Search in sources :

Example 26 with JwtClaimsSet

use of org.forgerock.json.jose.jwt.JwtClaimsSet in project OpenAM by OpenRock.

the class AuthIdHelper method generateAuthId.

/**
     * Generates the authentication id JWT.
     *
     * @param jwtValues A Map of key values to include in the JWT payload. Must not be null.
     * @return The authentication id JWT.
     * @throws SignatureException If there is a problem signing the JWT.
     */
private String generateAuthId(SecretKey key, Map<String, Object> jwtValues) throws SignatureException, RestAuthException {
    String otk = new BigInteger(130, RANDOM).toString(32);
    JwtClaimsSet claimsSet = jwtBuilderFactory.claims().claim("otk", otk).claims(jwtValues).build();
    final SigningHandler signingHandler = signingManager.newHmacSigningHandler(key.getEncoded());
    String jwt = jwtBuilderFactory.jws(signingHandler).headers().alg(JwsAlgorithm.HS256).done().claims(claimsSet).build();
    return jwt;
}
Also used : JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) BigInteger(java.math.BigInteger) SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)

Example 27 with JwtClaimsSet

use of org.forgerock.json.jose.jwt.JwtClaimsSet in project OpenAM by OpenRock.

the class AuthIdHelperTest method setUp.

@BeforeMethod
public void setUp() {
    coreServicesWrapper = mock(CoreServicesWrapper.class);
    jwtBuilderFactory = mock(JwtBuilderFactory.class);
    signingManager = mock(SigningManager.class);
    authIdHelper = new AuthIdHelper(coreServicesWrapper, jwtBuilderFactory, signingManager);
    jwsHeaderBuilder = mock(JwsHeaderBuilder.class);
    claimsSetBuilder = mock(JwtClaimsSetBuilder.class);
    JwtClaimsSet claimsSet = mock(JwtClaimsSet.class);
    SignedJwtBuilderImpl signedJwtBuilder = mock(SignedJwtBuilderImpl.class);
    given(jwtBuilderFactory.claims()).willReturn(claimsSetBuilder);
    given(claimsSetBuilder.claim(anyString(), anyObject())).willReturn(claimsSetBuilder);
    given(claimsSetBuilder.claims(anyMap())).willReturn(claimsSetBuilder);
    given(claimsSetBuilder.build()).willReturn(claimsSet);
    given(jwtBuilderFactory.jws(Matchers.<SigningHandler>anyObject())).willReturn(signedJwtBuilder);
    given(signedJwtBuilder.headers()).willReturn(jwsHeaderBuilder);
    given(jwsHeaderBuilder.alg(Matchers.<Algorithm>anyObject())).willReturn(jwsHeaderBuilder);
    given(jwsHeaderBuilder.done()).willReturn(signedJwtBuilder);
    given(signedJwtBuilder.claims(claimsSet)).willReturn(signedJwtBuilder);
    given(signedJwtBuilder.build()).willReturn("JWT_STRING");
}
Also used : CoreServicesWrapper(org.forgerock.openam.core.rest.authn.core.wrappers.CoreServicesWrapper) JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) JwtClaimsSetBuilder(org.forgerock.json.jose.builders.JwtClaimsSetBuilder) SignedJwtBuilderImpl(org.forgerock.json.jose.builders.SignedJwtBuilderImpl) JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder) SigningManager(org.forgerock.json.jose.jws.SigningManager) BeforeMethod(org.testng.annotations.BeforeMethod)

Example 28 with JwtClaimsSet

use of org.forgerock.json.jose.jwt.JwtClaimsSet in project OpenAM by OpenRock.

the class JwtSessionMapper method fromJwt.

/**
     * Extract the SessionInfo stored in the provided JWT's serialized_session claim.
     *
     * @param jwtString Non-null, String which represents a JWT with SessionInfo state assigned to a serialized_session claim.
     *
     * @return SessionInfo A correctly parsed SessionInfo for the given JWT String.
     *
     * @throws JwtRuntimeException If there was a problem reconstructing the JWT
     */
public SessionInfo fromJwt(@Nonnull String jwtString) throws JwtRuntimeException {
    Reject.ifNull(jwtString, "jwtString must not be null.");
    SignedJwt signedJwt;
    if (encryptionKeyPair != null) {
        // could throw JwtRuntimeException
        SignedEncryptedJwt signedEncryptedJwt = jwtBuilderFactory.reconstruct(jwtString, SignedEncryptedJwt.class);
        signedEncryptedJwt.decrypt(encryptionKeyPair.getPrivate());
        signedJwt = signedEncryptedJwt;
    } else {
        // could throw JwtRuntimeException
        signedJwt = jwtBuilderFactory.reconstruct(jwtString, SignedJwt.class);
    }
    if (!doesJwtAlgorithmMatch(signedJwt) || !signedJwt.verify(verificationHandler)) {
        throw new JwtRuntimeException("Invalid JWT!");
    }
    JwtClaimsSet claimsSet = signedJwt.getClaimsSet();
    String serializedSession = claimsSet.getClaim(SERIALIZED_SESSION_CLAIM, String.class);
    return fromJson(serializedSession);
}
Also used : SignedEncryptedJwt(org.forgerock.json.jose.jws.SignedEncryptedJwt) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) JwtRuntimeException(org.forgerock.json.jose.exceptions.JwtRuntimeException) SignedJwt(org.forgerock.json.jose.jws.SignedJwt)

Example 29 with JwtClaimsSet

use of org.forgerock.json.jose.jwt.JwtClaimsSet in project OpenAM by OpenRock.

the class EndSession method validateRedirect.

private void validateRedirect(OAuth2Request request, String idToken, String redirectUri) throws InvalidClientException, RedirectUriMismatchException, RelativeRedirectUriException, NotFoundException {
    SignedJwt jwt = new JwtReconstruction().reconstructJwt(idToken, SignedJwt.class);
    JwtClaimsSet claims = jwt.getClaimsSet();
    String clientId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.AZP);
    ClientRegistration client = clientRegistrationStore.get(clientId, request);
    URI requestedUri = URI.create(redirectUri);
    if (!requestedUri.isAbsolute()) {
        throw new RelativeRedirectUriException();
    }
    if (!client.getPostLogoutRedirectUris().contains(requestedUri)) {
        throw new RedirectUriMismatchException();
    }
}
Also used : RelativeRedirectUriException(org.forgerock.oauth2.core.exceptions.RelativeRedirectUriException) JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) JwtReconstruction(org.forgerock.json.jose.common.JwtReconstruction) ClientRegistration(org.forgerock.oauth2.core.ClientRegistration) RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException) SignedJwt(org.forgerock.json.jose.jws.SignedJwt) URI(java.net.URI)

Example 30 with JwtClaimsSet

use of org.forgerock.json.jose.jwt.JwtClaimsSet in project OpenAM by OpenRock.

the class PolicyRequestTest method getJwtSubject.

private Jwt getJwtSubject(final String subjectName) {
    JwsHeader header = new JwsHeader(Collections.<String, Object>emptyMap());
    JwtClaimsSet claims = new JwtClaimsSet();
    claims.setSubject(subjectName);
    SigningHandler handler = new NOPSigningHandler();
    return new SignedJwt(header, claims, handler);
}
Also used : JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet) JwsHeader(org.forgerock.json.jose.jws.JwsHeader) NOPSigningHandler(org.forgerock.json.jose.jws.handlers.NOPSigningHandler) SignedJwt(org.forgerock.json.jose.jws.SignedJwt) NOPSigningHandler(org.forgerock.json.jose.jws.handlers.NOPSigningHandler) SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)

Aggregations

JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)35 Test (org.testng.annotations.Test)16 SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)11 SignedJwt (org.forgerock.json.jose.jws.SignedJwt)8 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)7 Callback (javax.security.auth.callback.Callback)7 HttpServletRequest (javax.servlet.http.HttpServletRequest)7 JwsHeader (org.forgerock.json.jose.jws.JwsHeader)7 NOPSigningHandler (org.forgerock.json.jose.jws.handlers.NOPSigningHandler)7 Jwt (org.forgerock.json.jose.jwt.Jwt)7 HashMap (java.util.HashMap)6 Map (java.util.Map)5 SigningManager (org.forgerock.json.jose.jws.SigningManager)5 Set (java.util.Set)4 Subject (javax.security.auth.Subject)4 MessageInfo (javax.security.auth.message.MessageInfo)4 JwsHeaderBuilder (org.forgerock.json.jose.builders.JwsHeaderBuilder)4 JwtBuilderFactory (org.forgerock.json.jose.builders.JwtBuilderFactory)4 SSOToken (com.iplanet.sso.SSOToken)3 SSOException (com.iplanet.sso.SSOException)2