use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class OIDCNegativeTest method testJWTRequestNonmatchingClientId.
@org.junit.Test
public void testJWTRequestNonmatchingClientId() throws Exception {
URL busFile = OIDCNegativeTest.class.getResource("client.xml");
String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
JwtClaims claims = new JwtClaims();
claims.setIssuer("consumer-id");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
claims.setProperty("client_id", "consumer-id2");
JwsHeaders headers = new JwsHeaders();
headers.setAlgorithm("none");
JwtToken token = new JwtToken(headers, claims);
JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
String request = jws.getSignedEncodedJws();
AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
parameters.setConsumerId("consumer-id");
parameters.setScope("openid");
parameters.setResponseType("code");
parameters.setPath("authorize/");
parameters.setRequest(request);
// Get Authorization Code
try {
OAuth2TestUtils.getLocation(client, parameters);
fail("Failure expected on a non-matching client id");
} catch (ResponseProcessingException ex) {
// expected
}
}
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class OIDCNegativeTest method testJWTRequestNonmatchingResponseType.
@org.junit.Test
public void testJWTRequestNonmatchingResponseType() throws Exception {
URL busFile = OIDCNegativeTest.class.getResource("client.xml");
String address = "https://localhost:" + PORT + "/unsignedjwtservices/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
JwtClaims claims = new JwtClaims();
claims.setIssuer("consumer-id");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
claims.setProperty("response_type", "token");
JwsHeaders headers = new JwsHeaders();
headers.setAlgorithm("none");
JwtToken token = new JwtToken(headers, claims);
JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
String request = jws.getSignedEncodedJws();
AuthorizationCodeParameters parameters = new AuthorizationCodeParameters();
parameters.setConsumerId("consumer-id");
parameters.setScope("openid");
parameters.setResponseType("code");
parameters.setPath("authorize/");
parameters.setRequest(request);
// Get Authorization Code
try {
OAuth2TestUtils.getLocation(client, parameters);
fail("Failure expected on a non-matching response_type");
} catch (ResponseProcessingException ex) {
// expected
}
}
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class OAuth2TestUtils method createToken.
public static String createToken(String issuer, String subject, String audience, boolean expiry, boolean sign) {
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject(subject);
if (issuer != null) {
claims.setIssuer(issuer);
}
Instant now = Instant.now();
claims.setIssuedAt(now.getEpochSecond());
if (expiry) {
claims.setExpiryTime(now.plusSeconds(60L).getEpochSecond());
}
if (audience != null) {
claims.setAudiences(Collections.singletonList(audience));
}
if (sign) {
// Sign the JWT Token
Properties signingProperties = new Properties();
signingProperties.put("rs.security.keystore.type", "jks");
signingProperties.put("rs.security.keystore.password", "password");
signingProperties.put("rs.security.keystore.alias", "alice");
signingProperties.put("rs.security.keystore.file", "keys/alice.jks");
signingProperties.put("rs.security.key.password", "password");
signingProperties.put("rs.security.signature.algorithm", "RS256");
JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
JwsSignatureProvider sigProvider = JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
return jws.signWith(sigProvider);
}
JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE);
JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
return jws.getSignedEncodedJws();
}
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class JWTAlgorithmTest method testBadEncryptingKey.
@org.junit.Test
public void testBadEncryptingKey() throws Exception {
if (!SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
return;
}
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
JwtAuthenticationClientFilter clientFilter = new JwtAuthenticationClientFilter();
clientFilter.setJwsRequired(false);
clientFilter.setJweRequired(true);
providers.add(clientFilter);
String address = "https://localhost:" + PORT + "/encryptedjwt/bookstore/books";
WebClient client = WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jwk");
properties.put("rs.security.keystore.alias", "AliceCert");
properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt");
properties.put("rs.security.encryption.content.algorithm", "A128GCM");
properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertNotEquals(response.getStatus(), 200);
}
use of org.apache.cxf.rs.security.jose.jwt.JwtClaims in project cxf by apache.
the class JWTAlgorithmTest method testBadSigningKey.
@org.junit.Test
public void testBadSigningKey() throws Exception {
URL busFile = JWTAlgorithmTest.class.getResource("client.xml");
List<Object> providers = new ArrayList<>();
providers.add(new JacksonJsonProvider());
providers.add(new JwtAuthenticationClientFilter());
String address = "https://localhost:" + PORT + "/signedjwt/bookstore/books";
WebClient client = WebClient.create(address, providers, busFile.toString());
client.type("application/json").accept("application/json");
// Create the JWT Token
JwtClaims claims = new JwtClaims();
claims.setSubject("alice");
claims.setIssuer("DoubleItSTSIssuer");
claims.setIssuedAt(Instant.now().getEpochSecond());
claims.setAudiences(toList(address));
JwtToken token = new JwtToken(claims);
Map<String, Object> properties = new HashMap<>();
properties.put("rs.security.keystore.type", "jks");
properties.put("rs.security.keystore.password", "password");
properties.put("rs.security.key.password", "password");
properties.put("rs.security.keystore.alias", "alice");
properties.put("rs.security.keystore.file", "keys/alice.jks");
properties.put("rs.security.signature.algorithm", "RS256");
properties.put(JwtConstants.JWT_TOKEN, token);
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
assertNotEquals(response.getStatus(), 200);
}
Aggregations