Search in sources :

Example 11 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project tomee by apache.

the class PublicKeyAsJWKSTest method validateJWKS.

@Test
public void validateJWKS() throws Exception {
    System.setProperty(Names.VERIFIER_PUBLIC_KEY, "");
    System.setProperty(Names.VERIFIER_PUBLIC_KEY_LOCATION, "file://" + Paths.get("").toAbsolutePath().toString() + "/src/test/resources/signer-keyset4k.jwk");
    System.setProperty(Names.ISSUER, TCKConstants.TEST_ISSUER);
    final PrivateKey privateKey = TokenUtils.readPrivateKey("/privateKey4k.pem");
    final String kid = "publicKey4k";
    final String token = TokenUtils.generateTokenString(privateKey, kid, "/Token1.json", null, new HashMap<>());
    System.out.println("token = " + token);
    final JWTAuthConfigurationProperties JWTAuthConfigurationProperties = new JWTAuthConfigurationProperties();
    JWTAuthConfigurationProperties.init(null);
    final JWTAuthConfiguration jwtAuthConfiguration = JWTAuthConfigurationProperties.getJWTAuthConfiguration().orElseThrow(IllegalArgumentException::new);
    final JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder().setRequireExpirationTime().setRequireSubject().setSkipDefaultAudienceValidation().setExpectedIssuer(jwtAuthConfiguration.getIssuer()).setJwsAlgorithmConstraints(new AlgorithmConstraints(WHITELIST, RSA_USING_SHA256)).setSkipDefaultAudienceValidation().setVerificationKey(jwtAuthConfiguration.getPublicKey());
    if (jwtAuthConfiguration.getExpGracePeriodSecs() > 0) {
        jwtConsumerBuilder.setAllowedClockSkewInSeconds(jwtAuthConfiguration.getExpGracePeriodSecs());
    } else {
        jwtConsumerBuilder.setEvaluationTime(NumericDate.fromSeconds(0));
    }
    if (jwtAuthConfiguration.isSingleKey()) {
        jwtConsumerBuilder.setVerificationKey(jwtAuthConfiguration.getPublicKey());
    } else {
        jwtConsumerBuilder.setVerificationKeyResolver(new JwksVerificationKeyResolver(jwtAuthConfiguration.getPublicKeys()));
    }
    final JwtConsumer jwtConsumer = jwtConsumerBuilder.build();
    final JwtContext jwtContext = jwtConsumer.process(token);
    Assert.assertEquals(jwtContext.getJwtClaims().getStringClaimValue("upn"), "jdoe@example.com");
}
Also used : PrivateKey(java.security.PrivateKey) JWTAuthConfiguration(org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration) JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder) JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer) JwtContext(org.jose4j.jwt.consumer.JwtContext) JwksVerificationKeyResolver(org.jose4j.keys.resolvers.JwksVerificationKeyResolver) JWTAuthConfigurationProperties(org.apache.tomee.microprofile.jwt.config.JWTAuthConfigurationProperties) AlgorithmConstraints(org.jose4j.jwa.AlgorithmConstraints) Test(org.testng.annotations.Test)

Example 12 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project wildfly-swarm by wildfly-swarm.

the class JWTCredential method getName.

/**
 * This just parses the token without validation to extract one of the following in order to obtain
 * the name to be used for the principal:
 * upn
 * preferred_username
 * subject
 *
 * If there is an exception it sets the name to INVALID_TOKEN_NAME and saves the exception for access
 * via {@link #getJwtException()}
 *
 * @return the name to use for the principal
 */
public String getName() {
    if (name == null) {
        name = "INVALID_TOKEN_NAME";
        try {
            // Build a JwtConsumer that doesn't check signatures or do any validation.
            JwtConsumer firstPassJwtConsumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
            // The first JwtConsumer is basically just used to parse the JWT into a JwtContext object.
            JwtContext jwtContext = firstPassJwtConsumer.process(bearerToken);
            JwtClaims claimsSet = jwtContext.getJwtClaims();
            // We have to determine the unique name to use as the principal name. It comes from upn, preferred_username, sub in that order
            name = claimsSet.getClaimValue("upn", String.class);
            if (name == null) {
                name = claimsSet.getClaimValue("preferred_username", String.class);
                if (name == null) {
                    name = claimsSet.getSubject();
                }
            }
        } catch (Exception e) {
            jwtException = e;
        }
    }
    return name;
}
Also used : JwtClaims(org.jose4j.jwt.JwtClaims) JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder) JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer) JwtContext(org.jose4j.jwt.consumer.JwtContext)

Example 13 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project light-4j by networknt.

the class Http2ClientPoolTest method isTokenExpired.

private static boolean isTokenExpired(String authorization) {
    boolean expired = false;
    String jwt = getJwtFromAuthorization(authorization);
    if (jwt != null) {
        try {
            JwtConsumer consumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
            JwtContext jwtContext = consumer.process(jwt);
            JwtClaims jwtClaims = jwtContext.getJwtClaims();
            try {
                if ((NumericDate.now().getValue() - 60) >= jwtClaims.getExpirationTime().getValue()) {
                    expired = true;
                }
            } catch (MalformedClaimException e) {
                logger.error("MalformedClaimException:", e);
            }
        } catch (InvalidJwtException e) {
            e.printStackTrace();
        }
    }
    return expired;
}
Also used : InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException) MalformedClaimException(org.jose4j.jwt.MalformedClaimException) JwtClaims(org.jose4j.jwt.JwtClaims) JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder) JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer) JwtContext(org.jose4j.jwt.consumer.JwtContext)

Example 14 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project light-4j by networknt.

the class Http2ClientTest method isTokenExpired.

private static boolean isTokenExpired(String authorization) {
    boolean expired = false;
    String jwt = getJwtFromAuthorization(authorization);
    if (jwt != null) {
        try {
            JwtConsumer consumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
            JwtContext jwtContext = consumer.process(jwt);
            JwtClaims jwtClaims = jwtContext.getJwtClaims();
            try {
                if ((NumericDate.now().getValue() - 60) >= jwtClaims.getExpirationTime().getValue()) {
                    expired = true;
                }
            } catch (MalformedClaimException e) {
                logger.error("MalformedClaimException:", e);
            }
        } catch (InvalidJwtException e) {
            e.printStackTrace();
        }
    }
    return expired;
}
Also used : InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException) MalformedClaimException(org.jose4j.jwt.MalformedClaimException) JwtClaims(org.jose4j.jwt.JwtClaims) JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder) JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer) JwtContext(org.jose4j.jwt.consumer.JwtContext)

Example 15 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project light-4j by networknt.

the class Http2ClientPoolIT method isTokenExpired.

private static boolean isTokenExpired(String authorization) {
    boolean expired = false;
    String jwt = getJwtFromAuthorization(authorization);
    if (jwt != null) {
        try {
            JwtConsumer consumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
            JwtContext jwtContext = consumer.process(jwt);
            JwtClaims jwtClaims = jwtContext.getJwtClaims();
            try {
                if ((NumericDate.now().getValue() - 60) >= jwtClaims.getExpirationTime().getValue()) {
                    expired = true;
                }
            } catch (MalformedClaimException e) {
                logger.error("MalformedClaimException:", e);
            }
        } catch (InvalidJwtException e) {
            e.printStackTrace();
        }
    }
    return expired;
}
Also used : InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException) MalformedClaimException(org.jose4j.jwt.MalformedClaimException) JwtClaims(org.jose4j.jwt.JwtClaims) JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder) JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer) JwtContext(org.jose4j.jwt.consumer.JwtContext)

Aggregations

JwtContext (org.jose4j.jwt.consumer.JwtContext)22 JwtClaims (org.jose4j.jwt.JwtClaims)14 JwtConsumer (org.jose4j.jwt.consumer.JwtConsumer)14 InvalidJwtException (org.jose4j.jwt.consumer.InvalidJwtException)13 JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)13 MalformedClaimException (org.jose4j.jwt.MalformedClaimException)9 Test (org.junit.Test)6 AlgorithmConstraints (org.jose4j.jwa.AlgorithmConstraints)5 NumericDate (org.jose4j.jwt.NumericDate)4 JoseException (org.jose4j.lang.JoseException)3 ServiceException (io.jenkins.blueocean.commons.ServiceException)2 JWTAuthConfiguration (org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration)2 JsonWebStructure (org.jose4j.jwx.JsonWebStructure)2 JwksVerificationKeyResolver (org.jose4j.keys.resolvers.JwksVerificationKeyResolver)2 UnresolvableKeyException (org.jose4j.lang.UnresolvableKeyException)2 DigilibServletRequest (digilib.conf.DigilibServletRequest)1 JwtAuthenticationStore (io.jenkins.blueocean.auth.jwt.JwtAuthenticationStore)1 JwtToken (io.jenkins.blueocean.auth.jwt.JwtToken)1 SigningPublicKey (io.jenkins.blueocean.auth.jwt.SigningPublicKey)1 IOException (java.io.IOException)1