Search in sources :

Example 11 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project testcases by coheigea.

the class JWTRequestTest method testAuthorizationCodeFlowUnsignedJWTWithState.

@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception {
    URL busFile = JWTRequestTest.class.getResource("cxf-client.xml");
    String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(new Date().getTime() / 1000L);
    claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    // Get Authorization Code
    String code = getAuthorizationCode(client, "openid", null, "123456789", "consumer-id", request);
    assertNotNull(code);
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) Date(java.util.Date)

Example 12 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project testcases by coheigea.

the class JWTRequestTest method testAuthorizationCodeFlowUnsignedJWT.

@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWT() throws Exception {
    URL busFile = JWTRequestTest.class.getResource("cxf-client.xml");
    String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(new Date().getTime() / 1000L);
    claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    // Get Authorization Code
    String code = getAuthorizationCode(client, "openid", request);
    assertNotNull(code);
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) Date(java.util.Date)

Example 13 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class BigQueryServer method getAccessToken.

private static ClientAccessToken getAccessToken(PrivateKey privateKey, String issuer) {
    JwsHeaders headers = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.RS256);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer(issuer);
    claims.setAudience("https://www.googleapis.com/oauth2/v3/token");
    long issuedAt = OAuthUtils.getIssuedAt();
    claims.setIssuedAt(issuedAt);
    claims.setExpiryTime(issuedAt + 60 * 60);
    claims.setProperty("scope", "https://www.googleapis.com/auth/bigquery.readonly");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer p = new JwsJwtCompactProducer(token);
    String base64UrlAssertion = p.signWith(privateKey);
    JwtBearerGrant grant = new JwtBearerGrant(base64UrlAssertion);
    WebClient accessTokenService = WebClient.create("https://www.googleapis.com/oauth2/v3/token", Arrays.asList(new OAuthJSONProvider(), new AccessTokenGrantWriter()));
    WebClient.getConfig(accessTokenService).getInInterceptors().add(new LoggingInInterceptor());
    accessTokenService.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
    return accessTokenService.post(grant, ClientAccessToken.class);
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) JwtBearerGrant(org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrant) AccessTokenGrantWriter(org.apache.cxf.rs.security.oauth2.client.AccessTokenGrantWriter) OAuthJSONProvider(org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider) LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Example 14 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class JwsJsonWriterInterceptor method aroundWriteTo.

@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
    if (ctx.getEntity() == null) {
        ctx.proceed();
        return;
    }
    List<String> propLocs = getPropertyLocations();
    List<JwsHeaders> protectedHeaders = new ArrayList<>(propLocs.size());
    for (int i = 0; i < propLocs.size(); i++) {
        protectedHeaders.add(new JwsHeaders());
    }
    List<JwsSignatureProvider> sigProviders = getInitializedSigProviders(propLocs, protectedHeaders);
    OutputStream actualOs = ctx.getOutputStream();
    if (useJwsOutputStream) {
        List<String> encodedProtectedHeaders = new ArrayList<>(sigProviders.size());
        List<JwsSignature> signatures = new ArrayList<>(sigProviders.size());
        int size = sigProviders.size();
        for (int i = 0; i < size; i++) {
            JwsSignatureProvider signer = sigProviders.get(i);
            JwsHeaders protectedHeader = protectedHeaders.get(i);
            prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
            String encoded = Base64UrlUtility.encode(writer.toJson(protectedHeader));
            encodedProtectedHeaders.add(encoded);
            JwsSignature signature = signer.createJwsSignature(protectedHeader);
            byte[] start = StringUtils.toBytesUTF8(encoded + ".");
            signature.update(start, 0, start.length);
            signatures.add(signature);
        }
        ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
        actualOs.write(StringUtils.toBytesUTF8("{\"payload\":\""));
        JwsJsonOutputStream jwsStream = new JwsJsonOutputStream(actualOs, encodedProtectedHeaders, signatures);
        Base64UrlOutputStream base64Stream = null;
        if (encodePayload) {
            base64Stream = new Base64UrlOutputStream(jwsStream);
            ctx.setOutputStream(base64Stream);
        } else {
            ctx.setOutputStream(jwsStream);
        }
        ctx.proceed();
        if (base64Stream != null) {
            base64Stream.flush();
        }
        jwsStream.flush();
    } else {
        CachedOutputStream cos = new CachedOutputStream();
        ctx.setOutputStream(cos);
        ctx.proceed();
        JwsJsonProducer p = new JwsJsonProducer(new String(cos.getBytes(), StandardCharsets.UTF_8));
        int size = sigProviders.size();
        for (int i = 0; i < size; i++) {
            JwsSignatureProvider signer = sigProviders.get(i);
            JwsHeaders protectedHeader = protectedHeaders.get(i);
            prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
            p.signWith(signer, protectedHeader, null);
        }
        ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
        writeJws(p, actualOs);
    }
}
Also used : JwsSignature(org.apache.cxf.rs.security.jose.jws.JwsSignature) OutputStream(java.io.OutputStream) Base64UrlOutputStream(org.apache.cxf.common.util.Base64UrlOutputStream) JwsJsonOutputStream(org.apache.cxf.rs.security.jose.jws.JwsJsonOutputStream) CachedOutputStream(org.apache.cxf.io.CachedOutputStream) ArrayList(java.util.ArrayList) CachedOutputStream(org.apache.cxf.io.CachedOutputStream) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJsonOutputStream(org.apache.cxf.rs.security.jose.jws.JwsJsonOutputStream) Base64UrlOutputStream(org.apache.cxf.common.util.Base64UrlOutputStream) JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)

Example 15 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class JwsJoseCookBookTest method testDetachedHMACSignature.

@SuppressWarnings("deprecation")
@Test
public void testDetachedHMACSignature() throws Exception {
    JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD, true);
    compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
    compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
    JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
    assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
    assertEquals(compactProducer.getUnsignedEncodedJws(), HMAC_SIGNATURE_PROTECTED_HEADER + ".");
    JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
    List<JsonWebKey> keys = jwks.getKeys();
    JsonWebKey key = keys.get(0);
    compactProducer.signWith(key);
    assertEquals(compactProducer.getSignedEncodedJws(), DETACHED_HMAC_JWS);
    JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws(), ENCODED_PAYLOAD);
    assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
    JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
    assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
    assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
    JwsHeaders protectedHeader = new JwsHeaders();
    protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
    protectedHeader.setKeyId(HMAC_KID_VALUE);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
    JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
    assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
    jsonProducer = new JwsJsonProducer(PAYLOAD, true);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
    jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
    assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer) JwsCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsCompactProducer) JsonWebKeys(org.apache.cxf.rs.security.jose.jwk.JsonWebKeys) JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter) JsonWebKey(org.apache.cxf.rs.security.jose.jwk.JsonWebKey) JwsJsonProducer(org.apache.cxf.rs.security.jose.jws.JwsJsonProducer) JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer) Test(org.junit.Test)

Aggregations

JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)42 JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)25 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)22 JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)20 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)20 Date (java.util.Date)16 Calendar (java.util.Calendar)11 JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)10 JsonWebKeys (org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)10 HmacJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)10 NoneJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)10 SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)10 Test (org.junit.jupiter.api.Test)10 JwsJsonProducer (org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)9 Test (org.junit.Test)9 AccessControlException (java.security.AccessControlException)8 WebClient (org.apache.cxf.jaxrs.client.WebClient)8 JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)8 Properties (java.util.Properties)7 Response (javax.ws.rs.core.Response)7