Search in sources :

Example 11 with JwsJwtCompactConsumer

use of org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTNearFutureCreatedLifetime.

/**
 * Issue JWT token with a near future Created Lifetime. This should pass as we allow a future
 * dated Lifetime up to 60 seconds to avoid clock skew problems.
 */
@org.junit.Test
public void testJWTNearFutureCreatedLifetime() throws Exception {
    int requestedLifetime = 60;
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to 1 minute
    Instant creationTime = Instant.now();
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    creationTime = creationTime.plusSeconds(10);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
    assertEquals(50, duration);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 12 with JwsJwtCompactConsumer

use of org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTValidLifetime.

/**
 * Issue JWT token with a valid requested lifetime
 */
@org.junit.Test
public void testJWTValidLifetime() throws Exception {
    int requestedLifetime = 60;
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to 1 minute
    Instant creationTime = Instant.now();
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
    assertEquals(requestedLifetime, duration);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 13 with JwsJwtCompactConsumer

use of org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer in project cxf by apache.

the class JWTProviderOnBehalfOfTest method testJWTOnBehalfOfUsernameToken.

/**
 * Create a JWT Token with OnBehalfOf from a UsernameToken
 */
@org.junit.Test
public void testJWTOnBehalfOfUsernameToken() throws Exception {
    TokenProvider tokenProvider = new JWTTokenProvider();
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue("bob");
    usernameToken.setUsername(username);
    JAXBElement<UsernameTokenType> usernameTokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE, usernameTokenType);
    // Principal must be set in ReceivedToken/OnBehalfOf
    providerParameters.getTokenRequirements().getOnBehalfOf().setPrincipal(new CustomTokenPrincipal(username.getValue()));
    assertTrue(tokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    // Validate the token
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertEquals("bob", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JAXBElement(javax.xml.bind.JAXBElement) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 14 with JwsJwtCompactConsumer

use of org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer in project cxf by apache.

the class JWTTokenProviderRealmTest method testRealms.

@org.junit.Test
public void testRealms() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    providerParameters.setRealm("A");
    // Create Realms
    Map<String, RealmProperties> jwtRealms = new HashMap<>();
    RealmProperties jwtRealm = new RealmProperties();
    jwtRealm.setIssuer("A-Issuer");
    jwtRealms.put("A", jwtRealm);
    jwtRealm = new RealmProperties();
    jwtRealm.setIssuer("B-Issuer");
    jwtRealms.put("B", jwtRealm);
    ((JWTTokenProvider) jwtTokenProvider).setRealmMap(jwtRealms);
    // Realm "A"
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE, "A"));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUER), "A-Issuer");
    // Realm "B"
    providerParameters.setRealm("B");
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE, "B"));
    providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    token = (String) providerResponse.getToken();
    assertNotNull(token);
    jwtConsumer = new JwsJwtCompactConsumer(token);
    jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUER), "B-Issuer");
    // Default Realm
    providerParameters.setRealm(null);
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE, null));
    providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    token = (String) providerResponse.getToken();
    assertNotNull(token);
    jwtConsumer = new JwsJwtCompactConsumer(token);
    jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUER), "STS");
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) HashMap(java.util.HashMap) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) RealmProperties(org.apache.cxf.sts.token.realm.RealmProperties) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 15 with JwsJwtCompactConsumer

use of org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer in project cxf by apache.

the class JWTTokenProviderTest method testCachedSignedJWT.

@org.junit.Test
public void testCachedSignedJWT() throws Exception {
    TokenProvider jwtTokenProvider = new JWTTokenProvider();
    ((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
    TokenProviderParameters providerParameters = createProviderParameters();
    assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    assertTrue(token.split("\\.").length == 3);
    // Validate the token
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
    Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
    Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
    Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
    // Check that the token is stored correctly in the cache
    String signature = token.substring(token.lastIndexOf(".") + 1);
    SecurityToken secToken = tokenStore.getToken(Integer.toString(Arrays.hashCode(signature.getBytes())));
    Assert.assertNotNull(secToken);
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Aggregations

JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)76 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)61 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)33 Response (javax.ws.rs.core.Response)20 WebClient (org.apache.cxf.jaxrs.client.WebClient)18 URL (java.net.URL)17 Element (org.w3c.dom.Element)15 JAXBElement (javax.xml.bind.JAXBElement)13 Crypto (org.apache.wss4j.common.crypto.Crypto)13 KeyStore (java.security.KeyStore)12 X509Certificate (java.security.cert.X509Certificate)12 ArrayList (java.util.ArrayList)10 Date (java.util.Date)10 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)10 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)10 CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)10 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)10 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)9 Document (org.w3c.dom.Document)9 Certificate (java.security.cert.Certificate)8