Examples with SignedJWT com.nimbusds.jwt.SignedJWT used on opensource projects

Example 81 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.

the class NimbusReactiveJwtDecoderTests method signedJwt.

private SignedJWT signedJwt(SecretKey secretKey, MacAlgorithm jwsAlgorithm, JWTClaimsSet claimsSet) throws Exception {
    SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.parse(jwsAlgorithm.getName())), claimsSet);
    JWSSigner signer = new MACSigner(secretKey);
    signedJWT.sign(signer);
    return signedJWT;
}

Example 82 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project oxAuth by GluuFederation.

the class CrossEncryptionTest method decryptAndValidateSignatureWithNimbus.

private void decryptAndValidateSignatureWithNimbus(String jweString) throws ParseException, JOSEException {
    JWK jwk = JWK.parse(recipientJwkJson);
    RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
    JWEObject jweObject = JWEObject.parse(jweString);
    jweObject.decrypt(new RSADecrypter(rsaPrivateKey));
    SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
    assertNotNull("Payload not a signed JWT", signedJWT);
    RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson);
    assertTrue(signedJWT.verify(new RSASSAVerifier(senderJWK)));
    assertEquals("testing", signedJWT.getJWTClaimsSet().getSubject());
    System.out.println("Nimbus decrypt and nested jwt signature verification succeed: " + signedJWT.getJWTClaimsSet().toJSONObject());
}

Example 83 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project zeppelin by apache.

the class KnoxJwtRealm method validateToken.

protected boolean validateToken(String token) {
    try {
        SignedJWT signed = SignedJWT.parse(token);
        boolean sigValid = validateSignature(signed);
        if (!sigValid) {
            LOGGER.warn("Signature of JWT token could not be verified. Please check the public key");
            return false;
        }
        boolean expValid = validateExpiration(signed);
        if (!expValid) {
            LOGGER.warn("Expiration time validation of JWT token failed.");
            return false;
        }
        String currentUser = (String) org.apache.shiro.SecurityUtils.getSubject().getPrincipal();
        if (currentUser == null) {
            return true;
        }
        String cookieUser = signed.getJWTClaimsSet().getSubject();
        return cookieUser.equals(currentUser);
    } catch (ParseException ex) {
        LOGGER.info("ParseException in validateToken", ex);
        return false;
    }
}

Example 84 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project incubator-atlas by apache.

the class AtlasKnoxSSOAuthenticationFilter method doFilter.

/*
     * doFilter of AtlasKnoxSSOAuthenticationFilter is the first in the filter list so in this it check for the request
     * if the request is from browser and sso is enabled then it process the request against knox sso
     * else if it's ssoenable and the request is with local login string then it show's the appropriate msg
     * else if ssoenable is false then it contiunes with further filters as it was before sso
     */
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
    AtlasResponseRequestWrapper responseWrapper = new AtlasResponseRequestWrapper(httpResponse);
    responseWrapper.setHeader("X-Frame-Options", "DENY");
    if (!ssoEnabled) {
        filterChain.doFilter(servletRequest, servletResponse);
        return;
    }
    HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
    if (LOG.isDebugEnabled()) {
        LOG.debug("Knox doFilter {}", httpRequest.getRequestURI());
    }
    if (httpRequest.getSession() != null && httpRequest.getSession().getAttribute("locallogin") != null) {
        servletRequest.setAttribute("ssoEnabled", false);
        filterChain.doFilter(servletRequest, servletResponse);
        return;
    }
    if (jwtProperties == null || isAuthenticated()) {
        filterChain.doFilter(servletRequest, servletResponse);
        return;
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("Knox ssoEnabled  {} {}", ssoEnabled, httpRequest.getRequestURI());
    }
    // if jwt properties are loaded and is current not authenticated then it will go for sso authentication
    // Note : Need to remove !isAuthenticated() after knoxsso solve the bug from cross-origin script
    HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
    String serializedJWT = getJWTFromCookie(httpRequest);
    // if we get the hadoop-jwt token from the cookies then will process it further
    if (serializedJWT != null) {
        SignedJWT jwtToken = null;
        try {
            jwtToken = SignedJWT.parse(serializedJWT);
            boolean valid = validateToken(jwtToken);
            // if the public key provide is correct and also token is not expired the process token
            if (valid) {
                String userName = jwtToken.getJWTClaimsSet().getSubject();
                LOG.info("SSO login user : {} ", userName);
                // if we get the userName from the token then log into atlas using the same user
                if (userName != null && !userName.trim().isEmpty()) {
                    List<GrantedAuthority> grantedAuths = AtlasAuthenticationProvider.getAuthoritiesFromUGI(userName);
                    final UserDetails principal = new User(userName, "", grantedAuths);
                    final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
                    WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest);
                    ((AbstractAuthenticationToken) finalAuthentication).setDetails(webDetails);
                    authenticationProvider.setSsoEnabled(ssoEnabled);
                    Authentication authentication = authenticationProvider.authenticate(finalAuthentication);
                    SecurityContextHolder.getContext().setAuthentication(authentication);
                }
                filterChain.doFilter(servletRequest, httpServletResponse);
            } else {
                // if the token is not valid then redirect to knox sso
                redirectToKnox(httpRequest, httpServletResponse, filterChain);
            }
        } catch (ParseException e) {
            LOG.warn("Unable to parse the JWT token", e);
            redirectToKnox(httpRequest, httpServletResponse, filterChain);
        }
    } else {
        redirectToKnox(httpRequest, httpServletResponse, filterChain);
    }
}

Example 85 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project tomee by apache.

the class TokenUtils method generateJWTString.

public static String generateJWTString(String jsonResource) throws Exception {
    byte[] byteBuffer = new byte[16384];
    currentThread().getContextClassLoader().getResource(jsonResource).openStream().read(byteBuffer);
    JSONParser parser = new JSONParser(DEFAULT_PERMISSIVE_MODE);
    JSONObject jwtJson = (JSONObject) parser.parse(byteBuffer);
    long currentTimeInSecs = (System.currentTimeMillis() / 1000);
    long expirationTime = currentTimeInSecs + 1000;
    jwtJson.put(Claims.iat.name(), currentTimeInSecs);
    jwtJson.put(Claims.auth_time.name(), currentTimeInSecs);
    jwtJson.put(Claims.exp.name(), expirationTime);
    SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(RS256).keyID("/privateKey.pem").type(JWT).build(), parse(jwtJson));
    signedJWT.sign(new RSASSASigner(readPrivateKey("privateKey.pem")));
    return signedJWT.serialize();
}