Example 66 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project pac4j by pac4j.
the class JwtAuthenticator method validate.
@Override
public void validate(final TokenCredentials credentials, final WebContext context) {
init();
final String token = credentials.getToken();
if (context != null) {
// set the www-authenticate in case of error
context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Bearer realm=\"" + realmName + "\"");
}
try {
// Parse the token
JWT jwt = JWTParser.parse(token);
if (jwt instanceof PlainJWT) {
if (signatureConfigurations.isEmpty()) {
logger.debug("JWT is not signed and no signature configurations -> verified");
} else {
throw new CredentialsException("A non-signed JWT cannot be accepted as signature configurations have been defined");
}
} else {
SignedJWT signedJWT = null;
if (jwt instanceof SignedJWT) {
signedJWT = (SignedJWT) jwt;
}
// encrypted?
if (jwt instanceof EncryptedJWT) {
logger.debug("JWT is encrypted");
final EncryptedJWT encryptedJWT = (EncryptedJWT) jwt;
boolean found = false;
final JWEHeader header = encryptedJWT.getHeader();
final JWEAlgorithm algorithm = header.getAlgorithm();
final EncryptionMethod method = header.getEncryptionMethod();
for (final EncryptionConfiguration config : encryptionConfigurations) {
if (config.supports(algorithm, method)) {
logger.debug("Using encryption configuration: {}", config);
try {
config.decrypt(encryptedJWT);
signedJWT = encryptedJWT.getPayload().toSignedJWT();
if (signedJWT != null) {
jwt = signedJWT;
}
found = true;
break;
} catch (final JOSEException e) {
logger.debug("Decryption fails with encryption configuration: {}, passing to the next one", config);
}
}
}
if (!found) {
throw new CredentialsException("No encryption algorithm found for JWT: " + token);
}
}
// signed?
if (signedJWT != null) {
logger.debug("JWT is signed");
boolean verified = false;
boolean found = false;
final JWSAlgorithm algorithm = signedJWT.getHeader().getAlgorithm();
for (final SignatureConfiguration config : signatureConfigurations) {
if (config.supports(algorithm)) {
logger.debug("Using signature configuration: {}", config);
try {
verified = config.verify(signedJWT);
found = true;
if (verified) {
break;
}
} catch (final JOSEException e) {
logger.debug("Verification fails with signature configuration: {}, passing to the next one", config);
}
}
}
if (!found) {
throw new CredentialsException("No signature algorithm found for JWT: " + token);
}
if (!verified) {
throw new CredentialsException("JWT verification failed: " + token);
}
}
}
createJwtProfile(credentials, jwt);
} catch (final ParseException e) {
throw new CredentialsException("Cannot decrypt / verify JWT", e);
}
}
Also used :
PlainJWT(com.nimbusds.jwt.PlainJWT)
SignatureConfiguration(org.pac4j.jwt.config.signature.SignatureConfiguration)
EncryptionConfiguration(org.pac4j.jwt.config.encryption.EncryptionConfiguration)
PlainJWT(com.nimbusds.jwt.PlainJWT)
JWT(com.nimbusds.jwt.JWT)
SignedJWT(com.nimbusds.jwt.SignedJWT)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
SignedJWT(com.nimbusds.jwt.SignedJWT)
EncryptionMethod(com.nimbusds.jose.EncryptionMethod)
CredentialsException(org.pac4j.core.exception.CredentialsException)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
JWEHeader(com.nimbusds.jose.JWEHeader)
JWEAlgorithm(com.nimbusds.jose.JWEAlgorithm)
ParseException(java.text.ParseException)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
JOSEException(com.nimbusds.jose.JOSEException)
Example 67 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project pac4j by pac4j.
the class ECSignatureConfigurationTests method testSignVerify.
@Test
public void testSignVerify() throws JOSEException {
final ECSignatureConfiguration config = new ECSignatureConfiguration(buildKeyPair());
final JWTClaimsSet claims = new JWTClaimsSet.Builder().subject(VALUE).build();
final SignedJWT signedJwt = config.sign(claims);
assertTrue(config.verify(signedJwt));
}
Also used :
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Test(org.junit.Test)
Example 68 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project pac4j by pac4j.
the class RSASignatureConfigurationTests method testMissingPublicKey.
@Test
public void testMissingPublicKey() {
final RSASignatureConfiguration config = new RSASignatureConfiguration();
config.setPrivateKey((RSAPrivateKey) buildKeyPair().getPrivate());
final SignedJWT signedJWT = config.sign(buildClaims());
TestsHelper.expectException(() -> config.verify(signedJWT), TechnicalException.class, "publicKey cannot be null");
}Example 69 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project pac4j by pac4j.
the class RSASignatureConfigurationTests method testSignVerify.
@Test
public void testSignVerify() throws JOSEException {
final RSASignatureConfiguration config = new RSASignatureConfiguration(buildKeyPair());
final JWTClaimsSet claims = new JWTClaimsSet.Builder().subject(VALUE).build();
final SignedJWT signedJwt = config.sign(claims);
assertTrue(config.verify(signedJwt));
}
Also used :
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Test(org.junit.Test)
Example 70 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project pac4j by pac4j.
the class SecretSignatureConfigurationTests method testSignVerifyBase64.
@Test
public void testSignVerifyBase64() throws JOSEException {
SecretSignatureConfiguration config = new SecretSignatureConfiguration();
config.setSecretBase64(BASE64_512_BIT_SIG_SECRET);
final JWTClaimsSet claims = new JWTClaimsSet.Builder().subject(VALUE).build();
final SignedJWT signedJwt = config.sign(claims);
assertTrue(config.verify(signedJwt));
}
Also used :
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Test(org.junit.Test)
Aggregations
SignedJWT (com.nimbusds.jwt.SignedJWT)204
Test (org.junit.Test)84
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)75
Date (java.util.Date)66
HttpServletRequest (javax.servlet.http.HttpServletRequest)64
HttpServletResponse (javax.servlet.http.HttpServletResponse)54
JWSHeader (com.nimbusds.jose.JWSHeader)53
Properties (java.util.Properties)49
ServletException (javax.servlet.ServletException)46
ParseException (java.text.ParseException)31
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)28
JOSEException (com.nimbusds.jose.JOSEException)25
JWSSigner (com.nimbusds.jose.JWSSigner)21
Cookie (javax.servlet.http.Cookie)21
ArrayList (java.util.ArrayList)15
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)14
SignedJWTInfo (org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo)13
Test (org.junit.jupiter.api.Test)12
OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)12
Cache (javax.cache.Cache)11
