Examples with JwsHeaders org.apache.cxf.rs.security.jose.jws.JwsHeaders used on opensource projects

Example 11 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project testcases by coheigea.

the class JWTRequestTest method testAuthorizationCodeFlowUnsignedJWTWithState.

@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception {
    URL busFile = JWTRequestTest.class.getResource("cxf-client.xml");
    String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(new Date().getTime() / 1000L);
    claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    // Get Authorization Code
    String code = getAuthorizationCode(client, "openid", null, "123456789", "consumer-id", request);
    assertNotNull(code);
}

Example 12 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project testcases by coheigea.

the class JWTRequestTest method testAuthorizationCodeFlowUnsignedJWT.

@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWT() throws Exception {
    URL busFile = JWTRequestTest.class.getResource("cxf-client.xml");
    String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(new Date().getTime() / 1000L);
    claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    // Get Authorization Code
    String code = getAuthorizationCode(client, "openid", request);
    assertNotNull(code);
}

Example 13 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class BigQueryServer method getAccessToken.

private static ClientAccessToken getAccessToken(PrivateKey privateKey, String issuer) {
    JwsHeaders headers = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.RS256);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer(issuer);
    claims.setAudience("https://www.googleapis.com/oauth2/v3/token");
    long issuedAt = OAuthUtils.getIssuedAt();
    claims.setIssuedAt(issuedAt);
    claims.setExpiryTime(issuedAt + 60 * 60);
    claims.setProperty("scope", "https://www.googleapis.com/auth/bigquery.readonly");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer p = new JwsJwtCompactProducer(token);
    String base64UrlAssertion = p.signWith(privateKey);
    JwtBearerGrant grant = new JwtBearerGrant(base64UrlAssertion);
    WebClient accessTokenService = WebClient.create("https://www.googleapis.com/oauth2/v3/token", Arrays.asList(new OAuthJSONProvider(), new AccessTokenGrantWriter()));
    WebClient.getConfig(accessTokenService).getInInterceptors().add(new LoggingInInterceptor());
    accessTokenService.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
    return accessTokenService.post(grant, ClientAccessToken.class);
}

Example 14 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class JwsJsonWriterInterceptor method aroundWriteTo.

@Override
public void aroundWriteTo(WriterInterceptorContext ctx) throws IOException, WebApplicationException {
    if (ctx.getEntity() == null) {
        ctx.proceed();
        return;
    }
    List<String> propLocs = getPropertyLocations();
    List<JwsHeaders> protectedHeaders = new ArrayList<>(propLocs.size());
    for (int i = 0; i < propLocs.size(); i++) {
        protectedHeaders.add(new JwsHeaders());
    }
    List<JwsSignatureProvider> sigProviders = getInitializedSigProviders(propLocs, protectedHeaders);
    OutputStream actualOs = ctx.getOutputStream();
    if (useJwsOutputStream) {
        List<String> encodedProtectedHeaders = new ArrayList<>(sigProviders.size());
        List<JwsSignature> signatures = new ArrayList<>(sigProviders.size());
        int size = sigProviders.size();
        for (int i = 0; i < size; i++) {
            JwsSignatureProvider signer = sigProviders.get(i);
            JwsHeaders protectedHeader = protectedHeaders.get(i);
            prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
            String encoded = Base64UrlUtility.encode(writer.toJson(protectedHeader));
            encodedProtectedHeaders.add(encoded);
            JwsSignature signature = signer.createJwsSignature(protectedHeader);
            byte[] start = StringUtils.toBytesUTF8(encoded + ".");
            signature.update(start, 0, start.length);
            signatures.add(signature);
        }
        ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
        actualOs.write(StringUtils.toBytesUTF8("{\"payload\":\""));
        JwsJsonOutputStream jwsStream = new JwsJsonOutputStream(actualOs, encodedProtectedHeaders, signatures);
        Base64UrlOutputStream base64Stream = null;
        if (encodePayload) {
            base64Stream = new Base64UrlOutputStream(jwsStream);
            ctx.setOutputStream(base64Stream);
        } else {
            ctx.setOutputStream(jwsStream);
        }
        ctx.proceed();
        if (base64Stream != null) {
            base64Stream.flush();
        }
        jwsStream.flush();
    } else {
        CachedOutputStream cos = new CachedOutputStream();
        ctx.setOutputStream(cos);
        ctx.proceed();
        JwsJsonProducer p = new JwsJsonProducer(new String(cos.getBytes(), StandardCharsets.UTF_8));
        int size = sigProviders.size();
        for (int i = 0; i < size; i++) {
            JwsSignatureProvider signer = sigProviders.get(i);
            JwsHeaders protectedHeader = protectedHeaders.get(i);
            prepareProtectedHeader(protectedHeader, ctx, signer, size == 1);
            p.signWith(signer, protectedHeader, null);
        }
        ctx.setMediaType(JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE_JSON));
        writeJws(p, actualOs);
    }
}

Example 15 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class JwsJoseCookBookTest method testDetachedHMACSignature.

@SuppressWarnings("deprecation")
@Test
public void testDetachedHMACSignature() throws Exception {
    JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD, true);
    compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
    compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
    JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
    assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
    assertEquals(compactProducer.getUnsignedEncodedJws(), HMAC_SIGNATURE_PROTECTED_HEADER + ".");
    JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
    List<JsonWebKey> keys = jwks.getKeys();
    JsonWebKey key = keys.get(0);
    compactProducer.signWith(key);
    assertEquals(compactProducer.getSignedEncodedJws(), DETACHED_HMAC_JWS);
    JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws(), ENCODED_PAYLOAD);
    assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
    JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
    assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
    assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
    JwsHeaders protectedHeader = new JwsHeaders();
    protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
    protectedHeader.setKeyId(HMAC_KID_VALUE);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
    JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
    assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
    jsonProducer = new JwsJsonProducer(PAYLOAD, true);
    jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
    assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
    jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
    assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}