Examples with JWTTokenProvider org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider used on opensource projects

Example 16 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTTokenProviderTest method testCreateSignedPSJWT.

@org.junit.Test
public void testCreateSignedPSJWT() throws Exception {
    try {
        Security.addProvider(new BouncyCastleProvider());
        TokenProvider jwtTokenProvider = new JWTTokenProvider();
        ((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
        TokenProviderParameters providerParameters = createProviderParameters();
        SignatureProperties sigProps = new SignatureProperties();
        sigProps.setSignatureAlgorithm(SignatureAlgorithm.PS256.name());
        providerParameters.getStsProperties().setSignatureProperties(sigProps);
        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
        String token = (String) providerResponse.getToken();
        assertNotNull(token);
        assertTrue(token.split("\\.").length == 3);
        // Validate the token
        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
        JwtToken jwt = jwtConsumer.getJwtToken();
        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
        Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
        Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
        // Verify Signature
        Crypto crypto = providerParameters.getStsProperties().getSignatureCrypto();
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(providerParameters.getStsProperties().getSignatureUsername());
        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
        assertNotNull(certs);
        assertFalse(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256));
        assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.PS256));
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}

Example 17 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class JWTTokenProviderTest method testCreateUnsignedEncryptedCBCJWT.

@org.junit.Test
public void testCreateUnsignedEncryptedCBCJWT() throws Exception {
    try {
        Security.addProvider(new BouncyCastleProvider());
        TokenProvider jwtTokenProvider = new JWTTokenProvider();
        ((JWTTokenProvider) jwtTokenProvider).setSignToken(false);
        TokenProviderParameters providerParameters = createProviderParameters();
        providerParameters.setEncryptToken(true);
        providerParameters.getEncryptionProperties().setEncryptionAlgorithm(ContentAlgorithm.A128CBC_HS256.name());
        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
        String token = (String) providerResponse.getToken();
        assertNotNull(token);
        assertTrue(token.split("\\.").length == 5);
        if (unrestrictedPoliciesInstalled) {
            // Validate the token
            JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(token);
            Properties decProperties = new Properties();
            Crypto decryptionCrypto = CryptoFactory.getInstance(getDecryptionProperties());
            KeyStore keystore = ((Merlin) decryptionCrypto).getKeyStore();
            decProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
            decProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myservicekey");
            decProperties.put(JoseConstants.RSSEC_KEY_PSWD, "skpass");
            decProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, ContentAlgorithm.A128CBC_HS256.name());
            JweDecryptionProvider decProvider = JweUtils.loadDecryptionProvider(decProperties, jwtConsumer.getHeaders());
            JweDecryptionOutput decOutput = decProvider.decrypt(token);
            String decToken = decOutput.getContentText();
            JwsJwtCompactConsumer jwtJwsConsumer = new JwsJwtCompactConsumer(decToken);
            JwtToken jwt = jwtJwsConsumer.getJwtToken();
            Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
            Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
            Assert.assertEquals(providerResponse.getCreated().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
            Assert.assertEquals(providerResponse.getExpires().getEpochSecond(), jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
        }
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}

Example 18 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class IssueJWTRealmUnitTest method testIssueJWTTokenRealmA.

/**
 * Test to successfully issue a JWT token in realm "A".
 */
@org.junit.Test
public void testIssueJWTTokenRealmA() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    JWTTokenProvider provider = new JWTTokenProvider();
    provider.setRealmMap(createRealms());
    providerList.add(provider);
    issueOperation.setTokenProviders(providerList);
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    stsProperties.setRealmParser(new CustomRealmParser());
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, JWTTokenProvider.JWT_TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    msgCtx.put("url", "ldap");
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Issue a token
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, principal, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
    // Test the generated token.
    Element token = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            token = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(token);
    validateToken(token.getTextContent(), "A-Issuer", stsProperties.getSignatureUsername(), crypto);
}

Example 19 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class IssueJWTRealmUnitTest method testIssueJWTTokenDefaultRealm.

/**
 * Test to successfully issue a JWT token in the default realm.
 */
@org.junit.Test
public void testIssueJWTTokenDefaultRealm() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    JWTTokenProvider provider = new JWTTokenProvider();
    provider.setRealmMap(createRealms());
    providerList.add(provider);
    issueOperation.setTokenProviders(providerList);
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    stsProperties.setRealmParser(new CustomRealmParser());
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, JWTTokenProvider.JWT_TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    msgCtx.put("url", "unknown");
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Issue a token
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, principal, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
    // Test the generated token.
    Element token = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            token = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(token);
    validateToken(token.getTextContent(), "STS", stsProperties.getSignatureUsername(), crypto);
}

Example 20 with JWTTokenProvider

use of org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider in project cxf by apache.

the class IssueJWTRealmUnitTest method testIssueJWTTokenRealmBCustomCrypto.

/**
 * Test to successfully issue a JWT token in realm "B"
 * using crypto definition in RealmProperties
 */
@org.junit.Test
public void testIssueJWTTokenRealmBCustomCrypto() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    JWTTokenProvider provider = new JWTTokenProvider();
    provider.setRealmMap(createRealms());
    providerList.add(provider);
    issueOperation.setTokenProviders(providerList);
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    stsProperties.setRealmParser(new CustomRealmParser());
    issueOperation.setStsProperties(stsProperties);
    // Set signature properties in Realm B
    Map<String, RealmProperties> realms = provider.getRealmMap();
    RealmProperties realm = realms.get("B");
    realm.setSignatureCrypto(crypto);
    realm.setCallbackHandler(new PasswordCallbackHandler());
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, JWTTokenProvider.JWT_TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    msgCtx.put("url", "https");
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // no signature alias defined
    try {
        issueOperation.issue(request, principal, msgCtx);
        fail("Failure expected on no encryption name");
    } catch (STSException ex) {
    // expected
    }
    realm.setSignatureAlias("mystskey");
    // Issue a token
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, principal, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
    // Test the generated token.
    Element token = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            token = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(token);
    validateToken(token.getTextContent(), "B-Issuer", stsProperties.getSignatureUsername(), crypto);
}