Search in sources :

Example 11 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class FapiOpenIdConfiguration method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
 *
 * @param servletRequest servlet request
 * @param httpResponse   servlet response
 */
protected void processRequest(HttpServletRequest servletRequest, HttpServletResponse httpResponse) {
    // addedforfapi
    String authFromReq = null;
    String xfapiinteractionid = null;
    String tempaccess_token = null;
    httpResponse.setContentType("application/json");
    try (PrintWriter out = httpResponse.getWriter()) {
        xfapiinteractionid = servletRequest.getHeader("x-fapi-interaction-id");
        tempaccess_token = servletRequest.getParameter("access_token");
        if ((tempaccess_token != null) && (xfapiinteractionid != null)) {
            if (tempaccess_token.startsWith("Bearer")) {
                log.info("FAPI: Authorization Bearer Token from qeury ********************************************* {}", tempaccess_token);
                log.info("FAPI: Bearler Token is not allowed.**********************************************************************.");
                httpResponse.sendError(httpResponse.SC_BAD_REQUEST, "Bearer token in query is disallowed");
            } else
                httpResponse.sendError(httpResponse.SC_BAD_REQUEST, "token in query is disallowed");
            log.info("FAPI: Authorization token is non-Bearer is not allowed in query*********************************************");
        }
        String clientCertAsPem = servletRequest.getHeader("X-ClientCert");
        if (clientCertAsPem != null) {
            log.info("FAPI: clientCertAsPem found*****************************************");
            log.info("FAPI: clientCertAsPem found*****************************************" + clientCertAsPem);
        } else
            log.info("FAPI: No clientCertAsPem *****************************************");
        authFromReq = servletRequest.getHeader("Authorization");
        String clientDn = null;
        Client cl = null;
        clientDn = tokenService.getClientDn(authFromReq);
        String bearerToken = tokenService.getBearerToken(authFromReq);
        X509Certificate cert = CertUtils.x509CertificateFromPem(clientCertAsPem);
        AuthorizationGrant authorizationGrant = tokenService.getBearerAuthorizationGrant(authFromReq);
        if (authorizationGrant == null) {
            log.error("FAPI: Authorization grant is null.*********************************************");
            httpResponse.sendError(httpResponse.SC_UNAUTHORIZED, "Authorization grant is null.");
        }
        if (cert == null) {
            log.debug("Failed to parse client certificate, client_dn: {}.", clientDn);
            return;
        }
        PublicKey publicKey = cert.getPublicKey();
        byte[] encodedKey = publicKey.getEncoded();
        if (clientDn != null) {
            log.info("FAPI: ClientDn from Authoirization(tokenService) *********************************************" + clientDn);
            cl = clientService.getClientByDn(clientDn);
            String tempjwks = cl.getJwks();
            if (tempjwks == null)
                log.debug("********************FAPIRS JWKS not defined for the client");
            else {
                JSONObject jsonWebKeys = new JSONObject(tempjwks);
                int matchctr = 0;
                final JSONWebKeySet keySet = JSONWebKeySet.fromJSONObject(jsonWebKeys);
                try {
                    for (JSONWebKey key : keySet.getKeys()) {
                        if (ArrayUtils.isEquals(encodedKey, cryptoProvider.getPublicKey(key.getKid(), jsonWebKeys, null).getEncoded())) {
                            matchctr += 1;
                            log.debug("********************************Client {} authenticated via `self_signed_tls_client_auth`, matched kid: {}.", cl.getClientId(), key.getKid());
                        }
                    }
                    if (matchctr == 0) {
                        log.error("Client certificate does not match clientId. clientId: " + cl.getClientId() + "*********************************************");
                        httpResponse.setStatus(401, "The resource owner or authorization server denied the request");
                        return;
                    }
                } catch (Exception e) {
                    log.info("Exception while keymatching****************************************************************");
                }
            }
        } else
            log.info("FAPI: ClientDn from Authoirization(tokenService) is NULL*********************************************");
        // original
        JSONObject jsonObj = new JSONObject();
        if (xfapiinteractionid != null) {
            httpResponse.addHeader("x-fapi-interaction-id", xfapiinteractionid);
            log.info("x-fapi-interaction-id*************************=" + xfapiinteractionid);
        } else {
            xfapiinteractionid = "c770aef3-6784-41f7-8e0e-ff5f97bddb3a";
            httpResponse.addHeader("x-fapi-interaction-id", xfapiinteractionid);
            log.info("x-fapi-interaction-id***********************=" + xfapiinteractionid);
        }
        jsonObj.put(ISSUER, appConfiguration.getIssuer());
        jsonObj.put(AUTHORIZATION_ENDPOINT, appConfiguration.getAuthorizationEndpoint());
        jsonObj.put(TOKEN_ENDPOINT, appConfiguration.getTokenEndpoint());
        jsonObj.put(REVOCATION_ENDPOINT, appConfiguration.getTokenRevocationEndpoint());
        jsonObj.put(SESSION_REVOCATION_ENDPOINT, endpointUrl("/revoke_session"));
        jsonObj.put(USER_INFO_ENDPOINT, appConfiguration.getUserInfoEndpoint());
        jsonObj.put(CLIENT_INFO_ENDPOINT, appConfiguration.getClientInfoEndpoint());
        jsonObj.put(CHECK_SESSION_IFRAME, appConfiguration.getCheckSessionIFrame());
        jsonObj.put(END_SESSION_ENDPOINT, appConfiguration.getEndSessionEndpoint());
        jsonObj.put(JWKS_URI, appConfiguration.getJwksUri());
        jsonObj.put(REGISTRATION_ENDPOINT, appConfiguration.getRegistrationEndpoint());
        jsonObj.put(ID_GENERATION_ENDPOINT, appConfiguration.getIdGenerationEndpoint());
        jsonObj.put(INTROSPECTION_ENDPOINT, appConfiguration.getIntrospectionEndpoint());
        jsonObj.put(PAR_ENDPOINT, appConfiguration.getParEndpoint());
        jsonObj.put(REQUIRE_PAR, appConfiguration.getRequirePar());
        JSONArray responseTypesSupported = new JSONArray();
        for (Set<ResponseType> responseTypes : appConfiguration.getResponseTypesSupported()) {
            responseTypesSupported.put(implode(responseTypes, " "));
        }
        if (responseTypesSupported.length() > 0) {
            jsonObj.put(RESPONSE_TYPES_SUPPORTED, responseTypesSupported);
        }
        JSONArray responseModesSupported = new JSONArray();
        if (appConfiguration.getResponseModesSupported() != null) {
            for (ResponseMode responseMode : appConfiguration.getResponseModesSupported()) {
                responseModesSupported.put(responseMode);
            }
        }
        if (responseModesSupported.length() > 0) {
            jsonObj.put(RESPONSE_MODES_SUPPORTED, responseModesSupported);
        }
        JSONArray grantTypesSupported = new JSONArray();
        for (GrantType grantType : appConfiguration.getGrantTypesSupported()) {
            grantTypesSupported.put(grantType);
        }
        if (grantTypesSupported.length() > 0) {
            jsonObj.put(GRANT_TYPES_SUPPORTED, grantTypesSupported);
        }
        JSONArray acrValuesSupported = new JSONArray();
        for (String acr : externalAuthenticationService.getAcrValuesList()) {
            acrValuesSupported.put(acr);
        }
        jsonObj.put(ACR_VALUES_SUPPORTED, acrValuesSupported);
        jsonObj.put(AUTH_LEVEL_MAPPING, createAuthLevelMapping());
        JSONArray subjectTypesSupported = new JSONArray();
        for (String subjectType : appConfiguration.getSubjectTypesSupported()) {
            subjectTypesSupported.put(subjectType);
        }
        if (subjectTypesSupported.length() > 0) {
            jsonObj.put(SUBJECT_TYPES_SUPPORTED, subjectTypesSupported);
        }
        JSONArray userInfoSigningAlgValuesSupported = new JSONArray();
        for (String userInfoSigningAlg : appConfiguration.getUserInfoSigningAlgValuesSupported()) {
            userInfoSigningAlgValuesSupported.put(userInfoSigningAlg);
        }
        if (userInfoSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(USER_INFO_SIGNING_ALG_VALUES_SUPPORTED, userInfoSigningAlgValuesSupported);
        }
        JSONArray userInfoEncryptionAlgValuesSupported = new JSONArray();
        for (String userInfoEncryptionAlg : appConfiguration.getUserInfoEncryptionAlgValuesSupported()) {
            userInfoEncryptionAlgValuesSupported.put(userInfoEncryptionAlg);
        }
        if (userInfoEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(USER_INFO_ENCRYPTION_ALG_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
        }
        JSONArray userInfoEncryptionEncValuesSupported = new JSONArray();
        for (String userInfoEncryptionEnc : appConfiguration.getUserInfoEncryptionEncValuesSupported()) {
            userInfoEncryptionEncValuesSupported.put(userInfoEncryptionEnc);
        }
        if (userInfoEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(USER_INFO_ENCRYPTION_ENC_VALUES_SUPPORTED, userInfoEncryptionAlgValuesSupported);
        }
        JSONArray idTokenSigningAlgValuesSupported = new JSONArray();
        for (String idTokenSigningAlg : appConfiguration.getIdTokenSigningAlgValuesSupported()) {
            idTokenSigningAlgValuesSupported.put(idTokenSigningAlg);
        }
        if (idTokenSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED, idTokenSigningAlgValuesSupported);
        }
        JSONArray idTokenEncryptionAlgValuesSupported = new JSONArray();
        for (String idTokenEncryptionAlg : appConfiguration.getIdTokenEncryptionAlgValuesSupported()) {
            idTokenEncryptionAlgValuesSupported.put(idTokenEncryptionAlg);
        }
        if (idTokenEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED, idTokenEncryptionAlgValuesSupported);
        }
        JSONArray idTokenEncryptionEncValuesSupported = new JSONArray();
        for (String idTokenEncryptionEnc : appConfiguration.getIdTokenEncryptionEncValuesSupported()) {
            idTokenEncryptionEncValuesSupported.put(idTokenEncryptionEnc);
        }
        if (idTokenEncryptionEncValuesSupported.length() > 0) {
            jsonObj.put(ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED, idTokenEncryptionEncValuesSupported);
        }
        JSONArray requestObjectSigningAlgValuesSupported = new JSONArray();
        for (String requestObjectSigningAlg : appConfiguration.getRequestObjectSigningAlgValuesSupported()) {
            requestObjectSigningAlgValuesSupported.put(requestObjectSigningAlg);
        }
        if (requestObjectSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED, requestObjectSigningAlgValuesSupported);
        }
        JSONArray requestObjectEncryptionAlgValuesSupported = new JSONArray();
        for (String requestObjectEncryptionAlg : appConfiguration.getRequestObjectEncryptionAlgValuesSupported()) {
            requestObjectEncryptionAlgValuesSupported.put(requestObjectEncryptionAlg);
        }
        if (requestObjectEncryptionAlgValuesSupported.length() > 0) {
            jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED, requestObjectEncryptionAlgValuesSupported);
        }
        JSONArray requestObjectEncryptionEncValuesSupported = new JSONArray();
        for (String requestObjectEncryptionEnc : appConfiguration.getRequestObjectEncryptionEncValuesSupported()) {
            requestObjectEncryptionEncValuesSupported.put(requestObjectEncryptionEnc);
        }
        if (requestObjectEncryptionEncValuesSupported.length() > 0) {
            jsonObj.put(REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED, requestObjectEncryptionEncValuesSupported);
        }
        JSONArray tokenEndpointAuthMethodsSupported = new JSONArray();
        for (String tokenEndpointAuthMethod : appConfiguration.getTokenEndpointAuthMethodsSupported()) {
            tokenEndpointAuthMethodsSupported.put(tokenEndpointAuthMethod);
        }
        if (tokenEndpointAuthMethodsSupported.length() > 0) {
            jsonObj.put(TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED, tokenEndpointAuthMethodsSupported);
        }
        JSONArray tokenEndpointAuthSigningAlgValuesSupported = new JSONArray();
        for (String tokenEndpointAuthSigningAlg : appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported()) {
            tokenEndpointAuthSigningAlgValuesSupported.put(tokenEndpointAuthSigningAlg);
        }
        if (tokenEndpointAuthSigningAlgValuesSupported.length() > 0) {
            jsonObj.put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED, tokenEndpointAuthSigningAlgValuesSupported);
        }
        JSONArray displayValuesSupported = new JSONArray();
        for (String display : appConfiguration.getDisplayValuesSupported()) {
            displayValuesSupported.put(display);
        }
        if (displayValuesSupported.length() > 0) {
            jsonObj.put(DISPLAY_VALUES_SUPPORTED, displayValuesSupported);
        }
        JSONArray claimTypesSupported = new JSONArray();
        for (String claimType : appConfiguration.getClaimTypesSupported()) {
            claimTypesSupported.put(claimType);
        }
        if (claimTypesSupported.length() > 0) {
            jsonObj.put(CLAIM_TYPES_SUPPORTED, claimTypesSupported);
        }
        jsonObj.put(SERVICE_DOCUMENTATION, appConfiguration.getServiceDocumentation());
        JSONArray idTokenTokenBindingCnfValuesSupported = new JSONArray();
        for (String value : appConfiguration.getIdTokenTokenBindingCnfValuesSupported()) {
            idTokenTokenBindingCnfValuesSupported.put(value);
        }
        jsonObj.put(ID_TOKEN_TOKEN_BINDING_CNF_VALUES_SUPPORTED, idTokenTokenBindingCnfValuesSupported);
        JSONArray claimsLocalesSupported = new JSONArray();
        for (String claimLocale : appConfiguration.getClaimsLocalesSupported()) {
            claimsLocalesSupported.put(claimLocale);
        }
        if (claimsLocalesSupported.length() > 0) {
            jsonObj.put(CLAIMS_LOCALES_SUPPORTED, claimsLocalesSupported);
        }
        JSONArray uiLocalesSupported = new JSONArray();
        for (String uiLocale : appConfiguration.getUiLocalesSupported()) {
            uiLocalesSupported.put(uiLocale);
        }
        if (uiLocalesSupported.length() > 0) {
            jsonObj.put(UI_LOCALES_SUPPORTED, uiLocalesSupported);
        }
        JSONArray scopesSupported = new JSONArray();
        JSONArray claimsSupported = new JSONArray();
        JSONArray scopeToClaimsMapping = createScopeToClaimsMapping(scopesSupported, claimsSupported);
        if (scopesSupported.length() > 0) {
            jsonObj.put(SCOPES_SUPPORTED, scopesSupported);
        }
        if (claimsSupported.length() > 0) {
            jsonObj.put(CLAIMS_SUPPORTED, claimsSupported);
        }
        jsonObj.put(SCOPE_TO_CLAIMS_MAPPING, scopeToClaimsMapping);
        jsonObj.put(CLAIMS_PARAMETER_SUPPORTED, appConfiguration.getClaimsParameterSupported());
        jsonObj.put(REQUEST_PARAMETER_SUPPORTED, appConfiguration.getRequestParameterSupported());
        jsonObj.put(REQUEST_URI_PARAMETER_SUPPORTED, appConfiguration.getRequestUriParameterSupported());
        jsonObj.put(REQUIRE_REQUEST_URI_REGISTRATION, appConfiguration.getRequireRequestUriRegistration());
        jsonObj.put(OP_POLICY_URI, appConfiguration.getOpPolicyUri());
        jsonObj.put(OP_TOS_URI, appConfiguration.getOpTosUri());
        jsonObj.put(TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS, Boolean.TRUE);
        jsonObj.put(BACKCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
        jsonObj.put(BACKCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
        jsonObj.put(FRONTCHANNEL_LOGOUT_SUPPORTED, Boolean.TRUE);
        jsonObj.put(FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED, Boolean.TRUE);
        jsonObj.put(FRONT_CHANNEL_LOGOUT_SESSION_SUPPORTED, appConfiguration.getFrontChannelLogoutSessionSupported());
        cibaConfigurationService.processConfiguration(jsonObj);
        out.println(ServerUtil.toPrettyJson(jsonObj).replace("\\/", "/"));
    } catch (Exception e) {
        log.error(e.getMessage(), e);
    }
}
Also used : JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) PublicKey(java.security.PublicKey) JSONArray(org.json.JSONArray) GrantType(io.jans.as.model.common.GrantType) X509Certificate(java.security.cert.X509Certificate) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) ResponseType(io.jans.as.model.common.ResponseType) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) JSONObject(org.json.JSONObject) ResponseMode(io.jans.as.model.common.ResponseMode) Client(io.jans.as.common.model.registration.Client) AuthorizationGrant(io.jans.as.server.model.common.AuthorizationGrant) PrintWriter(java.io.PrintWriter)

Example 12 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class AuthClientFactory method getJSONWebKeys.

public static JSONWebKeySet getJSONWebKeys(String jwksUri) {
    log.debug("JSONWebKeys - jwksUri:{}", jwksUri);
    Builder clientBuilder = getClientBuilder(jwksUri);
    clientBuilder.header(CONTENT_TYPE, MediaType.APPLICATION_JSON);
    Response webKeyResponse = clientBuilder.get();
    log.trace("AuthClientFactory::getJSONWebKeys() - webKeyResponse:{}", webKeyResponse);
    if (webKeyResponse.getStatus() == 200) {
        String jsonWebKeySetEntity = webKeyResponse.readEntity(String.class);
        log.trace("AuthClientFactory::getJSONWebKeys() - jsonWebKeySetEntity:{}", jsonWebKeySetEntity);
        JwkResponse jwkResponse = new JwkResponse(200);
        JSONWebKeySet jwks = null;
        if (StringUtils.isNotBlank(jsonWebKeySetEntity)) {
            JSONObject jsonObj = new JSONObject(jsonWebKeySetEntity);
            if (jsonObj.has(JSON_WEB_KEY_SET)) {
                jwks = JSONWebKeySet.fromJSONObject(jsonObj);
                jwkResponse.setJwks(jwks);
            }
            log.trace("AuthClientFactory::getJSONWebKeys() - jwkResponse:{}, jwks:{}", jwkResponse, jwks);
            return jwks;
        }
    }
    return null;
}
Also used : IntrospectionResponse(io.jans.as.model.common.IntrospectionResponse) JwkResponse(io.jans.as.client.JwkResponse) TokenResponse(io.jans.as.client.TokenResponse) Response(javax.ws.rs.core.Response) JwkResponse(io.jans.as.client.JwkResponse) JSONObject(org.json.JSONObject) JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) ClientBuilder(javax.ws.rs.client.ClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) UriBuilder(javax.ws.rs.core.UriBuilder) RestClientBuilder(org.eclipse.microprofile.rest.client.RestClientBuilder)

Example 13 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class ConfigurationFactory method initWebKeys.

private void initWebKeys(Conf conf) {
    final String jwksUri = conf.getDynamic().getJwksUri();
    if (jwksUri.startsWith(conf.getDynamic().getIssuer())) {
        if (conf.getWebKeys() != null) {
            jwks = conf.getWebKeys();
        } else {
            generateWebKeys();
        }
        return;
    }
    // external jwks
    final JSONObject keys = JwtUtil.getJSONWebKeys(jwksUri);
    log.trace("Downloaded external keys from {}, keys: {}", jwksUri, keys);
    final JSONWebKeySet keySet = JSONWebKeySet.fromJSONObject(keys);
    jwks = new WebKeysConfiguration();
    jwks.setKeys(keySet.getKeys());
}
Also used : JSONObject(org.json.JSONObject) WebKeysConfiguration(io.jans.as.model.config.WebKeysConfiguration) JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)

Example 14 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class CrossEncryptionTest method nestedJWTProducedByGluu.

@Test
public void nestedJWTProducedByGluu() throws Exception {
    AppConfiguration appConfiguration = new AppConfiguration();
    List<JSONWebKey> keyArrayList = new ArrayList<JSONWebKey>();
    keyArrayList.add(getSenderWebKey());
    JSONWebKeySet keySet = new JSONWebKeySet();
    keySet.setKeys(keyArrayList);
    final JwtSigner jwtSigner = new JwtSigner(appConfiguration, keySet, SignatureAlgorithm.RS256, "audience", null, new AbstractCryptoProvider() {

        @Override
        public JSONObject generateKey(Algorithm algorithm, Long expirationTime) throws CryptoProviderException {
            return null;
        }

        @Override
        public JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyLength) throws CryptoProviderException {
            return null;
        }

        @Override
        public boolean containsKey(String keyId) {
            return false;
        }

        @Override
        public String sign(String signingInput, String keyId, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
            try {
                RSAPrivateKey privateKey = ((RSAKey) JWK.parse(senderJwkJson)).toRSAPrivateKey();
                Signature signature = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
                signature.initSign(privateKey);
                signature.update(signingInput.getBytes());
                return Base64Util.base64urlencode(signature.sign());
            } catch (JOSEException | ParseException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeyException | SignatureException e) {
                throw new CryptoProviderException(e);
            }
        }

        @Override
        public boolean verifySignature(String signingInput, String encodedSignature, String keyId, JSONObject jwks, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
            return false;
        }

        @Override
        public boolean deleteKey(String keyId) throws CryptoProviderException {
            return false;
        }

        @Override
        public PrivateKey getPrivateKey(String keyId) throws CryptoProviderException {
            throw new UnsupportedOperationException("Method not implemented.");
        }

        @Override
        public PublicKey getPublicKey(String keyId) {
            throw new UnsupportedOperationException("Method not implemented.");
        }
    });
    Jwt jwt = jwtSigner.newJwt();
    jwt.getClaims().setSubjectIdentifier("testing");
    jwt.getClaims().setIssuer("https:devgluu.saminet.local");
    jwt = jwtSigner.sign();
    RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
    BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.A128GCM;
    KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA_OAEP;
    Jwe jwe = new Jwe();
    jwe.getHeader().setType(JwtType.JWT);
    jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
    jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
    jwe.getHeader().setKeyId("1");
    jwe.setSignedJWTPayload(jwt);
    JweEncrypterImpl encrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, recipientPublicJWK.toPublicKey());
    String jweString = encrypter.encrypt(jwe).toString();
    decryptAndValidateSignatureWithGluu(jweString);
    decryptAndValidateSignatureWithNimbus(jweString);
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) ArrayList(java.util.ArrayList) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm) JwtSigner(io.jans.as.server.model.token.JwtSigner) AppConfiguration(io.jans.as.model.configuration.AppConfiguration) Jwe(io.jans.as.model.jwe.Jwe) AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider) PublicKey(java.security.PublicKey) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) Jwt(io.jans.as.model.jwt.Jwt) JWEAlgorithm(com.nimbusds.jose.JWEAlgorithm) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) Algorithm(io.jans.as.model.jwk.Algorithm) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) JSONObject(org.json.JSONObject) Signature(java.security.Signature) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Test(org.testng.annotations.Test)

Example 15 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class ConfSerialization method webKeysJsonDeserializer.

@Test
public void webKeysJsonDeserializer() throws IOException {
    final JSONWebKeySet obj = loadJson(new File(CONFIG_FOLDER + "oxauth-web-keys.json"), JSONWebKeySet.class);
    Assert.assertTrue(obj != null && obj.getKeys() != null && !obj.getKeys().isEmpty());
}
Also used : JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) File(java.io.File) Test(org.testng.annotations.Test)

Aggregations

JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)17 JSONObject (org.json.JSONObject)9 JSONWebKey (io.jans.as.model.jwk.JSONWebKey)6 CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)4 HttpException (io.jans.ca.server.HttpException)4 PublicKey (java.security.PublicKey)4 KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)3 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)3 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)3 Algorithm (io.jans.as.model.jwk.Algorithm)3 Jwt (io.jans.as.model.jwt.Jwt)3 X509Certificate (java.security.cert.X509Certificate)3 JwkResponse (io.jans.as.client.JwkResponse)2 Client (io.jans.as.common.model.registration.Client)2 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)2 AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)2 IOException (java.io.IOException)2 PrintWriter (java.io.PrintWriter)2 Date (java.util.Date)2 ServletException (javax.servlet.ServletException)2