Examples with SignatureException io.jsonwebtoken.security.SignatureException used on opensource projects

Search in sources :

Example 16 with SignatureException

use of io.jsonwebtoken.security.SignatureException in project athenz by yahoo.

the class ZTSImplTest method testPostAccessTokenRequestECPrivateKey.

@Test
public void testPostAccessTokenRequestECPrivateKey() {
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private_ec.pem");
    CloudStore cloudStore = new CloudStore();
    cloudStore.setHttpClient(null);
    ZTSImpl ztsImpl = new ZTSImpl(cloudStore, store);
    // set back to our zts rsa private key
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    AccessTokenResponse resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech:domain");
    assertNotNull(resp);
    assertEquals("coretech:role.writers", resp.getScope());
    String accessTokenStr = resp.getAccess_token();
    assertNotNull(accessTokenStr);
    Jws<Claims> claims;
    try {
        claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
    } catch (SignatureException e) {
        throw new ResourceException(ResourceException.UNAUTHORIZED);
    }
    assertNotNull(claims);
    assertNotNull(claims.getBody().getId());
    assertEquals("user_domain.user", claims.getBody().getSubject());
    assertEquals("coretech", claims.getBody().getAudience());
    assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
    List<String> scopes = (List<String>) claims.getBody().get("scp");
    assertNotNull(scopes);
    assertEquals(1, scopes.size());
    assertEquals("writers", scopes.get(0));
    assertEquals("writers", claims.getBody().get("scope"));
}
Also used : Claims(io.jsonwebtoken.Claims) SignatureException(io.jsonwebtoken.security.SignatureException) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) CloudStore(com.yahoo.athenz.zts.store.CloudStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 17 with SignatureException

use of io.jsonwebtoken.security.SignatureException in project athenz by yahoo.

the class ZTSImplTest method testPostAccessTokenRequestWithAuthorizationDetails.

@Test
public void testPostAccessTokenRequestWithAuthorizationDetails() {
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_at_private.pem");
    CloudStore cloudStore = new CloudStore();
    cloudStore.setHttpClient(null);
    ZTSImpl ztsImpl = new ZTSImpl(cloudStore, store);
    // set back to our zts rsa private key
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    final String authzDetails = "[{\"type\":\"message_access\",\"location\":[\"https://location1\"," + "\"https://location2\"],\"identifier\":\"id1\"}]";
    AccessTokenResponse resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech:role.writers&authorization_details=" + authzDetails);
    assertNotNull(resp);
    assertNull(resp.getScope());
    final String accessTokenStr = resp.getAccess_token();
    Jws<Claims> claims;
    try {
        claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
    } catch (SignatureException e) {
        throw new ResourceException(ResourceException.UNAUTHORIZED);
    }
    assertNotNull(claims);
    assertEquals("coretech", claims.getBody().getAudience());
    assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
    List<String> scopes = (List<String>) claims.getBody().get("scp");
    assertNotNull(scopes);
    assertEquals(1, scopes.size());
    assertEquals("writers", scopes.get(0));
    assertEquals(authzDetails, claims.getBody().get("authorization_details"));
}
Also used : Claims(io.jsonwebtoken.Claims) SignatureException(io.jsonwebtoken.security.SignatureException) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) CloudStore(com.yahoo.athenz.zts.store.CloudStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 18 with SignatureException

use of io.jsonwebtoken.security.SignatureException in project athenz by yahoo.

the class ZTSImplTest method testPostAccessTokenRequestWithSystemAuthorizationDetails.

@Test
public void testPostAccessTokenRequestWithSystemAuthorizationDetails() {
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_at_private.pem");
    System.setProperty(ZTSConsts.ZTS_PROP_SYSTEM_AUTHZ_DETAILS_PATH, "src/test/resources/system_single_authz_details.json");
    CloudStore cloudStore = new CloudStore();
    cloudStore.setHttpClient(null);
    ZTSImpl ztsImpl = new ZTSImpl(cloudStore, store);
    // set back to our zts rsa private key and clear authz details path
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
    System.clearProperty(ZTSConsts.ZTS_PROP_SYSTEM_AUTHZ_DETAILS_PATH);
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    // first role based match
    String authzDetails = "[{\"type\":\"message_access\",\"location\":[\"https://location1\"," + "\"https://location2\"],\"identifier\":\"id1\"}]";
    AccessTokenResponse resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech:role.writers&authorization_details=" + authzDetails);
    assertNotNull(resp);
    assertNull(resp.getScope());
    String accessTokenStr = resp.getAccess_token();
    Jws<Claims> claims;
    try {
        claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
    } catch (SignatureException e) {
        throw new ResourceException(ResourceException.UNAUTHORIZED);
    }
    assertNotNull(claims);
    assertEquals("coretech", claims.getBody().getAudience());
    assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
    List<String> scopes = (List<String>) claims.getBody().get("scp");
    assertNotNull(scopes);
    assertEquals(1, scopes.size());
    assertEquals("writers", scopes.get(0));
    assertEquals(authzDetails, claims.getBody().get("authorization_details"));
    // next system based match
    authzDetails = "[{\"type\":\"proxy_access\",\"principal\":[\"spiffe://athenz/sa/api\"]}]";
    resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech:role.writers&authorization_details=" + authzDetails);
    assertNotNull(resp);
    assertNull(resp.getScope());
    accessTokenStr = resp.getAccess_token();
    try {
        claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
    } catch (SignatureException e) {
        throw new ResourceException(ResourceException.UNAUTHORIZED);
    }
    assertNotNull(claims);
    assertEquals("coretech", claims.getBody().getAudience());
    assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
    assertEquals(authzDetails, claims.getBody().get("authorization_details"));
    // now match both - role and system based authz details
    authzDetails = "[{\"type\":\"message_access\",\"location\":[\"https://location1\"," + "\"https://location2\"],\"identifier\":\"id1\"}," + "{\"type\":\"proxy_access\",\"principal\":[\"spiffe://athenz.proxy/sa/api\"]}]";
    resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech:role.writers&authorization_details=" + authzDetails);
    assertNotNull(resp);
    assertNull(resp.getScope());
    accessTokenStr = resp.getAccess_token();
    try {
        claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
    } catch (SignatureException e) {
        throw new ResourceException(ResourceException.UNAUTHORIZED);
    }
    assertNotNull(claims);
    assertEquals("coretech", claims.getBody().getAudience());
    assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
    assertEquals(authzDetails, claims.getBody().get("authorization_details"));
}
Also used : Claims(io.jsonwebtoken.Claims) SignatureException(io.jsonwebtoken.security.SignatureException) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) CloudStore(com.yahoo.athenz.zts.store.CloudStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 19 with SignatureException

use of io.jsonwebtoken.security.SignatureException in project athenz by yahoo.

the class ZTSImplTest method testGetOIDCResponseNoRulesGroups.

@Test
public void testGetOIDCResponseNoRulesGroups() {
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_at_private.pem");
    CloudStore cloudStore = new CloudStore();
    cloudStore.setHttpClient(null);
    ZTSImpl ztsImpl = new ZTSImpl(cloudStore, store);
    // set back to our zts rsa private key
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    SignedDomain signedDomain = createSignedDomain("coretech", "sports", "api", true);
    store.processSignedDomain(signedDomain, false);
    Response response = ztsImpl.getOIDCResponse(context, "id_token", "coretech.api", "https://localhost:4443/zts", "openid", null, "nonce", "RSA");
    assertEquals(response.getStatus(), ResourceException.FOUND);
    String location = response.getHeaderString("Location");
    int idx = location.indexOf("#id_token=");
    String idToken = location.substring(idx + 10);
    Jws<Claims> claims;
    try {
        claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(idToken);
    } catch (SignatureException e) {
        throw new ResourceException(ResourceException.UNAUTHORIZED);
    }
    assertNotNull(claims);
    assertEquals("user_domain.user", claims.getBody().getSubject());
    assertEquals("coretech.api", claims.getBody().getAudience());
    assertEquals(ztsImpl.ztsOpenIDIssuer, claims.getBody().getIssuer());
    List<String> groups = (List<String>) claims.getBody().get("groups");
    assertNull(groups);
}
Also used : Claims(io.jsonwebtoken.Claims) SignatureException(io.jsonwebtoken.security.SignatureException) Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) CloudStore(com.yahoo.athenz.zts.store.CloudStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 20 with SignatureException

use of io.jsonwebtoken.security.SignatureException in project athenz by yahoo.

the class ZTSImplTest method testPostAccessTokenRequestProxyUser.

@Test
public void testPostAccessTokenRequestProxyUser() {
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_at_private.pem");
    CloudStore cloudStore = new CloudStore();
    cloudStore.setHttpClient(null);
    ZTSImpl ztsImpl = new ZTSImpl(cloudStore, store);
    // set back to our zts rsa private key
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
    List<RoleMember> writers = new ArrayList<>();
    writers.add(new RoleMember().setMemberName("user_domain.proxy-user1"));
    writers.add(new RoleMember().setMemberName("user_domain.joe"));
    List<RoleMember> readers = new ArrayList<>();
    readers.add(new RoleMember().setMemberName("user_domain.proxy-user2"));
    readers.add(new RoleMember().setMemberName("user_domain.jane"));
    SignedDomain signedDomain = createSignedDomain("coretech-proxy2", "weather-proxy2", "storage", writers, readers, true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "proxy-user1", "v=U1;d=user_domain;n=proxy-user1;s=sig", 0, null);
    ResourceContext context = createResourceContext(principal);
    AccessTokenResponse resp = ztsImpl.postAccessTokenRequest(context, "grant_type=client_credentials&scope=coretech-proxy2:domain&proxy_for_principal=user_domain.joe");
    assertNotNull(resp);
    assertEquals("coretech-proxy2:role.writers", resp.getScope());
    String accessTokenStr = resp.getAccess_token();
    assertNotNull(accessTokenStr);
    Jws<Claims> claims;
    try {
        claims = Jwts.parserBuilder().setSigningKey(Crypto.extractPublicKey(ztsImpl.privateKey.getKey())).build().parseClaimsJws(accessTokenStr);
    } catch (SignatureException e) {
        throw new ResourceException(ResourceException.UNAUTHORIZED);
    }
    assertNotNull(claims);
    assertEquals("user_domain.joe", claims.getBody().getSubject());
    assertEquals("user_domain.proxy-user1", claims.getBody().get("proxy"));
    assertEquals("coretech-proxy2", claims.getBody().getAudience());
    assertEquals(ztsImpl.ztsOAuthIssuer, claims.getBody().getIssuer());
    List<String> scopes = (List<String>) claims.getBody().get("scp");
    assertNotNull(scopes);
    assertEquals(1, scopes.size());
    assertEquals("writers", scopes.get(0));
}
Also used : Claims(io.jsonwebtoken.Claims) SignatureException(io.jsonwebtoken.security.SignatureException) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) CloudStore(com.yahoo.athenz.zts.store.CloudStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Aggregations

SignatureException (io.jsonwebtoken.security.SignatureException)20 Claims (io.jsonwebtoken.Claims)17 CloudStore (com.yahoo.athenz.zts.store.CloudStore)15 MockCloudStore (com.yahoo.athenz.zts.store.MockCloudStore)15 Principal (com.yahoo.athenz.auth.Principal)14 Test (org.testng.annotations.Test)14 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Response (javax.ws.rs.core.Response)3 JWSObject (com.nimbusds.jose.JWSObject)2 AthenzObject (com.yahoo.athenz.zts.ZTSImpl.AthenzObject)2 ExpiredJwtException (io.jsonwebtoken.ExpiredJwtException)2 UnsupportedJwtException (io.jsonwebtoken.UnsupportedJwtException)2 Path (java.nio.file.Path)2 InvalidKeyException (java.security.InvalidKeyException)2 PublicKey (java.security.PublicKey)2 Signature (java.security.Signature)2 X509Certificate (java.security.cert.X509Certificate)2 ECPublicKey (java.security.interfaces.ECPublicKey)2 RSAPublicKey (java.security.interfaces.RSAPublicKey)2 Map (java.util.Map)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial