Examples with SignedJwt org.forgerock.json.jose.jws.SignedJwt used on opensource projects

Search in sources :

Example 16 with SignedJwt

use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.

the class OpenIdConnectTokenGenerationImplTest method testHMACOpenIdConnectTokenGeneration.

@Test
public void testHMACOpenIdConnectTokenGeneration() throws TokenCreationException {
    SSOTokenIdentity mockSSOTokenIdentity = mock(SSOTokenIdentity.class);
    when(mockSSOTokenIdentity.validateAndGetTokenPrincipal(any(SSOToken.class))).thenReturn(SUBJECT_NAME);
    SSOToken mockSSOToken = mock(SSOToken.class);
    STSInstanceState mockSTSInstanceState = mock(STSInstanceState.class);
    STSInstanceConfig mockSTSInstanceConfig = mock(STSInstanceConfig.class);
    when(mockSTSInstanceState.getConfig()).thenReturn(mockSTSInstanceConfig);
    OpenIdConnectTokenConfig openIdConnectTokenConfig = buildHMACOpenIdConnectTokenConfig();
    when(mockSTSInstanceConfig.getOpenIdConnectTokenConfig()).thenReturn(openIdConnectTokenConfig);
    TokenGenerationServiceInvocationState mockTokenGenerationInvocationState = mock(TokenGenerationServiceInvocationState.class);
    OpenIdConnectTokenClaimMapperProvider mockClaimMapperProvider = mock(OpenIdConnectTokenClaimMapperProvider.class);
    OpenIdConnectTokenClaimMapper mockClaimMapper = mock(OpenIdConnectTokenClaimMapper.class);
    when(mockClaimMapperProvider.getClaimMapper(any(OpenIdConnectTokenConfig.class))).thenReturn(mockClaimMapper);
    when(mockClaimMapper.getCustomClaims(mockSSOToken, mappedClaimConfig)).thenReturn(mappedClaimAttributes);
    long authTime = System.currentTimeMillis() / 1000;
    OpenIdConnectTokenGenerationState openIdConnectTokenGenerationState = buildOpenIdConnectTokenGenerationState(authTime);
    when(mockTokenGenerationInvocationState.getOpenIdConnectTokenGenerationState()).thenReturn(openIdConnectTokenGenerationState);
    String oidcToken = new OpenIdConnectTokenGenerationImpl(mockSSOTokenIdentity, new JwtBuilderFactory(), mockClaimMapperProvider, mock(CTSTokenPersistence.class), mock(Logger.class)).generate(mockSSOToken, mockSTSInstanceState, mockTokenGenerationInvocationState);
    SignedJwt signedJwt = reconstructSignedJwt(oidcToken);
    JwtClaimsSet jwtClaimsSet = signedJwt.getClaimsSet();
    assertEquals(SUBJECT_NAME, jwtClaimsSet.getSubject());
    assertEquals(AUDIENCE, jwtClaimsSet.getAudience().get(0));
    assertEquals(AUTHN_CLASS_REFERENCE, jwtClaimsSet.getClaim("acr", String.class));
    assertEquals(ISSUER, jwtClaimsSet.getIssuer());
    assertEquals(EMAIL_CLAIM_VALUE, jwtClaimsSet.get(EMAIL_CLAIM_KEY).asString());
    assertTrue(verifyHMACSignature(signedJwt));
}
Also used : JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) SSOToken(com.iplanet.sso.SSOToken) STSInstanceState(org.forgerock.openam.sts.tokengeneration.state.STSInstanceState) SignedJwt(org.forgerock.json.jose.jws.SignedJwt) OpenIdConnectTokenConfig(org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig) TokenGenerationServiceInvocationState(org.forgerock.openam.sts.service.invocation.TokenGenerationServiceInvocationState) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) SSOTokenIdentity(org.forgerock.openam.sts.tokengeneration.SSOTokenIdentity) OpenIdConnectTokenGenerationState(org.forgerock.openam.sts.service.invocation.OpenIdConnectTokenGenerationState) STSInstanceConfig(org.forgerock.openam.sts.config.user.STSInstanceConfig) Test(org.testng.annotations.Test)

Example 17 with SignedJwt

use of org.forgerock.json.jose.jws.SignedJwt in project OpenAM by OpenRock.

the class IdTokenClaimGatherer method getRequestingPartyId.

@Override
public String getRequestingPartyId(OAuth2Request oAuth2Request, AccessToken authorizationApiToken, JsonValue claimToken) {
    try {
        SignedJwt idToken = jwtReconstruction.reconstructJwt(claimToken.asString(), SignedJwt.class);
        OAuth2ProviderSettings oAuth2ProviderSettings = oauth2ProviderSettingsFactory.get(oAuth2Request);
        OAuth2Uris oAuth2Uris = oAuth2UrisFactory.get(oAuth2Request);
        byte[] clientSecret = clientRegistrationStore.get(authorizationApiToken.getClientId(), oAuth2Request).getClientSecret().getBytes(Utils.CHARSET);
        KeyPair keyPair = oAuth2ProviderSettings.getServerKeyPair();
        if (!idToken.getClaimsSet().getIssuer().equals(oAuth2Uris.getIssuer())) {
            logger.warn("Issuer of id token, {0}, does not match issuer of authorization server, {1}.", idToken.getClaimsSet().getIssuer(), oAuth2Uris.getIssuer());
            return null;
        }
        if (!verify(clientSecret, keyPair, idToken)) {
            logger.warn("Signature of id token is invalid.");
            return null;
        }
        return idToken.getClaimsSet().getSubject();
    } catch (InvalidClientException e) {
        logger.error("Failed to find client", e);
        return null;
    } catch (NotFoundException | ServerException e) {
        logger.error("Failed to find OAuth2 settings", e);
        return null;
    }
}
Also used : KeyPair(java.security.KeyPair) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) OAuth2Uris(org.forgerock.oauth2.core.OAuth2Uris) InvalidClientException(org.forgerock.oauth2.core.exceptions.InvalidClientException) NotFoundException(org.forgerock.oauth2.core.exceptions.NotFoundException) SignedJwt(org.forgerock.json.jose.jws.SignedJwt) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Aggregations

SignedJwt (org.forgerock.json.jose.jws.SignedJwt)17 JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)8 Test (org.testng.annotations.Test)5 SSOToken (com.iplanet.sso.SSOToken)4 ClientRegistration (org.forgerock.oauth2.core.ClientRegistration)3 OpenIdConnectTokenConfig (org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig)3 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2 PublicKey (java.security.PublicKey)2 SignatureException (java.security.SignatureException)2 JsonValue (org.forgerock.json.JsonValue)2 JwtBuilderFactory (org.forgerock.json.jose.builders.JwtBuilderFactory)2 JwtReconstruction (org.forgerock.json.jose.common.JwtReconstruction)2 JwsSigningException (org.forgerock.json.jose.exceptions.JwsSigningException)2 SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)2 InvalidClientException (org.forgerock.oauth2.core.exceptions.InvalidClientException)2 NotFoundException (org.forgerock.oauth2.core.exceptions.NotFoundException)2 ServerException (org.forgerock.oauth2.core.exceptions.ServerException)2 LoginConfiguration (org.forgerock.openam.core.rest.authn.core.LoginConfiguration)2 LoginProcess (org.forgerock.openam.core.rest.authn.core.LoginProcess)2 RestAuthException (org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial