Examples with JwsHeaders org.apache.cxf.rs.security.jose.jws.JwsHeaders used on opensource projects

Search in sources :

Example 6 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project syncope by apache.

the class JWTITCase method notBefore.

@Test
public void notBefore() throws ParseException {
    // Get an initial token
    SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
    AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);
    Response response = accessTokenService.login();
    String token = response.getHeaderString(RESTHeaders.TOKEN);
    assertNotNull(token);
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
    String tokenId = consumer.getJwtClaims().getTokenId();
    // Create a new token using the Id of the first token
    Date now = new Date();
    long currentTime = now.getTime() / 1000L;
    Calendar expiry = Calendar.getInstance();
    expiry.setTime(now);
    expiry.add(Calendar.MINUTE, 5);
    JwtClaims jwtClaims = new JwtClaims();
    jwtClaims.setTokenId(tokenId);
    jwtClaims.setSubject(ADMIN_UNAME);
    jwtClaims.setIssuedAt(currentTime);
    jwtClaims.setIssuer(JWT_ISSUER);
    jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
    jwtClaims.setNotBefore(currentTime + 60L);
    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
    JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
    JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512);
    String signed = producer.signWith(jwsSignatureProvider);
    SyncopeClient jwtClient = clientFactory.create(signed);
    UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
    try {
        jwtUserSelfService.read();
        fail("Failure expected on a token that is not valid yet");
    } catch (AccessControlException ex) {
    // expected
    }
}
Also used : JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) UserSelfService(org.apache.syncope.common.rest.api.service.UserSelfService) Calendar(java.util.Calendar) AccessControlException(java.security.AccessControlException) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) Date(java.util.Date) Response(javax.ws.rs.core.Response) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) AccessTokenService(org.apache.syncope.common.rest.api.service.AccessTokenService) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) Test(org.junit.jupiter.api.Test)

Example 7 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project syncope by apache.

the class JWTITCase method thirdPartyToken.

@Test
public void thirdPartyToken() throws ParseException {
    // Create a new token
    Date now = new Date();
    long currentTime = now.getTime() / 1000L;
    Calendar expiry = Calendar.getInstance();
    expiry.setTime(now);
    expiry.add(Calendar.MINUTE, 5);
    JwtClaims jwtClaims = new JwtClaims();
    jwtClaims.setTokenId(UUID.randomUUID().toString());
    jwtClaims.setSubject("puccini@apache.org");
    jwtClaims.setIssuedAt(currentTime);
    jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
    jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
    jwtClaims.setNotBefore(currentTime);
    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512);
    JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
    JwsSignatureProvider jwsSignatureProvider = new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), SignatureAlgorithm.HS512);
    String signed = producer.signWith(jwsSignatureProvider);
    SyncopeClient jwtClient = clientFactory.create(signed);
    Pair<Map<String, Set<String>>, UserTO> self = jwtClient.self();
    assertFalse(self.getLeft().isEmpty());
    assertEquals("puccini", self.getRight().getUsername());
}
Also used : JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) Calendar(java.util.Calendar) Date(java.util.Date) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) UserTO(org.apache.syncope.common.lib.to.UserTO) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) Map(java.util.Map) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider) NoneJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider) HmacJwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider) Test(org.junit.jupiter.api.Test)

Example 8 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project syncope by apache.

the class AccessTokenDataBinderImpl method update.

@Override
public Pair<String, Date> update(final AccessToken accessToken, final byte[] authorities) {
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken.getBody());
    credentialChecker.checkIsDefaultJWSKeyInUse();
    long duration = confDAO.find("jwt.lifetime.minutes", 120L);
    long currentTime = new Date().getTime() / 1000L;
    long expiry = currentTime + 60L * duration;
    consumer.getJwtClaims().setExpiryTime(expiry);
    Date expiryDate = new Date(expiry * 1000L);
    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm());
    JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims());
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token);
    String body = producer.signWith(jwsSignatureProvider);
    accessToken.setBody(body);
    // AccessToken stores expiry time in milliseconds, as opposed to seconds for the JWT tokens.
    accessToken.setExpiryTime(expiryDate);
    if (!adminUser.equals(accessToken.getOwner())) {
        accessToken.setAuthorities(authorities);
    }
    accessTokenDAO.save(accessToken);
    return Pair.of(body, expiryDate);
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) Date(java.util.Date)

Example 9 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project syncope by apache.

the class AccessTokenDataBinderImpl method generateJWT.

@Override
public Triple<String, String, Date> generateJWT(final String subject, final long duration, final Map<String, Object> claims) {
    credentialChecker.checkIsDefaultJWSKeyInUse();
    long currentTime = new Date().getTime() / 1000L;
    long expiryTime = currentTime + 60L * duration;
    JwtClaims jwtClaims = new JwtClaims();
    jwtClaims.setTokenId(UUID_GENERATOR.generate().toString());
    jwtClaims.setSubject(subject);
    jwtClaims.setIssuedAt(currentTime);
    jwtClaims.setIssuer(jwtIssuer);
    jwtClaims.setExpiryTime(expiryTime);
    jwtClaims.setNotBefore(currentTime);
    for (Map.Entry<String, Object> entry : claims.entrySet()) {
        jwtClaims.setClaim(entry.getKey(), entry.getValue());
    }
    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm());
    JwtToken token = new JwtToken(jwsHeaders, jwtClaims);
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token);
    String signed = producer.signWith(jwsSignatureProvider);
    return Triple.of(jwtClaims.getTokenId(), signed, new Date(expiryTime * 1000L));
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) Map(java.util.Map) Date(java.util.Date)

Example 10 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project testcases by coheigea.

the class JWTAuthorizationGrantTest method createToken.

private String createToken(String issuer, String subject, String audience, boolean expiry, boolean sign) {
    // Create the JWT Token
    JwtClaims claims = new JwtClaims();
    claims.setSubject(subject);
    if (issuer != null) {
        claims.setIssuer(issuer);
    }
    claims.setIssuedAt(new Date().getTime() / 1000L);
    if (expiry) {
        Calendar cal = Calendar.getInstance();
        cal.add(Calendar.SECOND, 60);
        claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
    }
    if (audience != null) {
        claims.setAudiences(Collections.singletonList(audience));
    }
    if (sign) {
        // Sign the JWT Token
        Properties signingProperties = new Properties();
        signingProperties.put("rs.security.keystore.type", "jks");
        signingProperties.put("rs.security.keystore.password", "cspass");
        signingProperties.put("rs.security.keystore.alias", "myclientkey");
        signingProperties.put("rs.security.keystore.file", "clientstore.jks");
        signingProperties.put("rs.security.key.password", "ckpass");
        signingProperties.put("rs.security.signature.algorithm", "RS256");
        JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
        JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
        JwsSignatureProvider sigProvider = JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
        return jws.signWith(sigProvider);
    }
    JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
    return jws.getSignedEncodedJws();
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) Calendar(java.util.Calendar) Properties(java.util.Properties) Date(java.util.Date) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)

Aggregations

JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)42 JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)25 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)22 JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)20 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)20 Date (java.util.Date)16 Calendar (java.util.Calendar)11 JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)10 JsonWebKeys (org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)10 HmacJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)10 NoneJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)10 SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)10 Test (org.junit.jupiter.api.Test)10 JwsJsonProducer (org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)9 Test (org.junit.Test)9 AccessControlException (java.security.AccessControlException)8 WebClient (org.apache.cxf.jaxrs.client.WebClient)8 JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)8 Properties (java.util.Properties)7 Response (javax.ws.rs.core.Response)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial