Search in sources :

Example 1 with JwsHeaderBuilder

use of org.forgerock.json.jose.builders.JwsHeaderBuilder in project OpenAM by OpenRock.

the class OpenIdConnectToken method sign.

/**
     * Signs the OpenId Connect token.
     *
     * @return A SignedJwt
     * @throws SignatureException If an error occurs with the signing of the OpenId Connect token.
     */
public SignedJwt sign() throws SignatureException {
    final JwsAlgorithm jwsAlgorithm = JwsAlgorithm.valueOf(algorithm);
    if (jwsAlgorithm == null) {
        logger.error("Unable to find jws algorithm for: " + algorithm);
        throw new SignatureException();
    }
    final SigningHandler signingHandler;
    if (JwsAlgorithmType.RSA.equals(jwsAlgorithm.getAlgorithmType())) {
        signingHandler = new SigningManager().newRsaSigningHandler(keyPair.getPrivate());
    } else {
        signingHandler = new SigningManager().newHmacSigningHandler(clientSecret);
    }
    JwsHeaderBuilder builder = jwtBuilderFactory.jws(signingHandler).headers().alg(jwsAlgorithm);
    JwtClaimsSet claimsSet = jwtBuilderFactory.claims().claims(asMap()).build();
    if (kid != null) {
        builder.kid(kid);
    }
    return builder.done().claims(claimsSet).asJwt();
}
Also used : JwsAlgorithm(org.forgerock.json.jose.jws.JwsAlgorithm) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) SignatureException(java.security.SignatureException) JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder) SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler) SigningManager(org.forgerock.json.jose.jws.SigningManager)

Example 2 with JwsHeaderBuilder

use of org.forgerock.json.jose.builders.JwsHeaderBuilder in project OpenAM by OpenRock.

the class AuthIdHelperTest method setUp.

@BeforeMethod
public void setUp() {
    coreServicesWrapper = mock(CoreServicesWrapper.class);
    jwtBuilderFactory = mock(JwtBuilderFactory.class);
    signingManager = mock(SigningManager.class);
    authIdHelper = new AuthIdHelper(coreServicesWrapper, jwtBuilderFactory, signingManager);
    jwsHeaderBuilder = mock(JwsHeaderBuilder.class);
    claimsSetBuilder = mock(JwtClaimsSetBuilder.class);
    JwtClaimsSet claimsSet = mock(JwtClaimsSet.class);
    SignedJwtBuilderImpl signedJwtBuilder = mock(SignedJwtBuilderImpl.class);
    given(jwtBuilderFactory.claims()).willReturn(claimsSetBuilder);
    given(claimsSetBuilder.claim(anyString(), anyObject())).willReturn(claimsSetBuilder);
    given(claimsSetBuilder.claims(anyMap())).willReturn(claimsSetBuilder);
    given(claimsSetBuilder.build()).willReturn(claimsSet);
    given(jwtBuilderFactory.jws(Matchers.<SigningHandler>anyObject())).willReturn(signedJwtBuilder);
    given(signedJwtBuilder.headers()).willReturn(jwsHeaderBuilder);
    given(jwsHeaderBuilder.alg(Matchers.<Algorithm>anyObject())).willReturn(jwsHeaderBuilder);
    given(jwsHeaderBuilder.done()).willReturn(signedJwtBuilder);
    given(signedJwtBuilder.claims(claimsSet)).willReturn(signedJwtBuilder);
    given(signedJwtBuilder.build()).willReturn("JWT_STRING");
}
Also used : CoreServicesWrapper(org.forgerock.openam.core.rest.authn.core.wrappers.CoreServicesWrapper) JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) JwtClaimsSetBuilder(org.forgerock.json.jose.builders.JwtClaimsSetBuilder) SignedJwtBuilderImpl(org.forgerock.json.jose.builders.SignedJwtBuilderImpl) JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder) SigningManager(org.forgerock.json.jose.jws.SigningManager) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 3 with JwsHeaderBuilder

use of org.forgerock.json.jose.builders.JwsHeaderBuilder in project OpenAM by OpenRock.

the class OpenIdConnectTokenGenerationImpl method asymmetricSign.

private SignedJwt asymmetricSign(STSOpenIdConnectToken openIdConnectToken, JwsAlgorithm jwsAlgorithm, KeyPair keyPair, OpenIdConnectTokenPublicKeyReferenceType publicKeyReferenceType) throws TokenCreationException {
    if (!JwsAlgorithmType.RSA.equals(jwsAlgorithm.getAlgorithmType())) {
        throw new TokenCreationException(ResourceException.BAD_REQUEST, "Exception in " + "OpenIdConnectTokenGenerationImpl#symmetricSign: algorithm type not RSA but " + jwsAlgorithm.getAlgorithmType());
    }
    final SigningHandler signingHandler = new SigningManager().newRsaSigningHandler(keyPair.getPrivate());
    JwsHeaderBuilder jwsHeaderBuilder = jwtBuilderFactory.jws(signingHandler).headers().alg(jwsAlgorithm);
    JwtClaimsSet claimsSet = jwtBuilderFactory.claims().claims(openIdConnectToken.asMap()).build();
    RSAPublicKey rsaPublicKey;
    try {
        rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
    } catch (ClassCastException e) {
        throw new TokenCreationException(ResourceException.BAD_REQUEST, "Could not sign jwt with algorithm " + jwsAlgorithm + " because the PublicKey not of type RSAPublicKey but rather " + (keyPair.getPublic() != null ? keyPair.getPublic().getClass().getCanonicalName() : null));
    }
    handleKeyIdentification(jwsHeaderBuilder, publicKeyReferenceType, rsaPublicKey, jwsAlgorithm);
    return jwsHeaderBuilder.done().claims(claimsSet).asJwt();
}
Also used : JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) RSAPublicKey(java.security.interfaces.RSAPublicKey) JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler) SigningManager(org.forgerock.json.jose.jws.SigningManager)

Example 4 with JwsHeaderBuilder

use of org.forgerock.json.jose.builders.JwsHeaderBuilder in project OpenAM by OpenRock.

the class OpenIdConnectTokenGenerationImpl method symmetricSign.

private SignedJwt symmetricSign(STSOpenIdConnectToken openIdConnectToken, JwsAlgorithm jwsAlgorithm, byte[] clientSecret) throws TokenCreationException {
    if (!JwsAlgorithmType.HMAC.equals(jwsAlgorithm.getAlgorithmType())) {
        throw new TokenCreationException(ResourceException.BAD_REQUEST, "Exception in " + "OpenIdConnectTokenGenerationImpl#symmetricSign: algorithm type not HMAC but " + jwsAlgorithm.getAlgorithmType());
    }
    final SigningHandler signingHandler = new SigningManager().newHmacSigningHandler(clientSecret);
    JwsHeaderBuilder builder = jwtBuilderFactory.jws(signingHandler).headers().alg(jwsAlgorithm);
    JwtClaimsSet claimsSet = jwtBuilderFactory.claims().claims(openIdConnectToken.asMap()).build();
    return builder.done().claims(claimsSet).asJwt();
}
Also used : JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler) SigningManager(org.forgerock.json.jose.jws.SigningManager)

Aggregations

JwsHeaderBuilder (org.forgerock.json.jose.builders.JwsHeaderBuilder)4 SigningManager (org.forgerock.json.jose.jws.SigningManager)4 JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)4 SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)3 TokenCreationException (org.forgerock.openam.sts.TokenCreationException)2 SignatureException (java.security.SignatureException)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 JwtBuilderFactory (org.forgerock.json.jose.builders.JwtBuilderFactory)1 JwtClaimsSetBuilder (org.forgerock.json.jose.builders.JwtClaimsSetBuilder)1 SignedJwtBuilderImpl (org.forgerock.json.jose.builders.SignedJwtBuilderImpl)1 JwsAlgorithm (org.forgerock.json.jose.jws.JwsAlgorithm)1 CoreServicesWrapper (org.forgerock.openam.core.rest.authn.core.wrappers.CoreServicesWrapper)1 BeforeMethod (org.testng.annotations.BeforeMethod)1