Examples with JsonWebKey org.apache.cxf.rs.security.jose.jwk.JsonWebKey used on opensource projects

Search in sources :

Example 26 with JsonWebKey

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.

the class JwkJoseCookBookTest method testSecretSetAsList.

@Test
public void testSecretSetAsList() throws Exception {
    JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
    List<JsonWebKey> keys = jwks.getKeys();
    assertEquals(2, keys.size());
    JsonWebKey signKey = keys.get(0);
    assertEquals(5, signKey.asMap().size());
    validateSecretSignKey(signKey);
    JsonWebKey encKey = keys.get(1);
    assertEquals(5, encKey.asMap().size());
    validateSecretEncKey(encKey);
}
Also used : JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) Test(org.junit.Test)

Example 27 with JsonWebKey

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.

the class JwsJoseCookBookTest method testMultipleSignatures.

@Test
public void testMultipleSignatures() throws Exception {
    try {
        Cipher.getInstance(AlgorithmUtils.ES_SHA_512_JAVA);
    } catch (Throwable t) {
        Security.addProvider(new BouncyCastleProvider());
    }
    try {
        JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
        assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
        assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
        JwsHeaders firstSignerProtectedHeader = new JwsHeaders();
        firstSignerProtectedHeader.setSignatureAlgorithm(SignatureAlgorithm.RS256);
        JwsHeaders firstSignerUnprotectedHeader = new JwsHeaders();
        firstSignerUnprotectedHeader.setKeyId(RSA_KID_VALUE);
        JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
        List<JsonWebKey> keys = jwks.getKeys();
        JsonWebKey rsaKey = keys.get(1);
        jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), firstSignerProtectedHeader, firstSignerUnprotectedHeader);
        assertEquals(jsonProducer.getSignatureEntries().get(0).toJson(), FIRST_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES);
        JwsHeaders secondSignerUnprotectedHeader = new JwsHeaders();
        secondSignerUnprotectedHeader.setSignatureAlgorithm(SignatureAlgorithm.ES512);
        secondSignerUnprotectedHeader.setKeyId(ECDSA_KID_VALUE);
        JsonWebKey ecKey = keys.get(0);
        jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, SignatureAlgorithm.ES512), null, secondSignerUnprotectedHeader);
        assertEquals(new JsonMapObjectReaderWriter().toJson(jsonProducer.getSignatureEntries().get(1).getUnprotectedHeader()), SECOND_SIGNATURE_UNPROTECTED_HEADER_MULTIPLE_SIGNATURES);
        assertEquals(jsonProducer.getSignatureEntries().get(1).toJson().length(), SECOND_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES.length());
        JwsHeaders thirdSignerProtectedHeader = new JwsHeaders();
        thirdSignerProtectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
        thirdSignerProtectedHeader.setKeyId(HMAC_KID_VALUE);
        JsonWebKeys secretJwks = readKeySet("cookbookSecretSet.txt");
        List<JsonWebKey> secretKeys = secretJwks.getKeys();
        JsonWebKey hmacKey = secretKeys.get(0);
        jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, SignatureAlgorithm.HS256), thirdSignerProtectedHeader);
        assertEquals(jsonProducer.getSignatureEntries().get(2).toJson(), THIRD_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES);
        assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), MULTIPLE_SIGNATURES_JSON_GENERAL_SERIALIZATION.length());
        JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
        JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
        List<JsonWebKey> publicKeys = publicJwks.getKeys();
        JsonWebKey rsaPublicKey = publicKeys.get(1);
        JsonWebKey ecPublicKey = publicKeys.get(0);
        assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
        assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512));
        assertTrue(jsonConsumer.verifySignatureWith(hmacKey, SignatureAlgorithm.HS256));
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter) JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer) JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Test(org.junit.Test)

Example 28 with JsonWebKey

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.

the class JwsJoseCookBookTest method testRSAPSSSignature.

@Test
public void testRSAPSSSignature() throws Exception {
    try {
        Cipher.getInstance(AlgorithmUtils.PS_SHA_384_JAVA);
    } catch (Throwable t) {
        Security.addProvider(new BouncyCastleProvider());
    }
    JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
    compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.PS384);
    compactProducer.getJwsHeaders().setKeyId(RSA_KID_VALUE);
    JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
    assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), RSA_PSS_SIGNATURE_PROTECTED_HEADER_JSON);
    assertEquals(compactProducer.getUnsignedEncodedJws(), RSA_PSS_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
    JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
    List<JsonWebKey> keys = jwks.getKeys();
    JsonWebKey rsaKey = keys.get(1);
    compactProducer.signWith(rsaKey);
    assertEquals(compactProducer.getSignedEncodedJws().length(), (RSA_PSS_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + RSA_PSS_SIGNATURE_VALUE).length());
    JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
    JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
    List<JsonWebKey> publicKeys = publicJwks.getKeys();
    JsonWebKey rsaPublicKey = publicKeys.get(1);
    assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
    JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
    assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
    assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
    JwsHeaders protectedHeader = new JwsHeaders();
    protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.PS384);
    protectedHeader.setKeyId(RSA_KID_VALUE);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.PS384), protectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_GENERAL_SERIALIZATION.length());
    JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
    assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
    jsonProducer = new JwsJsonProducer(PAYLOAD, true);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.PS384), protectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_FLATTENED_SERIALIZATION.length());
    jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
    assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
    Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer) JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer) JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Test(org.junit.Test)

Example 29 with JsonWebKey

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.

the class JwsJoseCookBookTest method testProtectingContentOnlySignature.

@Test
public void testProtectingContentOnlySignature() throws Exception {
    JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
    assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
    assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
    JwsHeaders unprotectedHeader = new JwsHeaders();
    unprotectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
    unprotectedHeader.setKeyId(HMAC_KID_VALUE);
    JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
    List<JsonWebKey> keys = jwks.getKeys();
    JsonWebKey key = keys.get(0);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), null, unprotectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_CONTENT_ONLY_JSON_GENERAL_SERIALIZATION);
    JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
    assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
    jsonProducer = new JwsJsonProducer(PAYLOAD, true);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), null, unprotectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_CONTENT_ONLY_JSON_FLATTENED_SERIALIZATION);
    jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
    assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer) JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer) Test(org.junit.Test)

Example 30 with JsonWebKey

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.

the class JwsJoseCookBookTest method testECDSASignature.

@Test
public void testECDSASignature() throws Exception {
    try {
        Cipher.getInstance(AlgorithmUtils.ES_SHA_512_JAVA);
    } catch (Throwable t) {
        Security.addProvider(new BouncyCastleProvider());
    }
    try {
        JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
        compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.ES512);
        compactProducer.getJwsHeaders().setKeyId(ECDSA_KID_VALUE);
        JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
        assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), ECDSA_SIGNATURE_PROTECTED_HEADER_JSON);
        assertEquals(compactProducer.getUnsignedEncodedJws(), ECSDA_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
        JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
        List<JsonWebKey> keys = jwks.getKeys();
        JsonWebKey ecKey = keys.get(0);
        compactProducer.signWith(new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(ecKey), SignatureAlgorithm.ES512));
        assertEquals(compactProducer.getUnsignedEncodedJws(), ECSDA_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
        assertEquals(132, Base64UrlUtility.decode(compactProducer.getEncodedSignature()).length);
        JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
        JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
        List<JsonWebKey> publicKeys = publicJwks.getKeys();
        JsonWebKey ecPublicKey = publicKeys.get(0);
        assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512));
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}
Also used : JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer) JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) EcDsaJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.EcDsaJwsSignatureProvider) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Test(org.junit.Test)

Aggregations

JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)31 JsonWebKeys (org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)18 Test (org.junit.Test)18 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)7 JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)7 JwsJsonProducer (org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)7 JsonMapObjectReaderWriter (org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)6 ContentAlgorithm (org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm)5 JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)5 JwsCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)5 Properties (java.util.Properties)4 X509Certificate (java.security.cert.X509Certificate)3 ECPrivateKey (java.security.interfaces.ECPrivateKey)3 Message (org.apache.cxf.message.Message)3 KeyAlgorithm (org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)3 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)3 PrivateKey (java.security.PrivateKey)2 PublicKey (java.security.PublicKey)2 ECPublicKey (java.security.interfaces.ECPublicKey)2 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial