Example 1 with JwsHeaderBuilder
use of org.forgerock.json.jose.builders.JwsHeaderBuilder in project OpenAM by OpenRock.
the class OpenIdConnectToken method sign.
/**
* Signs the OpenId Connect token.
*
* @return A SignedJwt
* @throws SignatureException If an error occurs with the signing of the OpenId Connect token.
*/
public SignedJwt sign() throws SignatureException {
final JwsAlgorithm jwsAlgorithm = JwsAlgorithm.valueOf(algorithm);
if (jwsAlgorithm == null) {
logger.error("Unable to find jws algorithm for: " + algorithm);
throw new SignatureException();
}
final SigningHandler signingHandler;
if (JwsAlgorithmType.RSA.equals(jwsAlgorithm.getAlgorithmType())) {
signingHandler = new SigningManager().newRsaSigningHandler(keyPair.getPrivate());
} else {
signingHandler = new SigningManager().newHmacSigningHandler(clientSecret);
}
JwsHeaderBuilder builder = jwtBuilderFactory.jws(signingHandler).headers().alg(jwsAlgorithm);
JwtClaimsSet claimsSet = jwtBuilderFactory.claims().claims(asMap()).build();
if (kid != null) {
builder.kid(kid);
}
return builder.done().claims(claimsSet).asJwt();
}
Also used :
JwsAlgorithm(org.forgerock.json.jose.jws.JwsAlgorithm)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
SignatureException(java.security.SignatureException)
JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder)
SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)
SigningManager(org.forgerock.json.jose.jws.SigningManager)
Example 2 with JwsHeaderBuilder
use of org.forgerock.json.jose.builders.JwsHeaderBuilder in project OpenAM by OpenRock.
the class AuthIdHelperTest method setUp.
@BeforeMethod
public void setUp() {
coreServicesWrapper = mock(CoreServicesWrapper.class);
jwtBuilderFactory = mock(JwtBuilderFactory.class);
signingManager = mock(SigningManager.class);
authIdHelper = new AuthIdHelper(coreServicesWrapper, jwtBuilderFactory, signingManager);
jwsHeaderBuilder = mock(JwsHeaderBuilder.class);
claimsSetBuilder = mock(JwtClaimsSetBuilder.class);
JwtClaimsSet claimsSet = mock(JwtClaimsSet.class);
SignedJwtBuilderImpl signedJwtBuilder = mock(SignedJwtBuilderImpl.class);
given(jwtBuilderFactory.claims()).willReturn(claimsSetBuilder);
given(claimsSetBuilder.claim(anyString(), anyObject())).willReturn(claimsSetBuilder);
given(claimsSetBuilder.claims(anyMap())).willReturn(claimsSetBuilder);
given(claimsSetBuilder.build()).willReturn(claimsSet);
given(jwtBuilderFactory.jws(Matchers.<SigningHandler>anyObject())).willReturn(signedJwtBuilder);
given(signedJwtBuilder.headers()).willReturn(jwsHeaderBuilder);
given(jwsHeaderBuilder.alg(Matchers.<Algorithm>anyObject())).willReturn(jwsHeaderBuilder);
given(jwsHeaderBuilder.done()).willReturn(signedJwtBuilder);
given(signedJwtBuilder.claims(claimsSet)).willReturn(signedJwtBuilder);
given(signedJwtBuilder.build()).willReturn("JWT_STRING");
}
Also used :
CoreServicesWrapper(org.forgerock.openam.core.rest.authn.core.wrappers.CoreServicesWrapper)
JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwtClaimsSetBuilder(org.forgerock.json.jose.builders.JwtClaimsSetBuilder)
SignedJwtBuilderImpl(org.forgerock.json.jose.builders.SignedJwtBuilderImpl)
JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder)
SigningManager(org.forgerock.json.jose.jws.SigningManager)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 3 with JwsHeaderBuilder
use of org.forgerock.json.jose.builders.JwsHeaderBuilder in project OpenAM by OpenRock.
the class OpenIdConnectTokenGenerationImpl method asymmetricSign.
private SignedJwt asymmetricSign(STSOpenIdConnectToken openIdConnectToken, JwsAlgorithm jwsAlgorithm, KeyPair keyPair, OpenIdConnectTokenPublicKeyReferenceType publicKeyReferenceType) throws TokenCreationException {
if (!JwsAlgorithmType.RSA.equals(jwsAlgorithm.getAlgorithmType())) {
throw new TokenCreationException(ResourceException.BAD_REQUEST, "Exception in " + "OpenIdConnectTokenGenerationImpl#symmetricSign: algorithm type not RSA but " + jwsAlgorithm.getAlgorithmType());
}
final SigningHandler signingHandler = new SigningManager().newRsaSigningHandler(keyPair.getPrivate());
JwsHeaderBuilder jwsHeaderBuilder = jwtBuilderFactory.jws(signingHandler).headers().alg(jwsAlgorithm);
JwtClaimsSet claimsSet = jwtBuilderFactory.claims().claims(openIdConnectToken.asMap()).build();
RSAPublicKey rsaPublicKey;
try {
rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
} catch (ClassCastException e) {
throw new TokenCreationException(ResourceException.BAD_REQUEST, "Could not sign jwt with algorithm " + jwsAlgorithm + " because the PublicKey not of type RSAPublicKey but rather " + (keyPair.getPublic() != null ? keyPair.getPublic().getClass().getCanonicalName() : null));
}
handleKeyIdentification(jwsHeaderBuilder, publicKeyReferenceType, rsaPublicKey, jwsAlgorithm);
return jwsHeaderBuilder.done().claims(claimsSet).asJwt();
}
Also used :
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)
SigningManager(org.forgerock.json.jose.jws.SigningManager)
Example 4 with JwsHeaderBuilder
use of org.forgerock.json.jose.builders.JwsHeaderBuilder in project OpenAM by OpenRock.
the class OpenIdConnectTokenGenerationImpl method symmetricSign.
private SignedJwt symmetricSign(STSOpenIdConnectToken openIdConnectToken, JwsAlgorithm jwsAlgorithm, byte[] clientSecret) throws TokenCreationException {
if (!JwsAlgorithmType.HMAC.equals(jwsAlgorithm.getAlgorithmType())) {
throw new TokenCreationException(ResourceException.BAD_REQUEST, "Exception in " + "OpenIdConnectTokenGenerationImpl#symmetricSign: algorithm type not HMAC but " + jwsAlgorithm.getAlgorithmType());
}
final SigningHandler signingHandler = new SigningManager().newHmacSigningHandler(clientSecret);
JwsHeaderBuilder builder = jwtBuilderFactory.jws(signingHandler).headers().alg(jwsAlgorithm);
JwtClaimsSet claimsSet = jwtBuilderFactory.claims().claims(openIdConnectToken.asMap()).build();
return builder.done().claims(claimsSet).asJwt();
}
Also used :
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)
SigningManager(org.forgerock.json.jose.jws.SigningManager)
Aggregations
JwsHeaderBuilder (org.forgerock.json.jose.builders.JwsHeaderBuilder)4
SigningManager (org.forgerock.json.jose.jws.SigningManager)4
JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)4
SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)3
TokenCreationException (org.forgerock.openam.sts.TokenCreationException)2
SignatureException (java.security.SignatureException)1
RSAPublicKey (java.security.interfaces.RSAPublicKey)1
JwtBuilderFactory (org.forgerock.json.jose.builders.JwtBuilderFactory)1
JwtClaimsSetBuilder (org.forgerock.json.jose.builders.JwtClaimsSetBuilder)1
SignedJwtBuilderImpl (org.forgerock.json.jose.builders.SignedJwtBuilderImpl)1
JwsAlgorithm (org.forgerock.json.jose.jws.JwsAlgorithm)1
CoreServicesWrapper (org.forgerock.openam.core.rest.authn.core.wrappers.CoreServicesWrapper)1
BeforeMethod (org.testng.annotations.BeforeMethod)1
