Example 1 with JwtClaims
use of io.jans.as.model.jwt.JwtClaims in project jans by JanssenProject.
the class JwtAuthorizationRequest method getEncodedJwt.
public String getEncodedJwt(JSONObject jwks) throws Exception {
String encodedJwt = null;
if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
JweEncrypterImpl jweEncrypter;
if (cryptoProvider != null && jwks != null) {
PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jwks, null);
jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
} else {
jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedKey.getBytes(StandardCharsets.UTF_8));
}
String header = ClientUtil.toPrettyJson(headerToJSONObject());
String encodedHeader = base64urlencode(header);
Jwe jwe = new Jwe();
jwe.setHeader(new JwtHeader(encodedHeader));
if (nestedPayload == null) {
String claims = ClientUtil.toPrettyJson(payloadToJSONObject());
String encodedClaims = base64urlencode(claims);
jwe.setClaims(new JwtClaims(encodedClaims));
} else {
jwe.setSignedJWTPayload(nestedPayload);
}
jweEncrypter.encrypt(jwe);
encodedJwt = jwe.toString();
} else {
if (cryptoProvider == null) {
throw new Exception("The Crypto Provider cannot be null.");
}
JSONObject headerJsonObject = headerToJSONObject();
JSONObject payloadJsonObject = payloadToJSONObject();
String headerString = ClientUtil.toPrettyJson(headerJsonObject);
String payloadString = ClientUtil.toPrettyJson(payloadJsonObject);
String encodedHeader = base64urlencode(headerString);
String encodedPayload = base64urlencode(payloadString);
String signingInput = encodedHeader + "." + encodedPayload;
String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
encodedJwt = encodedHeader + "." + encodedPayload + "." + encodedSignature;
}
return encodedJwt;
}
Also used :
JwtHeader(io.jans.as.model.jwt.JwtHeader)
JSONObject(org.json.JSONObject)
JwtClaims(io.jans.as.model.jwt.JwtClaims)
PublicKey(java.security.PublicKey)
Jwe(io.jans.as.model.jwe.Jwe)
JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl)
JSONException(org.json.JSONException)
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 2 with JwtClaims
use of io.jans.as.model.jwt.JwtClaims in project jans by JanssenProject.
the class JwtState method getEncodedJwt.
public String getEncodedJwt(JSONObject jwks) throws Exception {
String encodedJwt = null;
if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
JweEncrypterImpl jweEncrypter;
if (cryptoProvider != null && jwks != null) {
PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jwks, null);
jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
} else {
jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedKey.getBytes(StandardCharsets.UTF_8));
}
String header = ClientUtil.toPrettyJson(headerToJSONObject());
String encodedHeader = Base64Util.base64urlencode(header.getBytes(StandardCharsets.UTF_8));
String claims = ClientUtil.toPrettyJson(payloadToJSONObject());
String encodedClaims = Base64Util.base64urlencode(claims.getBytes(StandardCharsets.UTF_8));
Jwe jwe = new Jwe();
jwe.setHeader(new JwtHeader(encodedHeader));
jwe.setClaims(new JwtClaims(encodedClaims));
jweEncrypter.encrypt(jwe);
encodedJwt = jwe.toString();
} else {
JSONObject headerJsonObject = headerToJSONObject();
JSONObject payloadJsonObject = payloadToJSONObject();
String headerString = ClientUtil.toPrettyJson(headerJsonObject);
String payloadString = ClientUtil.toPrettyJson(payloadJsonObject);
String encodedHeader = Base64Util.base64urlencode(headerString.getBytes(StandardCharsets.UTF_8));
String encodedPayload = Base64Util.base64urlencode(payloadString.getBytes(StandardCharsets.UTF_8));
String signingInput = encodedHeader + "." + encodedPayload;
String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
encodedJwt = encodedHeader + "." + encodedPayload + "." + encodedSignature;
}
return encodedJwt;
}
Also used :
JwtHeader(io.jans.as.model.jwt.JwtHeader)
JSONObject(org.json.JSONObject)
JwtClaims(io.jans.as.model.jwt.JwtClaims)
PublicKey(java.security.PublicKey)
Jwe(io.jans.as.model.jwe.Jwe)
JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl)
Example 3 with JwtClaims
use of io.jans.as.model.jwt.JwtClaims in project jans by JanssenProject.
the class AudienceTest method addAudience_callItTwiceWithDifferentValues_shouldResultInSingleAudValue.
@Test
public void addAudience_callItTwiceWithDifferentValues_shouldResultInSingleAudValue() {
JwtClaims claims = new JwtClaims();
claims.addAudience("aud1");
claims.addAudience("aud2");
assertEquals(claims.getClaim("aud"), Lists.newArrayList("aud1", "aud2"));
}Example 4 with JwtClaims
use of io.jans.as.model.jwt.JwtClaims in project jans by JanssenProject.
the class JweDecrypterImpl method decrypt.
@Override
public Jwe decrypt(String encryptedJwe) throws InvalidJweException {
try {
String[] jweParts = encryptedJwe.split("\\.");
if (jweParts.length != 5) {
throw new InvalidJwtException("Invalid JWS format.");
}
String encodedHeader = jweParts[0];
String encodedEncryptedKey = jweParts[1];
String encodedInitializationVector = jweParts[2];
String encodedCipherText = jweParts[3];
String encodedIntegrityValue = jweParts[4];
Jwe jwe = new Jwe();
jwe.setEncodedHeader(encodedHeader);
jwe.setEncodedEncryptedKey(encodedEncryptedKey);
jwe.setEncodedInitializationVector(encodedInitializationVector);
jwe.setEncodedCiphertext(encodedCipherText);
jwe.setEncodedIntegrityValue(encodedIntegrityValue);
jwe.setHeader(new JwtHeader(encodedHeader));
EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptedJwe);
setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)));
setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ENCRYPTION_METHOD)));
final KeyEncryptionAlgorithm keyEncryptionAlgorithm = getKeyEncryptionAlgorithm();
Key encriptionKey = null;
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP) {
encriptionKey = privateKey;
} else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
if (sharedSymmetricKey == null) {
throw new InvalidJweException("The shared symmetric key is null");
}
int keyLength = 16;
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
keyLength = 32;
}
if (sharedSymmetricKey.length != keyLength) {
MessageDigest sha = MessageDigest.getInstance("SHA-256");
sharedSymmetricKey = sha.digest(sharedSymmetricKey);
sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, keyLength);
}
encriptionKey = new SecretKeySpec(sharedSymmetricKey, 0, sharedSymmetricKey.length, "AES");
} else {
throw new InvalidJweException("The key encryption algorithm is not supported");
}
JWEDecrypter decrypter = DECRYPTER_FACTORY.createJWEDecrypter(encryptedJwt.getHeader(), encriptionKey);
decrypter.getJCAContext().setProvider(SecurityProviderUtility.getInstance());
encryptedJwt.decrypt(decrypter);
final SignedJWT signedJWT = encryptedJwt.getPayload().toSignedJWT();
if (signedJWT != null) {
final Jwt jwt = Jwt.parse(signedJWT.serialize());
jwe.setSignedJWTPayload(jwt);
jwe.setClaims(jwt.getClaims());
} else {
final String base64encodedPayload = encryptedJwt.getPayload().toString();
validateNestedJwt(base64encodedPayload);
jwe.setClaims(new JwtClaims(base64encodedPayload));
}
return jwe;
} catch (Exception e) {
throw new InvalidJweException(e);
}
}
Also used :
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
JwtClaims(io.jans.as.model.jwt.JwtClaims)
Jwt(io.jans.as.model.jwt.Jwt)
SignedJWT(com.nimbusds.jwt.SignedJWT)
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
InvalidJweException(io.jans.as.model.exception.InvalidJweException)
JWEDecrypter(com.nimbusds.jose.JWEDecrypter)
JwtHeader(io.jans.as.model.jwt.JwtHeader)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)
MessageDigest(java.security.MessageDigest)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
InvalidJweException(io.jans.as.model.exception.InvalidJweException)
Example 5 with JwtClaims
use of io.jans.as.model.jwt.JwtClaims in project jans by JanssenProject.
the class OAuth2Service method getClaims.
private Map<String, Object> getClaims(Jwt jwtObj) {
Map<String, Object> claims = Maps.newHashMap();
if (jwtObj == null) {
return claims;
}
JwtClaims jwtClaims = jwtObj.getClaims();
Set<String> keys = jwtClaims.keys();
keys.forEach(key -> {
if (jwtClaims.getClaim(key) instanceof String)
claims.put(key, jwtClaims.getClaim(key).toString());
if (jwtClaims.getClaim(key) instanceof Integer)
claims.put(key, Integer.valueOf(jwtClaims.getClaim(key).toString()));
if (jwtClaims.getClaim(key) instanceof Long)
claims.put(key, Long.valueOf(jwtClaims.getClaim(key).toString()));
if (jwtClaims.getClaim(key) instanceof Boolean)
claims.put(key, Boolean.valueOf(jwtClaims.getClaim(key).toString()));
else if (jwtClaims.getClaim(key) instanceof JSONArray) {
List<String> sourceArr = jwtClaims.getClaimAsStringList(key);
claims.put(key, sourceArr);
} else if (jwtClaims.getClaim(key) instanceof JSONObject)
claims.put(key, (jwtClaims.getClaim(key)));
});
return claims;
}
Also used :
JSONObject(org.json.JSONObject)
JwtClaims(io.jans.as.model.jwt.JwtClaims)
JSONArray(org.json.JSONArray)
JSONObject(org.json.JSONObject)
List(java.util.List)
Aggregations
JwtClaims (io.jans.as.model.jwt.JwtClaims)16
Test (org.testng.annotations.Test)8
JSONObject (org.json.JSONObject)7
JSONException (org.json.JSONException)5
BaseTest (io.jans.as.server.BaseTest)4
InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)3
Jwt (io.jans.as.model.jwt.Jwt)3
JwtHeader (io.jans.as.model.jwt.JwtHeader)3
Jwe (io.jans.as.model.jwe.Jwe)2
JweEncrypterImpl (io.jans.as.model.jwe.JweEncrypterImpl)2
PublicKey (java.security.PublicKey)2
JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1
JWEDecrypter (com.nimbusds.jose.JWEDecrypter)1
EncryptedJWT (com.nimbusds.jwt.EncryptedJWT)1
SignedJWT (com.nimbusds.jwt.SignedJWT)1
Client (io.jans.as.common.model.registration.Client)1
IntrospectionResponse (io.jans.as.model.common.IntrospectionResponse)1
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)1
KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)1
SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)1
