Examples with JsonWebKeys org.apache.cxf.rs.security.jose.jwk.JsonWebKeys used on opensource projects

Search in sources :

Example 31 with JsonWebKeys

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKeys in project cxf by apache.

the class OIDCFlowTest method testAuthorizationCodeFlowWithKey.

@org.junit.Test
public void testAuthorizationCodeFlowWithKey() throws Exception {
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", null);
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    // Get Authorization Code
    String code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
    assertNotNull(code);
    // Now get the access token
    client = WebClient.create(address, "consumer-id", "this-is-a-secret", null);
    ClientAccessToken accessToken = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
    assertNotNull(accessToken.getTokenKey());
    assertTrue(accessToken.getApprovedScope().contains("openid"));
    String idToken = accessToken.getParameters().get("id_token");
    assertNotNull(idToken);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
    // Now get the key to validate the token
    client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", null);
    client.accept("application/json");
    client.path("keys/");
    Response response = client.get();
    JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
    assertTrue(jwtConsumer.verifySignatureWith(jsonWebKeys.getKeys().get(0), SignatureAlgorithm.RS256));
}
Also used : Response(javax.ws.rs.core.Response) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Example 32 with JsonWebKeys

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKeys in project cxf by apache.

the class OIDCKeysServiceTest method testGetRSAPublicKey.

@org.junit.Test
public void testGetRSAPublicKey() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + JCACHE_SERVER.getPort() + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    client.accept("application/json");
    client.path("keys/");
    Response response = client.get();
    JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
    assertEquals(1, jsonWebKeys.getKeys().size());
    JsonWebKey jsonWebKey = jsonWebKeys.getKeys().get(0);
    assertEquals(KeyType.RSA, jsonWebKey.getKeyType());
    assertEquals("alice", jsonWebKey.getKeyId());
    assertNotNull(jsonWebKey.getProperty("n"));
    assertNotNull(jsonWebKey.getProperty("e"));
    // Check we don't send the private key back
    checkPrivateKeyParametersNotPresent(jsonWebKeys);
}
Also used : Response(javax.ws.rs.core.Response) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Example 33 with JsonWebKeys

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKeys in project cxf by apache.

the class OIDCKeysServiceTest method testGetJWKECPublicKey.

@org.junit.Test
public void testGetJWKECPublicKey() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + JCACHE_SERVER.getPort() + "/services3/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    client.accept("application/json");
    client.path("keys/");
    Response response = client.get();
    JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
    assertEquals(1, jsonWebKeys.getKeys().size());
    JsonWebKey jsonWebKey = jsonWebKeys.getKeys().get(0);
    assertEquals(KeyType.EC, jsonWebKey.getKeyType());
    assertEquals("ECKey", jsonWebKey.getKeyId());
    assertNotNull(jsonWebKey.getProperty("x"));
    assertNotNull(jsonWebKey.getProperty("y"));
    // Check we don't send the private key back
    checkPrivateKeyParametersNotPresent(jsonWebKeys);
}
Also used : Response(javax.ws.rs.core.Response) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Example 34 with JsonWebKeys

use of org.apache.cxf.rs.security.jose.jwk.JsonWebKeys in project cxf by apache.

the class OIDCKeysServiceTest method testGetJWKHMAC.

@org.junit.Test
public void testGetJWKHMAC() throws Exception {
    URL busFile = OIDCFlowTest.class.getResource("client.xml");
    String address = "https://localhost:" + JCACHE_SERVER.getPort() + "/services4/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    client.accept("application/json");
    client.path("keys/");
    Response response = client.get();
    JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
    // We don't allow sending secret keys back from the key service by default
    assertNull(jsonWebKeys.getKeys());
}
Also used : Response(javax.ws.rs.core.Response) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Aggregations

JsonWebKeys (org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)34 JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)26 Test (org.junit.Test)18 Response (javax.ws.rs.core.Response)10 WebClient (org.apache.cxf.jaxrs.client.WebClient)10 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)10 URL (java.net.URL)8 JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)8 JwsJsonProducer (org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)8 JsonMapObjectReaderWriter (org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)6 JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)5 JwsCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsCompactProducer)5 PublicKey (java.security.PublicKey)3 ECPublicKey (java.security.interfaces.ECPublicKey)3 RSAPublicKey (java.security.interfaces.RSAPublicKey)3 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)3 X509Certificate (java.security.cert.X509Certificate)2 Properties (java.util.Properties)2 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)2 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial