Example 1 with OCTKey
use of io.gravitee.am.model.jose.OCTKey in project gravitee-access-management by gravitee-io.
the class DynamicClientRegistrationResponseTest method convert.
@Test
public void convert() {
RSAKey rsaKey = new RSAKey();
rsaKey.setKty("RSA");
rsaKey.setKid("kidRSA");
rsaKey.setUse("enc");
rsaKey.setE("exponent");
rsaKey.setN("modulus");
ECKey ecKey = new ECKey();
ecKey.setKty("EC");
ecKey.setKid("kidEC");
ecKey.setUse("enc");
ecKey.setCrv("P-256");
ecKey.setX("vBT2JhFHd62Jcf4yyBzSV9NuDBNBssR1zlmnHelgZcs");
ecKey.setY("up8E8b3TjeKS2v2GCH23UJP0bak0La77lkQ7_n4djqE");
OKPKey okpKey = new OKPKey();
okpKey.setKty("OKP");
okpKey.setKid("kidOKP");
okpKey.setCrv("Ed25519");
okpKey.setX("vBNW8f19leF79U4U6NrDDQaK_i5kL0iMKghB39AUT2I");
OCTKey octKey = new OCTKey();
octKey.setKty("oct");
octKey.setKid("kidOCT");
octKey.setK("FdFYFzERwC2uCBB46pZQi4GG85LujR8obt-KWRBICVQ");
JWKSet jwkSet = new JWKSet();
jwkSet.setKeys(Arrays.asList(rsaKey, ecKey, okpKey, octKey));
Client client = new Client();
client.setClientId("clientId");
client.setClientName("clientName");
client.setJwks(jwkSet);
DynamicClientRegistrationResponse response = DynamicClientRegistrationResponse.fromClient(client);
assertNotNull("expecting response", response);
assertEquals(response.getClientId(), "clientId");
assertEquals(response.getClientName(), "clientName");
assertTrue(response.getJwks().getKeys().size() == 4);
}Example 2 with OCTKey
use of io.gravitee.am.model.jose.OCTKey in project gravitee-access-management by gravitee-io.
the class JWKServiceTest method testFilter_AES_no_128_keys.
@Test
public void testFilter_AES_no_128_keys() {
OCTKey oct192 = new OCTKey();
oct192.setKty("oct");
oct192.setKid("octEnc192");
oct192.setUse("enc");
// 192bits (24 bytes)
oct192.setK("G9jUYv3b0-0wZWCGxAnIUH6gI0kjeXj4");
OCTKey oct256 = new OCTKey();
oct256.setKty("oct");
oct256.setKid("octEnc256");
oct256.setUse("enc");
// 256bits (32 bytes)
oct256.setK("RlrxxWClnDX_dpa47lvC29vBiB-ZDCg-b8n70Ugefyo");
OCTKey octSig = new OCTKey();
octSig.setKty("oct");
octSig.setKid("octSig");
octSig.setUse("sig");
JWKSet jwkSet = new JWKSet();
jwkSet.setKeys(Arrays.asList(oct192, oct256, octSig));
TestObserver testObserver = jwkService.filter(jwkSet, JWKFilter.OCT_KEY_ENCRYPTION(JWEAlgorithm.A128KW)).test();
testObserver.assertNoErrors();
testObserver.assertComplete();
testObserver.assertResult();
testObserver = jwkService.filter(jwkSet, JWKFilter.OCT_KEY_ENCRYPTION(JWEAlgorithm.A128GCMKW)).test();
testObserver.assertNoErrors();
testObserver.assertComplete();
testObserver.assertResult();
}
Also used :
JWKSet(io.gravitee.am.model.oidc.JWKSet)
OCTKey(io.gravitee.am.model.jose.OCTKey)
TestObserver(io.reactivex.observers.TestObserver)
Test(org.junit.Test)
Example 3 with OCTKey
use of io.gravitee.am.model.jose.OCTKey in project gravitee-access-management by gravitee-io.
the class JWSServiceTest method testVerifier_OCT_invalid.
@Test(expected = IllegalArgumentException.class)
public void testVerifier_OCT_invalid() {
OCTKey key = new OCTKey();
key.setKty("oct");
key.setKid(KID);
key.setK("too_short");
jwsService.verifier(key);
}Example 4 with OCTKey
use of io.gravitee.am.model.jose.OCTKey in project gravitee-access-management by gravitee-io.
the class JWEAesTest method encryptIdToken.
@Test
public void encryptIdToken() {
try {
int keySize = 128;
if (alg.startsWith("A192")) {
keySize = 192;
} else if (alg.startsWith("A256")) {
keySize = 256;
}
// Generate a secret AES key with 128 bits
KeyGenerator gen = KeyGenerator.getInstance("AES");
gen.init(keySize);
SecretKey aesKey = gen.generateKey();
// Convert to JWK format
OctetSequenceKey jwk = new OctetSequenceKey.Builder(aesKey).build();
OCTKey key = new OCTKey();
key.setKid("octEnc");
key.setUse("enc");
key.setK(jwk.getKeyValue().toString());
Client client = new Client();
client.setIdTokenEncryptedResponseAlg(this.alg);
client.setIdTokenEncryptedResponseEnc(this.enc);
when(jwkService.getKeys(client)).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.filter(any(), any())).thenReturn(Maybe.just(key));
TestObserver testObserver = jweService.encryptIdToken("JWT", client).test();
testObserver.assertNoErrors();
testObserver.assertComplete();
testObserver.assertValue(jweString -> {
JWEObject jwe = JWEObject.parse((String) jweString);
jwe.decrypt(new AESDecrypter(jwk));
return "JWT".equals(jwe.getPayload().toString());
});
} catch (NoSuchAlgorithmException e) {
fail(e.getMessage());
}
}
Also used :
SecretKey(javax.crypto.SecretKey)
JWEObject(com.nimbusds.jose.JWEObject)
OctetSequenceKey(com.nimbusds.jose.jwk.OctetSequenceKey)
JWKSet(io.gravitee.am.model.oidc.JWKSet)
OCTKey(io.gravitee.am.model.jose.OCTKey)
AESDecrypter(com.nimbusds.jose.crypto.AESDecrypter)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Client(io.gravitee.am.model.oidc.Client)
KeyGenerator(javax.crypto.KeyGenerator)
TestObserver(io.reactivex.observers.TestObserver)
Test(org.junit.Test)
Example 5 with OCTKey
use of io.gravitee.am.model.jose.OCTKey in project gravitee-access-management by gravitee-io.
the class JWEDirectTest method encryptIdToken_wronkKeySize.
@Test
public void encryptIdToken_wronkKeySize() {
byte[] secretKey = new byte[(EncryptionMethod.parse(this.enc).cekBitLength() / 8) - 8];
new SecureRandom().nextBytes(secretKey);
// Convert to JWK format
OctetSequenceKey jwk = new OctetSequenceKey.Builder(secretKey).build();
OCTKey key = new OCTKey();
key.setKid("octEnc");
key.setUse("enc");
key.setK(jwk.getKeyValue().toString());
Client client = new Client();
client.setIdTokenEncryptedResponseAlg("dir");
client.setIdTokenEncryptedResponseEnc(this.enc);
when(jwkService.getKeys(client)).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.filter(any(), any())).thenReturn(Maybe.just(key));
TestObserver testObserver = jweService.encryptIdToken("JWT", client).test();
testObserver.assertError(ServerErrorException.class);
testObserver.assertNotComplete();
}
Also used :
OctetSequenceKey(com.nimbusds.jose.jwk.OctetSequenceKey)
JWKSet(io.gravitee.am.model.oidc.JWKSet)
SecureRandom(java.security.SecureRandom)
OCTKey(io.gravitee.am.model.jose.OCTKey)
Client(io.gravitee.am.model.oidc.Client)
TestObserver(io.reactivex.observers.TestObserver)
Test(org.junit.Test)
Aggregations
OCTKey (io.gravitee.am.model.jose.OCTKey)16
Test (org.junit.Test)15
JWKSet (io.gravitee.am.model.oidc.JWKSet)13
TestObserver (io.reactivex.observers.TestObserver)11
Client (io.gravitee.am.model.oidc.Client)9
OctetSequenceKey (com.nimbusds.jose.jwk.OctetSequenceKey)8
JWEObject (com.nimbusds.jose.JWEObject)6
SecureRandom (java.security.SecureRandom)5
AESDecrypter (com.nimbusds.jose.crypto.AESDecrypter)2
DirectDecrypter (com.nimbusds.jose.crypto.DirectDecrypter)2
PasswordBasedDecrypter (com.nimbusds.jose.crypto.PasswordBasedDecrypter)2
ECKey (io.gravitee.am.model.jose.ECKey)2
RSAKey (io.gravitee.am.model.jose.RSAKey)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
KeyGenerator (javax.crypto.KeyGenerator)2
SecretKey (javax.crypto.SecretKey)2
JWSHeader (com.nimbusds.jose.JWSHeader)1
MACSigner (com.nimbusds.jose.crypto.MACSigner)1
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1
SignedJWT (com.nimbusds.jwt.SignedJWT)1
