Example 96 with JwtToken
use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project cxf by apache.
the class JWTTokenProviderTest method testCreateUnsignedEncryptedJWT.
@org.junit.Test
public void testCreateUnsignedEncryptedJWT() throws Exception {
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(false);
TokenProviderParameters providerParameters = createProviderParameters();
providerParameters.setEncryptToken(true);
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 5);
if (unrestrictedPoliciesInstalled) {
// Validate the token
JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
Properties decProperties = new Properties();
Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
JweDecryptionOutput decOutput = decProvider.decrypt(token);
String decToken = decOutput.getContentText();
JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
JwtToken jwt = jwtJwsConsumer.getJwtToken();
Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
}
}
Also used :
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties)
SignatureProperties(org.apache.cxf.sts.SignatureProperties)
Properties(java.util.Properties)
KeyStore(java.security.KeyStore)
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
Crypto(org.apache.wss4j.common.crypto.Crypto)
JweDecryptionOutput(org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)
JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)
JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)
JweJwtCompactConsumer(org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer)
Merlin(org.apache.wss4j.common.crypto.Merlin)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
Example 97 with JwtToken
use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project cxf by apache.
the class STSRESTTest method testIssueJWTTokenClaims.
@org.junit.Test
public void testIssueJWTTokenClaims() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
WebClient client = WebClient.create(address, busFile.toString());
client.accept("text/plain");
client.path("jwt");
// First check that the role isn't usually in the generated token
Response response = client.get();
String token = response.readEntity(String.class);
assertNotNull(token);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
assertTrue(jwt.getClaim("roles") == null);
// Now get another token specifying the role
client.query("claim", "roles");
response = client.get();
token = response.readEntity(String.class);
assertNotNull(token);
// Process the token
validateJWTToken(token, null);
jwtConsumer = new JwsJwtCompactConsumer(token);
jwt = jwtConsumer.getJwtToken();
assertEquals("ordinary-user", jwt.getClaim("roles"));
bus.shutdown(true);
}
Also used :
Response(javax.ws.rs.core.Response)
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
Bus(org.apache.cxf.Bus)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
URL(java.net.URL)
Example 98 with JwtToken
use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project cxf by apache.
the class STSRESTTest method validateJWTToken.
private void validateJWTToken(String token, String audience) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
// Validate claims
Assert.assertEquals("DoubleItSTSIssuer", jwt.getClaim(JwtConstants.CLAIM_ISSUER));
if (audience != null) {
@SuppressWarnings("unchecked") List<String> audiences = (List<String>) jwt.getClaim(JwtConstants.CLAIM_AUDIENCE);
assertEquals(1, audiences.size());
Assert.assertEquals(audience, audiences.get(0));
}
Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(Loader.getResource("keys/servicestore.jks").openStream(), "sspass".toCharArray());
Certificate cert = keystore.getCertificate("mystskey");
Assert.assertNotNull(cert);
Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate) cert, SignatureAlgorithm.RS256));
}
Also used :
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)
List(java.util.List)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 99 with JwtToken
use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project cxf by apache.
the class JwsCompactReaderWriterTest method initSpecJwtTokenWriter.
private JwsCompactProducer initSpecJwtTokenWriter(JwsHeaders jwsHeaders) throws Exception {
JwtClaims claims = new JwtClaims();
claims.setIssuer("joe");
claims.setExpiryTime(1300819380L);
claims.setClaim("http://example.com/is_root", Boolean.TRUE);
JwtToken token = new JwtToken(jwsHeaders, claims);
return new JwsJwtCompactProducer(token, getWriter());
}Example 100 with JwtToken
use of org.apache.cxf.rs.security.jose.jwt.JwtToken in project cxf by apache.
the class JwsCompactReaderWriterTest method testWriteReadJwsUnsigned.
@Test
public void testWriteReadJwsUnsigned() throws Exception {
JwsHeaders headers = new JwsHeaders(JoseType.JWT);
headers.setSignatureAlgorithm(SignatureAlgorithm.NONE);
JwtClaims claims = new JwtClaims();
claims.setIssuer("https://jwt-idp.example.com");
claims.setSubject("mailto:mike@example.com");
claims.setAudiences(Collections.singletonList("https://jwt-rp.example.net"));
claims.setNotBefore(1300815780L);
claims.setExpiryTime(1300819380L);
claims.setClaim("http://claims.example.com/member", true);
JwsCompactProducer writer = new JwsJwtCompactProducer(headers, claims);
String signed = writer.getSignedEncodedJws();
JwsJwtCompactConsumer reader = new JwsJwtCompactConsumer(signed);
assertEquals(0, reader.getDecodedSignature().length);
JwtToken token = reader.getJwtToken();
assertEquals(new JwtToken(headers, claims), token);
}Aggregations
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)132
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)62
JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)61
WebClient (org.apache.cxf.jaxrs.client.WebClient)57
URL (java.net.URL)56
Response (javax.ws.rs.core.Response)54
ArrayList (java.util.ArrayList)44
HashMap (java.util.HashMap)38
JacksonJsonProvider (com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider)35
JwtAuthenticationClientFilter (org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter)35
JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)33
Book (org.apache.cxf.systest.jaxrs.security.Book)28
Date (java.util.Date)20
JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)20
JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)19
KeyStore (java.security.KeyStore)14
JAXBElement (javax.xml.bind.JAXBElement)13
Crypto (org.apache.wss4j.common.crypto.Crypto)13
X509Certificate (java.security.cert.X509Certificate)12
Element (org.w3c.dom.Element)12
