Example 31 with JsonWebKey
use of org.apache.cxf.rs.security.jose.jwk.JsonWebKey in project cxf by apache.
the class JwsJoseCookBookTest method testHMACSignature.
@Test
public void testHMACSignature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(), HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
compactProducer.signWith(key);
assertEquals(compactProducer.getSignedEncodedJws(), HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + HMAC_SIGNATURE_VALUE);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
protectedHeader.setKeyId(HMAC_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Also used :
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)
JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)
JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)
JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)
Test(org.junit.Test)
Aggregations
JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)31
JsonWebKeys (org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)18
Test (org.junit.Test)18
JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)7
JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)7
JwsJsonProducer (org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)7
JsonMapObjectReaderWriter (org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)6
ContentAlgorithm (org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm)5
JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)5
JwsCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)5
Properties (java.util.Properties)4
X509Certificate (java.security.cert.X509Certificate)3
ECPrivateKey (java.security.interfaces.ECPrivateKey)3
Message (org.apache.cxf.message.Message)3
KeyAlgorithm (org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm)3
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)3
PrivateKey (java.security.PrivateKey)2
PublicKey (java.security.PublicKey)2
ECPublicKey (java.security.interfaces.ECPublicKey)2
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2
