Search in sources :

Example 1 with JwtClaims

use of io.jans.as.model.jwt.JwtClaims in project jans by JanssenProject.

the class JwtAuthorizationRequest method getEncodedJwt.

public String getEncodedJwt(JSONObject jwks) throws Exception {
    String encodedJwt = null;
    if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
        JweEncrypterImpl jweEncrypter;
        if (cryptoProvider != null && jwks != null) {
            PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jwks, null);
            jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
        } else {
            jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedKey.getBytes(StandardCharsets.UTF_8));
        }
        String header = ClientUtil.toPrettyJson(headerToJSONObject());
        String encodedHeader = base64urlencode(header);
        Jwe jwe = new Jwe();
        jwe.setHeader(new JwtHeader(encodedHeader));
        if (nestedPayload == null) {
            String claims = ClientUtil.toPrettyJson(payloadToJSONObject());
            String encodedClaims = base64urlencode(claims);
            jwe.setClaims(new JwtClaims(encodedClaims));
        } else {
            jwe.setSignedJWTPayload(nestedPayload);
        }
        jweEncrypter.encrypt(jwe);
        encodedJwt = jwe.toString();
    } else {
        if (cryptoProvider == null) {
            throw new Exception("The Crypto Provider cannot be null.");
        }
        JSONObject headerJsonObject = headerToJSONObject();
        JSONObject payloadJsonObject = payloadToJSONObject();
        String headerString = ClientUtil.toPrettyJson(headerJsonObject);
        String payloadString = ClientUtil.toPrettyJson(payloadJsonObject);
        String encodedHeader = base64urlencode(headerString);
        String encodedPayload = base64urlencode(payloadString);
        String signingInput = encodedHeader + "." + encodedPayload;
        String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
        encodedJwt = encodedHeader + "." + encodedPayload + "." + encodedSignature;
    }
    return encodedJwt;
}
Also used : JwtHeader(io.jans.as.model.jwt.JwtHeader) JSONObject(org.json.JSONObject) JwtClaims(io.jans.as.model.jwt.JwtClaims) PublicKey(java.security.PublicKey) Jwe(io.jans.as.model.jwe.Jwe) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl) JSONException(org.json.JSONException) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 2 with JwtClaims

use of io.jans.as.model.jwt.JwtClaims in project jans by JanssenProject.

the class JwtState method getEncodedJwt.

public String getEncodedJwt(JSONObject jwks) throws Exception {
    String encodedJwt = null;
    if (keyEncryptionAlgorithm != null && blockEncryptionAlgorithm != null) {
        JweEncrypterImpl jweEncrypter;
        if (cryptoProvider != null && jwks != null) {
            PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jwks, null);
            jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
        } else {
            jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedKey.getBytes(StandardCharsets.UTF_8));
        }
        String header = ClientUtil.toPrettyJson(headerToJSONObject());
        String encodedHeader = Base64Util.base64urlencode(header.getBytes(StandardCharsets.UTF_8));
        String claims = ClientUtil.toPrettyJson(payloadToJSONObject());
        String encodedClaims = Base64Util.base64urlencode(claims.getBytes(StandardCharsets.UTF_8));
        Jwe jwe = new Jwe();
        jwe.setHeader(new JwtHeader(encodedHeader));
        jwe.setClaims(new JwtClaims(encodedClaims));
        jweEncrypter.encrypt(jwe);
        encodedJwt = jwe.toString();
    } else {
        JSONObject headerJsonObject = headerToJSONObject();
        JSONObject payloadJsonObject = payloadToJSONObject();
        String headerString = ClientUtil.toPrettyJson(headerJsonObject);
        String payloadString = ClientUtil.toPrettyJson(payloadJsonObject);
        String encodedHeader = Base64Util.base64urlencode(headerString.getBytes(StandardCharsets.UTF_8));
        String encodedPayload = Base64Util.base64urlencode(payloadString.getBytes(StandardCharsets.UTF_8));
        String signingInput = encodedHeader + "." + encodedPayload;
        String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
        encodedJwt = encodedHeader + "." + encodedPayload + "." + encodedSignature;
    }
    return encodedJwt;
}
Also used : JwtHeader(io.jans.as.model.jwt.JwtHeader) JSONObject(org.json.JSONObject) JwtClaims(io.jans.as.model.jwt.JwtClaims) PublicKey(java.security.PublicKey) Jwe(io.jans.as.model.jwe.Jwe) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl)

Example 3 with JwtClaims

use of io.jans.as.model.jwt.JwtClaims in project jans by JanssenProject.

the class AudienceTest method addAudience_callItTwiceWithDifferentValues_shouldResultInSingleAudValue.

@Test
public void addAudience_callItTwiceWithDifferentValues_shouldResultInSingleAudValue() {
    JwtClaims claims = new JwtClaims();
    claims.addAudience("aud1");
    claims.addAudience("aud2");
    assertEquals(claims.getClaim("aud"), Lists.newArrayList("aud1", "aud2"));
}
Also used : JwtClaims(io.jans.as.model.jwt.JwtClaims) Test(org.testng.annotations.Test)

Example 4 with JwtClaims

use of io.jans.as.model.jwt.JwtClaims in project jans by JanssenProject.

the class JweDecrypterImpl method decrypt.

@Override
public Jwe decrypt(String encryptedJwe) throws InvalidJweException {
    try {
        String[] jweParts = encryptedJwe.split("\\.");
        if (jweParts.length != 5) {
            throw new InvalidJwtException("Invalid JWS format.");
        }
        String encodedHeader = jweParts[0];
        String encodedEncryptedKey = jweParts[1];
        String encodedInitializationVector = jweParts[2];
        String encodedCipherText = jweParts[3];
        String encodedIntegrityValue = jweParts[4];
        Jwe jwe = new Jwe();
        jwe.setEncodedHeader(encodedHeader);
        jwe.setEncodedEncryptedKey(encodedEncryptedKey);
        jwe.setEncodedInitializationVector(encodedInitializationVector);
        jwe.setEncodedCiphertext(encodedCipherText);
        jwe.setEncodedIntegrityValue(encodedIntegrityValue);
        jwe.setHeader(new JwtHeader(encodedHeader));
        EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptedJwe);
        setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)));
        setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ENCRYPTION_METHOD)));
        final KeyEncryptionAlgorithm keyEncryptionAlgorithm = getKeyEncryptionAlgorithm();
        Key encriptionKey = null;
        if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP) {
            encriptionKey = privateKey;
        } else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
            if (sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            int keyLength = 16;
            if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
                keyLength = 32;
            }
            if (sharedSymmetricKey.length != keyLength) {
                MessageDigest sha = MessageDigest.getInstance("SHA-256");
                sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, keyLength);
            }
            encriptionKey = new SecretKeySpec(sharedSymmetricKey, 0, sharedSymmetricKey.length, "AES");
        } else {
            throw new InvalidJweException("The key encryption algorithm is not supported");
        }
        JWEDecrypter decrypter = DECRYPTER_FACTORY.createJWEDecrypter(encryptedJwt.getHeader(), encriptionKey);
        decrypter.getJCAContext().setProvider(SecurityProviderUtility.getInstance());
        encryptedJwt.decrypt(decrypter);
        final SignedJWT signedJWT = encryptedJwt.getPayload().toSignedJWT();
        if (signedJWT != null) {
            final Jwt jwt = Jwt.parse(signedJWT.serialize());
            jwe.setSignedJWTPayload(jwt);
            jwe.setClaims(jwt.getClaims());
        } else {
            final String base64encodedPayload = encryptedJwt.getPayload().toString();
            validateNestedJwt(base64encodedPayload);
            jwe.setClaims(new JwtClaims(base64encodedPayload));
        }
        return jwe;
    } catch (Exception e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) JwtClaims(io.jans.as.model.jwt.JwtClaims) Jwt(io.jans.as.model.jwt.Jwt) SignedJWT(com.nimbusds.jwt.SignedJWT) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) InvalidJweException(io.jans.as.model.exception.InvalidJweException) JWEDecrypter(com.nimbusds.jose.JWEDecrypter) JwtHeader(io.jans.as.model.jwt.JwtHeader) SecretKeySpec(javax.crypto.spec.SecretKeySpec) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) MessageDigest(java.security.MessageDigest) EncryptedJWT(com.nimbusds.jwt.EncryptedJWT) Key(java.security.Key) PrivateKey(java.security.PrivateKey) InvalidJweException(io.jans.as.model.exception.InvalidJweException)

Example 5 with JwtClaims

use of io.jans.as.model.jwt.JwtClaims in project jans by JanssenProject.

the class OAuth2Service method getClaims.

private Map<String, Object> getClaims(Jwt jwtObj) {
    Map<String, Object> claims = Maps.newHashMap();
    if (jwtObj == null) {
        return claims;
    }
    JwtClaims jwtClaims = jwtObj.getClaims();
    Set<String> keys = jwtClaims.keys();
    keys.forEach(key -> {
        if (jwtClaims.getClaim(key) instanceof String)
            claims.put(key, jwtClaims.getClaim(key).toString());
        if (jwtClaims.getClaim(key) instanceof Integer)
            claims.put(key, Integer.valueOf(jwtClaims.getClaim(key).toString()));
        if (jwtClaims.getClaim(key) instanceof Long)
            claims.put(key, Long.valueOf(jwtClaims.getClaim(key).toString()));
        if (jwtClaims.getClaim(key) instanceof Boolean)
            claims.put(key, Boolean.valueOf(jwtClaims.getClaim(key).toString()));
        else if (jwtClaims.getClaim(key) instanceof JSONArray) {
            List<String> sourceArr = jwtClaims.getClaimAsStringList(key);
            claims.put(key, sourceArr);
        } else if (jwtClaims.getClaim(key) instanceof JSONObject)
            claims.put(key, (jwtClaims.getClaim(key)));
    });
    return claims;
}
Also used : JSONObject(org.json.JSONObject) JwtClaims(io.jans.as.model.jwt.JwtClaims) JSONArray(org.json.JSONArray) JSONObject(org.json.JSONObject) List(java.util.List)

Aggregations

JwtClaims (io.jans.as.model.jwt.JwtClaims)16 Test (org.testng.annotations.Test)8 JSONObject (org.json.JSONObject)7 JSONException (org.json.JSONException)5 BaseTest (io.jans.as.server.BaseTest)4 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)3 Jwt (io.jans.as.model.jwt.Jwt)3 JwtHeader (io.jans.as.model.jwt.JwtHeader)3 Jwe (io.jans.as.model.jwe.Jwe)2 JweEncrypterImpl (io.jans.as.model.jwe.JweEncrypterImpl)2 PublicKey (java.security.PublicKey)2 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 JWEDecrypter (com.nimbusds.jose.JWEDecrypter)1 EncryptedJWT (com.nimbusds.jwt.EncryptedJWT)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 Client (io.jans.as.common.model.registration.Client)1 IntrospectionResponse (io.jans.as.model.common.IntrospectionResponse)1 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)1 KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)1 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)1