Examples with JWT - org.apache.knox.gateway.services.security.token.impl.JWT

Example 26 with JWT

use of org.apache.knox.gateway.services.security.token.impl.JWT in project knox by apache.

the class DefaultTokenAuthorityService method issueToken.

@Override
public JWT issueToken(Principal p, List<String> audiences, String algorithm, long expires) throws TokenServiceException {
    String[] claimArray = new String[4];
    claimArray[0] = "KNOXSSO";
    claimArray[1] = p.getName();
    claimArray[2] = null;
    if (expires == -1) {
        claimArray[3] = null;
    } else {
        claimArray[3] = String.valueOf(expires);
    }
    JWT token = null;
    if (SUPPORTED_SIG_ALGS.contains(algorithm)) {
        token = new JWTToken(algorithm, claimArray, audiences);
        RSAPrivateKey key;
        char[] passphrase = null;
        try {
            passphrase = getSigningKeyPassphrase();
        } catch (AliasServiceException e) {
            throw new TokenServiceException(e);
        }
        try {
            key = (RSAPrivateKey) ks.getSigningKey(getSigningKeyAlias(), passphrase);
            JWSSigner signer = new RSASSASigner(key);
            token.sign(signer);
        } catch (KeystoreServiceException e) {
            throw new TokenServiceException(e);
        }
    } else {
        throw new TokenServiceException("Cannot issue token - Unsupported algorithm");
    }
    return token;
}

Also used : JWT(org.apache.knox.gateway.services.security.token.impl.JWT) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) KeystoreServiceException(org.apache.knox.gateway.services.security.KeystoreServiceException) JWTToken(org.apache.knox.gateway.services.security.token.impl.JWTToken) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWSSigner(com.nimbusds.jose.JWSSigner) TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException)

Example 27 with JWT

use of org.apache.knox.gateway.services.security.token.impl.JWT in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreationSignatureAlgorithm.

@Test
public void testTokenCreationSignatureAlgorithm() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    JWT token = ta.issueToken(principal, "RS512");
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertTrue(token.getHeader().contains("RS512"));
    assertTrue(ta.verifyToken(token));
}

Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Aggregations

JWT (org.apache.knox.gateway.services.security.token.impl.JWT)27 Principal (java.security.Principal)23 JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)22 HttpServletRequest (javax.servlet.http.HttpServletRequest)20 Test (org.junit.Test)20 JWTToken (org.apache.knox.gateway.services.security.token.impl.JWTToken)19 HttpServletResponse (javax.servlet.http.HttpServletResponse)18 GatewayServices (org.apache.knox.gateway.services.GatewayServices)18 ServletContext (javax.servlet.ServletContext)16 PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)10 PrintWriter (java.io.PrintWriter)9 StringWriter (java.io.StringWriter)9 Response (javax.ws.rs.core.Response)9 TokenResource (org.apache.knox.gateway.service.knoxtoken.TokenResource)9 Date (java.util.Date)8 ServletOutputStream (javax.servlet.ServletOutputStream)7 Cookie (javax.servlet.http.Cookie)7 TokenServiceException (org.apache.knox.gateway.services.security.token.TokenServiceException)5 File (java.io.File)4 GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)4