use of org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer in project cxf by apache.
the class JoseJwtConsumer method getJwtToken.
public JwtToken getJwtToken(String wrappedJwtToken, JweDecryptionProvider theDecryptor, JwsSignatureVerifier theSigVerifier) {
super.checkProcessRequirements();
JweHeaders jweHeaders = new JweHeaders();
if (isJweRequired()) {
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(wrappedJwtToken);
if (theDecryptor == null) {
theDecryptor = getInitializedDecryptionProvider(jwtConsumer.getHeaders());
}
if (theDecryptor == null) {
throw new JwtException("Unable to decrypt JWT");
}
if (!isJwsRequired()) {
return jwtConsumer.decryptWith(theDecryptor);
}
JweDecryptionOutput decOutput = theDecryptor.decrypt(wrappedJwtToken);
wrappedJwtToken = decOutput.getContentText();
jweHeaders = decOutput.getHeaders();
}
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken);
JwtToken jwt = jwtConsumer.getJwtToken();
// Store the encryption headers as well
jwt = new JwtToken(jwt.getJwsHeaders(), jweHeaders, jwt.getClaims());
if (isJwsRequired()) {
if (theSigVerifier == null) {
theSigVerifier = getInitializedSignatureVerifier(jwt);
}
if (theSigVerifier == null) {
throw new JwtException("Unable to validate JWT");
}
if (!jwtConsumer.verifySignatureWith(theSigVerifier)) {
throw new JwtException("Invalid Signature");
}
}
validateToken(jwt);
return jwt;
}
use of org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer in project cxf by apache.
the class JWTTokenProviderTest method testCreateUnsignedEncryptedCBCJWT.
@org.junit.Test
public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
try {
Security.addProvider(new BouncyCastleProvider());
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(false);
TokenProviderParameters providerParameters = createProviderParameters();
providerParameters.setEncryptToken(true);
providerParameters.getEncryptionProperties().setEncryptionAlgorithm(ContentAlgorithm.A128CBC_HS256.name());
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 5);
if (unrestrictedPoliciesInstalled) {
// Validate the token
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
Properties decProperties = new Properties();
Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, ContentAlgorithm.A128CBC_HS256.name());
JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
JweDecryptionOutput decOutput = decProvider.decrypt(token);
String decToken = decOutput.getContentText();
JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
JwtToken jwt = jwtJwsConsumer.getJwtToken();
Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
}
} finally {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
}
use of org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer in project testcases by coheigea.
the class UserInfoTest method testEncryptedUserInfo.
@org.junit.Test
public void testEncryptedUserInfo() throws Exception {
URL busFile = UserInfoTest.class.getResource("cxf-client.xml");
String address = "https://localhost:" + PORT + "/services/";
WebClient client = WebClient.create(address, setupProviders(), "alice", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
// Get Authorization Code
String code = getAuthorizationCode(client, "openid");
assertNotNull(code);
// Now get the access token
client = WebClient.create(address, setupProviders(), "consumer-id", "this-is-a-secret", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
ClientAccessToken accessToken = getAccessTokenWithAuthorizationCode(client, code);
assertNotNull(accessToken.getTokenKey());
assertTrue(accessToken.getApprovedScope().contains("openid"));
// Now invoke on the UserInfo service with the access token
String userInfoAddress = "https://localhost:" + USERINFO_PORT + "/services/encrypted/userinfo";
WebClient userInfoClient = WebClient.create(userInfoAddress, busFile.toString());
userInfoClient.accept("application/jwt");
userInfoClient.header("Authorization", "Bearer " + accessToken.getTokenKey());
Response serviceResponse = userInfoClient.get();
assertEquals(serviceResponse.getStatus(), 200);
String token = serviceResponse.readEntity(String.class);
assertNotNull(token);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(Loader.getResource("clientstore.jks").openStream(), "cspass".toCharArray());
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
PrivateKey privateKey = (PrivateKey) keystore.getKey("myclientkey", "ckpass".toCharArray());
JwtToken jwt = jwtConsumer.decryptWith(privateKey);
assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
assertEquals("consumer-id", jwt.getClaim(JwtConstants.CLAIM_AUDIENCE));
}
use of org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer in project cxf by apache.
the class JWTTokenProviderTest method testCreateSignedEncryptedJWT.
@org.junit.Test
public void testCreateSignedEncryptedJWT() throws Exception {
TokenProvider jwtTokenProvider = new JWTTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters();
providerParameters.setEncryptToken(true);
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 5);
if (unrestrictedPoliciesInstalled) {
// Validate the token
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
Properties decProperties = new Properties();
Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
JweDecryptionOutput decOutput = decProvider.decrypt(token);
String decToken = decOutput.getContentText();
JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
JwtToken jwt = jwtJwsConsumer.getJwtToken();
Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
}
}
use of org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer in project cxf by apache.
the class JWTTokenProviderTest method testCreateUnsignedEncryptedJWT.
@org.junit.Test
public void testCreateUnsignedEncryptedJWT() throws Exception {
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(false);
TokenProviderParameters providerParameters = createProviderParameters();
providerParameters.setEncryptToken(true);
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 5);
if (unrestrictedPoliciesInstalled) {
// Validate the token
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
Properties decProperties = new Properties();
Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
JweDecryptionOutput decOutput = decProvider.decrypt(token);
String decToken = decOutput.getContentText();
JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
JwtToken jwt = jwtJwsConsumer.getJwtToken();
Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
}
}
Aggregations