Examples with SigningKeyResolver io.jsonwebtoken.SigningKeyResolver used on opensource projects

Search in sources :

Example 1 with SigningKeyResolver

use of io.jsonwebtoken.SigningKeyResolver in project airlift by airlift.

the class TestJwksDecoder method assertJwtEc.

private static void assertJwtEc(String keyName, SignatureAlgorithm signatureAlgorithm, ECParameterSpec expectedSpec) throws Exception {
    String jwksJson = Resources.toString(Resources.getResource("jwks/jwks-public.json"), UTF_8);
    Map<String, PublicKey> keys = decodeKeys(jwksJson);
    ECPublicKey publicKey = (ECPublicKey) keys.get(keyName);
    assertNotNull(publicKey);
    assertSame(publicKey.getParams(), expectedSpec);
    ECPublicKey expectedPublicKey = (ECPublicKey) PemReader.loadPublicKey(new File(Resources.getResource("jwks/" + keyName + "-public.pem").getPath()));
    assertEquals(publicKey.getW(), expectedPublicKey.getW());
    assertEquals(publicKey.getParams().getCurve(), expectedPublicKey.getParams().getCurve());
    assertEquals(publicKey.getParams().getGenerator(), expectedPublicKey.getParams().getGenerator());
    assertEquals(publicKey.getParams().getOrder(), expectedPublicKey.getParams().getOrder());
    assertEquals(publicKey.getParams().getCofactor(), expectedPublicKey.getParams().getCofactor());
    PrivateKey privateKey = PemReader.loadPrivateKey(new File(Resources.getResource("jwks/" + keyName + "-private.pem").getPath()), Optional.empty());
    String jwt = Jwts.builder().signWith(privateKey, signatureAlgorithm).setHeaderParam(JwsHeader.KEY_ID, keyName).setSubject("test-user").setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant())).compact();
    Jws<Claims> claimsJws = Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolver() {

        @Override
        public Key resolveSigningKey(JwsHeader header, Claims claims) {
            return getKey(header);
        }

        @Override
        public Key resolveSigningKey(JwsHeader header, String plaintext) {
            return getKey(header);
        }

        private Key getKey(JwsHeader<?> header) {
            String keyId = header.getKeyId();
            assertEquals(keyId, keyName);
            return publicKey;
        }
    }).build().parseClaimsJws(jwt);
    assertEquals(claimsJws.getBody().getSubject(), "test-user");
}
Also used : SigningKeyResolver(io.jsonwebtoken.SigningKeyResolver) PrivateKey(java.security.PrivateKey) Claims(io.jsonwebtoken.Claims) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) JwsHeader(io.jsonwebtoken.JwsHeader) ECPublicKey(java.security.interfaces.ECPublicKey) File(java.io.File) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) ECPublicKey(java.security.interfaces.ECPublicKey)

Example 2 with SigningKeyResolver

use of io.jsonwebtoken.SigningKeyResolver in project airlift by airlift.

the class TestJwksDecoder method testJwtRsa.

@Test
public void testJwtRsa() throws Exception {
    String jwksJson = Resources.toString(Resources.getResource("jwks/jwks-public.json"), UTF_8);
    Map<String, PublicKey> keys = decodeKeys(jwksJson);
    RSAPublicKey publicKey = (RSAPublicKey) keys.get("test-rsa");
    assertNotNull(publicKey);
    RSAPublicKey expectedPublicKey = (RSAPublicKey) PemReader.loadPublicKey(new File(Resources.getResource("jwks/jwk-rsa-public.pem").getPath()));
    assertEquals(publicKey.getPublicExponent(), expectedPublicKey.getPublicExponent());
    assertEquals(publicKey.getModulus(), expectedPublicKey.getModulus());
    PrivateKey privateKey = PemReader.loadPrivateKey(new File(Resources.getResource("jwks/jwk-rsa-private.pem").getPath()), Optional.empty());
    String jwt = Jwts.builder().signWith(privateKey, SignatureAlgorithm.RS256).setHeaderParam(JwsHeader.KEY_ID, "test-rsa").setSubject("test-user").setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant())).compact();
    Jws<Claims> claimsJws = Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolver() {

        @Override
        public Key resolveSigningKey(JwsHeader header, Claims claims) {
            return getKey(header);
        }

        @Override
        public Key resolveSigningKey(JwsHeader header, String plaintext) {
            return getKey(header);
        }

        private Key getKey(JwsHeader<?> header) {
            String keyId = header.getKeyId();
            assertEquals(keyId, "test-rsa");
            return publicKey;
        }
    }).build().parseClaimsJws(jwt);
    assertEquals(claimsJws.getBody().getSubject(), "test-user");
}
Also used : SigningKeyResolver(io.jsonwebtoken.SigningKeyResolver) PrivateKey(java.security.PrivateKey) Claims(io.jsonwebtoken.Claims) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) JwsHeader(io.jsonwebtoken.JwsHeader) RSAPublicKey(java.security.interfaces.RSAPublicKey) File(java.io.File) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) ECPublicKey(java.security.interfaces.ECPublicKey) Test(org.testng.annotations.Test)

Example 3 with SigningKeyResolver

use of io.jsonwebtoken.SigningKeyResolver in project athenz by yahoo.

the class KeyStoreJwkKeyResolverTest method testResolveSigningKey.

@Test
public void testResolveSigningKey() throws Exception {
    // mocks
    KeyStore keyStoreMock = Mockito.spy(baseKeyStore);
    SigningKeyResolver jwksResolverMock = Mockito.spy(basejwksResolver);
    // instance
    KeyStoreJwkKeyResolver resolver = new KeyStoreJwkKeyResolver(null, "file:///", null);
    Field keyStoreField = resolver.getClass().getDeclaredField("keyStore");
    keyStoreField.setAccessible(true);
    Field providerField = resolver.getClass().getDeclaredField("jwksResolver");
    providerField.setAccessible(true);
    providerField.set(resolver, jwksResolverMock);
    // args
    DefaultJwsHeader jwsHeader = new DefaultJwsHeader();
    DefaultClaims claims = new DefaultClaims();
    // 1. null key store, find in JWKS
    PublicKey pk11 = Mockito.spy(basePublicKey);
    Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk11);
    jwsHeader.setKeyId("11");
    claims.setIssuer(null);
    assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk11);
    // set key store mock
    keyStoreField.set(resolver, keyStoreMock);
    // 2. invalid issuer, find in JWKS
    PublicKey pk21 = Mockito.spy(basePublicKey);
    Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk21);
    jwsHeader.setKeyId("21");
    claims.setIssuer(null);
    assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk21);
    PublicKey pk22 = Mockito.spy(basePublicKey);
    Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk22);
    jwsHeader.setKeyId("22");
    claims.setIssuer("");
    assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk22);
    PublicKey pk23 = Mockito.spy(basePublicKey);
    Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk23);
    jwsHeader.setKeyId("23");
    claims.setIssuer("domain23-----service23");
    assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk23);
    // 2. invalid domain, find in JWKS
    PublicKey pk24 = Mockito.spy(basePublicKey);
    Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk24);
    jwsHeader.setKeyId("24");
    claims.setIssuer("domain24.service24");
    assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk24);
    // 3. found in key store, skip JWKS
    PublicKey pk31 = null;
    try (PemReader reader = new PemReader(new FileReader(this.classLoader.getResource("jwt_public.key").getFile()))) {
        pk31 = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(reader.readPemObject().getContent()));
    }
    Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk31);
    Mockito.when(keyStoreMock.getPublicKey("sys.auth", "service31", "31")).thenReturn("-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy3c3TEePZZPaxqNU2xV4\nortsXrw1EXTNQj2QUgL8UOPaQS0lbHJtD1cbcCFnzfXRXTOGqh8l+XWTRIOlt4yU\n+mEhgR0/JKILTPwmS0fj3D1PT6IjZShuNyd4USVdcjfCRBRb9ExIptJyeTTUu0Uu\njWNEcGOWAkUZcsonmiEz7bIMVkGy5uYnWGbsKP51Zf/PFMb96RcHeE0ZUitIB4YK\n1bgHLyAEBJIka5mRC/jWq/mlq3jiP5RaVWbzQiJbrjuYWd1Vps/xnrABx6/4Ft/M\n0AnSQN0SYjc/nWT1yGPpCwtWmWUU5NNHd+w6TdgOjdu00wownwblovtEYED+rncb\n913qfBM98kNHyj357BSzlvhiwEH5Ayo9DTnx1j9HuJGZXzymVypuQXLu/tkHMEt+\nc4kytKJNi6MLiauy9xtXGLXgOvZUM8V0Z27Z6CTfCzWZ0nwnEWDdH+NJyusL6pJg\nEGUBh6E9fdJInV7YOCF+P9/19imPHrZ0blTXK1TDfKS/pCLOXO/OmmH+p+UxQ77O\npeP5wlt5Jem0ErSisl/Qxhh1OtJcLwFdA7uC7rOTMrSEGLO++5+CatsXj7BEK2l+\n3As8fJEkoWXd1+4KOUMfV/fnT/z6U8+bcsYn0nvWPl8XuMbwNWjqHYgqhl1RLA7M\n17HCydWCF50HI2XojtGgRN0CAwEAAQ==\n-----END PUBLIC KEY-----\n");
    jwsHeader.setKeyId("31");
    claims.setIssuer("sys.auth.service31");
    assertEquals(resolver.resolveSigningKey(jwsHeader, claims), pk31);
    // 3. NOT found in key store, find in JWKS
    PublicKey pk32 = Mockito.spy(basePublicKey);
    Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk32);
    Mockito.when(keyStoreMock.getPublicKey("sys.auth", "service32", "32")).thenReturn(null);
    jwsHeader.setKeyId("32");
    claims.setIssuer("sys.auth.service32");
    assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk32);
    // 3. found in key store but public key invalid, find in JWKS
    PublicKey pk33 = Mockito.spy(basePublicKey);
    Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk33);
    Mockito.when(keyStoreMock.getPublicKey("sys.auth", "service33", "33")).thenReturn("");
    jwsHeader.setKeyId("33");
    claims.setIssuer("sys.auth.service33");
    assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk33);
    PublicKey pk34 = Mockito.spy(basePublicKey);
    Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk34);
    Mockito.when(keyStoreMock.getPublicKey("sys.auth", "service34", "34")).thenReturn("-----BEGIN PUBLIC KEY-----\ninvalid\n-----END PUBLIC KEY-----\n");
    jwsHeader.setKeyId("34");
    claims.setIssuer("sys.auth.service34");
    assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk34);
    // 4. both NOT found
    jwsHeader.setKeyId("41");
    claims.setIssuer("sys.auth.service41");
    Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(null);
    Mockito.when(keyStoreMock.getPublicKey("sys.auth", "service41", "41")).thenReturn(null);
    assertNull(resolver.resolveSigningKey(jwsHeader, claims));
    // 5. skip, empty key ID
    jwsHeader.setKeyId(null);
    claims.setIssuer(null);
    assertNull(resolver.resolveSigningKey(jwsHeader, claims));
    jwsHeader.setKeyId("");
    claims.setIssuer(null);
    assertNull(resolver.resolveSigningKey(jwsHeader, claims));
}
Also used : Field(java.lang.reflect.Field) PemReader(org.bouncycastle.util.io.pem.PemReader) SigningKeyResolver(io.jsonwebtoken.SigningKeyResolver) DefaultJwsHeader(io.jsonwebtoken.impl.DefaultJwsHeader) PublicKey(java.security.PublicKey) FileReader(java.io.FileReader) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) DefaultClaims(io.jsonwebtoken.impl.DefaultClaims) KeyStore(com.yahoo.athenz.auth.KeyStore) Test(org.testng.annotations.Test)

Aggregations

SigningKeyResolver (io.jsonwebtoken.SigningKeyResolver)3 PublicKey (java.security.PublicKey)3 Claims (io.jsonwebtoken.Claims)2 JwsHeader (io.jsonwebtoken.JwsHeader)2 File (java.io.File)2 Key (java.security.Key)2 PrivateKey (java.security.PrivateKey)2 ECPublicKey (java.security.interfaces.ECPublicKey)2 RSAPublicKey (java.security.interfaces.RSAPublicKey)2 Test (org.testng.annotations.Test)2 KeyStore (com.yahoo.athenz.auth.KeyStore)1 DefaultClaims (io.jsonwebtoken.impl.DefaultClaims)1 DefaultJwsHeader (io.jsonwebtoken.impl.DefaultJwsHeader)1 FileReader (java.io.FileReader)1 Field (java.lang.reflect.Field)1 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)1 PemReader (org.bouncycastle.util.io.pem.PemReader)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial