBuilder = new JWTClaimsSet.Builder().issuer(issuer).subject(userId).expirationTime(expiresIn).audience(aud).claim(SCOPE, scopes).claim(CLIENT_ID, clientId).claim(ACR_VALUES, authContext).jwtID(identifier).issueTime(created);
userInfo.forEach(jwtBuilder::claim);
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), jwtBuilder.build());
// Apply the HMAC protection
signedJWT.sign(signer);
// eyJhbGciOiJIUzI1NiJ9.SGVsbG8sIHdvcmxkIQ.onO9Ihudz3WkiauDO2Uhyuz0Y18UASXlSc1eS0NkWyA
return signedJWT.serialize();
}
Also used :
MACSigner(com.nimbusds.jose.crypto.MACSigner)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSSigner(com.nimbusds.jose.JWSSigner)
JWSHeader(com.nimbusds.jose.JWSHeader)
SneakyThrows(lombok.SneakyThrows)
Example 48 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoder method decode.
@Override
public Jwt decode(String token) throws JwtException {
SignedJWT jwt = parse(token);
if (isExpired()) {
try {
keysLock.tryLock();
refresh();
} finally {
keysLock.unlock();
}
}
JwtDecoder decoder = delegates.get(jwt.getHeader().getKeyID());
if (decoder == null) {
throw new JwtException("No certificate found for key: " + jwt.getHeader().getKeyID());
}
return decoder.decode(token);
}
Also used :
NimbusJwtDecoder(org.springframework.security.oauth2.jwt.NimbusJwtDecoder)
JwtDecoder(org.springframework.security.oauth2.jwt.JwtDecoder)
JwtException(org.springframework.security.oauth2.jwt.JwtException)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Example 49 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method invalidIssuedAt.
@Test
public void invalidIssuedAt() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").audience("123456").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().plusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
validators.add(new JwtTimestampValidator());
validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
validators.add(new FirebaseTokenValidator("123456"));
DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
RestOperations operations = mockRestOperations();
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
assertThatExceptionOfType(JwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize())).withMessageStartingWith("An error occurred while attempting to decode the Jwt: iat claim header must be in the past");
}
Also used :
JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
ArrayList(java.util.ArrayList)
SignedJWT(com.nimbusds.jwt.SignedJWT)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator)
RestOperations(org.springframework.web.client.RestOperations)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Example 50 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method signedTokenTests.
@Test
public void signedTokenTests() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
OAuth2TokenValidator validator = mock(OAuth2TokenValidator.class);
when(validator.validate(any())).thenReturn(OAuth2TokenValidatorResult.success());
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(mockRestOperations(), "https://spring.local", validator);
decoder.decode(signedJWT.serialize());
}
Also used :
OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Aggregations
SignedJWT (com.nimbusds.jwt.SignedJWT)204
Test (org.junit.Test)84
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)75
Date (java.util.Date)66
HttpServletRequest (javax.servlet.http.HttpServletRequest)64
HttpServletResponse (javax.servlet.http.HttpServletResponse)54
JWSHeader (com.nimbusds.jose.JWSHeader)53
Properties (java.util.Properties)49
ServletException (javax.servlet.ServletException)46
ParseException (java.text.ParseException)31
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)28
JOSEException (com.nimbusds.jose.JOSEException)25
JWSSigner (com.nimbusds.jose.JWSSigner)21
Cookie (javax.servlet.http.Cookie)21
ArrayList (java.util.ArrayList)15
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)14
SignedJWTInfo (org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo)13
Test (org.junit.jupiter.api.Test)12
OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)12
Cache (javax.cache.Cache)11
