use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project testcases by coheigea.
the class JWTRequestTest method testAuthorizationCodeFlowUnsignedJWTWithState.
@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception {
URL busFile = JWTRequestTest.class.getResource("cxf-client.xml");
String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
WebClient client = WebClient.create(address, setupProviders(), "alice", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
JwtClaims claims = new JwtClaims();
claims.setIssuer("consumer-id");
claims.setIssuedAt(new Date().getTime() / 1000L);
claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
JwsHeaders headers = new JwsHeaders();
headers.setAlgorithm("none");
JwtToken token = new JwtToken(headers, claims);
JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
String request = jws.getSignedEncodedJws();
// Get Authorization Code
String code = getAuthorizationCode(client, "openid", null, "123456789", "consumer-id", request);
assertNotNull(code);
}
use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project testcases by coheigea.
the class JWTRequestTest method testAuthorizationCodeFlowUnsignedJWT.
@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWT() throws Exception {
URL busFile = JWTRequestTest.class.getResource("cxf-client.xml");
String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
WebClient client = WebClient.create(address, setupProviders(), "alice", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
JwtClaims claims = new JwtClaims();
claims.setIssuer("consumer-id");
claims.setIssuedAt(new Date().getTime() / 1000L);
claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
JwsHeaders headers = new JwsHeaders();
headers.setAlgorithm("none");
JwtToken token = new JwtToken(headers, claims);
JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
String request = jws.getSignedEncodedJws();
// Get Authorization Code
String code = getAuthorizationCode(client, "openid", request);
assertNotNull(code);
}
use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.
the class BigQueryServer method getAccessToken.
private static ClientAccessToken getAccessToken(PrivateKey privateKey, String issuer) {
JwsHeaders headers = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.RS256);
JwtClaims claims = new JwtClaims();
claims.setIssuer(issuer);
claims.setAudience("https://www.googleapis.com/oauth2/v3/token");
long issuedAt = OAuthUtils.getIssuedAt();
claims.setIssuedAt(issuedAt);
claims.setExpiryTime(issuedAt + 60 * 60);
claims.setProperty("scope", "https://www.googleapis.com/auth/bigquery.readonly");
JwtToken token = new JwtToken(headers, claims);
JwsJwtCompactProducer p = new JwsJwtCompactProducer(token);
String base64UrlAssertion = p.signWith(privateKey);
JwtBearerGrant grant = new JwtBearerGrant(base64UrlAssertion);
WebClient accessTokenService = WebClient.create("https://www.googleapis.com/oauth2/v3/token", Arrays.asList(new OAuthJSONProvider(), new AccessTokenGrantWriter()));
WebClient.getConfig(accessTokenService).getInInterceptors().add(new LoggingInInterceptor());
accessTokenService.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
return accessTokenService.post(grant, ClientAccessToken.class);
}
use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.
the class JwsJsonWriterInterceptor method aroundWriteTo.
@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
if (ctx.getEntity() == null) {
ctx.proceed();
return;
}
List<String> propLocs = getPropertyLocations();
List<JwsHeaders> protectedHeaders = new ArrayList<>(propLocs.size());
for (int i = 0; i < propLocs.size(); i++) {
protectedHeaders.add(new JwsHeaders());
}
List<JwsSignatureProvider> sigProviders = getInitializedSigProviders(propLocs, protectedHeaders);
OutputStream actualOs = ctx.getOutputStream();
if (useJwsOutputStream) {
List<String> encodedProtectedHeaders = new ArrayList<>(sigProviders.size());
List<JwsSignature> signatures = new ArrayList<>(sigProviders.size());
int size = sigProviders.size();
for (int i = 0; i < size; i++) {
JwsSignatureProvider signer = sigProviders.get(i);
JwsHeaders protectedHeader = protectedHeaders.get(i);
prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
String encoded = Base64UrlUtility.encode(writer.toJson(protectedHeader));
encodedProtectedHeaders.add(encoded);
JwsSignature signature = signer.createJwsSignature(protectedHeader);
byte[] start = StringUtils.toBytesUTF8(encoded + ".");
signature.update(start, 0, start.length);
signatures.add(signature);
}
ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
actualOs.write(StringUtils.toBytesUTF8("{\"payload\":\""));
JwsJsonOutputStream jwsStream = new JwsJsonOutputStream(actualOs, encodedProtectedHeaders, signatures);
Base64UrlOutputStream base64Stream = null;
if (encodePayload) {
base64Stream = new Base64UrlOutputStream(jwsStream);
ctx.setOutputStream(base64Stream);
} else {
ctx.setOutputStream(jwsStream);
}
ctx.proceed();
if (base64Stream != null) {
base64Stream.flush();
}
jwsStream.flush();
} else {
CachedOutputStream cos = new CachedOutputStream();
ctx.setOutputStream(cos);
ctx.proceed();
JwsJsonProducer p = new JwsJsonProducer(new String(cos.getBytes(), StandardCharsets.UTF_8));
int size = sigProviders.size();
for (int i = 0; i < size; i++) {
JwsSignatureProvider signer = sigProviders.get(i);
JwsHeaders protectedHeader = protectedHeaders.get(i);
prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
p.signWith(signer, protectedHeader, null);
}
ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
writeJws(p, actualOs);
}
}
use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.
the class JwsJoseCookBookTest method testDetachedHMACSignature.
@SuppressWarnings("deprecation")
@Test
public void testDetachedHMACSignature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD, true);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(), HMAC_SIGNATURE_PROTECTED_HEADER + ".");
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
compactProducer.signWith(key);
assertEquals(compactProducer.getSignedEncodedJws(), DETACHED_HMAC_JWS);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws(), ENCODED_PAYLOAD);
assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
protectedHeader.setKeyId(HMAC_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Aggregations