Examples with SigningHandler org.forgerock.json.jose.jws.handlers.SigningHandler used on opensource projects

Search in sources :

Example 1 with SigningHandler

use of org.forgerock.json.jose.jws.handlers.SigningHandler in project OpenAM by OpenRock.

the class AuthIdHelper method verifyAuthId.

/**
     * Verifies the signature of the JWT, to ensure the JWT is valid.
     *
     * @param realmDN The DN for the realm being authenticated against.
     * @param authId The authentication id JWT.
     */
public void verifyAuthId(String realmDN, String authId) throws RestAuthException {
    SecretKey key = getSigningKey(realmDN);
    try {
        final SigningHandler signingHandler = signingManager.newHmacSigningHandler(key.getEncoded());
        boolean verified = jwtBuilderFactory.reconstruct(authId, SignedJwt.class).verify(signingHandler);
        if (!verified) {
            throw new RestAuthException(ResourceException.BAD_REQUEST, "AuthId JWT Signature not valid");
        }
    } catch (JwtRuntimeException e) {
        throw new RestAuthException(ResourceException.BAD_REQUEST, "Failed to parse JWT, " + e.getLocalizedMessage(), e);
    }
}
Also used : RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException) SecretKey(javax.crypto.SecretKey) JwtRuntimeException(org.forgerock.json.jose.exceptions.JwtRuntimeException) SignedJwt(org.forgerock.json.jose.jws.SignedJwt) SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)

Example 2 with SigningHandler

use of org.forgerock.json.jose.jws.handlers.SigningHandler in project OpenAM by OpenRock.

the class AuthIdHelperTest method shouldVerifyAuthIdAndFail.

@Test
public void shouldVerifyAuthIdAndFail() throws SignatureException, SSOException, SMSException {
    //Given
    SignedJwt signedJwt = mock(SignedJwt.class);
    PublicKey publicKey = mock(PublicKey.class);
    SigningHandler signingHandler = mock(SigningHandler.class);
    given(jwtBuilderFactory.reconstruct("AUTH_ID", SignedJwt.class)).willReturn(signedJwt);
    given(signedJwt.verify(signingHandler)).willReturn(false);
    mockGetSigningKey("REALM_DN", false);
    //When
    boolean exceptionCaught = false;
    try {
        authIdHelper.verifyAuthId("REALM_DN", "AUTH_ID");
        fail();
    } catch (RestAuthException e) {
        exceptionCaught = true;
    }
    //Then
    verify(jwtBuilderFactory).reconstruct("AUTH_ID", SignedJwt.class);
    verify(signedJwt).verify(Matchers.<SigningHandler>anyObject());
    assertTrue(exceptionCaught);
}
Also used : RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException) PublicKey(java.security.PublicKey) SignedJwt(org.forgerock.json.jose.jws.SignedJwt) SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler) Test(org.testng.annotations.Test)

Example 3 with SigningHandler

use of org.forgerock.json.jose.jws.handlers.SigningHandler in project OpenAM by OpenRock.

the class OpenIdConnectToken method sign.

/**
     * Signs the OpenId Connect token.
     *
     * @return A SignedJwt
     * @throws SignatureException If an error occurs with the signing of the OpenId Connect token.
     */
public SignedJwt sign() throws SignatureException {
    final JwsAlgorithm jwsAlgorithm = JwsAlgorithm.valueOf(algorithm);
    if (jwsAlgorithm == null) {
        logger.error("Unable to find jws algorithm for: " + algorithm);
        throw new SignatureException();
    }
    final SigningHandler signingHandler;
    if (JwsAlgorithmType.RSA.equals(jwsAlgorithm.getAlgorithmType())) {
        signingHandler = new SigningManager().newRsaSigningHandler(keyPair.getPrivate());
    } else {
        signingHandler = new SigningManager().newHmacSigningHandler(clientSecret);
    }
    JwsHeaderBuilder builder = jwtBuilderFactory.jws(signingHandler).headers().alg(jwsAlgorithm);
    JwtClaimsSet claimsSet = jwtBuilderFactory.claims().claims(asMap()).build();
    if (kid != null) {
        builder.kid(kid);
    }
    return builder.done().claims(claimsSet).asJwt();
}
Also used : JwsAlgorithm(org.forgerock.json.jose.jws.JwsAlgorithm) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) SignatureException(java.security.SignatureException) JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder) SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler) SigningManager(org.forgerock.json.jose.jws.SigningManager)

Example 4 with SigningHandler

use of org.forgerock.json.jose.jws.handlers.SigningHandler in project OpenAM by OpenRock.

the class JwtSnapshotTokenHandlerFactory method configureJwtTokenHandler.

private SnapshotTokenHandler configureJwtTokenHandler(JwtTokenHandlerConfig config) {
    SigningManager signingManager = new SigningManager();
    SigningHandler signingHandler = signingManager.newHmacSigningHandler(config.getSharedKey());
    KeyPair keyPair = provider.getKeyPair(config.getKeyPairAlgorithm(), config.getKeyPairSize());
    return new JwtTokenHandler(config.getJweAlgorithm(), config.getEncryptionMethod(), keyPair, config.getJwsAlgorithm(), signingHandler, config.getTokenLifeTimeInSeconds());
}
Also used : KeyPair(java.security.KeyPair) JwtTokenHandler(org.forgerock.selfservice.stages.tokenhandlers.JwtTokenHandler) SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler) SigningManager(org.forgerock.json.jose.jws.SigningManager)

Example 5 with SigningHandler

use of org.forgerock.json.jose.jws.handlers.SigningHandler in project OpenAM by OpenRock.

the class IdTokenClaimGathererTest method mockIdToken.

private void mockIdToken(boolean isValid) {
    given(jwsHeader.getAlgorithm()).willReturn(JwsAlgorithm.HS256);
    given(idToken.getHeader()).willReturn(jwsHeader);
    SigningHandler signingHandler = mock(SigningHandler.class);
    given(signingManager.newHmacSigningHandler(any(byte[].class))).willReturn(signingHandler);
    given(idToken.verify(signingHandler)).willReturn(isValid);
}
Also used : SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)

Aggregations

SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)16 JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)11 JwsHeader (org.forgerock.json.jose.jws.JwsHeader)7 NOPSigningHandler (org.forgerock.json.jose.jws.handlers.NOPSigningHandler)7 Test (org.testng.annotations.Test)7 SigningManager (org.forgerock.json.jose.jws.SigningManager)4 JwsHeaderBuilder (org.forgerock.json.jose.builders.JwsHeaderBuilder)3 SignedJwt (org.forgerock.json.jose.jws.SignedJwt)3 JwsAlgorithm (org.forgerock.json.jose.jws.JwsAlgorithm)2 RestAuthException (org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)2 TokenCreationException (org.forgerock.openam.sts.TokenCreationException)2 BigInteger (java.math.BigInteger)1 KeyPair (java.security.KeyPair)1 PublicKey (java.security.PublicKey)1 SignatureException (java.security.SignatureException)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 SecretKey (javax.crypto.SecretKey)1 JwtRuntimeException (org.forgerock.json.jose.exceptions.JwtRuntimeException)1 JwtTokenHandler (org.forgerock.selfservice.stages.tokenhandlers.JwtTokenHandler)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial