Examples with JwsHeaders org.apache.cxf.rs.security.jose.jws.JwsHeaders used on opensource projects

Search in sources :

Example 26 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class OIDCNegativeTest method testJWTRequestNonmatchingResponseType.

@org.junit.Test
public void testJWTRequestNonmatchingResponseType() throws Exception {
    URL busFile = OIDCNegativeTest.class.getResource("client.xml");
    String address = "https://localhost:" + port + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(Instant.now().getEpochSecond());
    claims.setAudiences(Collections.singletonList("https://localhost:" + port + "/unsignedjwtservices/"));
    claims.setProperty("response_type", "token");
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    parameters.setScope("openid");
    parameters.setResponseType("code");
    parameters.setPath("authorize/");
    parameters.setRequest(request);
    // Get Authorization Code
    try {
        OAuth2TestUtils.getLocation(client, parameters);
        fail("Failure expected on a non-matching response_type");
    } catch (ResponseProcessingException ex) {
    // expected
    }
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) AuthorizationCodeParameters(org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters) ResponseProcessingException(javax.ws.rs.client.ResponseProcessingException) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Example 27 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project cxf by apache.

the class OIDCNegativeTest method testJWTRequestNonmatchingClientId.

@org.junit.Test
public void testJWTRequestNonmatchingClientId() throws Exception {
    URL busFile = OIDCNegativeTest.class.getResource("client.xml");
    String address = "https://localhost:" + port + "/unsignedjwtservices/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Save the Cookie for the second request...
    WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
    JwtClaims claims = new JwtClaims();
    claims.setIssuer("consumer-id");
    claims.setIssuedAt(Instant.now().getEpochSecond());
    claims.setAudiences(Collections.singletonList("https://localhost:" + port + "/unsignedjwtservices/"));
    claims.setProperty("client_id", "consumer-id2");
    JwsHeaders headers = new JwsHeaders();
    headers.setAlgorithm("none");
    JwtToken token = new JwtToken(headers, claims);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
    String request = jws.getSignedEncodedJws();
    AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
    parameters.setConsumerId("consumer-id");
    parameters.setScope("openid");
    parameters.setResponseType("code");
    parameters.setPath("authorize/");
    parameters.setRequest(request);
    // Get Authorization Code
    try {
        OAuth2TestUtils.getLocation(client, parameters);
        fail("Failure expected on a non-matching client id");
    } catch (ResponseProcessingException ex) {
    // expected
    }
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) AuthorizationCodeParameters(org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils.AuthorizationCodeParameters) ResponseProcessingException(javax.ws.rs.client.ResponseProcessingException) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL)

Example 28 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project testcases by coheigea.

the class JWTClientAuthenticationTest method createToken.

private String createToken(String issuer, String subject, String audience, boolean expiry, boolean sign) {
    // Create the JWT Token
    JwtClaims claims = new JwtClaims();
    claims.setSubject(subject);
    if (issuer != null) {
        claims.setIssuer(issuer);
    }
    claims.setIssuedAt(new Date().getTime() / 1000L);
    if (expiry) {
        Calendar cal = Calendar.getInstance();
        cal.add(Calendar.SECOND, 60);
        claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
    }
    if (audience != null) {
        claims.setAudiences(Collections.singletonList(audience));
    }
    if (sign) {
        // Sign the JWT Token
        Properties signingProperties = new Properties();
        signingProperties.put("rs.security.keystore.type", "jks");
        signingProperties.put("rs.security.keystore.password", "cspass");
        signingProperties.put("rs.security.keystore.alias", "myclientkey");
        signingProperties.put("rs.security.keystore.file", "clientstore.jks");
        signingProperties.put("rs.security.key.password", "ckpass");
        signingProperties.put("rs.security.signature.algorithm", "RS256");
        JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
        JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
        JwsSignatureProvider sigProvider = JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
        return jws.signWith(sigProvider);
    }
    JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
    return jws.getSignedEncodedJws();
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) Calendar(java.util.Calendar) Properties(java.util.Properties) Date(java.util.Date) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)

Example 29 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project testcases by coheigea.

the class TokenPreAuthTest method unitTokenAuthGSSTest.

// Use the TokenAuthLoginModule in Kerby to log in to the KDC using a JWT token
@org.junit.Test
public void unitTokenAuthGSSTest() throws Exception {
    // 1. Get a TGT from the KDC for the client + create an armor cache
    KrbClient client = new KrbClient();
    client.setKdcHost("localhost");
    client.setKdcTcpPort(kerbyServer.getKdcPort());
    client.setAllowUdp(false);
    client.setKdcRealm(kerbyServer.getKdcSetting().getKdcRealm());
    client.init();
    TgtTicket tgt = client.requestTgt("alice@service.ws.apache.org", "alice");
    assertNotNull(tgt);
    // Write to cache
    Credential credential = new Credential(tgt);
    CredentialCache cCache = new CredentialCache();
    cCache.addCredential(credential);
    cCache.setPrimaryPrincipal(tgt.getClientPrincipal());
    File cCacheFile = File.createTempFile("krb5_alice@service.ws.apache.org", "cc");
    cCache.store(cCacheFile);
    // Now read in JAAS config + substitute in the armor cache file path value
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    File f = new File(basedir + "/target/test-classes/kerberos/kerberos.jaas");
    FileInputStream inputStream = new FileInputStream(f);
    String content = IOUtils.toString(inputStream, "UTF-8");
    inputStream.close();
    content = content.replaceAll("armorCacheVal", cCacheFile.getPath());
    File f2 = new File(basedir + "/target/test-classes/kerberos/kerberos.jaas");
    FileOutputStream outputStream = new FileOutputStream(f2);
    IOUtils.write(content, outputStream, "UTF-8");
    outputStream.close();
    // 2. Create a JWT token using CXF
    JwtClaims claims = new JwtClaims();
    claims.setSubject("alice");
    claims.setIssuer("DoubleItSTSIssuer");
    claims.setIssuedAt(new Date().getTime() / 1000L);
    claims.setExpiryTime(new Date().getTime() + (60L + 1000L));
    String address = "krbtgt/service.ws.apache.org@service.ws.apache.org";
    claims.setAudiences(Collections.singletonList(address));
    KeyStore keystore = KeyStore.getInstance("JKS");
    keystore.load(Loader.getResourceAsStream("clientstore.jks"), "cspass".toCharArray());
    Properties signingProperties = new Properties();
    signingProperties.put(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, SignatureAlgorithm.RS256.name());
    signingProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
    signingProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myclientkey");
    signingProperties.put(JoseConstants.RSSEC_KEY_PSWD, "ckpass");
    JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
    JwsSignatureProvider sigProvider = JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
    String signedToken = jws.signWith(sigProvider);
    // Store the JWT token in the token cache
    File tokenCache = new File(basedir + "/target/tokencache.txt");
    if (!tokenCache.exists()) {
        tokenCache.createNewFile();
    }
    TokenCache.writeToken(signedToken, tokenCache.getPath());
    // 3. Now log in using JAAS
    LoginContext loginContext = new LoginContext("aliceTokenAuth", new KerberosCallbackHandler());
    loginContext.login();
    Subject clientSubject = loginContext.getSubject();
    // Set<Principal> clientPrincipals = clientSubject.getPrincipals();
    // assertFalse(clientPrincipals.isEmpty());
    // Get the TGT
    Set<KerberosTicket> privateCredentials = clientSubject.getPrivateCredentials(KerberosTicket.class);
    assertFalse(privateCredentials.isEmpty());
    // Get the service ticket using GSS
    KerberosClientExceptionAction action = new KerberosClientExceptionAction(new KerberosPrincipal("alice@service.ws.apache.org"), "bob@service.ws.apache.org");
    byte[] ticket = (byte[]) Subject.doAs(clientSubject, action);
    assertNotNull(ticket);
    loginContext.logout();
    validateServiceTicket(ticket);
    cCacheFile.delete();
    tokenCache.delete();
}
Also used : TgtTicket(org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) GSSCredential(org.ietf.jgss.GSSCredential) Credential(org.apache.kerby.kerberos.kerb.ccache.Credential) KerberosTicket(javax.security.auth.kerberos.KerberosTicket) JwtClaims(org.apache.cxf.rs.security.jose.jwt.JwtClaims) KrbClient(org.apache.kerby.kerberos.kerb.client.KrbClient) Properties(java.util.Properties) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) Date(java.util.Date) Subject(javax.security.auth.Subject) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) LoginContext(javax.security.auth.login.LoginContext) FileOutputStream(java.io.FileOutputStream) CredentialCache(org.apache.kerby.kerberos.kerb.ccache.CredentialCache) File(java.io.File) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)

Example 30 with JwsHeaders

use of org.apache.cxf.rs.security.jose.jws.JwsHeaders in project testcases by coheigea.

the class CXFKrbToken method sign.

public void sign() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
    KeyStore keystore = KeyStore.getInstance("JKS");
    keystore.load(Loader.getResourceAsStream("clientstore.jks"), "cspass".toCharArray());
    Properties signingProperties = new Properties();
    signingProperties.put(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, SignatureAlgorithm.RS256.name());
    signingProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
    signingProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myclientkey");
    signingProperties.put(JoseConstants.RSSEC_KEY_PSWD, "ckpass");
    JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
    JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
    JwsSignatureProvider sigProvider = JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
    String signedToken = jws.signWith(sigProvider);
    setTokenValue(signedToken.getBytes());
}
Also used : JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsJwtCompactProducer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer) Properties(java.util.Properties) KeyStore(java.security.KeyStore) JwsSignatureProvider(org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)

Aggregations

JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)42 JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)25 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)22 JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)20 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)20 Date (java.util.Date)16 Calendar (java.util.Calendar)11 JsonWebKey (org.apache.cxf.rs.security.jose.jwk.JsonWebKey)10 JsonWebKeys (org.apache.cxf.rs.security.jose.jwk.JsonWebKeys)10 HmacJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)10 NoneJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)10 SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)10 Test (org.junit.jupiter.api.Test)10 JwsJsonProducer (org.apache.cxf.rs.security.jose.jws.JwsJsonProducer)9 Test (org.junit.Test)9 AccessControlException (java.security.AccessControlException)8 WebClient (org.apache.cxf.jaxrs.client.WebClient)8 JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)8 Properties (java.util.Properties)7 Response (javax.ws.rs.core.Response)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial