Example 6 with JsonWebKeys
use of org.apache.cxf.rs.security.jose.jwk.JsonWebKeys in project cxf by apache.
the class JwkJoseCookBookTest method testPublicSetAsMap.
@Test
public void testPublicSetAsMap() throws Exception {
JsonWebKeys jwks = readKeySet("cookbookPublicSet.txt");
Map<KeyType, List<JsonWebKey>> keysMap = jwks.getKeyTypeMap();
assertEquals(2, keysMap.size());
List<JsonWebKey> rsaKeys = keysMap.get(KeyType.RSA);
assertEquals(1, rsaKeys.size());
assertEquals(5, rsaKeys.get(0).asMap().size());
validatePublicRsaKey(rsaKeys.get(0));
List<JsonWebKey> ecKeys = keysMap.get(KeyType.EC);
assertEquals(1, ecKeys.size());
assertEquals(6, ecKeys.get(0).asMap().size());
validatePublicEcKey(ecKeys.get(0));
}
Also used :
KeyType(org.apache.cxf.rs.security.jose.jwk.KeyType)
JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
List(java.util.List)
Test(org.junit.Test)
Example 7 with JsonWebKeys
use of org.apache.cxf.rs.security.jose.jwk.JsonWebKeys in project cxf by apache.
the class JwsJoseCookBookTest method testRSAv15Signature.
@Test
public void testRSAv15Signature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.RS256);
compactProducer.getJwsHeaders().setKeyId(RSA_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), RSA_V1_5_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(), RSA_V1_5_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey rsaKey = keys.get(1);
compactProducer.signWith(rsaKey);
assertEquals(compactProducer.getSignedEncodedJws(), RSA_V1_5_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + RSA_V1_5_SIGNATURE_VALUE);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey rsaPublicKey = publicKeys.get(1);
assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.RS256);
protectedHeader.setKeyId(RSA_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
}
Also used :
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)
JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)
JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)
JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)
Test(org.junit.Test)
Example 8 with JsonWebKeys
use of org.apache.cxf.rs.security.jose.jwk.JsonWebKeys in project cxf by apache.
the class JwsJoseCookBookTest method testDetachedHMACSignature.
@Test
public void testDetachedHMACSignature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD, true);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(), HMAC_SIGNATURE_PROTECTED_HEADER + ".");
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
compactProducer.signWith(key);
assertEquals(compactProducer.getSignedEncodedJws(), DETACHED_HMAC_JWS);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws(), ENCODED_PAYLOAD);
assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
protectedHeader.setKeyId(HMAC_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Also used :
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)
JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)
JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)
JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)
Test(org.junit.Test)
Example 9 with JsonWebKeys
use of org.apache.cxf.rs.security.jose.jwk.JsonWebKeys in project cxf by apache.
the class JwsJoseCookBookTest method testProtectingSpecificHeaderFieldsSignature.
@Test
public void testProtectingSpecificHeaderFieldsSignature() throws Exception {
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
JwsHeaders unprotectedHeader = new JwsHeaders();
unprotectedHeader.setKeyId(HMAC_KID_VALUE);
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Also used :
JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders)
JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)
JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey)
JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)
JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)
Test(org.junit.Test)
Example 10 with JsonWebKeys
use of org.apache.cxf.rs.security.jose.jwk.JsonWebKeys in project cxf by apache.
the class OIDCFlowTest method testGetKeys.
@org.junit.Test
public void testGetKeys() throws Exception {
URL busFile = OIDCFlowTest.class.getResource("client.xml");
String address = "https://localhost:" + PORT + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
client.accept("application/json");
client.path("keys/");
Response response = client.get();
JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
assertEquals(1, jsonWebKeys.getKeys().size());
}
Also used :
Response(javax.ws.rs.core.Response)
JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
URL(java.net.URL)
Aggregations
JsonWebKeys (org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)21
JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)18
Test (org.junit.Test)16
JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)7
JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)7
JwsJsonProducer (org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)7
JsonMapObjectReaderWriter (org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)6
JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)5
JwsCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)5
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)3
URL (java.net.URL)2
PublicKey (java.security.PublicKey)2
ECPublicKey (java.security.interfaces.ECPublicKey)2
RSAPublicKey (java.security.interfaces.RSAPublicKey)2
Properties (java.util.Properties)2
Response (javax.ws.rs.core.Response)2
WebClient (org.apache.cxf.jaxrs.client.WebClient)2
X509Certificate (java.security.cert.X509Certificate)1
List (java.util.List)1
KeyType (org.apache.cxf.rs.security.jose.jwk.KeyType)1
