Example 96 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project knox by apache.
the class AbstractJWTFilterTest method testValidJWTNoExpiration.
@Test
public void testValidJWTNoExpiration() throws Exception {
try {
Properties props = getProperties();
handler.init(new TestFilterConfig(props));
SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", null, privateKey);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
setTokenOnRequest(request, jwt);
EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
EasyMock.expect(request.getQueryString()).andReturn(null);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL).anyTimes();
EasyMock.replay(request);
TestFilterChain chain = new TestFilterChain();
handler.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Properties(java.util.Properties)
Test(org.junit.Test)
Example 97 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project knox by apache.
the class AbstractJWTFilterTest method testEmptyAudienceConfigured.
@Test
public void testEmptyAudienceConfigured() throws Exception {
try {
Properties props = getProperties();
props.put(getAudienceProperty(), "");
handler.init(new TestFilterConfig(props));
SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", null, new Date(new Date().getTime() + 5000), new Date(), privateKey, "RS256");
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
setTokenOnRequest(request, jwt);
EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
EasyMock.expect(request.getQueryString()).andReturn(null);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
EasyMock.replay(request);
TestFilterChain chain = new TestFilterChain();
handler.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Properties(java.util.Properties)
Date(java.util.Date)
Test(org.junit.Test)
Example 98 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project knox by apache.
the class AbstractJWTFilterTest method testNotBeforeJWT.
@Test
public void testNotBeforeJWT() throws Exception {
try {
Properties props = getProperties();
handler.init(new TestFilterConfig(props));
SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 5000), new Date(new Date().getTime() + 5000), privateKey, JWSAlgorithm.RS256.getName());
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
setTokenOnRequest(request, jwt);
EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
EasyMock.expect(request.getQueryString()).andReturn(null);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
EasyMock.replay(request);
TestFilterChain chain = new TestFilterChain();
handler.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.", !chain.doFilterCalled);
Assert.assertTrue("No Subject should be returned.", chain.subject == null);
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Properties(java.util.Properties)
Date(java.util.Date)
Test(org.junit.Test)
Example 99 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project topcom-cloud by 545314690.
the class TokenManager method validateToken.
default boolean validateToken(String token) {
if (token == null) {
return false;
}
try {
SignedJWT signed = SignedJWT.parse(token);
JWSVerifier verifier = new MACVerifierExtended(getSharedKey(), signed.getJWTClaimsSet());
return signed.verify(verifier);
} catch (ParseException ex) {
return false;
} catch (JOSEException ex) {
return false;
}
}
Also used :
MACVerifierExtended(com.topcom.cms.perm.token.verifier.MACVerifierExtended)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ParseException(java.text.ParseException)
Example 100 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project mycore by MyCoRe-Org.
the class MCRJSONWebTokenUtil method retrievePublicKeyFromLoginToken.
/**
* retrieves the client public key from Login Token
*
* @param token - the serialized JSON Web Token from login
* @return the public key as JWK object
*/
public static JWK retrievePublicKeyFromLoginToken(String token) {
JWK result = null;
JWEObject jweObject;
try {
jweObject = JWEObject.parse(token);
// Decrypt with shared key
jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
// Extract payload
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
result = signedJWT.getHeader().getJWK();
RSAKey publicKey = RSAKey.parse(result.toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(publicKey))) {
return result;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
JWEObject(com.nimbusds.jose.JWEObject)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ParseException(java.text.ParseException)
JOSEException(com.nimbusds.jose.JOSEException)
JWK(com.nimbusds.jose.jwk.JWK)
RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)
Aggregations
SignedJWT (com.nimbusds.jwt.SignedJWT)119
Date (java.util.Date)50
Test (org.junit.Test)50
HttpServletRequest (javax.servlet.http.HttpServletRequest)44
HttpServletResponse (javax.servlet.http.HttpServletResponse)44
Properties (java.util.Properties)39
ServletException (javax.servlet.ServletException)39
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)35
JWSHeader (com.nimbusds.jose.JWSHeader)22
Cookie (javax.servlet.http.Cookie)21
ParseException (java.text.ParseException)19
JOSEException (com.nimbusds.jose.JOSEException)16
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)15
JWSSigner (com.nimbusds.jose.JWSSigner)13
AuthenticationException (com.hortonworks.registries.auth.client.AuthenticationException)10
AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)10
PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)10
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)9
JWSVerifier (com.nimbusds.jose.JWSVerifier)8
Test (org.junit.jupiter.api.Test)8
