Examples with VerificationException org.keycloak.common.VerificationException used on opensource projects

Search in sources :

Example 6 with VerificationException

use of org.keycloak.common.VerificationException in project keycloak by keycloak.

the class RSAVerifierTest method testExpirationGood.

@Test
public void testExpirationGood() throws Exception {
    token.expiration(Time.currentTime() + 100);
    String encoded = new JWSBuilder().jsonContent(token).rsa256(idpPair.getPrivate());
    AccessToken v = null;
    try {
        v = verifySkeletonKeyToken(encoded);
    } catch (VerificationException ignored) {
        throw ignored;
    }
}
Also used : AccessToken(org.keycloak.representations.AccessToken) VerificationException(org.keycloak.common.VerificationException) JWSBuilder(org.keycloak.jose.jws.JWSBuilder) Test(org.junit.Test)

Example 7 with VerificationException

use of org.keycloak.common.VerificationException in project keycloak by keycloak.

the class RSAVerifierTest method testTokenAuth.

@Test
public void testTokenAuth() {
    token = new AccessToken();
    token.subject("CN=Client").issuer("http://localhost:8080/auth/realms/demo").addAccess("service").addRole("admin").verifyCaller(true);
    token.setEmail("bill@jboss.org");
    String encoded = new JWSBuilder().jsonContent(token).rsa256(idpPair.getPrivate());
    System.out.println("token size: " + encoded.length());
    AccessToken v = null;
    try {
        v = verifySkeletonKeyToken(encoded);
        Assert.fail();
    } catch (VerificationException ignored) {
    }
}
Also used : AccessToken(org.keycloak.representations.AccessToken) VerificationException(org.keycloak.common.VerificationException) JWSBuilder(org.keycloak.jose.jws.JWSBuilder) Test(org.junit.Test)

Example 8 with VerificationException

use of org.keycloak.common.VerificationException in project keycloak by keycloak.

the class RSAVerifierTest method testBadSignature.

@Test
public void testBadSignature() {
    String encoded = new JWSBuilder().jsonContent(token).rsa256(badPair.getPrivate());
    AccessToken v = null;
    try {
        v = verifySkeletonKeyToken(encoded);
        Assert.fail();
    } catch (VerificationException ignored) {
    }
}
Also used : AccessToken(org.keycloak.representations.AccessToken) VerificationException(org.keycloak.common.VerificationException) JWSBuilder(org.keycloak.jose.jws.JWSBuilder) Test(org.junit.Test)

Example 9 with VerificationException

use of org.keycloak.common.VerificationException in project keycloak by keycloak.

the class ClientRegistrationTokenUtils method verifyToken.

public static TokenVerification verifyToken(KeycloakSession session, RealmModel realm, String token) {
    if (token == null) {
        return TokenVerification.error(new RuntimeException("Missing token"));
    }
    String kid;
    JsonWebToken jwt;
    try {
        TokenVerifier<JsonWebToken> verifier = TokenVerifier.create(token, JsonWebToken.class).withChecks(new TokenVerifier.RealmUrlCheck(getIssuer(session, realm)), TokenVerifier.IS_ACTIVE);
        SignatureVerifierContext verifierContext = session.getProvider(SignatureProvider.class, verifier.getHeader().getAlgorithm().name()).verifier(verifier.getHeader().getKeyId());
        verifier.verifierContext(verifierContext);
        kid = verifierContext.getKid();
        verifier.verify();
        jwt = verifier.getToken();
    } catch (VerificationException e) {
        return TokenVerification.error(new RuntimeException("Failed decode token", e));
    }
    if (!(TokenUtil.TOKEN_TYPE_BEARER.equals(jwt.getType()) || TYPE_INITIAL_ACCESS_TOKEN.equals(jwt.getType()) || TYPE_REGISTRATION_ACCESS_TOKEN.equals(jwt.getType()))) {
        return TokenVerification.error(new RuntimeException("Invalid type of token"));
    }
    return TokenVerification.success(kid, jwt);
}
Also used : SignatureProvider(org.keycloak.crypto.SignatureProvider) SignatureVerifierContext(org.keycloak.crypto.SignatureVerifierContext) TokenVerifier(org.keycloak.TokenVerifier) VerificationException(org.keycloak.common.VerificationException) JsonWebToken(org.keycloak.representations.JsonWebToken)

Example 10 with VerificationException

use of org.keycloak.common.VerificationException in project keycloak by keycloak.

the class KeycloakInstalled method loginCommandLine.

/**
 * Experimental proprietary WWW-Authentication challenge protocol.
 * WWW-Authentication: X-Text-Form-Challenge callback="{url}" param="{param-name}" label="{param-display-label}"
 *
 * @param redirectUri
 * @return
 * @throws IOException
 * @throws ServerRequest.HttpFailure
 * @throws VerificationException
 */
public boolean loginCommandLine(String redirectUri) throws IOException, ServerRequest.HttpFailure, VerificationException {
    String authUrl = deployment.getAuthUrl().clone().queryParam(OAuth2Constants.RESPONSE_TYPE, OAuth2Constants.CODE).queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName()).queryParam(OAuth2Constants.REDIRECT_URI, redirectUri).queryParam("display", "console").queryParam(OAuth2Constants.SCOPE, OAuth2Constants.SCOPE_OPENID).build().toString();
    ResteasyClient client = createResteasyClient();
    try {
        // System.err.println("initial request");
        Response response = client.target(authUrl).request().get();
        while (true) {
            if (response.getStatus() == 403) {
                if (response.getMediaType() != null) {
                    String splash = response.readEntity(String.class);
                    console().writer().println(splash);
                } else {
                    System.err.println("Forbidden to login");
                }
                return false;
            } else if (response.getStatus() == 401) {
                String authenticationHeader = response.getHeaderString(HttpHeaders.WWW_AUTHENTICATE);
                if (authenticationHeader == null) {
                    System.err.println("Failure:  Invalid protocol.  No WWW-Authenticate header");
                    return false;
                }
                // System.err.println("got header: " + authenticationHeader);
                if (!authenticationHeader.contains("X-Text-Form-Challenge")) {
                    System.err.println("Failure:  Invalid WWW-Authenticate header.");
                    return false;
                }
                if (response.getMediaType() != null) {
                    String splash = response.readEntity(String.class);
                    console().writer().println(splash);
                } else {
                    response.close();
                }
                Matcher m = callbackPattern.matcher(authenticationHeader);
                if (!m.find()) {
                    System.err.println("Failure: Invalid WWW-Authenticate header.");
                    return false;
                }
                String callback = m.group(1);
                // System.err.println("callback: " + callback);
                m = paramPattern.matcher(authenticationHeader);
                Form form = new Form();
                while (m.find()) {
                    String param = m.group(1);
                    String label = m.group(2);
                    String mask = m.group(3).trim();
                    boolean maskInput = mask.equals("true");
                    String value = null;
                    if (maskInput) {
                        char[] txt = console().readPassword(label);
                        value = new String(txt);
                    } else {
                        value = console().readLine(label);
                    }
                    form.param(param, value);
                }
                response.close();
                client.close();
                client = createResteasyClient();
                response = client.target(callback).request().post(Entity.form(form));
            } else if (response.getStatus() == 302) {
                int redirectCount = 0;
                do {
                    String location = response.getLocation().toString();
                    Matcher m = codePattern.matcher(location);
                    if (!m.find()) {
                        response.close();
                        client.close();
                        client = createResteasyClient();
                        response = client.target(location).request().get();
                    } else {
                        response.close();
                        client.close();
                        String code = m.group(1);
                        processCode(code, redirectUri, null);
                        return true;
                    }
                    if (response.getStatus() == 302 && redirectCount++ > 4) {
                        System.err.println("Too many redirects.  Aborting");
                        return false;
                    }
                } while (response.getStatus() == 302);
            } else {
                System.err.println("Unknown response from server: " + response.getStatus());
                return false;
            }
        }
    } catch (Exception ex) {
        throw ex;
    } finally {
        client.close();
    }
}
Also used : AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) Response(javax.ws.rs.core.Response) ResteasyClient(org.jboss.resteasy.client.jaxrs.ResteasyClient) Matcher(java.util.regex.Matcher) Form(javax.ws.rs.core.Form) URISyntaxException(java.net.URISyntaxException) OAuthErrorException(org.keycloak.OAuthErrorException) VerificationException(org.keycloak.common.VerificationException) IOException(java.io.IOException)

Aggregations

VerificationException (org.keycloak.common.VerificationException)41 AccessToken (org.keycloak.representations.AccessToken)17 Test (org.junit.Test)8 JWSBuilder (org.keycloak.jose.jws.JWSBuilder)8 IOException (java.io.IOException)7 ClientModel (org.keycloak.models.ClientModel)7 SignatureProvider (org.keycloak.crypto.SignatureProvider)6 SignatureVerifierContext (org.keycloak.crypto.SignatureVerifierContext)6 UserSessionModel (org.keycloak.models.UserSessionModel)6 Response (javax.ws.rs.core.Response)4 OAuthErrorException (org.keycloak.OAuthErrorException)4 JWSInput (org.keycloak.jose.jws.JWSInput)4 UserModel (org.keycloak.models.UserModel)4 PublicKey (java.security.PublicKey)3 TokenVerifier (org.keycloak.TokenVerifier)3 AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)3 IDToken (org.keycloak.representations.IDToken)3 ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)3 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)3 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial