Example 6 with SignedJwt
use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.
the class OpenIdConnectTokenGenerationImplTest method testRSAOpenIdConnectTokenGeneration.
@Test
public void testRSAOpenIdConnectTokenGeneration() throws TokenCreationException {
SSOTokenIdentity mockSSOTokenIdentity = mock(SSOTokenIdentity.class);
when(mockSSOTokenIdentity.validateAndGetTokenPrincipal(any(SSOToken.class))).thenReturn(SUBJECT_NAME);
SSOToken mockSSOToken = mock(SSOToken.class);
STSInstanceState mockSTSInstanceState = mock(STSInstanceState.class);
STSInstanceConfig mockSTSInstanceConfig = mock(STSInstanceConfig.class);
when(mockSTSInstanceState.getConfig()).thenReturn(mockSTSInstanceConfig);
OpenIdConnectTokenConfig openIdConnectTokenConfig = buildRSAOpenIdConnectTokenConfig();
when(mockSTSInstanceConfig.getOpenIdConnectTokenConfig()).thenReturn(openIdConnectTokenConfig);
OpenIdConnectTokenPKIProviderImpl tokenCryptoProvider = new OpenIdConnectTokenPKIProviderImpl(openIdConnectTokenConfig);
when(mockSTSInstanceState.getOpenIdConnectTokenPKIProvider()).thenReturn(tokenCryptoProvider);
TokenGenerationServiceInvocationState mockTokenGenerationInvocationState = mock(TokenGenerationServiceInvocationState.class);
OpenIdConnectTokenClaimMapperProvider mockClaimMapperProvider = mock(OpenIdConnectTokenClaimMapperProvider.class);
OpenIdConnectTokenClaimMapper mockClaimMapper = mock(OpenIdConnectTokenClaimMapper.class);
when(mockClaimMapperProvider.getClaimMapper(any(OpenIdConnectTokenConfig.class))).thenReturn(mockClaimMapper);
when(mockClaimMapper.getCustomClaims(mockSSOToken, mappedClaimConfig)).thenReturn(mappedClaimAttributes);
long authTime = System.currentTimeMillis() / 1000;
OpenIdConnectTokenGenerationState openIdConnectTokenGenerationState = buildOpenIdConnectTokenGenerationState(authTime);
when(mockTokenGenerationInvocationState.getOpenIdConnectTokenGenerationState()).thenReturn(openIdConnectTokenGenerationState);
String oidcToken = new OpenIdConnectTokenGenerationImpl(mockSSOTokenIdentity, new JwtBuilderFactory(), mockClaimMapperProvider, mock(CTSTokenPersistence.class), mock(Logger.class)).generate(mockSSOToken, mockSTSInstanceState, mockTokenGenerationInvocationState);
SignedJwt signedJwt = reconstructSignedJwt(oidcToken);
JwtClaimsSet jwtClaimsSet = signedJwt.getClaimsSet();
assertEquals(SUBJECT_NAME, jwtClaimsSet.getSubject());
assertEquals(AUDIENCE, jwtClaimsSet.getAudience().get(0));
assertEquals(AUTHN_CLASS_REFERENCE, jwtClaimsSet.getClaim("acr", String.class));
assertEquals(ISSUER, jwtClaimsSet.getIssuer());
assertEquals(EMAIL_CLAIM_VALUE, jwtClaimsSet.get(EMAIL_CLAIM_KEY).asString());
assertTrue(verifyRSASignature(signedJwt, openIdConnectTokenConfig));
}
Also used :
JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory)
SSOToken(com.iplanet.sso.SSOToken)
STSInstanceState(org.forgerock.openam.sts.tokengeneration.state.STSInstanceState)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
OpenIdConnectTokenConfig(org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig)
TokenGenerationServiceInvocationState(org.forgerock.openam.sts.service.invocation.TokenGenerationServiceInvocationState)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
SSOTokenIdentity(org.forgerock.openam.sts.tokengeneration.SSOTokenIdentity)
OpenIdConnectTokenPKIProviderImpl(org.forgerock.openam.sts.tokengeneration.oidc.crypto.OpenIdConnectTokenPKIProviderImpl)
OpenIdConnectTokenGenerationState(org.forgerock.openam.sts.service.invocation.OpenIdConnectTokenGenerationState)
STSInstanceConfig(org.forgerock.openam.sts.config.user.STSInstanceConfig)
Test(org.testng.annotations.Test)
Example 7 with SignedJwt
use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.
the class OAuth2JwtTest method getOAuth2Jwt.
private OAuth2Jwt getOAuth2Jwt(JwsHeader header, JwtClaimsSet claims, SigningHandler handler) {
SignedJwt jwt = new SignedJwt(header, claims, handler);
String jwtString = jwt.build();
return OAuth2Jwt.create(jwtString);
}
Also used :
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
Example 8 with SignedJwt
use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.
the class RestAuthenticationHandlerTest method shouldInitiateAuthenticationViaPOST.
@Test
public void shouldInitiateAuthenticationViaPOST() throws AuthLoginException, L10NMessageImpl, JSONException, IOException, SignatureException, RestAuthException, RestAuthResponseException {
//Given
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse httpResponse = mock(HttpServletResponse.class);
JsonValue postBody = JsonValueBuilder.toJsonValue("{ \"authId\": \"AUTH_ID\" }");
String sessionUpgradeSSOTokenId = "SSO_TOKEN_ID";
SSOTokenID ssoTokenID = mock(SSOTokenID.class);
given(ssoTokenID.toString()).willReturn("SSO_TOKEN_ID");
SSOToken ssoToken = mock(SSOToken.class);
given(ssoToken.getTokenID()).willReturn(ssoTokenID);
AuthContextLocalWrapper authContextLocalWrapper = mock(AuthContextLocalWrapper.class);
given(authContextLocalWrapper.getSSOToken()).willReturn(ssoToken);
LoginProcess loginProcess = mock(LoginProcess.class);
given(loginProcess.getSSOToken()).willReturn(ssoToken);
given(loginProcess.getLoginStage()).willReturn(LoginStage.COMPLETE);
given(loginProcess.isSuccessful()).willReturn(true);
given(loginProcess.getAuthContext()).willReturn(authContextLocalWrapper);
given(loginAuthenticator.getLoginProcess(Matchers.<LoginConfiguration>anyObject())).willReturn(loginProcess);
SignedJwt signedJwt = mock(SignedJwt.class);
JwtClaimsSet claimsSet = mock(JwtClaimsSet.class);
given(signedJwt.getClaimsSet()).willReturn(claimsSet);
given(claimsSet.getClaim("sessionId", String.class)).willReturn("SESSION_ID");
given(claimsSet.getClaim("authIndexType", String.class)).willReturn(AuthIndexType.MODULE.getIndexType().toString());
given(claimsSet.getClaim("authIndexValue", String.class)).willReturn("INDEX_VALUE");
given(claimsSet.getClaim("realm", String.class)).willReturn("REALM_DN");
given(authIdHelper.reconstructAuthId("AUTH_ID")).willReturn(signedJwt);
//When
JsonValue response = restAuthenticationHandler.continueAuthentication(request, httpResponse, postBody, sessionUpgradeSSOTokenId);
//Then
assertEquals(response.size(), 2);
assertEquals(response.get("tokenId").asString(), "SSO_TOKEN_ID");
assertTrue(response.isDefined("successUrl"));
verify(authIdHelper).verifyAuthId("REALM_DN", "AUTH_ID");
ArgumentCaptor<LoginConfiguration> argumentCaptor = ArgumentCaptor.forClass(LoginConfiguration.class);
verify(loginAuthenticator).getLoginProcess(argumentCaptor.capture());
LoginConfiguration loginConfiguration = argumentCaptor.getValue();
assertEquals(loginConfiguration.getHttpRequest(), request);
assertEquals(loginConfiguration.getIndexType(), AuthIndexType.MODULE);
assertEquals(loginConfiguration.getIndexValue(), "INDEX_VALUE");
assertEquals(loginConfiguration.getSessionId(), "SESSION_ID");
assertEquals(loginConfiguration.getSSOTokenId(), "SSO_TOKEN_ID");
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SSOTokenID(com.iplanet.sso.SSOTokenID)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
SSOToken(com.iplanet.sso.SSOToken)
JsonValue(org.forgerock.json.JsonValue)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
LoginConfiguration(org.forgerock.openam.core.rest.authn.core.LoginConfiguration)
AuthContextLocalWrapper(org.forgerock.openam.core.rest.authn.core.wrappers.AuthContextLocalWrapper)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
LoginProcess(org.forgerock.openam.core.rest.authn.core.LoginProcess)
Test(org.testng.annotations.Test)
Example 9 with SignedJwt
use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.
the class AuthIdHelperTest method shouldVerifyAuthId.
@Test
public void shouldVerifyAuthId() throws SignatureException, SSOException, SMSException, RestAuthException {
//Given
SignedJwt signedJwt = mock(SignedJwt.class);
PublicKey publicKey = mock(PublicKey.class);
given(jwtBuilderFactory.reconstruct("AUTH_ID", SignedJwt.class)).willReturn(signedJwt);
given(signedJwt.verify(Matchers.<SigningHandler>anyObject())).willReturn(true);
mockGetSigningKey("REALM_DN", false);
//When
authIdHelper.verifyAuthId("REALM_DN", "AUTH_ID");
//Then
verify(jwtBuilderFactory).reconstruct("AUTH_ID", SignedJwt.class);
verify(signedJwt).verify(Matchers.<SigningHandler>anyObject());
}Example 10 with SignedJwt
use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.
the class JwtSessionMapper method fromJwt.
/**
* Extract the SessionInfo stored in the provided JWT's serialized_session claim.
*
* @param jwtString Non-null, String which represents a JWT with SessionInfo state assigned to a serialized_session claim.
*
* @return SessionInfo A correctly parsed SessionInfo for the given JWT String.
*
* @throws JwtRuntimeException If there was a problem reconstructing the JWT
*/
public SessionInfo fromJwt(@Nonnull String jwtString) throws JwtRuntimeException {
Reject.ifNull(jwtString, "jwtString must not be null.");
SignedJwt signedJwt;
if (encryptionKeyPair != null) {
// could throw JwtRuntimeException
SignedEncryptedJwt signedEncryptedJwt = jwtBuilderFactory.reconstruct(jwtString, SignedEncryptedJwt.class);
signedEncryptedJwt.decrypt(encryptionKeyPair.getPrivate());
signedJwt = signedEncryptedJwt;
} else {
// could throw JwtRuntimeException
signedJwt = jwtBuilderFactory.reconstruct(jwtString, SignedJwt.class);
}
if (!doesJwtAlgorithmMatch(signedJwt) || !signedJwt.verify(verificationHandler)) {
throw new JwtRuntimeException("Invalid JWT!");
}
JwtClaimsSet claimsSet = signedJwt.getClaimsSet();
String serializedSession = claimsSet.getClaim(SERIALIZED_SESSION_CLAIM, String.class);
return fromJson(serializedSession);
}
Also used :
SignedEncryptedJwt(org.forgerock.json.jose.jws.SignedEncryptedJwt)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwtRuntimeException(org.forgerock.json.jose.exceptions.JwtRuntimeException)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
Aggregations
SignedJwt (org.forgerock.json.jose.jws.SignedJwt)17
JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)8
Test (org.testng.annotations.Test)5
SSOToken (com.iplanet.sso.SSOToken)4
ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)3
OpenIdConnectTokenConfig (org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig)3
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2
PublicKey (java.security.PublicKey)2
SignatureException (java.security.SignatureException)2
JsonValue (org.forgerock.json.JsonValue)2
JwtBuilderFactory (org.forgerock.json.jose.builders.JwtBuilderFactory)2
JwtReconstruction (org.forgerock.json.jose.common.JwtReconstruction)2
JwsSigningException (org.forgerock.json.jose.exceptions.JwsSigningException)2
SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)2
InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)2
NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)2
ServerException (org.forgerock.oauth2.core.exceptions.ServerException)2
LoginConfiguration (org.forgerock.openam.core.rest.authn.core.LoginConfiguration)2
LoginProcess (org.forgerock.openam.core.rest.authn.core.LoginProcess)2
RestAuthException (org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)2
