use of com.nimbusds.jwt.SignedJWT in project ratauth by alfa-laboratory.
the class HS256TokenProcessor method extractInfo.
@Override
@SneakyThrows
public Map<String, Object> extractInfo(String jwt, String secret) {
SignedJWT signedJWT = SignedJWT.parse(jwt);
final JWSVerifier verifier = new MACVerifier(Base64.getDecoder().decode(secret));
if (!signedJWT.verify(verifier))
throw new JWTVerificationException("User info extraction error");
return signedJWT.getJWTClaimsSet().getClaims();
}
use of com.nimbusds.jwt.SignedJWT in project ORCID-Source by ORCID.
the class OpenIDConnectKeyService method sign.
/**
* Get the private key for signing
*
* @return
* @throws JOSEException
*/
public SignedJWT sign(JWTClaimsSet claims) throws JOSEException {
JWSSigner signer = new RSASSASigner(privateJWK);
JWSHeader.Builder head = new JWSHeader.Builder(defaultAlg);
head.keyID(getDefaultKeyID());
SignedJWT signedJWT = new SignedJWT(head.build(), claims);
signedJWT.sign(signer);
return signedJWT;
/* For HMAC we could do the following. This may be useful for the implicit flow:
ClientDetailsEntity clientEntity = clientDetailsEntityCacheManager.retrieve(authentication.getOAuth2Request().getClientId());
JWSSigner signer = new MACSigner(StringUtils.rightPad(clientEntity.getDecryptedClientSecret(), 32, "#").getBytes());
signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claims.build());
signedJWT.sign(signer);
*/
}
use of com.nimbusds.jwt.SignedJWT in project knox by apache.
the class AbstractJWTFilterTest method testInvalidVerificationPEM.
@Test
public void testInvalidVerificationPEM() throws Exception {
try {
Properties props = getProperties();
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);
KeyPair KPair = kpg.generateKeyPair();
String dn = buildDistinguishedName(InetAddress.getLocalHost().getHostName());
Certificate cert = X509CertificateUtil.generateCertificate(dn, KPair, 365, "SHA1withRSA");
byte[] data = cert.getEncoded();
Base64 encoder = new Base64(76, "\n".getBytes("ASCII"));
String failingPem = new String(encoder.encodeToString(data).getBytes("ASCII")).trim();
props.put(getAudienceProperty(), "bar");
props.put(getVerificationPemProperty(), failingPem);
handler.init(new TestFilterConfig(props));
SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 50000), privateKey);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
setTokenOnRequest(request, jwt);
EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
EasyMock.expect(request.getQueryString()).andReturn(null);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
EasyMock.replay(request);
TestFilterChain chain = new TestFilterChain();
handler.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be true.", chain.doFilterCalled == false);
Assert.assertTrue("No Subject should be returned.", chain.subject == null);
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
use of com.nimbusds.jwt.SignedJWT in project knox by apache.
the class AbstractJWTFilterTest method testValidAudienceJWT.
@Test
public void testValidAudienceJWT() throws Exception {
try {
Properties props = getProperties();
props.put(getAudienceProperty(), "bar");
handler.init(new TestFilterConfig(props));
SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 5000), privateKey);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
setTokenOnRequest(request, jwt);
EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
EasyMock.expect(request.getQueryString()).andReturn(null);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
EasyMock.replay(request);
TestFilterChain chain = new TestFilterChain();
handler.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
use of com.nimbusds.jwt.SignedJWT in project knox by apache.
the class AbstractJWTFilterTest method testValidAudienceJWTWhitespace.
@Test
public void testValidAudienceJWTWhitespace() throws Exception {
try {
Properties props = getProperties();
props.put(getAudienceProperty(), " foo, bar ");
handler.init(new TestFilterConfig(props));
SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 5000), privateKey);
HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
setTokenOnRequest(request, jwt);
EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
EasyMock.expect(request.getQueryString()).andReturn(null);
HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
EasyMock.replay(request);
TestFilterChain chain = new TestFilterChain();
handler.doFilter(request, response, chain);
Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
} catch (ServletException se) {
fail("Should NOT have thrown a ServletException.");
}
}
Aggregations