Example 11 with JwtContext
use of org.jose4j.jwt.consumer.JwtContext in project tomee by apache.
the class PublicKeyAsJWKSTest method validateJWKS.
@Test
public void validateJWKS() throws Exception {
System.setProperty(Names.VERIFIER_PUBLIC_KEY, "");
System.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "file://" + Paths.get("").toAbsolutePath().toString() + "/src/test/resources/signer-keyset4k.jwk");
System.setProperty(Names.ISSUER, TCKConstants.TEST_ISSUER);
final PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
final String kid = "publicKey4k";
final String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, new HashMap<>());
System.out.println("token = " + token);
final JWTAuthConfigurationProperties JWTAuthConfigurationProperties = new JWTAuthConfigurationProperties();
JWTAuthConfigurationProperties.init(null);
final JWTAuthConfiguration jwtAuthConfiguration = JWTAuthConfigurationProperties.getJWTAuthConfiguration().orElseThrow(IllegalArgumentException::new);
final JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder().setRequireExpirationTime().setRequireSubject().setSkipDefaultAudienceValidation().setExpectedIssuer(jwtAuthConfiguration.getIssuer()).setJwsAlgorithmConstraints(new AlgorithmConstraints(WHITELIST, RSA_USING_SHA256)).setSkipDefaultAudienceValidation().setVerificationKey(jwtAuthConfiguration.getPublicKey());
if (jwtAuthConfiguration.getExpGracePeriodSecs() > 0) {
jwtConsumerBuilder.setAllowedClockSkewInSeconds(jwtAuthConfiguration.getExpGracePeriodSecs());
} else {
jwtConsumerBuilder.setEvaluationTime(NumericDate.fromSeconds(0));
}
if (jwtAuthConfiguration.isSingleKey()) {
jwtConsumerBuilder.setVerificationKey(jwtAuthConfiguration.getPublicKey());
} else {
jwtConsumerBuilder.setVerificationKeyResolver(new JwksVerificationKeyResolver(jwtAuthConfiguration.getPublicKeys()));
}
final JwtConsumer jwtConsumer = jwtConsumerBuilder.build();
final JwtContext jwtContext = jwtConsumer.process(token);
Assert.assertEquals(jwtContext.getJwtClaims().getStringClaimValue("upn"), "jdoe@example.com");
}
Also used :
PrivateKey(java.security.PrivateKey)
JWTAuthConfiguration(org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration)
JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder)
JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer)
JwtContext(org.jose4j.jwt.consumer.JwtContext)
JwksVerificationKeyResolver(org.jose4j.keys.resolvers.JwksVerificationKeyResolver)
JWTAuthConfigurationProperties(org.apache.tomee.microprofile.jwt.config.JWTAuthConfigurationProperties)
AlgorithmConstraints(org.jose4j.jwa.AlgorithmConstraints)
Test(org.testng.annotations.Test)
Example 12 with JwtContext
use of org.jose4j.jwt.consumer.JwtContext in project wildfly-swarm by wildfly-swarm.
the class JWTCredential method getName.
/**
* This just parses the token without validation to extract one of the following in order to obtain
* the name to be used for the principal:
* upn
* preferred_username
* subject
*
* If there is an exception it sets the name to INVALID_TOKEN_NAME and saves the exception for access
* via {@link #getJwtException()}
*
* @return the name to use for the principal
*/
public String getName() {
if (name == null) {
name = "INVALID_TOKEN_NAME";
try {
// Build a JwtConsumer that doesn't check signatures or do any validation.
JwtConsumer firstPassJwtConsumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
// The first JwtConsumer is basically just used to parse the JWT into a JwtContext object.
JwtContext jwtContext = firstPassJwtConsumer.process(bearerToken);
JwtClaims claimsSet = jwtContext.getJwtClaims();
// We have to determine the unique name to use as the principal name. It comes from upn, preferred_username, sub in that order
name = claimsSet.getClaimValue("upn", String.class);
if (name == null) {
name = claimsSet.getClaimValue("preferred_username", String.class);
if (name == null) {
name = claimsSet.getSubject();
}
}
} catch (Exception e) {
jwtException = e;
}
}
return name;
}
Also used :
JwtClaims(org.jose4j.jwt.JwtClaims)
JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder)
JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer)
JwtContext(org.jose4j.jwt.consumer.JwtContext)
Example 13 with JwtContext
use of org.jose4j.jwt.consumer.JwtContext in project light-4j by networknt.
the class Http2ClientPoolTest method isTokenExpired.
private static boolean isTokenExpired(String authorization) {
boolean expired = false;
String jwt = getJwtFromAuthorization(authorization);
if (jwt != null) {
try {
JwtConsumer consumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
JwtContext jwtContext = consumer.process(jwt);
JwtClaims jwtClaims = jwtContext.getJwtClaims();
try {
if ((NumericDate.now().getValue() - 60) >= jwtClaims.getExpirationTime().getValue()) {
expired = true;
}
} catch (MalformedClaimException e) {
logger.error("MalformedClaimException:", e);
}
} catch (InvalidJwtException e) {
e.printStackTrace();
}
}
return expired;
}
Also used :
InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException)
MalformedClaimException(org.jose4j.jwt.MalformedClaimException)
JwtClaims(org.jose4j.jwt.JwtClaims)
JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder)
JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer)
JwtContext(org.jose4j.jwt.consumer.JwtContext)
Example 14 with JwtContext
use of org.jose4j.jwt.consumer.JwtContext in project light-4j by networknt.
the class Http2ClientTest method isTokenExpired.
private static boolean isTokenExpired(String authorization) {
boolean expired = false;
String jwt = getJwtFromAuthorization(authorization);
if (jwt != null) {
try {
JwtConsumer consumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
JwtContext jwtContext = consumer.process(jwt);
JwtClaims jwtClaims = jwtContext.getJwtClaims();
try {
if ((NumericDate.now().getValue() - 60) >= jwtClaims.getExpirationTime().getValue()) {
expired = true;
}
} catch (MalformedClaimException e) {
logger.error("MalformedClaimException:", e);
}
} catch (InvalidJwtException e) {
e.printStackTrace();
}
}
return expired;
}
Also used :
InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException)
MalformedClaimException(org.jose4j.jwt.MalformedClaimException)
JwtClaims(org.jose4j.jwt.JwtClaims)
JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder)
JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer)
JwtContext(org.jose4j.jwt.consumer.JwtContext)
Example 15 with JwtContext
use of org.jose4j.jwt.consumer.JwtContext in project light-4j by networknt.
the class Http2ClientPoolIT method isTokenExpired.
private static boolean isTokenExpired(String authorization) {
boolean expired = false;
String jwt = getJwtFromAuthorization(authorization);
if (jwt != null) {
try {
JwtConsumer consumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
JwtContext jwtContext = consumer.process(jwt);
JwtClaims jwtClaims = jwtContext.getJwtClaims();
try {
if ((NumericDate.now().getValue() - 60) >= jwtClaims.getExpirationTime().getValue()) {
expired = true;
}
} catch (MalformedClaimException e) {
logger.error("MalformedClaimException:", e);
}
} catch (InvalidJwtException e) {
e.printStackTrace();
}
}
return expired;
}
Also used :
InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException)
MalformedClaimException(org.jose4j.jwt.MalformedClaimException)
JwtClaims(org.jose4j.jwt.JwtClaims)
JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder)
JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer)
JwtContext(org.jose4j.jwt.consumer.JwtContext)
Aggregations
JwtContext (org.jose4j.jwt.consumer.JwtContext)22
JwtClaims (org.jose4j.jwt.JwtClaims)14
JwtConsumer (org.jose4j.jwt.consumer.JwtConsumer)14
InvalidJwtException (org.jose4j.jwt.consumer.InvalidJwtException)13
JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)13
MalformedClaimException (org.jose4j.jwt.MalformedClaimException)9
Test (org.junit.Test)6
AlgorithmConstraints (org.jose4j.jwa.AlgorithmConstraints)5
NumericDate (org.jose4j.jwt.NumericDate)4
JoseException (org.jose4j.lang.JoseException)3
ServiceException (io.jenkins.blueocean.commons.ServiceException)2
JWTAuthConfiguration (org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration)2
JsonWebStructure (org.jose4j.jwx.JsonWebStructure)2
JwksVerificationKeyResolver (org.jose4j.keys.resolvers.JwksVerificationKeyResolver)2
UnresolvableKeyException (org.jose4j.lang.UnresolvableKeyException)2
DigilibServletRequest (digilib.conf.DigilibServletRequest)1
JwtAuthenticationStore (io.jenkins.blueocean.auth.jwt.JwtAuthenticationStore)1
JwtToken (io.jenkins.blueocean.auth.jwt.JwtToken)1
SigningPublicKey (io.jenkins.blueocean.auth.jwt.SigningPublicKey)1
IOException (java.io.IOException)1
