Examples with JwtBuilderFactory org.forgerock.json.jose.builders.JwtBuilderFactory used on opensource projects

Search in sources :

Example 1 with JwtBuilderFactory

use of org.forgerock.json.jose.builders.JwtBuilderFactory in project OpenAM by OpenRock.

the class OpenIdConnectTokenGenerationImplTest method testRSAOpenIdConnectTokenGeneration.

@Test
public void testRSAOpenIdConnectTokenGeneration() throws TokenCreationException {
    SSOTokenIdentity mockSSOTokenIdentity = mock(SSOTokenIdentity.class);
    when(mockSSOTokenIdentity.validateAndGetTokenPrincipal(any(SSOToken.class))).thenReturn(SUBJECT_NAME);
    SSOToken mockSSOToken = mock(SSOToken.class);
    STSInstanceState mockSTSInstanceState = mock(STSInstanceState.class);
    STSInstanceConfig mockSTSInstanceConfig = mock(STSInstanceConfig.class);
    when(mockSTSInstanceState.getConfig()).thenReturn(mockSTSInstanceConfig);
    OpenIdConnectTokenConfig openIdConnectTokenConfig = buildRSAOpenIdConnectTokenConfig();
    when(mockSTSInstanceConfig.getOpenIdConnectTokenConfig()).thenReturn(openIdConnectTokenConfig);
    OpenIdConnectTokenPKIProviderImpl tokenCryptoProvider = new OpenIdConnectTokenPKIProviderImpl(openIdConnectTokenConfig);
    when(mockSTSInstanceState.getOpenIdConnectTokenPKIProvider()).thenReturn(tokenCryptoProvider);
    TokenGenerationServiceInvocationState mockTokenGenerationInvocationState = mock(TokenGenerationServiceInvocationState.class);
    OpenIdConnectTokenClaimMapperProvider mockClaimMapperProvider = mock(OpenIdConnectTokenClaimMapperProvider.class);
    OpenIdConnectTokenClaimMapper mockClaimMapper = mock(OpenIdConnectTokenClaimMapper.class);
    when(mockClaimMapperProvider.getClaimMapper(any(OpenIdConnectTokenConfig.class))).thenReturn(mockClaimMapper);
    when(mockClaimMapper.getCustomClaims(mockSSOToken, mappedClaimConfig)).thenReturn(mappedClaimAttributes);
    long authTime = System.currentTimeMillis() / 1000;
    OpenIdConnectTokenGenerationState openIdConnectTokenGenerationState = buildOpenIdConnectTokenGenerationState(authTime);
    when(mockTokenGenerationInvocationState.getOpenIdConnectTokenGenerationState()).thenReturn(openIdConnectTokenGenerationState);
    String oidcToken = new OpenIdConnectTokenGenerationImpl(mockSSOTokenIdentity, new JwtBuilderFactory(), mockClaimMapperProvider, mock(CTSTokenPersistence.class), mock(Logger.class)).generate(mockSSOToken, mockSTSInstanceState, mockTokenGenerationInvocationState);
    SignedJwt signedJwt = reconstructSignedJwt(oidcToken);
    JwtClaimsSet jwtClaimsSet = signedJwt.getClaimsSet();
    assertEquals(SUBJECT_NAME, jwtClaimsSet.getSubject());
    assertEquals(AUDIENCE, jwtClaimsSet.getAudience().get(0));
    assertEquals(AUTHN_CLASS_REFERENCE, jwtClaimsSet.getClaim("acr", String.class));
    assertEquals(ISSUER, jwtClaimsSet.getIssuer());
    assertEquals(EMAIL_CLAIM_VALUE, jwtClaimsSet.get(EMAIL_CLAIM_KEY).asString());
    assertTrue(verifyRSASignature(signedJwt, openIdConnectTokenConfig));
}
Also used : JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) SSOToken(com.iplanet.sso.SSOToken) STSInstanceState(org.forgerock.openam.sts.tokengeneration.state.STSInstanceState) SignedJwt(org.forgerock.json.jose.jws.SignedJwt) OpenIdConnectTokenConfig(org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig) TokenGenerationServiceInvocationState(org.forgerock.openam.sts.service.invocation.TokenGenerationServiceInvocationState) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) SSOTokenIdentity(org.forgerock.openam.sts.tokengeneration.SSOTokenIdentity) OpenIdConnectTokenPKIProviderImpl(org.forgerock.openam.sts.tokengeneration.oidc.crypto.OpenIdConnectTokenPKIProviderImpl) OpenIdConnectTokenGenerationState(org.forgerock.openam.sts.service.invocation.OpenIdConnectTokenGenerationState) STSInstanceConfig(org.forgerock.openam.sts.config.user.STSInstanceConfig) Test(org.testng.annotations.Test)

Example 2 with JwtBuilderFactory

use of org.forgerock.json.jose.builders.JwtBuilderFactory in project OpenAM by OpenRock.

the class JwtGenerator method main.

public static void main(String[] args) throws Exception {
    if (args.length != 3) {
        System.out.println("Usage: JwtGenerator <subject> <issuer> <audience>");
        System.exit(1);
    }
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(512);
    KeyPair keyPair = keyGen.genKeyPair();
    PublicKey publicKey = keyPair.getPublic();
    long validTime = System.currentTimeMillis() + 1000 * 60 * 60 * 24 / 2;
    String jwt = new JwtBuilderFactory().jws(new SigningManager().newRsaSigningHandler(keyPair.getPrivate())).headers().alg(JwsAlgorithm.RS256).done().claims(new JwtClaimsSet(json(object(field("iss", args[0]), field("sub", args[1]), field("aud", args[2]), field("exp", validTime / 1000))).asMap())).build();
    System.out.println("JWT: " + jwt);
    Calendar expiry = Calendar.getInstance();
    expiry.add(Calendar.DAY_OF_YEAR, 7);
    X509CertInfo info = new X509CertInfo();
    CertificateValidity interval = new CertificateValidity(new Date(), new Date(validTime));
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name("CN=ForgeRock,L=Bristol,C=GB");
    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(keyPair.getPrivate(), "SHA256withRSA");
    System.out.println("Certificate:");
    BASE64Encoder encoder = new BASE64Encoder();
    System.out.println(X509Factory.BEGIN_CERT);
    encoder.encodeBuffer(cert.getEncoded(), System.out);
    System.out.println(X509Factory.END_CERT);
}
Also used : JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) CertificateSubjectName(sun.security.x509.CertificateSubjectName) KeyPair(java.security.KeyPair) X509CertInfo(sun.security.x509.X509CertInfo) PublicKey(java.security.PublicKey) Calendar(java.util.Calendar) CertificateIssuerName(sun.security.x509.CertificateIssuerName) BASE64Encoder(sun.misc.BASE64Encoder) SecureRandom(java.security.SecureRandom) CertificateVersion(sun.security.x509.CertificateVersion) CertificateValidity(sun.security.x509.CertificateValidity) KeyPairGenerator(java.security.KeyPairGenerator) X500Name(sun.security.x509.X500Name) CertificateX509Key(sun.security.x509.CertificateX509Key) SigningManager(org.forgerock.json.jose.jws.SigningManager) Date(java.util.Date) CertificateSerialNumber(sun.security.x509.CertificateSerialNumber) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId) AlgorithmId(sun.security.x509.AlgorithmId) X509CertImpl(sun.security.x509.X509CertImpl) BigInteger(java.math.BigInteger) CertificateAlgorithmId(sun.security.x509.CertificateAlgorithmId)

Example 3 with JwtBuilderFactory

use of org.forgerock.json.jose.builders.JwtBuilderFactory in project OpenAM by OpenRock.

the class OpenIdConnectTokenGenerationImplTest method testHMACOpenIdConnectTokenGeneration.

@Test
public void testHMACOpenIdConnectTokenGeneration() throws TokenCreationException {
    SSOTokenIdentity mockSSOTokenIdentity = mock(SSOTokenIdentity.class);
    when(mockSSOTokenIdentity.validateAndGetTokenPrincipal(any(SSOToken.class))).thenReturn(SUBJECT_NAME);
    SSOToken mockSSOToken = mock(SSOToken.class);
    STSInstanceState mockSTSInstanceState = mock(STSInstanceState.class);
    STSInstanceConfig mockSTSInstanceConfig = mock(STSInstanceConfig.class);
    when(mockSTSInstanceState.getConfig()).thenReturn(mockSTSInstanceConfig);
    OpenIdConnectTokenConfig openIdConnectTokenConfig = buildHMACOpenIdConnectTokenConfig();
    when(mockSTSInstanceConfig.getOpenIdConnectTokenConfig()).thenReturn(openIdConnectTokenConfig);
    TokenGenerationServiceInvocationState mockTokenGenerationInvocationState = mock(TokenGenerationServiceInvocationState.class);
    OpenIdConnectTokenClaimMapperProvider mockClaimMapperProvider = mock(OpenIdConnectTokenClaimMapperProvider.class);
    OpenIdConnectTokenClaimMapper mockClaimMapper = mock(OpenIdConnectTokenClaimMapper.class);
    when(mockClaimMapperProvider.getClaimMapper(any(OpenIdConnectTokenConfig.class))).thenReturn(mockClaimMapper);
    when(mockClaimMapper.getCustomClaims(mockSSOToken, mappedClaimConfig)).thenReturn(mappedClaimAttributes);
    long authTime = System.currentTimeMillis() / 1000;
    OpenIdConnectTokenGenerationState openIdConnectTokenGenerationState = buildOpenIdConnectTokenGenerationState(authTime);
    when(mockTokenGenerationInvocationState.getOpenIdConnectTokenGenerationState()).thenReturn(openIdConnectTokenGenerationState);
    String oidcToken = new OpenIdConnectTokenGenerationImpl(mockSSOTokenIdentity, new JwtBuilderFactory(), mockClaimMapperProvider, mock(CTSTokenPersistence.class), mock(Logger.class)).generate(mockSSOToken, mockSTSInstanceState, mockTokenGenerationInvocationState);
    SignedJwt signedJwt = reconstructSignedJwt(oidcToken);
    JwtClaimsSet jwtClaimsSet = signedJwt.getClaimsSet();
    assertEquals(SUBJECT_NAME, jwtClaimsSet.getSubject());
    assertEquals(AUDIENCE, jwtClaimsSet.getAudience().get(0));
    assertEquals(AUTHN_CLASS_REFERENCE, jwtClaimsSet.getClaim("acr", String.class));
    assertEquals(ISSUER, jwtClaimsSet.getIssuer());
    assertEquals(EMAIL_CLAIM_VALUE, jwtClaimsSet.get(EMAIL_CLAIM_KEY).asString());
    assertTrue(verifyHMACSignature(signedJwt));
}
Also used : JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) SSOToken(com.iplanet.sso.SSOToken) STSInstanceState(org.forgerock.openam.sts.tokengeneration.state.STSInstanceState) SignedJwt(org.forgerock.json.jose.jws.SignedJwt) OpenIdConnectTokenConfig(org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig) TokenGenerationServiceInvocationState(org.forgerock.openam.sts.service.invocation.TokenGenerationServiceInvocationState) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) SSOTokenIdentity(org.forgerock.openam.sts.tokengeneration.SSOTokenIdentity) OpenIdConnectTokenGenerationState(org.forgerock.openam.sts.service.invocation.OpenIdConnectTokenGenerationState) STSInstanceConfig(org.forgerock.openam.sts.config.user.STSInstanceConfig) Test(org.testng.annotations.Test)

Example 4 with JwtBuilderFactory

use of org.forgerock.json.jose.builders.JwtBuilderFactory in project OpenAM by OpenRock.

the class AuthIdHelperTest method setUp.

@BeforeMethod
public void setUp() {
    coreServicesWrapper = mock(CoreServicesWrapper.class);
    jwtBuilderFactory = mock(JwtBuilderFactory.class);
    signingManager = mock(SigningManager.class);
    authIdHelper = new AuthIdHelper(coreServicesWrapper, jwtBuilderFactory, signingManager);
    jwsHeaderBuilder = mock(JwsHeaderBuilder.class);
    claimsSetBuilder = mock(JwtClaimsSetBuilder.class);
    JwtClaimsSet claimsSet = mock(JwtClaimsSet.class);
    SignedJwtBuilderImpl signedJwtBuilder = mock(SignedJwtBuilderImpl.class);
    given(jwtBuilderFactory.claims()).willReturn(claimsSetBuilder);
    given(claimsSetBuilder.claim(anyString(), anyObject())).willReturn(claimsSetBuilder);
    given(claimsSetBuilder.claims(anyMap())).willReturn(claimsSetBuilder);
    given(claimsSetBuilder.build()).willReturn(claimsSet);
    given(jwtBuilderFactory.jws(Matchers.<SigningHandler>anyObject())).willReturn(signedJwtBuilder);
    given(signedJwtBuilder.headers()).willReturn(jwsHeaderBuilder);
    given(jwsHeaderBuilder.alg(Matchers.<Algorithm>anyObject())).willReturn(jwsHeaderBuilder);
    given(jwsHeaderBuilder.done()).willReturn(signedJwtBuilder);
    given(signedJwtBuilder.claims(claimsSet)).willReturn(signedJwtBuilder);
    given(signedJwtBuilder.build()).willReturn("JWT_STRING");
}
Also used : CoreServicesWrapper(org.forgerock.openam.core.rest.authn.core.wrappers.CoreServicesWrapper) JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) JwtClaimsSetBuilder(org.forgerock.json.jose.builders.JwtClaimsSetBuilder) SignedJwtBuilderImpl(org.forgerock.json.jose.builders.SignedJwtBuilderImpl) JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder) SigningManager(org.forgerock.json.jose.jws.SigningManager) BeforeMethod(org.testng.annotations.BeforeMethod)

Aggregations

JwtBuilderFactory (org.forgerock.json.jose.builders.JwtBuilderFactory)4 JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)4 SSOToken (com.iplanet.sso.SSOToken)2 SignedJwt (org.forgerock.json.jose.jws.SignedJwt)2 SigningManager (org.forgerock.json.jose.jws.SigningManager)2 OpenIdConnectTokenConfig (org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig)2 STSInstanceConfig (org.forgerock.openam.sts.config.user.STSInstanceConfig)2 OpenIdConnectTokenGenerationState (org.forgerock.openam.sts.service.invocation.OpenIdConnectTokenGenerationState)2 TokenGenerationServiceInvocationState (org.forgerock.openam.sts.service.invocation.TokenGenerationServiceInvocationState)2 SSOTokenIdentity (org.forgerock.openam.sts.tokengeneration.SSOTokenIdentity)2 STSInstanceState (org.forgerock.openam.sts.tokengeneration.state.STSInstanceState)2 Test (org.testng.annotations.Test)2 BigInteger (java.math.BigInteger)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 PublicKey (java.security.PublicKey)1 SecureRandom (java.security.SecureRandom)1 Calendar (java.util.Calendar)1 Date (java.util.Date)1 JwsHeaderBuilder (org.forgerock.json.jose.builders.JwsHeaderBuilder)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial