Search in sources :

Example 41 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method decodeWhenUsingPublicKeyWithKidThenStillUsesKey.

// gh-7049
@Test
public void decodeWhenUsingPublicKeyWithKidThenStillUsesKey() throws Exception {
    RSAPublicKey publicKey = TestKeys.DEFAULT_PUBLIC_KEY;
    RSAPrivateKey privateKey = TestKeys.DEFAULT_PRIVATE_KEY;
    // @formatter:off
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    // @formatter:on
    SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
    // @formatter:off
    NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey).signatureAlgorithm(SignatureAlgorithm.RS256).build();
    assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
// @formatter:on
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.jupiter.api.Test)

Example 42 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method signedJwt.

private SignedJWT signedJwt(JWSSigner signer, JWSHeader header, JWTClaimsSet claimsSet) throws Exception {
    SignedJWT signedJWT = new SignedJWT(header, claimsSet);
    signedJWT.sign(signer);
    return signedJWT;
}
Also used : SignedJWT(com.nimbusds.jwt.SignedJWT)

Example 43 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.

the class NimbusReactiveJwtDecoderTests method decodeWhenSecretKeyAndAlgorithmMismatchThenThrowsJwtException.

@Test
public void decodeWhenSecretKeyAndAlgorithmMismatchThenThrowsJwtException() throws Exception {
    SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
    MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
    // @formatter:off
    this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
    assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.decoder.decode(signedJWT.serialize()).block());
// @formatter:on
}
Also used : MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) SecretKey(javax.crypto.SecretKey) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) Test(org.junit.jupiter.api.Test)

Example 44 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.

the class NimbusReactiveJwtDecoderTests method signedJwt.

private SignedJWT signedJwt(SecretKey secretKey, MacAlgorithm jwsAlgorithm, JWTClaimsSet claimsSet) throws Exception {
    SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.parse(jwsAlgorithm.getName())), claimsSet);
    JWSSigner signer = new MACSigner(secretKey);
    signedJWT.sign(signer);
    return signedJWT;
}
Also used : MACSigner(com.nimbusds.jose.crypto.MACSigner) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 45 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project oxAuth by GluuFederation.

the class CrossEncryptionTest method decryptAndValidateSignatureWithNimbus.

private void decryptAndValidateSignatureWithNimbus(String jweString) throws ParseException, JOSEException {
    JWK jwk = JWK.parse(recipientJwkJson);
    RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
    JWEObject jweObject = JWEObject.parse(jweString);
    jweObject.decrypt(new RSADecrypter(rsaPrivateKey));
    SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
    assertNotNull("Payload not a signed JWT", signedJWT);
    RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson);
    assertTrue(signedJWT.verify(new RSASSAVerifier(senderJWK)));
    assertEquals("testing", signedJWT.getJWTClaimsSet().getSubject());
    System.out.println("Nimbus decrypt and nested jwt signature verification succeed: " + signedJWT.getJWTClaimsSet().toJSONObject());
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWK(com.nimbusds.jose.jwk.JWK) RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)

Aggregations

SignedJWT (com.nimbusds.jwt.SignedJWT)137 Date (java.util.Date)51 Test (org.junit.Test)50 HttpServletRequest (javax.servlet.http.HttpServletRequest)47 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)45 HttpServletResponse (javax.servlet.http.HttpServletResponse)44 Properties (java.util.Properties)39 ServletException (javax.servlet.ServletException)39 JWSHeader (com.nimbusds.jose.JWSHeader)30 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)24 Cookie (javax.servlet.http.Cookie)21 ParseException (java.text.ParseException)20 JOSEException (com.nimbusds.jose.JOSEException)19 JWSSigner (com.nimbusds.jose.JWSSigner)14 Test (org.junit.jupiter.api.Test)12 AuthenticationException (com.hortonworks.registries.auth.client.AuthenticationException)10 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)10 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)10 PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)10 JWSVerifier (com.nimbusds.jose.JWSVerifier)9