Example 1 with JSONWebKey
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class DpopTokenRequestHttpTest method testDPoP_PS384.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "PS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_PS384(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("testDPoP_PS384");
List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
// 1. Dynamic Registration
String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
// 2. Request authorization
String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
RSAPublicKeyImpl publicKey = (RSAPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
JSONWebKey jsonWebKey = new JSONWebKey();
jsonWebKey.setKty(KeyType.RSA);
jsonWebKey.setN(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getModulus()));
jsonWebKey.setE(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getPublicExponent()));
String jwkThumbprint = jsonWebKey.getJwkThumbprint();
String jti1 = DPoP.generateJti();
DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.PS384, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
// 3. Request access token using the authorization code.
TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
String accessToken = tokenResponse.getAccessToken();
String refreshToken = tokenResponse.getRefreshToken();
// 4. JWK Thumbprint Confirmation Method
thumbprintConfirmationMethod(jwkThumbprint, accessToken);
// 5. JWK Thumbprint Confirmation Method in Token Introspection
tokenIntrospection(jwkThumbprint, accessToken);
// 5. Request new access token using the refresh token.
String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
String jti2 = DPoP.generateJti();
DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.PS384, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
dpop2.setAth(accessTokenHash);
requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used :
RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl)
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
TokenResponse(io.jans.as.client.TokenResponse)
DPoP(io.jans.as.model.jwt.DPoP)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
ResponseType(io.jans.as.model.common.ResponseType)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 2 with JSONWebKey
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class DpopTokenRequestHttpTest method testDPoP_PS256.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "PS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_PS256(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("testDPoP_PS256");
List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
// 1. Dynamic Registration
String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
// 2. Request authorization
String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
RSAPublicKeyImpl publicKey = (RSAPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
JSONWebKey jsonWebKey = new JSONWebKey();
jsonWebKey.setKty(KeyType.RSA);
jsonWebKey.setN(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getModulus()));
jsonWebKey.setE(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getPublicExponent()));
String jwkThumbprint = jsonWebKey.getJwkThumbprint();
String jti1 = DPoP.generateJti();
DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.PS256, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
// 3. Request access token using the authorization code.
TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
String accessToken = tokenResponse.getAccessToken();
String refreshToken = tokenResponse.getRefreshToken();
// 4. JWK Thumbprint Confirmation Method
thumbprintConfirmationMethod(jwkThumbprint, accessToken);
// 5. JWK Thumbprint Confirmation Method in Token Introspection
tokenIntrospection(jwkThumbprint, accessToken);
// 5. Request new access token using the refresh token.
String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
String jti2 = DPoP.generateJti();
DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.PS256, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
dpop2.setAth(accessTokenHash);
requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used :
RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl)
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
TokenResponse(io.jans.as.client.TokenResponse)
DPoP(io.jans.as.model.jwt.DPoP)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
ResponseType(io.jans.as.model.common.ResponseType)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 3 with JSONWebKey
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class DpopTokenRequestHttpTest method testDPoP_RS512.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_RS512(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("testDPoP_RS512");
List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
// 1. Dynamic Registration
String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
// 2. Request authorization
String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
RSAPublicKeyImpl publicKey = (RSAPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
JSONWebKey jsonWebKey = new JSONWebKey();
jsonWebKey.setKty(KeyType.RSA);
jsonWebKey.setN(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getModulus()));
jsonWebKey.setE(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getPublicExponent()));
String jwkThumbprint = jsonWebKey.getJwkThumbprint();
String jti1 = DPoP.generateJti();
DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.RS512, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
// 3. Request access token using the authorization code.
TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
String accessToken = tokenResponse.getAccessToken();
String refreshToken = tokenResponse.getRefreshToken();
// 4. JWK Thumbprint Confirmation Method
thumbprintConfirmationMethod(jwkThumbprint, accessToken);
// 5. JWK Thumbprint Confirmation Method in Token Introspection
tokenIntrospection(jwkThumbprint, accessToken);
// 5. Request new access token using the refresh token.
String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
String jti2 = DPoP.generateJti();
DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.RS512, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
dpop2.setAth(accessTokenHash);
requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used :
RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl)
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
TokenResponse(io.jans.as.client.TokenResponse)
DPoP(io.jans.as.model.jwt.DPoP)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
ResponseType(io.jans.as.model.common.ResponseType)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 4 with JSONWebKey
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class DpopTokenRequestHttpTest method testDPoP_ES384.
@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_ES384(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
showTitle("testDPoP_ES384");
List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
// 1. Dynamic Registration
String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
// 2. Request authorization
String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
ECPublicKeyImpl publicKey = (ECPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
JSONWebKey jsonWebKey = new JSONWebKey();
jsonWebKey.setKty(KeyType.EC);
jsonWebKey.setX(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getW().getAffineX()));
jsonWebKey.setY(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getW().getAffineY()));
jsonWebKey.setCrv(EllipticEdvardsCurve.P_384);
String jwkThumbprint = jsonWebKey.getJwkThumbprint();
String jti1 = DPoP.generateJti();
DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.ES384, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
// 3. Request access token using the authorization code.
TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
String accessToken = tokenResponse.getAccessToken();
String refreshToken = tokenResponse.getRefreshToken();
// 4. JWK Thumbprint Confirmation Method
thumbprintConfirmationMethod(jwkThumbprint, accessToken);
// 5. JWK Thumbprint Confirmation Method in Token Introspection
tokenIntrospection(jwkThumbprint, accessToken);
// 5. Request new access token using the refresh token.
String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
String jti2 = DPoP.generateJti();
DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.ES384, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
dpop2.setAth(accessTokenHash);
requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used :
ECPublicKeyImpl(sun.security.ec.ECPublicKeyImpl)
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
TokenResponse(io.jans.as.client.TokenResponse)
DPoP(io.jans.as.model.jwt.DPoP)
AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider)
ResponseType(io.jans.as.model.common.ResponseType)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 5 with JSONWebKey
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class JwksResource method deleteKey.
@DELETE
@ProtectedApi(scopes = { ApiAccessConstants.JWKS_WRITE_ACCESS })
@Path(ApiConstants.KID_PATH)
public Response deleteKey(@PathParam(ApiConstants.KID) @NotNull String kid) {
log.debug("Key to be to be deleted - kid = " + kid);
final Conf conf = configurationService.findConf();
WebKeysConfiguration webkeys = configurationService.findConf().getWebKeys();
JSONWebKey jwk = getJSONWebKey(webkeys, kid);
if (jwk == null) {
throw new NotFoundException(getNotFoundError("JWK with kid - '" + kid + "' does not exist!"));
}
conf.getWebKeys().getKeys().removeIf(x -> x.getKid() != null && x.getKid().equals(kid));
configurationService.merge(conf);
return Response.noContent().build();
}
Also used :
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
Conf(io.jans.as.model.config.Conf)
WebKeysConfiguration(io.jans.as.model.config.WebKeysConfiguration)
ProtectedApi(io.jans.configapi.core.rest.ProtectedApi)
Aggregations
JSONWebKey (io.jans.as.model.jwk.JSONWebKey)27
Test (org.testng.annotations.Test)12
BaseTest (io.jans.as.client.BaseTest)11
ResponseType (io.jans.as.model.common.ResponseType)10
Parameters (org.testng.annotations.Parameters)10
TokenResponse (io.jans.as.client.TokenResponse)9
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)9
DPoP (io.jans.as.model.jwt.DPoP)9
JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)6
JSONObject (org.json.JSONObject)6
RSAPublicKeyImpl (sun.security.rsa.RSAPublicKeyImpl)6
PublicKey (java.security.PublicKey)5
RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)4
CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)4
JwkClient (io.jans.as.client.JwkClient)3
JwkResponse (io.jans.as.client.JwkResponse)3
WebKeysConfiguration (io.jans.as.model.config.WebKeysConfiguration)3
ECDSAPublicKey (io.jans.as.model.crypto.signature.ECDSAPublicKey)3
Jwt (io.jans.as.model.jwt.Jwt)3
AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)3
