Search in sources :

Example 11 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project ratauth by alfa-laboratory.

the class HS256TokenProcessor method extractInfo.

@Override
@SneakyThrows
public Map<String, Object> extractInfo(String jwt, String secret) {
    SignedJWT signedJWT = SignedJWT.parse(jwt);
    final JWSVerifier verifier = new MACVerifier(Base64.getDecoder().decode(secret));
    if (!signedJWT.verify(verifier))
        throw new JWTVerificationException("User info extraction error");
    return signedJWT.getJWTClaimsSet().getClaims();
}
Also used : MACVerifier(com.nimbusds.jose.crypto.MACVerifier) JWSVerifier(com.nimbusds.jose.JWSVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) SneakyThrows(lombok.SneakyThrows)

Example 12 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project ORCID-Source by ORCID.

the class OpenIDConnectKeyService method sign.

/**
 * Get the private key for signing
 *
 * @return
 * @throws JOSEException
 */
public SignedJWT sign(JWTClaimsSet claims) throws JOSEException {
    JWSSigner signer = new RSASSASigner(privateJWK);
    JWSHeader.Builder head = new JWSHeader.Builder(defaultAlg);
    head.keyID(getDefaultKeyID());
    SignedJWT signedJWT = new SignedJWT(head.build(), claims);
    signedJWT.sign(signer);
    return signedJWT;
/* For HMAC we could do the following.  This may be useful for the implicit flow:
        ClientDetailsEntity clientEntity = clientDetailsEntityCacheManager.retrieve(authentication.getOAuth2Request().getClientId());
        JWSSigner signer = new MACSigner(StringUtils.rightPad(clientEntity.getDecryptedClientSecret(), 32, "#").getBytes());
        signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claims.build());
        signedJWT.sign(signer);     
         */
}
Also used : RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 13 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project knox by apache.

the class AbstractJWTFilterTest method testInvalidVerificationPEM.

@Test
public void testInvalidVerificationPEM() throws Exception {
    try {
        Properties props = getProperties();
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        kpg.initialize(1024);
        KeyPair KPair = kpg.generateKeyPair();
        String dn = buildDistinguishedName(InetAddress.getLocalHost().getHostName());
        Certificate cert = X509CertificateUtil.generateCertificate(dn, KPair, 365, "SHA1withRSA");
        byte[] data = cert.getEncoded();
        Base64 encoder = new Base64(76, "\n".getBytes("ASCII"));
        String failingPem = new String(encoder.encodeToString(data).getBytes("ASCII")).trim();
        props.put(getAudienceProperty(), "bar");
        props.put(getVerificationPemProperty(), failingPem);
        handler.init(new TestFilterConfig(props));
        SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 50000), privateKey);
        HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
        setTokenOnRequest(request, jwt);
        EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
        EasyMock.expect(request.getQueryString()).andReturn(null);
        HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
        EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
        EasyMock.replay(request);
        TestFilterChain chain = new TestFilterChain();
        handler.doFilter(request, response, chain);
        Assert.assertTrue("doFilterCalled should not be true.", chain.doFilterCalled == false);
        Assert.assertTrue("No Subject should be returned.", chain.subject == null);
    } catch (ServletException se) {
        fail("Should NOT have thrown a ServletException.");
    }
}
Also used : KeyPair(java.security.KeyPair) Base64(org.apache.commons.codec.binary.Base64) HttpServletResponse(javax.servlet.http.HttpServletResponse) KeyPairGenerator(java.security.KeyPairGenerator) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Example 14 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project knox by apache.

the class AbstractJWTFilterTest method testValidAudienceJWT.

@Test
public void testValidAudienceJWT() throws Exception {
    try {
        Properties props = getProperties();
        props.put(getAudienceProperty(), "bar");
        handler.init(new TestFilterConfig(props));
        SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 5000), privateKey);
        HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
        setTokenOnRequest(request, jwt);
        EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
        EasyMock.expect(request.getQueryString()).andReturn(null);
        HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
        EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
        EasyMock.replay(request);
        TestFilterChain chain = new TestFilterChain();
        handler.doFilter(request, response, chain);
        Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
        Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
        Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
        Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
    } catch (ServletException se) {
        fail("Should NOT have thrown a ServletException.");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Example 15 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project knox by apache.

the class AbstractJWTFilterTest method testValidAudienceJWTWhitespace.

@Test
public void testValidAudienceJWTWhitespace() throws Exception {
    try {
        Properties props = getProperties();
        props.put(getAudienceProperty(), " foo, bar ");
        handler.init(new TestFilterConfig(props));
        SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 5000), privateKey);
        HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
        setTokenOnRequest(request, jwt);
        EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
        EasyMock.expect(request.getQueryString()).andReturn(null);
        HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
        EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
        EasyMock.replay(request);
        TestFilterChain chain = new TestFilterChain();
        handler.doFilter(request, response, chain);
        Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
        Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
        Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
        Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
    } catch (ServletException se) {
        fail("Should NOT have thrown a ServletException.");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Aggregations

SignedJWT (com.nimbusds.jwt.SignedJWT)137 Date (java.util.Date)51 Test (org.junit.Test)50 HttpServletRequest (javax.servlet.http.HttpServletRequest)47 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)45 HttpServletResponse (javax.servlet.http.HttpServletResponse)44 Properties (java.util.Properties)39 ServletException (javax.servlet.ServletException)39 JWSHeader (com.nimbusds.jose.JWSHeader)30 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)24 Cookie (javax.servlet.http.Cookie)21 ParseException (java.text.ParseException)20 JOSEException (com.nimbusds.jose.JOSEException)19 JWSSigner (com.nimbusds.jose.JWSSigner)14 Test (org.junit.jupiter.api.Test)12 AuthenticationException (com.hortonworks.registries.auth.client.AuthenticationException)10 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)10 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)10 PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)10 JWSVerifier (com.nimbusds.jose.JWSVerifier)9