Search in sources :

Example 16 with JSONWebKey

use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.

the class JwtUtil method getPublicKey.

public PublicKey getPublicKey(String kid, JSONWebKeySet jsonWebKeySet, SignatureAlgorithm signatureAlgorithm) {
    log.trace("\n\n JwtUtil::getPublicKey() - kid = " + kid + " , jsonWebKeySet =" + jsonWebKeySet + " , signatureAlgorithm =  " + signatureAlgorithm + "\n");
    JSONWebKey key = jsonWebKeySet.getKey(kid);
    if (key != null) {
        switch(key.getKty()) {
            case RSA:
                return new RSAPublicKey(key.getN(), key.getE());
            case EC:
                return new ECDSAPublicKey(SignatureAlgorithm.fromString(key.getAlg().getParamName()), key.getX(), key.getY());
            default:
                return null;
        }
    }
    return null;
}
Also used : JSONWebKey(io.jans.as.model.jwk.JSONWebKey) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey)

Example 17 with JSONWebKey

use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.

the class JwkRestWebServiceHttpTest method requestClientJwks.

@Parameters({ "clientJwksUri" })
@Test
public void requestClientJwks(final String clientJwksUri) throws Exception {
    showTitle("requestJwks");
    JwkClient jwkClient = new JwkClient(clientJwksUri);
    JwkResponse response = jwkClient.exec();
    showClient(jwkClient);
    assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
    assertNotNull(response.getEntity(), "Unexpected result: entity is null");
    assertNotNull(response.getJwks(), "Unexpected result: jwks is null");
    assertNotNull(response.getJwks().getKeys(), "Unexpected result: keys is null");
    assertTrue(response.getJwks().getKeys().size() > 0, "Unexpected result: keys is empty");
    for (JSONWebKey JSONWebKey : response.getJwks().getKeys()) {
        assertNotNull(JSONWebKey.getKid(), "Unexpected result: kid is null");
        assertNotNull(JSONWebKey.getUse(), "Unexpected result: use is null");
        assertNotNull(JSONWebKey.getAlg(), "Unexpected result: alg is null");
    }
// assertEquals(response.getJwks().getKeys().size(), 11, "The list of keys are not all that could be supported.");
}
Also used : JSONWebKey(io.jans.as.model.jwk.JSONWebKey) JwkResponse(io.jans.as.client.JwkResponse) JwkClient(io.jans.as.client.JwkClient) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 18 with JSONWebKey

use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.

the class JwkRestWebServiceHttpTest method requestJwks.

@Test
public void requestJwks() throws Exception {
    showTitle("requestJwks");
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse response = jwkClient.exec();
    showClient(jwkClient);
    assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
    assertNotNull(response.getEntity(), "Unexpected result: entity is null");
    assertNotNull(response.getJwks(), "Unexpected result: jwks is null");
    assertNotNull(response.getJwks().getKeys(), "Unexpected result: keys is null");
    assertTrue(response.getJwks().getKeys().size() > 0, "Unexpected result: keys is empty");
    for (JSONWebKey JSONWebKey : response.getJwks().getKeys()) {
        assertNotNull(JSONWebKey.getKid(), "Unexpected result: kid is null");
        assertNotNull(JSONWebKey.getUse(), "Unexpected result: use is null");
        assertNotNull(JSONWebKey.getAlg(), "Unexpected result: alg is null");
    }
// assertEquals(response.getJwks().getKeys().size(), 11, "The list of keys are not all that could be supported.");
}
Also used : JSONWebKey(io.jans.as.model.jwk.JSONWebKey) JwkResponse(io.jans.as.client.JwkResponse) JwkClient(io.jans.as.client.JwkClient) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 19 with JSONWebKey

use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.

the class DpopTokenRequestHttpTest method testDPoP_ES256.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_ES256(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("testDPoP_ES256");
    List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
    // 1. Dynamic Registration
    String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
    // 2. Request authorization
    String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    ECPublicKeyImpl publicKey = (ECPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
    JSONWebKey jsonWebKey = new JSONWebKey();
    jsonWebKey.setKty(KeyType.EC);
    jsonWebKey.setX(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getW().getAffineX()));
    jsonWebKey.setY(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getW().getAffineY()));
    jsonWebKey.setCrv(EllipticEdvardsCurve.P_256);
    String jwkThumbprint = jsonWebKey.getJwkThumbprint();
    String jti1 = DPoP.generateJti();
    DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.ES256, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    // 3. Request access token using the authorization code.
    TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    // 4. JWK Thumbprint Confirmation Method
    thumbprintConfirmationMethod(jwkThumbprint, accessToken);
    // 5. JWK Thumbprint Confirmation Method in Token Introspection
    tokenIntrospection(jwkThumbprint, accessToken);
    // 5. Request new access token using the refresh token.
    String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
    String jti2 = DPoP.generateJti();
    DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.ES256, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    dpop2.setAth(accessTokenHash);
    requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used : ECPublicKeyImpl(sun.security.ec.ECPublicKeyImpl) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) TokenResponse(io.jans.as.client.TokenResponse) DPoP(io.jans.as.model.jwt.DPoP) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 20 with JSONWebKey

use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.

the class DpopTokenRequestHttpTest method testDPoP_PS512.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "PS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_PS512(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("testDPoP_PS512");
    List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
    // 1. Dynamic Registration
    String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
    // 2. Request authorization
    String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    RSAPublicKeyImpl publicKey = (RSAPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
    JSONWebKey jsonWebKey = new JSONWebKey();
    jsonWebKey.setKty(KeyType.RSA);
    jsonWebKey.setN(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getModulus()));
    jsonWebKey.setE(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getPublicExponent()));
    String jwkThumbprint = jsonWebKey.getJwkThumbprint();
    String jti1 = DPoP.generateJti();
    DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.PS512, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    // 3. Request access token using the authorization code.
    TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    // 4. JWK Thumbprint Confirmation Method
    thumbprintConfirmationMethod(jwkThumbprint, accessToken);
    // 5. JWK Thumbprint Confirmation Method in Token Introspection
    tokenIntrospection(jwkThumbprint, accessToken);
    // 5. Request new access token using the refresh token.
    String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
    String jti2 = DPoP.generateJti();
    DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.PS512, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    dpop2.setAth(accessTokenHash);
    requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used : RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) TokenResponse(io.jans.as.client.TokenResponse) DPoP(io.jans.as.model.jwt.DPoP) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

JSONWebKey (io.jans.as.model.jwk.JSONWebKey)27 Test (org.testng.annotations.Test)12 BaseTest (io.jans.as.client.BaseTest)11 ResponseType (io.jans.as.model.common.ResponseType)10 Parameters (org.testng.annotations.Parameters)10 TokenResponse (io.jans.as.client.TokenResponse)9 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)9 DPoP (io.jans.as.model.jwt.DPoP)9 JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)6 JSONObject (org.json.JSONObject)6 RSAPublicKeyImpl (sun.security.rsa.RSAPublicKeyImpl)6 PublicKey (java.security.PublicKey)5 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)4 CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)4 JwkClient (io.jans.as.client.JwkClient)3 JwkResponse (io.jans.as.client.JwkResponse)3 WebKeysConfiguration (io.jans.as.model.config.WebKeysConfiguration)3 ECDSAPublicKey (io.jans.as.model.crypto.signature.ECDSAPublicKey)3 Jwt (io.jans.as.model.jwt.Jwt)3 AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)3