Examples with JSONWebKey io.jans.as.model.jwk.JSONWebKey used on opensource projects

Search in sources :

Example 21 with JSONWebKey

use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.

the class DpopTokenRequestHttpTest method testDPoP_RS384.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_RS384(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("testDPoP_RS384");
    List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
    // 1. Dynamic Registration
    String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
    // 2. Request authorization
    String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    RSAPublicKeyImpl publicKey = (RSAPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
    JSONWebKey jsonWebKey = new JSONWebKey();
    jsonWebKey.setKty(KeyType.RSA);
    jsonWebKey.setN(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getModulus()));
    jsonWebKey.setE(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getPublicExponent()));
    String jwkThumbprint = jsonWebKey.getJwkThumbprint();
    String jti1 = DPoP.generateJti();
    DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.RS384, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    // 3. Request access token using the authorization code.
    TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    // 4. JWK Thumbprint Confirmation Method
    thumbprintConfirmationMethod(jwkThumbprint, accessToken);
    // 5. JWK Thumbprint Confirmation Method in Token Introspection
    tokenIntrospection(jwkThumbprint, accessToken);
    // 5. Request new access token using the refresh token.
    String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
    String jti2 = DPoP.generateJti();
    DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.RS384, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    dpop2.setAth(accessTokenHash);
    requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used : RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) TokenResponse(io.jans.as.client.TokenResponse) DPoP(io.jans.as.model.jwt.DPoP) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 22 with JSONWebKey

use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.

the class DpopTokenRequestHttpTest method testDPoP_ES512.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_ES512(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("testDPoP_ES512");
    List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
    // 1. Dynamic Registration
    String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
    // 2. Request authorization
    String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    ECPublicKeyImpl publicKey = (ECPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
    JSONWebKey jsonWebKey = new JSONWebKey();
    jsonWebKey.setKty(KeyType.EC);
    jsonWebKey.setX(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getW().getAffineX()));
    jsonWebKey.setY(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getW().getAffineY()));
    jsonWebKey.setCrv(EllipticEdvardsCurve.P_521);
    String jwkThumbprint = jsonWebKey.getJwkThumbprint();
    String jti1 = DPoP.generateJti();
    DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.ES512, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    // 3. Request access token using the authorization code.
    TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    // 4. JWK Thumbprint Confirmation Method
    thumbprintConfirmationMethod(jwkThumbprint, accessToken);
    // 5. JWK Thumbprint Confirmation Method in Token Introspection
    tokenIntrospection(jwkThumbprint, accessToken);
    // 5. Request new access token using the refresh token.
    String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
    String jti2 = DPoP.generateJti();
    DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.ES512, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    dpop2.setAth(accessTokenHash);
    requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used : ECPublicKeyImpl(sun.security.ec.ECPublicKeyImpl) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) TokenResponse(io.jans.as.client.TokenResponse) DPoP(io.jans.as.model.jwt.DPoP) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 23 with JSONWebKey

use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.

the class DpopTokenRequestHttpTest method testDPoP_RS256.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testDPoP_RS256(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("testDPoP_RS256");
    List<ResponseType> responseTypes = Collections.singletonList(ResponseType.CODE);
    // 1. Dynamic Registration
    String clientId = dynamicRegistration(redirectUris, sectorIdentifierUri, clientJwksUri, responseTypes);
    // 2. Request authorization
    String authorizationCode = requestAuthorizationCode(userId, userSecret, redirectUri, responseTypes, clientId);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    RSAPublicKeyImpl publicKey = (RSAPublicKeyImpl) cryptoProvider.getPublicKey(keyId);
    JSONWebKey jsonWebKey = new JSONWebKey();
    jsonWebKey.setKty(KeyType.RSA);
    jsonWebKey.setN(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getModulus()));
    jsonWebKey.setE(Base64Util.base64urlencodeUnsignedBigInt(publicKey.getPublicExponent()));
    String jwkThumbprint = jsonWebKey.getJwkThumbprint();
    String jti1 = DPoP.generateJti();
    DPoP dpop1 = new DPoP(AsymmetricSignatureAlgorithm.RS256, jsonWebKey, jti1, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    // 3. Request access token using the authorization code.
    TokenResponse tokenResponse = requestAccessToken(redirectUri, authorizationCode, dpop1);
    String accessToken = tokenResponse.getAccessToken();
    String refreshToken = tokenResponse.getRefreshToken();
    // 4. JWK Thumbprint Confirmation Method
    thumbprintConfirmationMethod(jwkThumbprint, accessToken);
    // 5. JWK Thumbprint Confirmation Method in Token Introspection
    tokenIntrospection(jwkThumbprint, accessToken);
    // 5. Request new access token using the refresh token.
    String accessTokenHash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(accessToken));
    String jti2 = DPoP.generateJti();
    DPoP dpop2 = new DPoP(AsymmetricSignatureAlgorithm.RS256, jsonWebKey, jti2, HttpMethod.POST, tokenEndpoint, keyId, cryptoProvider);
    dpop2.setAth(accessTokenHash);
    requestAccessTokenWithRefreshToken(refreshToken, dpop2);
}
Also used : RSAPublicKeyImpl(sun.security.rsa.RSAPublicKeyImpl) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) TokenResponse(io.jans.as.client.TokenResponse) DPoP(io.jans.as.model.jwt.DPoP) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) ResponseType(io.jans.as.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 24 with JSONWebKey

use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.

the class AuthCryptoProvider method getKeyId.

@Override
public String getKeyId(JSONWebKeySet jsonWebKeySet, Algorithm algorithm, Use use) throws CryptoProviderException {
    if (algorithm == null || AlgorithmFamily.HMAC.equals(algorithm.getFamily())) {
        return null;
    }
    try {
        String kid = null;
        final List<JSONWebKey> keys = jsonWebKeySet.getKeys();
        LOG.trace("WebKeys:" + keys.stream().map(JSONWebKey::getKid).collect(Collectors.toList()));
        LOG.trace("KeyStoreKeys:" + getKeys());
        List<JSONWebKey> keysByAlgAndUse = new ArrayList<>();
        for (JSONWebKey key : keys) {
            if (algorithm == key.getAlg() && (use == null || use == key.getUse())) {
                kid = key.getKid();
                Key keyFromStore;
                keyFromStore = keyStore.getKey(kid, keyStoreSecret.toCharArray());
                if (keyFromStore != null) {
                    keysByAlgAndUse.add(key);
                }
            }
        }
        if (keysByAlgAndUse.isEmpty()) {
            LOG.trace("kid is not in keystore, algorithm: " + algorithm + ", kid: " + kid + ", keyStorePath:" + keyStoreFile);
            return kid;
        }
        final JSONWebKey selectedKey = keySelectionStrategy.select(keysByAlgAndUse);
        final String selectedKid = selectedKey != null ? selectedKey.getKid() : null;
        LOG.trace("Selected kid: " + selectedKid + ", keySelection Strategy: " + keySelectionStrategy);
        return selectedKid;
    } catch (UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException e) {
        throw new CryptoProviderException(e);
    }
}
Also used : JSONWebKey(io.jans.as.model.jwk.JSONWebKey) UnrecoverableKeyException(java.security.UnrecoverableKeyException) ArrayList(java.util.ArrayList) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RSAPublicKey(java.security.interfaces.RSAPublicKey) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) ECPublicKey(java.security.interfaces.ECPublicKey) PublicKey(java.security.PublicKey) EdDSAPublicKey(org.bouncycastle.jcajce.interfaces.EdDSAPublicKey) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException)

Example 25 with JSONWebKey

use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.

the class ConfigurationFactory method generateWebKeys.

private void generateWebKeys() {
    log.info("Failed to load JWKS. Attempting to generate new JWKS...");
    String newWebKeys = null;
    try {
        final AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(getAppConfiguration());
        // Generate new JWKS
        JSONObject jsonObject = AbstractCryptoProvider.generateJwks(cryptoProvider, getAppConfiguration());
        newWebKeys = jsonObject.toString();
        // Attempt to load new JWKS
        jwks = ServerUtil.createJsonMapper().readValue(newWebKeys, io.jans.as.model.config.WebKeysConfiguration.class);
        // Store new JWKS in LDAP
        Conf configuration = Objects.requireNonNull(loadConfigurationFromPersistence());
        configuration.setWebKeys(jwks);
        long nextRevision = configuration.getRevision() + 1;
        configuration.setRevision(nextRevision);
        final PersistenceEntryManager ldapManager = persistenceEntryManagerInstance.get();
        ldapManager.merge(configuration);
        log.info("Generated new JWKS successfully.");
        if (log.isTraceEnabled()) {
            log.trace("JWKS keys: {}", configuration.getWebKeys().getKeys().stream().map(JSONWebKey::getKid).collect(Collectors.toList()));
            log.trace("KeyStore keys: {}", cryptoProvider.getKeys());
        }
    } catch (Exception ex2) {
        log.error("Failed to re-generate JWKS keys", ex2);
    }
}
Also used : PersistenceEntryManager(io.jans.orm.PersistenceEntryManager) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) JSONObject(org.json.JSONObject) WebKeysConfiguration(io.jans.as.model.config.WebKeysConfiguration) Conf(io.jans.as.model.config.Conf) AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider) ConfigurationException(io.jans.exception.ConfigurationException) BasePersistenceException(io.jans.orm.exception.BasePersistenceException)

Aggregations

JSONWebKey (io.jans.as.model.jwk.JSONWebKey)27 Test (org.testng.annotations.Test)12 BaseTest (io.jans.as.client.BaseTest)11 ResponseType (io.jans.as.model.common.ResponseType)10 Parameters (org.testng.annotations.Parameters)10 TokenResponse (io.jans.as.client.TokenResponse)9 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)9 DPoP (io.jans.as.model.jwt.DPoP)9 JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)6 JSONObject (org.json.JSONObject)6 RSAPublicKeyImpl (sun.security.rsa.RSAPublicKeyImpl)6 PublicKey (java.security.PublicKey)5 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)4 CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)4 JwkClient (io.jans.as.client.JwkClient)3 JwkResponse (io.jans.as.client.JwkResponse)3 WebKeysConfiguration (io.jans.as.model.config.WebKeysConfiguration)3 ECDSAPublicKey (io.jans.as.model.crypto.signature.ECDSAPublicKey)3 Jwt (io.jans.as.model.jwt.Jwt)3 AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial