Search in sources :

Example 1 with PrivateKeyJWT

use of com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT in project nifi by apache.

the class KnoxServiceTest method testRequiredAudience.

@Test
public void testRequiredAudience() throws Exception {
    final String subject = "user-1";
    final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.SECONDS));
    final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    final KeyPair pair = keyGen.generateKeyPair();
    final RSAPrivateKey privateKey = (RSAPrivateKey) pair.getPrivate();
    final RSAPublicKey publicKey = (RSAPublicKey) pair.getPublic();
    final JWTAuthenticationClaimsSet claimsSet = getAuthenticationClaimsSet(subject, AUDIENCE, expiration);
    final PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, privateKey, null, null);
    final KnoxConfiguration configuration = getConfiguration(publicKey);
    when(configuration.getAudiences()).thenReturn(null);
    final KnoxService service = new KnoxService(configuration);
    Assert.assertEquals(subject, service.getAuthenticationFromToken(privateKeyJWT.getClientAssertion().serialize()));
}
Also used : KeyPair(java.security.KeyPair) RSAPublicKey(java.security.interfaces.RSAPublicKey) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet) KeyPairGenerator(java.security.KeyPairGenerator) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Date(java.util.Date) Test(org.junit.Test)

Example 2 with PrivateKeyJWT

use of com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT in project nifi by apache.

the class KnoxServiceTest method testSignedJwt.

@Test
public void testSignedJwt() throws Exception {
    final String subject = "user-1";
    final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.SECONDS));
    final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    final KeyPair pair = keyGen.generateKeyPair();
    final RSAPrivateKey privateKey = (RSAPrivateKey) pair.getPrivate();
    final RSAPublicKey publicKey = (RSAPublicKey) pair.getPublic();
    final JWTAuthenticationClaimsSet claimsSet = getAuthenticationClaimsSet(subject, AUDIENCE, expiration);
    final PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, privateKey, null, null);
    final KnoxConfiguration configuration = getConfiguration(publicKey);
    final KnoxService service = new KnoxService(configuration);
    Assert.assertEquals(subject, service.getAuthenticationFromToken(privateKeyJWT.getClientAssertion().serialize()));
}
Also used : KeyPair(java.security.KeyPair) RSAPublicKey(java.security.interfaces.RSAPublicKey) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet) KeyPairGenerator(java.security.KeyPairGenerator) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Date(java.util.Date) Test(org.junit.Test)

Example 3 with PrivateKeyJWT

use of com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT in project nifi by apache.

the class KnoxServiceTest method testBadSignedJwt.

@Test(expected = InvalidAuthenticationException.class)
public void testBadSignedJwt() throws Exception {
    final String subject = "user-1";
    final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.SECONDS));
    final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    final KeyPair pair1 = keyGen.generateKeyPair();
    final RSAPrivateKey privateKey1 = (RSAPrivateKey) pair1.getPrivate();
    final KeyPair pair2 = keyGen.generateKeyPair();
    final RSAPublicKey publicKey2 = (RSAPublicKey) pair2.getPublic();
    // sign the jwt with pair 1
    final JWTAuthenticationClaimsSet claimsSet = getAuthenticationClaimsSet(subject, AUDIENCE, expiration);
    final PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, privateKey1, null, null);
    // attempt to verify it with pair 2
    final KnoxConfiguration configuration = getConfiguration(publicKey2);
    final KnoxService service = new KnoxService(configuration);
    service.getAuthenticationFromToken(privateKeyJWT.getClientAssertion().serialize());
}
Also used : KeyPair(java.security.KeyPair) RSAPublicKey(java.security.interfaces.RSAPublicKey) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet) KeyPairGenerator(java.security.KeyPairGenerator) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Date(java.util.Date) Test(org.junit.Test)

Example 4 with PrivateKeyJWT

use of com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT in project nifi by apache.

the class KnoxServiceTest method testInvalidAudience.

@Test(expected = InvalidAuthenticationException.class)
public void testInvalidAudience() throws Exception {
    final String subject = "user-1";
    final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.SECONDS));
    final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    final KeyPair pair = keyGen.generateKeyPair();
    final RSAPrivateKey privateKey = (RSAPrivateKey) pair.getPrivate();
    final RSAPublicKey publicKey = (RSAPublicKey) pair.getPublic();
    final JWTAuthenticationClaimsSet claimsSet = getAuthenticationClaimsSet(subject, "incorrect-audience", expiration);
    final PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, privateKey, null, null);
    final KnoxConfiguration configuration = getConfiguration(publicKey);
    final KnoxService service = new KnoxService(configuration);
    Assert.assertEquals(subject, service.getAuthenticationFromToken(privateKeyJWT.getClientAssertion().serialize()));
}
Also used : KeyPair(java.security.KeyPair) RSAPublicKey(java.security.interfaces.RSAPublicKey) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet) KeyPairGenerator(java.security.KeyPairGenerator) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Date(java.util.Date) Test(org.junit.Test)

Example 5 with PrivateKeyJWT

use of com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT in project nifi by apache.

the class KnoxServiceTest method testExpiredJwt.

@Test(expected = InvalidAuthenticationException.class)
public void testExpiredJwt() throws Exception {
    final String subject = "user-1";
    // token expires in 1 sec
    final Date expiration = new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(1, TimeUnit.SECONDS));
    final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    final KeyPair pair = keyGen.generateKeyPair();
    final RSAPrivateKey privateKey = (RSAPrivateKey) pair.getPrivate();
    final RSAPublicKey publicKey = (RSAPublicKey) pair.getPublic();
    // wait 2 sec
    Thread.sleep(TimeUnit.MILLISECONDS.convert(2, TimeUnit.SECONDS));
    final JWTAuthenticationClaimsSet claimsSet = getAuthenticationClaimsSet(subject, AUDIENCE, expiration);
    final PrivateKeyJWT privateKeyJWT = new PrivateKeyJWT(claimsSet, JWSAlgorithm.RS256, privateKey, null, null);
    final KnoxConfiguration configuration = getConfiguration(publicKey);
    final KnoxService service = new KnoxService(configuration);
    service.getAuthenticationFromToken(privateKeyJWT.getClientAssertion().serialize());
}
Also used : KeyPair(java.security.KeyPair) RSAPublicKey(java.security.interfaces.RSAPublicKey) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet) KeyPairGenerator(java.security.KeyPairGenerator) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Date(java.util.Date) Test(org.junit.Test)

Aggregations

JWTAuthenticationClaimsSet (com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet)5 PrivateKeyJWT (com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)5 KeyPair (java.security.KeyPair)5 KeyPairGenerator (java.security.KeyPairGenerator)5 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)5 RSAPublicKey (java.security.interfaces.RSAPublicKey)5 Date (java.util.Date)5 Test (org.junit.Test)5