Search in sources :

Example 46 with Decoder

use of java.util.Base64.Decoder in project spring-security by spring-projects.

the class NimbusReactiveJwtDecoderTests method withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType.

// gh-8730
@Test
public void withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
    WebClient webClient = mockJwkSetResponse(this.jwkSet);
    // @formatter:off
    NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withJwkSetUri(this.jwkSetUri).webClient(webClient).jwtProcessorCustomizer((p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))).build();
    assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.messageReadToken).block()).havingRootCause().withMessage("Required JOSE header typ (type) parameter is missing");
// @formatter:on
}
Also used : BeforeEach(org.junit.jupiter.api.BeforeEach) JWKSecurityContext(com.nimbusds.jose.proc.JWKSecurityContext) EncodedKeySpec(java.security.spec.EncodedKeySpec) Date(java.util.Date) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) WebClient(org.springframework.web.reactive.function.client.WebClient) JWKSet(com.nimbusds.jose.jwk.JWKSet) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) RSAPublicKey(java.security.interfaces.RSAPublicKey) BeforeAll(org.junit.jupiter.api.BeforeAll) BDDMockito.given(org.mockito.BDDMockito.given) Map(java.util.Map) MockWebServer(okhttp3.mockwebserver.MockWebServer) ParseException(java.text.ParseException) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) Instant(java.time.Instant) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) JWSHeader(com.nimbusds.jose.JWSHeader) SignedJWT(com.nimbusds.jwt.SignedJWT) KeyFactory(java.security.KeyFactory) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector) JWSSigner(com.nimbusds.jose.JWSSigner) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) JOSEObjectType(com.nimbusds.jose.JOSEObjectType) SecretKey(javax.crypto.SecretKey) MockResponse(okhttp3.mockwebserver.MockResponse) OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) JWSKeySelector(com.nimbusds.jose.proc.JWSKeySelector) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) Mockito.spy(org.mockito.Mockito.spy) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) MACSigner(com.nimbusds.jose.crypto.MACSigner) Converter(org.springframework.core.convert.converter.Converter) Assertions.assertThatIllegalStateException(org.assertj.core.api.Assertions.assertThatIllegalStateException) ConfigurableJWTProcessor(com.nimbusds.jwt.proc.ConfigurableJWTProcessor) TestKeys(org.springframework.security.oauth2.jose.TestKeys) Mono(reactor.core.publisher.Mono) UnknownHostException(java.net.UnknownHostException) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) Flux(reactor.core.publisher.Flux) AfterEach(org.junit.jupiter.api.AfterEach) DefaultJOSEObjectTypeVerifier(com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier) SignatureAlgorithm(org.springframework.security.oauth2.jose.jws.SignatureAlgorithm) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) Collections(java.util.Collections) JOSEObjectType(com.nimbusds.jose.JOSEObjectType) WebClient(org.springframework.web.reactive.function.client.WebClient) Test(org.junit.jupiter.api.Test)

Example 47 with Decoder

use of java.util.Base64.Decoder in project spring-security by spring-projects.

the class NimbusReactiveJwtDecoderTests method withSecretKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType.

// gh-8730
@Test
public void withSecretKeyWhenUsingCustomTypeHeaderThenRefuseOmittedType() {
    SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
    // @formatter:off
    NimbusReactiveJwtDecoder decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).jwtProcessorCustomizer((p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))).build();
    assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> decoder.decode(this.messageReadToken).block()).havingRootCause().withMessage("Required JOSE header typ (type) parameter is missing");
// @formatter:on
}
Also used : BeforeEach(org.junit.jupiter.api.BeforeEach) JWKSecurityContext(com.nimbusds.jose.proc.JWKSecurityContext) EncodedKeySpec(java.security.spec.EncodedKeySpec) Date(java.util.Date) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) WebClient(org.springframework.web.reactive.function.client.WebClient) JWKSet(com.nimbusds.jose.jwk.JWKSet) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) MacAlgorithm(org.springframework.security.oauth2.jose.jws.MacAlgorithm) RSAPublicKey(java.security.interfaces.RSAPublicKey) BeforeAll(org.junit.jupiter.api.BeforeAll) BDDMockito.given(org.mockito.BDDMockito.given) Map(java.util.Map) MockWebServer(okhttp3.mockwebserver.MockWebServer) ParseException(java.text.ParseException) JWKSource(com.nimbusds.jose.jwk.source.JWKSource) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) Instant(java.time.Instant) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) JWSHeader(com.nimbusds.jose.JWSHeader) SignedJWT(com.nimbusds.jwt.SignedJWT) KeyFactory(java.security.KeyFactory) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector) JWSSigner(com.nimbusds.jose.JWSSigner) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) JOSEObjectType(com.nimbusds.jose.JOSEObjectType) SecretKey(javax.crypto.SecretKey) MockResponse(okhttp3.mockwebserver.MockResponse) OAuth2TokenValidatorResult(org.springframework.security.oauth2.core.OAuth2TokenValidatorResult) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) JWSKeySelector(com.nimbusds.jose.proc.JWSKeySelector) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) Mockito.spy(org.mockito.Mockito.spy) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) MACSigner(com.nimbusds.jose.crypto.MACSigner) Converter(org.springframework.core.convert.converter.Converter) Assertions.assertThatIllegalStateException(org.assertj.core.api.Assertions.assertThatIllegalStateException) ConfigurableJWTProcessor(com.nimbusds.jwt.proc.ConfigurableJWTProcessor) TestKeys(org.springframework.security.oauth2.jose.TestKeys) Mono(reactor.core.publisher.Mono) UnknownHostException(java.net.UnknownHostException) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) Flux(reactor.core.publisher.Flux) AfterEach(org.junit.jupiter.api.AfterEach) DefaultJOSEObjectTypeVerifier(com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier) SignatureAlgorithm(org.springframework.security.oauth2.jose.jws.SignatureAlgorithm) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) OAuth2Error(org.springframework.security.oauth2.core.OAuth2Error) Collections(java.util.Collections) JOSEObjectType(com.nimbusds.jose.JOSEObjectType) SecretKey(javax.crypto.SecretKey) Test(org.junit.jupiter.api.Test)

Example 48 with Decoder

use of java.util.Base64.Decoder in project vorto by eclipse.

the class PublicKeyHelper method toPublicKey.

public static PublicKey toPublicKey(String mod, String exp) {
    try {
        Decoder urlDecoder = Base64.getUrlDecoder();
        BigInteger modulus = new BigInteger(1, urlDecoder.decode(mod));
        BigInteger publicExponent = new BigInteger(1, urlDecoder.decode(exp));
        KeyFactory kf = KeyFactory.getInstance("RSA");
        return kf.generatePublic(new RSAPublicKeySpec(modulus, publicExponent));
    } catch (Exception e) {
        throw new InvalidTokenException("Problem converting the common keys to public keys", e);
    }
}
Also used : InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException) BigInteger(java.math.BigInteger) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) Decoder(java.util.Base64.Decoder) KeyFactory(java.security.KeyFactory) InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException)

Example 49 with Decoder

use of java.util.Base64.Decoder in project cu-kfs by CU-CommunityApps.

the class CuCapAssetInventoryServerAuthFilter method decodePublicKey.

private PublicKey decodePublicKey(JsonObject publicKeyJson) throws NoSuchAlgorithmException, InvalidKeySpecException {
    String keyModuloN = publicKeyJson.get(CuCamsConstants.CapAssetApi.COGNITO_PUBLIC_KEY_MODULO).getAsString();
    String keyExponentE = publicKeyJson.get(CuCamsConstants.CapAssetApi.COGNITO_PUBLIC_KEY_EXPONENT).getAsString();
    Base64.Decoder decoder = Base64.getUrlDecoder();
    BigInteger modulus = new BigInteger(1, decoder.decode(keyModuloN));
    BigInteger publicExponent = new BigInteger(1, decoder.decode(keyExponentE));
    RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(modulus, publicExponent);
    return KeyFactory.getInstance(CuCamsConstants.CapAssetApi.RSA).generatePublic(publicKeySpec);
}
Also used : Base64(java.util.Base64) BigInteger(java.math.BigInteger) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)

Aggregations

Decoder (java.util.Base64.Decoder)27 Base64 (java.util.Base64)21 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 Encoder (java.util.Base64.Encoder)7 KeyFactory (java.security.KeyFactory)6 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)6 IOException (java.io.IOException)5 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)5 JOSEObjectType (com.nimbusds.jose.JOSEObjectType)4 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)4 JWSHeader (com.nimbusds.jose.JWSHeader)4 JWSSigner (com.nimbusds.jose.JWSSigner)4 MACSigner (com.nimbusds.jose.crypto.MACSigner)4 JWKSource (com.nimbusds.jose.jwk.source.JWKSource)4 DefaultJOSEObjectTypeVerifier (com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier)4 JWSKeySelector (com.nimbusds.jose.proc.JWSKeySelector)4 JWSVerificationKeySelector (com.nimbusds.jose.proc.JWSVerificationKeySelector)4 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4 SignedJWT (com.nimbusds.jwt.SignedJWT)4 RSAPublicKey (java.security.interfaces.RSAPublicKey)4