Search in sources :

Example 6 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwkPki method doVerify.

@Override
public boolean doVerify(byte[] signedBytes, byte[] signatureToVerify) {
    String alg = signatureAlgorithm();
    if (ALG_NONE.equals(alg)) {
        return verifyNoneAlg(signatureToVerify);
    }
    Signature signature = JwtUtil.getSignature(alg);
    try {
        signature.initVerify(publicKey);
        signature.update(signedBytes);
        return signature.verify(signatureToVerify);
    } catch (Exception e) {
        throw new JwtException("Failed to verify signature. It may still be valid, but an exception was thrown", e);
    }
}
Also used : Signature(java.security.Signature) JwtException(io.helidon.security.jwt.JwtException) JwtException(io.helidon.security.jwt.JwtException) CertificateException(java.security.cert.CertificateException)

Example 7 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class OidcProvider method buildPrincipal.

private Principal buildPrincipal(Jwt jwt) {
    String subject = jwt.subject().orElseThrow(() -> new JwtException("JWT does not contain subject claim, cannot create principal."));
    String name = jwt.preferredUsername().orElse(subject);
    Principal.Builder builder = Principal.builder();
    builder.name(name).id(subject);
    jwt.payloadClaims().forEach((key, jsonValue) -> builder.addAttribute(key, JwtUtil.toObject(jsonValue)));
    jwt.email().ifPresent(value -> builder.addAttribute("email", value));
    jwt.emailVerified().ifPresent(value -> builder.addAttribute("email_verified", value));
    jwt.locale().ifPresent(value -> builder.addAttribute("locale", value));
    jwt.familyName().ifPresent(value -> builder.addAttribute("family_name", value));
    jwt.givenName().ifPresent(value -> builder.addAttribute("given_name", value));
    jwt.fullName().ifPresent(value -> builder.addAttribute("full_name", value));
    return builder.build();
}
Also used : JwtException(io.helidon.security.jwt.JwtException) Principal(io.helidon.security.Principal)

Example 8 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwtProvider method buildPrincipal.

Principal buildPrincipal(Jwt jwt) {
    String subject = jwt.subject().orElseThrow(() -> new JwtException("JWT does not contain subject claim, cannot create principal."));
    String name = jwt.preferredUsername().orElse(subject);
    Principal.Builder builder = Principal.builder();
    builder.name(name).id(subject);
    jwt.payloadClaims().forEach((key, jsonValue) -> builder.addAttribute(key, JwtUtil.toObject(jsonValue)));
    jwt.email().ifPresent(value -> builder.addAttribute("email", value));
    jwt.emailVerified().ifPresent(value -> builder.addAttribute("email_verified", value));
    jwt.locale().ifPresent(value -> builder.addAttribute("locale", value));
    jwt.familyName().ifPresent(value -> builder.addAttribute("family_name", value));
    jwt.givenName().ifPresent(value -> builder.addAttribute("given_name", value));
    jwt.fullName().ifPresent(value -> builder.addAttribute("full_name", value));
    return builder.build();
}
Also used : JwtException(io.helidon.security.jwt.JwtException) Principal(io.helidon.security.Principal)

Example 9 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwtProvider method propagate.

private OutboundSecurityResponse propagate(JwtOutboundTarget ot, Subject subject) {
    Map<String, List<String>> headers = new HashMap<>();
    Jwk jwk = signKeys.forKeyId(ot.jwkKid).orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined."));
    Principal principal = subject.principal();
    Jwt.Builder builder = Jwt.builder();
    principal.abacAttributeNames().forEach(name -> {
        principal.abacAttribute(name).ifPresent(val -> builder.addPayloadClaim(name, val));
    });
    principal.abacAttribute("full_name").ifPresentOrElse(name -> builder.addPayloadClaim("name", name), () -> builder.removePayloadClaim("name"));
    builder.subject(principal.id()).preferredUsername(principal.getName()).issuer(issuer).algorithm(jwk.algorithm());
    ot.update(builder);
    Jwt jwt = builder.build();
    SignedJwt signed = SignedJwt.sign(jwt, jwk);
    ot.outboundHandler.header(headers, signed.tokenContent());
    return OutboundSecurityResponse.withHeaders(headers);
}
Also used : HashMap(java.util.HashMap) IdentityHashMap(java.util.IdentityHashMap) SignedJwt(io.helidon.security.jwt.SignedJwt) Jwt(io.helidon.security.jwt.Jwt) List(java.util.List) JwtException(io.helidon.security.jwt.JwtException) SignedJwt(io.helidon.security.jwt.SignedJwt) Principal(io.helidon.security.Principal) Jwk(io.helidon.security.jwt.jwk.Jwk)

Example 10 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwtAuthProvider method propagate.

private OutboundSecurityResponse propagate(JwtOutboundTarget ot, Subject subject) {
    Map<String, List<String>> headers = new HashMap<>();
    Jwk jwk = signKeys.forKeyId(ot.jwkKid).orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined."));
    Principal principal = subject.principal();
    Jwt.Builder builder = Jwt.builder();
    principal.abacAttributeNames().forEach(name -> {
        principal.abacAttribute(name).ifPresent(val -> builder.addPayloadClaim(name, val));
    });
    principal.abacAttribute("full_name").ifPresentOrElse(name -> builder.addPayloadClaim("name", name), () -> builder.removePayloadClaim("name"));
    builder.subject(principal.id()).preferredUsername(principal.getName()).issuer(issuer).algorithm(jwk.algorithm());
    ot.update(builder);
    // MP specific
    if (!principal.abacAttribute("upn").isPresent()) {
        builder.userPrincipal(principal.getName());
    }
    Security.getRoles(subject).forEach(builder::addUserGroup);
    Jwt jwt = builder.build();
    SignedJwt signed = SignedJwt.sign(jwt, jwk);
    ot.outboundHandler.header(headers, signed.tokenContent());
    return OutboundSecurityResponse.withHeaders(headers);
}
Also used : IdentityHashMap(java.util.IdentityHashMap) HashMap(java.util.HashMap) EncryptedJwt(io.helidon.security.jwt.EncryptedJwt) SignedJwt(io.helidon.security.jwt.SignedJwt) Jwt(io.helidon.security.jwt.Jwt) List(java.util.List) LinkedList(java.util.LinkedList) JwtException(io.helidon.security.jwt.JwtException) SignedJwt(io.helidon.security.jwt.SignedJwt) Principal(io.helidon.security.Principal) Jwk(io.helidon.security.jwt.jwk.Jwk)

Aggregations

JwtException (io.helidon.security.jwt.JwtException)11 Principal (io.helidon.security.Principal)4 Jwt (io.helidon.security.jwt.Jwt)4 SignedJwt (io.helidon.security.jwt.SignedJwt)4 Jwk (io.helidon.security.jwt.jwk.Jwk)4 HashMap (java.util.HashMap)4 IdentityHashMap (java.util.IdentityHashMap)4 List (java.util.List)4 EncryptedJwt (io.helidon.security.jwt.EncryptedJwt)2 JwtUtil.asString (io.helidon.security.jwt.JwtUtil.asString)2 Signature (java.security.Signature)2 CertificateException (java.security.cert.CertificateException)2 LinkedList (java.util.LinkedList)2 JwtUtil.asBigInteger (io.helidon.security.jwt.JwtUtil.asBigInteger)1 JwtUtil.getBigInteger (io.helidon.security.jwt.JwtUtil.getBigInteger)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 BigInteger (java.math.BigInteger)1 InvalidKeyException (java.security.InvalidKeyException)1 PrivateKey (java.security.PrivateKey)1