Example 11 with RsaJsonWebKey
use of org.jose4j.jwk.RsaJsonWebKey in project cas by apereo.
the class OidcIdTokenSigningAndEncryptionService method signIdToken.
private String signIdToken(final OidcRegisteredService svc, final JsonWebSignature jws) throws Exception {
final Optional<RsaJsonWebKey> jwks = defaultJsonWebKeystoreCache.get(this.issuer);
if (!jwks.isPresent()) {
throw new IllegalArgumentException("Service " + svc.getServiceId() + " with client id " + svc.getClientId() + " is configured to sign id tokens, yet no JSON web key is available");
}
final RsaJsonWebKey jsonWebKey = jwks.get();
LOGGER.debug("Found JSON web key to sign the id token: [{}]", jsonWebKey);
if (jsonWebKey.getPrivateKey() == null) {
throw new IllegalArgumentException("JSON web key used to sign the id token has no associated private key");
}
prepareJsonWebSignatureForIdTokenSigning(svc, jws, jsonWebKey);
return jws.getCompactSerialization();
}
Also used :
RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey)
Example 12 with RsaJsonWebKey
use of org.jose4j.jwk.RsaJsonWebKey in project cas by apereo.
the class OidcIdTokenSigningAndEncryptionService method encryptIdToken.
private String encryptIdToken(final OidcRegisteredService svc, final JsonWebSignature jws, final String innerJwt) throws Exception {
LOGGER.debug("Service [{}] is set to encrypt id tokens", svc);
final JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setAlgorithmHeaderValue(svc.getIdTokenEncryptionAlg());
jwe.setEncryptionMethodHeaderParameter(svc.getIdTokenEncryptionEncoding());
final Optional<RsaJsonWebKey> jwks = this.serviceJsonWebKeystoreCache.get(svc);
if (!jwks.isPresent()) {
throw new IllegalArgumentException("Service " + svc.getServiceId() + " with client id " + svc.getClientId() + " is configured to encrypt id tokens, yet no JSON web key is available");
}
final RsaJsonWebKey jsonWebKey = jwks.get();
LOGGER.debug("Found JSON web key to encrypt the id token: [{}]", jsonWebKey);
if (jsonWebKey.getPublicKey() == null) {
throw new IllegalArgumentException("JSON web key used to sign the id token has no associated public key");
}
jwe.setKey(jsonWebKey.getPublicKey());
jwe.setKeyIdHeaderValue(jws.getKeyIdHeaderValue());
jwe.setContentTypeHeaderValue("JWT");
jwe.setPayload(innerJwt);
return jwe.getCompactSerialization();
}
Also used :
RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey)
JsonWebEncryption(org.jose4j.jwe.JsonWebEncryption)
Example 13 with RsaJsonWebKey
use of org.jose4j.jwk.RsaJsonWebKey in project blueocean-plugin by jenkinsci.
the class JwtAuthenticationServiceImplTest method anonymousUserToken.
@Test
public void anonymousUserToken() throws Exception {
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
JenkinsRule.WebClient webClient = j.createWebClient();
Page page = webClient.goTo("jwt-auth/token/", null);
String token = page.getWebResponse().getResponseHeaderValue("X-BLUEOCEAN-JWT");
Assert.assertNotNull(token);
JsonWebStructure jsonWebStructure = JsonWebStructure.fromCompactSerialization(token);
Assert.assertTrue(jsonWebStructure instanceof JsonWebSignature);
JsonWebSignature jsw = (JsonWebSignature) jsonWebStructure;
String kid = jsw.getHeader("kid");
Assert.assertNotNull(kid);
page = webClient.goTo("jwt-auth/jwks/" + kid + "/", "application/json");
// for(NameValuePair valuePair: page.getWebResponse().getResponseHeaders()){
// System.out.println(valuePair);
// }
JSONObject jsonObject = JSONObject.fromObject(page.getWebResponse().getContentAsString());
RsaJsonWebKey rsaJsonWebKey = new RsaJsonWebKey(jsonObject, null);
JwtConsumer jwtConsumer = new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(// allow some leeway in validating time based claims to account for clock skew
30).setRequireSubject().setVerificationKey(// verify the sign with the public key
rsaJsonWebKey.getKey()).build();
JwtClaims claims = jwtConsumer.processToClaims(token);
Assert.assertEquals("anonymous", claims.getSubject());
Map<String, Object> claimMap = claims.getClaimsMap();
Map<String, Object> context = (Map<String, Object>) claimMap.get("context");
Map<String, String> userContext = (Map<String, String>) context.get("user");
Assert.assertEquals("anonymous", userContext.get("id"));
}
Also used :
JwtClaims(org.jose4j.jwt.JwtClaims)
JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder)
Page(com.gargoylesoftware.htmlunit.Page)
JenkinsRule(org.jvnet.hudson.test.JenkinsRule)
JsonWebSignature(org.jose4j.jws.JsonWebSignature)
JSONObject(net.sf.json.JSONObject)
JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer)
JSONObject(net.sf.json.JSONObject)
RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey)
Map(java.util.Map)
JsonWebStructure(org.jose4j.jwx.JsonWebStructure)
Test(org.junit.Test)
Aggregations
RsaJsonWebKey (org.jose4j.jwk.RsaJsonWebKey)13
JsonWebKeySet (org.jose4j.jwk.JsonWebKeySet)7
Page (com.gargoylesoftware.htmlunit.Page)4
Map (java.util.Map)4
JSONObject (net.sf.json.JSONObject)4
JsonWebSignature (org.jose4j.jws.JsonWebSignature)4
JwtClaims (org.jose4j.jwt.JwtClaims)4
JwtConsumer (org.jose4j.jwt.consumer.JwtConsumer)4
JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)4
JsonWebStructure (org.jose4j.jwx.JsonWebStructure)4
Test (org.junit.Test)4
JenkinsRule (org.jvnet.hudson.test.JenkinsRule)4
CacheLoader (com.github.benmanes.caffeine.cache.CacheLoader)2
User (hudson.model.User)2
Mailer (hudson.tasks.Mailer)2
StandardCharsets (java.nio.charset.StandardCharsets)2
Optional (java.util.Optional)2
Slf4j (lombok.extern.slf4j.Slf4j)2
IOUtils (org.apache.commons.io.IOUtils)2
StringUtils (org.apache.commons.lang3.StringUtils)2
