Example 1 with JWTAuthenticationClaimsSet
use of com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet in project nifi by apache.
the class KnoxServiceTest method testRequiredAudience.
@Test
public void testRequiredAudience() throws Exception {
final String subject = "user-1";
final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.SECONDS));
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
final KeyPair pair = keyGen.generateKeyPair();
final RSAPrivateKey privateKey = (RSAPrivateKey) pair.getPrivate();
final RSAPublicKey publicKey = (RSAPublicKey) pair.getPublic();
final JWTAuthenticationClaimsSet claimsSet = getAuthenticationClaimsSet(subject, AUDIENCE, expiration);
final PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, privateKey, null, null);
final KnoxConfiguration configuration = getConfiguration(publicKey);
when(configuration.getAudiences()).thenReturn(null);
final KnoxService service = new KnoxService(configuration);
Assert.assertEquals(subject, service.getAuthenticationFromToken(privateKeyJWT.getClientAssertion().serialize()));
}
Also used :
KeyPair(java.security.KeyPair)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)
JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet)
KeyPairGenerator(java.security.KeyPairGenerator)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Date(java.util.Date)
Test(org.junit.Test)
Example 2 with JWTAuthenticationClaimsSet
use of com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet in project nifi by apache.
the class KnoxServiceTest method testSignedJwt.
@Test
public void testSignedJwt() throws Exception {
final String subject = "user-1";
final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.SECONDS));
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
final KeyPair pair = keyGen.generateKeyPair();
final RSAPrivateKey privateKey = (RSAPrivateKey) pair.getPrivate();
final RSAPublicKey publicKey = (RSAPublicKey) pair.getPublic();
final JWTAuthenticationClaimsSet claimsSet = getAuthenticationClaimsSet(subject, AUDIENCE, expiration);
final PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, privateKey, null, null);
final KnoxConfiguration configuration = getConfiguration(publicKey);
final KnoxService service = new KnoxService(configuration);
Assert.assertEquals(subject, service.getAuthenticationFromToken(privateKeyJWT.getClientAssertion().serialize()));
}
Also used :
KeyPair(java.security.KeyPair)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)
JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet)
KeyPairGenerator(java.security.KeyPairGenerator)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Date(java.util.Date)
Test(org.junit.Test)
Example 3 with JWTAuthenticationClaimsSet
use of com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet in project nifi by apache.
the class KnoxServiceTest method testBadSignedJwt.
@Test(expected = InvalidAuthenticationException.class)
public void testBadSignedJwt() throws Exception {
final String subject = "user-1";
final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.SECONDS));
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
final KeyPair pair1 = keyGen.generateKeyPair();
final RSAPrivateKey privateKey1 = (RSAPrivateKey) pair1.getPrivate();
final KeyPair pair2 = keyGen.generateKeyPair();
final RSAPublicKey publicKey2 = (RSAPublicKey) pair2.getPublic();
// sign the jwt with pair 1
final JWTAuthenticationClaimsSet claimsSet = getAuthenticationClaimsSet(subject, AUDIENCE, expiration);
final PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, privateKey1, null, null);
// attempt to verify it with pair 2
final KnoxConfiguration configuration = getConfiguration(publicKey2);
final KnoxService service = new KnoxService(configuration);
service.getAuthenticationFromToken(privateKeyJWT.getClientAssertion().serialize());
}
Also used :
KeyPair(java.security.KeyPair)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)
JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet)
KeyPairGenerator(java.security.KeyPairGenerator)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Date(java.util.Date)
Test(org.junit.Test)
Example 4 with JWTAuthenticationClaimsSet
use of com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet in project nifi by apache.
the class KnoxServiceTest method testInvalidAudience.
@Test(expected = InvalidAuthenticationException.class)
public void testInvalidAudience() throws Exception {
final String subject = "user-1";
final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.SECONDS));
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
final KeyPair pair = keyGen.generateKeyPair();
final RSAPrivateKey privateKey = (RSAPrivateKey) pair.getPrivate();
final RSAPublicKey publicKey = (RSAPublicKey) pair.getPublic();
final JWTAuthenticationClaimsSet claimsSet = getAuthenticationClaimsSet(subject, "incorrect-audience", expiration);
final PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, privateKey, null, null);
final KnoxConfiguration configuration = getConfiguration(publicKey);
final KnoxService service = new KnoxService(configuration);
Assert.assertEquals(subject, service.getAuthenticationFromToken(privateKeyJWT.getClientAssertion().serialize()));
}
Also used :
KeyPair(java.security.KeyPair)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)
JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet)
KeyPairGenerator(java.security.KeyPairGenerator)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Date(java.util.Date)
Test(org.junit.Test)
Example 5 with JWTAuthenticationClaimsSet
use of com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet in project nifi by apache.
the class KnoxServiceTest method testExpiredJwt.
@Test(expected = InvalidAuthenticationException.class)
public void testExpiredJwt() throws Exception {
final String subject = "user-1";
// token expires in 1 sec
final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(1, TimeUnit.SECONDS));
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
final KeyPair pair = keyGen.generateKeyPair();
final RSAPrivateKey privateKey = (RSAPrivateKey) pair.getPrivate();
final RSAPublicKey publicKey = (RSAPublicKey) pair.getPublic();
// wait 2 sec
Thread.sleep(TimeUnit.MILLISECONDS.convert(2, TimeUnit.SECONDS));
final JWTAuthenticationClaimsSet claimsSet = getAuthenticationClaimsSet(subject, AUDIENCE, expiration);
final PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, privateKey, null, null);
final KnoxConfiguration configuration = getConfiguration(publicKey);
final KnoxService service = new KnoxService(configuration);
service.getAuthenticationFromToken(privateKeyJWT.getClientAssertion().serialize());
}
Also used :
KeyPair(java.security.KeyPair)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)
JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet)
KeyPairGenerator(java.security.KeyPairGenerator)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Date(java.util.Date)
Test(org.junit.Test)
Aggregations
JWTAuthenticationClaimsSet (com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet)5
PrivateKeyJWT (com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)5
KeyPair (java.security.KeyPair)5
KeyPairGenerator (java.security.KeyPairGenerator)5
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)5
RSAPublicKey (java.security.interfaces.RSAPublicKey)5
Date (java.util.Date)5
Test (org.junit.Test)5
