Examples with JwsHeaders org.apache.cxf.rs.security.jose.jws.JwsHeaders used on opensource projects

Example 21 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class AbstractJwsMultipartSignatureFilter method getAttachmentParts.

protected List<Object> getAttachmentParts(Object rootEntity) {
    final List<Object> parts;
    if (rootEntity instanceof MultipartBody) {
        parts = CastUtils.cast(((MultipartBody) rootEntity).getAllAttachments());
    } else {
        if (rootEntity instanceof List) {
            List<Object> entityList = CastUtils.cast((List<?>) rootEntity);
            parts = new ArrayList<>(entityList);
        } else {
            parts = new ArrayList<>(2);
            parts.add(rootEntity);
        }
    }
    JwsHeaders headers = new JwsHeaders();
    headers.setPayloadEncodingStatus(false);
    JwsSignatureProvider theSigProvider = sigProvider != null ? sigProvider : JwsUtils.loadSignatureProvider(headers, true);
    JwsSignature jwsSignature = theSigProvider.createJwsSignature(headers);
    String base64UrlEncodedHeaders = Base64UrlUtility.encode(writer.toJson(headers));
    byte[] headerBytesWithDot = StringUtils.toBytesASCII(base64UrlEncodedHeaders + '.');
    jwsSignature.update(headerBytesWithDot, 0, headerBytesWithDot.length);
    AttachmentUtils.addMultipartOutFilter(new JwsMultipartSignatureOutFilter(jwsSignature));
    JwsDetachedSignature jws = new JwsDetachedSignature(headers, base64UrlEncodedHeaders, jwsSignature, useJwsJsonSignatureFormat);
    Attachment jwsPart = new Attachment("signature", JoseConstants.MEDIA_TYPE_JOSE, jws);
    parts.add(jwsPart);
    return parts;
}

Example 22 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class JoseProducer method processData.

public String processData(String data) {
    super.checkProcessRequirements();
    JweEncryptionProvider theEncProvider = null;
    JweHeaders jweHeaders = new JweHeaders();
    if (isJweRequired()) {
        theEncProvider = getInitializedEncryptionProvider(jweHeaders);
        if (theEncProvider == null) {
            throw new JoseException("Unable to encrypt the data");
        }
    }
    if (isJwsRequired()) {
        JwsHeaders jwsHeaders = new JwsHeaders();
        JwsCompactProducer jws = new JwsCompactProducer(jwsHeaders, data);
        JwsSignatureProvider theSigProvider = getInitializedSignatureProvider(jwsHeaders);
        if (theSigProvider == null) {
            throw new JoseException("Unable to sign the data");
        }
        data = jws.signWith(theSigProvider);
    }
    if (theEncProvider != null) {
        data = theEncProvider.encrypt(StringUtils.toBytesUTF8(data), jweHeaders);
    }
    return data;
}

Example 23 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class AuthorizationGrantNegativeTest method testJWTUnauthenticatedSignature.

@org.junit.Test
public void testJWTUnauthenticatedSignature() throws Exception {
    URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Create the JWT Token
    // Create the JWT Token
    JwtClaims claims = new JwtClaims();
    claims.setSubject("consumer-id");
    claims.setIssuer("DoubleItSTSIssuer");
    Instant now = Instant.now();
    claims.setIssuedAt(now.getEpochSecond());
    claims.setExpiryTime(now.plusSeconds(60L).getEpochSecond());
    String audience = "https://localhost:" + port + "/services/token";
    claims.setAudiences(Collections.singletonList(audience));
    // Sign the JWT Token
    Properties signingProperties = new Properties();
    signingProperties.put("rs.security.keystore.type", "jks");
    signingProperties.put("rs.security.keystore.password", "security");
    signingProperties.put("rs.security.keystore.alias", "smallkey");
    signingProperties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks");
    signingProperties.put("rs.security.key.password", "security");
    signingProperties.put("rs.security.signature.algorithm", "RS256");
    JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
    JwsSignatureProvider sigProvider = JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
    String token = jws.signWith(sigProvider);
    // Get Access Token
    client.type("application/x-www-form-urlencoded").accept("application/json");
    client.path("token");
    Form form = new Form();
    form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
    form.param("assertion", token);
    form.param("client_id", "consumer-id");
    Response response = client.post(form);
    try {
        response.readEntity(ClientAccessToken.class);
        fail("Failure expected on an unauthenticated token");
    } catch (Exception ex) {
    // expected
    }
}

Example 24 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class OIDCFlowTest method testAuthorizationCodeFlowUnsignedJWT.

@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWT() throws Exception {
    String address = "https://localhost:" + port + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", null);
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(Instant.now().getEpochSecond());
    claims.setAudiences(Collections.singletonList("https://localhost:" + port + "/unsignedjwtservices/"));
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    // Get Authorization Code
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    parameters.setScope("openid");
    parameters.setResponseType("code");
    parameters.setPath("authorize/");
    parameters.setRequest(request);
    String location = OAuth2TestUtils.getLocation(client, parameters);
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
}

Example 25 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class OIDCFlowTest method testAuthorizationCodeFlowUnsignedJWTWithState.

@org.junit.Test
public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception {
    String address = "https://localhost:" + port + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", null);
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(Instant.now().getEpochSecond());
    claims.setAudiences(Collections.singletonList("https://localhost:" + port + "/unsignedjwtservices/"));
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    // Get Authorization Code
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    parameters.setScope("openid");
    parameters.setResponseType("code");
    parameters.setPath("authorize/");
    parameters.setState("123456789");
    parameters.setRequest(request);
    String location = OAuth2TestUtils.getLocation(client, parameters);
    String code = OAuth2TestUtils.getSubstring(location, "code");
    assertNotNull(code);
}