Example 31 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project connect-android-sdk by telenordigital.
the class IdTokenValidatorTest method missingIssueTimeThrows.
@Test(expected = ConnectException.class)
public void missingIssueTimeThrows() throws Exception {
BDDMockito.given(ConnectSdk.getConnectApiUrl()).willReturn(HttpUrl.parse("https://connect.telenordigital.com"));
BDDMockito.given(ConnectSdk.getClientId()).willReturn("connect-tests");
BDDMockito.given(ConnectSdk.getExpectedIssuer()).willReturn("https://connect.telenordigital.com/oauth");
JWTClaimsSet claimsSet = new JWTClaimsSet();
claimsSet.setIssuer("https://connect.telenordigital.com/oauth");
claimsSet.setAudience("connect-tests");
claimsSet.setExpirationTime(oneHourIntoFuture);
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.ES256), claimsSet);
signedJWT.sign(new ECDSASigner(new BigInteger("123")));
IdToken idToken = new IdToken(signedJWT.serialize());
IdTokenValidator.validate(idToken, null);
}
Also used :
IdToken(com.telenor.connect.id.IdToken)
ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
BigInteger(java.math.BigInteger)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSHeader(com.nimbusds.jose.JWSHeader)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 32 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project connect-android-sdk by telenordigital.
the class IdTokenValidatorTest method setUp.
@BeforeClass
public static void setUp() throws Exception {
Calendar calendar = Calendar.getInstance();
now = calendar.getTime();
calendar.add(Calendar.HOUR, 1);
oneHourIntoFuture = calendar.getTime();
calendar.setTime(now);
calendar.add(Calendar.YEAR, 10);
tenYearsIntoFuture = calendar.getTime();
calendar.setTime(now);
calendar.add(Calendar.HOUR, -2);
twoHoursAgo = calendar.getTime();
JWTClaimsSet claimsSet = new JWTClaimsSet();
claimsSet.setIssuer("https://connect.telenordigital.com/oauth");
claimsSet.setAudience("connect-tests");
claimsSet.setExpirationTime(oneHourIntoFuture);
claimsSet.setIssueTime(now);
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.ES256), claimsSet);
signedJWT.sign(new ECDSASigner(new BigInteger("123")));
normalSerializedSignedJwt = new IdToken(signedJWT.serialize());
}
Also used :
IdToken(com.telenor.connect.id.IdToken)
ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
Calendar(java.util.Calendar)
BigInteger(java.math.BigInteger)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSHeader(com.nimbusds.jose.JWSHeader)
BeforeClass(org.junit.BeforeClass)
Example 33 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project ovirt-engine by oVirt.
the class OpenIdUtils method createJWT.
/**
* Create a Java web token and sign with the RSA key. Used by the openid userinfo endpoint to send userinfo back.
*/
public static String createJWT(HttpServletRequest request, SsoSession ssoSession, String clientId) throws JOSEException {
// Create RSA-signer with the private key
JWSSigner signer = new RSASSASigner(keyPair.getPrivate());
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), createJWTClaimSet(request, ssoSession, clientId));
signedJWT.sign(signer);
return signedJWT.serialize();
}
Also used :
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSSigner(com.nimbusds.jose.JWSSigner)
JWSHeader(com.nimbusds.jose.JWSHeader)
Example 34 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project fitpay-android-sdk by fitpay.
the class StringUtils method getDecryptedString.
/**
* Get decrypted string
*
* @param type key type
* @param encryptedString encrypted string
* @return decrypted string
*/
public static String getDecryptedString(@KeysManager.KeyType int type, String encryptedString) {
KeysManager keysManager = KeysManager.getInstance();
JWEObject jweObject;
try {
jweObject = JWEObject.parse(encryptedString);
JWEHeader jweHeader = jweObject.getHeader();
if (jweHeader.getKeyID() == null || jweHeader.getKeyID().equals(keysManager.getKeyId(type))) {
jweObject.decrypt(new AESDecrypter(keysManager.getSecretKey(type)));
if ("JWT".equals(jweObject.getHeader().getContentType())) {
SignedJWT signedJwt = jweObject.getPayload().toSignedJWT();
ECCKeyPair keyPair = keysManager.getPairForType(type);
ECPublicKey key = null;
if ("https://fit-pay.com".equals(signedJwt.getJWTClaimsSet().getIssuer())) {
key = (ECPublicKey) keysManager.getPublicKey("EC", Hex.hexStringToBytes(keyPair.getServerPublicKey()));
} else {
key = (ECPublicKey) keysManager.getPublicKey("EC", Hex.hexStringToBytes(keyPair.getPublicKey()));
}
JWSVerifier verifier = new ECDSAVerifier(key);
if (!signedJwt.verify(verifier)) {
throw new IllegalArgumentException("jwt did not pass signature validation");
}
return signedJwt.getJWTClaimsSet().getStringClaim("data");
} else {
return jweObject.getPayload().toString();
}
}
} catch (Exception e) {
FPLog.e(e);
}
return null;
}
Also used :
ECDSAVerifier(com.nimbusds.jose.crypto.ECDSAVerifier)
JWEHeader(com.nimbusds.jose.JWEHeader)
ECPublicKey(java.security.interfaces.ECPublicKey)
JWEObject(com.nimbusds.jose.JWEObject)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
AESDecrypter(com.nimbusds.jose.crypto.AESDecrypter)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ECCKeyPair(com.fitpay.android.api.models.security.ECCKeyPair)
JOSEException(com.nimbusds.jose.JOSEException)
Example 35 with SignedJWT
use of com.nimbusds.jwt.SignedJWT in project registry by hortonworks.
the class TestJWTAuthenticationHandler method testExpiredJWT.
@Test
public void testExpiredJWT() throws Exception {
try {
handler.setPublicKey(publicKey);
Properties props = getProperties();
handler.init(props);
SignedJWT jwt = getJWT("bob", new Date(new Date().getTime() - 1000), privateKey);
Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize());
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer(SERVICE_URL));
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn(SERVICE_URL);
AuthenticationToken token = handler.alternateAuthenticate(request, response);
Mockito.verify(response).sendRedirect(REDIRECT_LOCATION);
} catch (ServletException se) {
fail("alternateAuthentication should NOT have thrown a ServletException");
} catch (AuthenticationException ae) {
fail("alternateAuthentication should NOT have thrown a AuthenticationException");
}
}
Also used :
Cookie(javax.servlet.http.Cookie)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
AuthenticationException(com.hortonworks.registries.auth.client.AuthenticationException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Properties(java.util.Properties)
Date(java.util.Date)
Test(org.junit.Test)
Aggregations
SignedJWT (com.nimbusds.jwt.SignedJWT)137
Date (java.util.Date)51
Test (org.junit.Test)50
HttpServletRequest (javax.servlet.http.HttpServletRequest)47
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)45
HttpServletResponse (javax.servlet.http.HttpServletResponse)44
Properties (java.util.Properties)39
ServletException (javax.servlet.ServletException)39
JWSHeader (com.nimbusds.jose.JWSHeader)30
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)24
Cookie (javax.servlet.http.Cookie)21
ParseException (java.text.ParseException)20
JOSEException (com.nimbusds.jose.JOSEException)19
JWSSigner (com.nimbusds.jose.JWSSigner)14
Test (org.junit.jupiter.api.Test)12
AuthenticationException (com.hortonworks.registries.auth.client.AuthenticationException)10
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)10
AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)10
PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)10
JWSVerifier (com.nimbusds.jose.JWSVerifier)9
