Example 26 with JwtClaimsSet
use of org.forgerock.json.jose.jwt.JwtClaimsSet in project OpenAM by OpenRock.
the class AuthIdHelper method generateAuthId.
/**
* Generates the authentication id JWT.
*
* @param jwtValues A Map of key values to include in the JWT payload. Must not be null.
* @return The authentication id JWT.
* @throws SignatureException If there is a problem signing the JWT.
*/
private String generateAuthId(SecretKey key, Map<String, Object> jwtValues) throws SignatureException, RestAuthException {
String otk = new BigInteger(130, RANDOM).toString(32);
JwtClaimsSet claimsSet = jwtBuilderFactory.claims().claim("otk", otk).claims(jwtValues).build();
final SigningHandler signingHandler = signingManager.newHmacSigningHandler(key.getEncoded());
String jwt = jwtBuilderFactory.jws(signingHandler).headers().alg(JwsAlgorithm.HS256).done().claims(claimsSet).build();
return jwt;
}
Also used :
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
BigInteger(java.math.BigInteger)
SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)
Example 27 with JwtClaimsSet
use of org.forgerock.json.jose.jwt.JwtClaimsSet in project OpenAM by OpenRock.
the class AuthIdHelperTest method setUp.
@BeforeMethod
public void setUp() {
coreServicesWrapper = mock(CoreServicesWrapper.class);
jwtBuilderFactory = mock(JwtBuilderFactory.class);
signingManager = mock(SigningManager.class);
authIdHelper = new AuthIdHelper(coreServicesWrapper, jwtBuilderFactory, signingManager);
jwsHeaderBuilder = mock(JwsHeaderBuilder.class);
claimsSetBuilder = mock(JwtClaimsSetBuilder.class);
JwtClaimsSet claimsSet = mock(JwtClaimsSet.class);
SignedJwtBuilderImpl signedJwtBuilder = mock(SignedJwtBuilderImpl.class);
given(jwtBuilderFactory.claims()).willReturn(claimsSetBuilder);
given(claimsSetBuilder.claim(anyString(), anyObject())).willReturn(claimsSetBuilder);
given(claimsSetBuilder.claims(anyMap())).willReturn(claimsSetBuilder);
given(claimsSetBuilder.build()).willReturn(claimsSet);
given(jwtBuilderFactory.jws(Matchers.<SigningHandler>anyObject())).willReturn(signedJwtBuilder);
given(signedJwtBuilder.headers()).willReturn(jwsHeaderBuilder);
given(jwsHeaderBuilder.alg(Matchers.<Algorithm>anyObject())).willReturn(jwsHeaderBuilder);
given(jwsHeaderBuilder.done()).willReturn(signedJwtBuilder);
given(signedJwtBuilder.claims(claimsSet)).willReturn(signedJwtBuilder);
given(signedJwtBuilder.build()).willReturn("JWT_STRING");
}
Also used :
CoreServicesWrapper(org.forgerock.openam.core.rest.authn.core.wrappers.CoreServicesWrapper)
JwtBuilderFactory(org.forgerock.json.jose.builders.JwtBuilderFactory)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwtClaimsSetBuilder(org.forgerock.json.jose.builders.JwtClaimsSetBuilder)
SignedJwtBuilderImpl(org.forgerock.json.jose.builders.SignedJwtBuilderImpl)
JwsHeaderBuilder(org.forgerock.json.jose.builders.JwsHeaderBuilder)
SigningManager(org.forgerock.json.jose.jws.SigningManager)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 28 with JwtClaimsSet
use of org.forgerock.json.jose.jwt.JwtClaimsSet in project OpenAM by OpenRock.
the class JwtSessionMapper method fromJwt.
/**
* Extract the SessionInfo stored in the provided JWT's serialized_session claim.
*
* @param jwtString Non-null, String which represents a JWT with SessionInfo state assigned to a serialized_session claim.
*
* @return SessionInfo A correctly parsed SessionInfo for the given JWT String.
*
* @throws JwtRuntimeException If there was a problem reconstructing the JWT
*/
public SessionInfo fromJwt(@Nonnull String jwtString) throws JwtRuntimeException {
Reject.ifNull(jwtString, "jwtString must not be null.");
SignedJwt signedJwt;
if (encryptionKeyPair != null) {
// could throw JwtRuntimeException
SignedEncryptedJwt signedEncryptedJwt = jwtBuilderFactory.reconstruct(jwtString, SignedEncryptedJwt.class);
signedEncryptedJwt.decrypt(encryptionKeyPair.getPrivate());
signedJwt = signedEncryptedJwt;
} else {
// could throw JwtRuntimeException
signedJwt = jwtBuilderFactory.reconstruct(jwtString, SignedJwt.class);
}
if (!doesJwtAlgorithmMatch(signedJwt) || !signedJwt.verify(verificationHandler)) {
throw new JwtRuntimeException("Invalid JWT!");
}
JwtClaimsSet claimsSet = signedJwt.getClaimsSet();
String serializedSession = claimsSet.getClaim(SERIALIZED_SESSION_CLAIM, String.class);
return fromJson(serializedSession);
}
Also used :
SignedEncryptedJwt(org.forgerock.json.jose.jws.SignedEncryptedJwt)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwtRuntimeException(org.forgerock.json.jose.exceptions.JwtRuntimeException)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
Example 29 with JwtClaimsSet
use of org.forgerock.json.jose.jwt.JwtClaimsSet in project OpenAM by OpenRock.
the class EndSession method validateRedirect.
private void validateRedirect(OAuth2Request request, String idToken, String redirectUri) throws InvalidClientException, RedirectUriMismatchException, RelativeRedirectUriException, NotFoundException {
SignedJwt jwt = new JwtReconstruction().reconstructJwt(idToken, SignedJwt.class);
JwtClaimsSet claims = jwt.getClaimsSet();
String clientId = (String) claims.getClaim(OAuth2Constants.JWTTokenParams.AZP);
ClientRegistration client = clientRegistrationStore.get(clientId, request);
URI requestedUri = URI.create(redirectUri);
if (!requestedUri.isAbsolute()) {
throw new RelativeRedirectUriException();
}
if (!client.getPostLogoutRedirectUris().contains(requestedUri)) {
throw new RedirectUriMismatchException();
}
}
Also used :
RelativeRedirectUriException(org.forgerock.oauth2.core.exceptions.RelativeRedirectUriException)
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwtReconstruction(org.forgerock.json.jose.common.JwtReconstruction)
ClientRegistration(org.forgerock.oauth2.core.ClientRegistration)
RedirectUriMismatchException(org.forgerock.oauth2.core.exceptions.RedirectUriMismatchException)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
URI(java.net.URI)
Example 30 with JwtClaimsSet
use of org.forgerock.json.jose.jwt.JwtClaimsSet in project OpenAM by OpenRock.
the class PolicyRequestTest method getJwtSubject.
private Jwt getJwtSubject(final String subjectName) {
JwsHeader header = new JwsHeader(Collections.<String, Object>emptyMap());
JwtClaimsSet claims = new JwtClaimsSet();
claims.setSubject(subjectName);
SigningHandler handler = new NOPSigningHandler();
return new SignedJwt(header, claims, handler);
}
Also used :
JwtClaimsSet(org.forgerock.json.jose.jwt.JwtClaimsSet)
JwsHeader(org.forgerock.json.jose.jws.JwsHeader)
NOPSigningHandler(org.forgerock.json.jose.jws.handlers.NOPSigningHandler)
SignedJwt(org.forgerock.json.jose.jws.SignedJwt)
NOPSigningHandler(org.forgerock.json.jose.jws.handlers.NOPSigningHandler)
SigningHandler(org.forgerock.json.jose.jws.handlers.SigningHandler)
Aggregations
JwtClaimsSet (org.forgerock.json.jose.jwt.JwtClaimsSet)35
Test (org.testng.annotations.Test)16
SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)11
SignedJwt (org.forgerock.json.jose.jws.SignedJwt)8
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)7
Callback (javax.security.auth.callback.Callback)7
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
JwsHeader (org.forgerock.json.jose.jws.JwsHeader)7
NOPSigningHandler (org.forgerock.json.jose.jws.handlers.NOPSigningHandler)7
Jwt (org.forgerock.json.jose.jwt.Jwt)7
HashMap (java.util.HashMap)6
Map (java.util.Map)5
SigningManager (org.forgerock.json.jose.jws.SigningManager)5
Set (java.util.Set)4
Subject (javax.security.auth.Subject)4
MessageInfo (javax.security.auth.message.MessageInfo)4
JwsHeaderBuilder (org.forgerock.json.jose.builders.JwsHeaderBuilder)4
JwtBuilderFactory (org.forgerock.json.jose.builders.JwtBuilderFactory)4
SSOToken (com.iplanet.sso.SSOToken)3
SSOException (com.iplanet.sso.SSOException)2
