Search in sources :

Example 16 with JWSBuilder

use of org.keycloak.jose.jws.JWSBuilder in project alfresco-repository by Alfresco.

the class IdentityServiceRemoteUserMapperTest method generateToken.

/**
 * Utility method to create tokens for testing.
 *
 * @param expired Determines whether to create an expired JWT
 * @return The string representation of the JWT
 */
private String generateToken(boolean expired) throws Exception {
    String issuerUrl = this.identityServiceConfig.getAuthServerUrl() + "/realms/" + this.identityServiceConfig.getRealm();
    AccessToken token = new AccessToken();
    token.type("Bearer");
    token.id("1234");
    token.subject("abc123");
    token.issuer(issuerUrl);
    token.setPreferredUsername(TEST_USER_USERNAME);
    token.setEmail(TEST_USER_EMAIL);
    token.setGivenName("Joe");
    token.setFamilyName("Bloggs");
    if (expired) {
        token.expiration(Time.currentTime() - 60);
    }
    String jwt = new JWSBuilder().jsonContent(token).rsa256(keyPair.getPrivate());
    return jwt;
}
Also used : AccessToken(org.keycloak.representations.AccessToken) JWSBuilder(org.keycloak.jose.jws.JWSBuilder)

Example 17 with JWSBuilder

use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.

the class JWTClientSecretCredentialsProvider method createSignedRequestToken.

public String createSignedRequestToken(String clientId, String realmInfoUrl, String algorithm) {
    JsonWebToken jwt = createRequestToken(clientId, realmInfoUrl);
    String signedRequestToken = null;
    if (Algorithm.HS512.equals(algorithm)) {
        signedRequestToken = new JWSBuilder().jsonContent(jwt).hmac512(clientSecret);
    } else if (Algorithm.HS384.equals(algorithm)) {
        signedRequestToken = new JWSBuilder().jsonContent(jwt).hmac384(clientSecret);
    } else {
        signedRequestToken = new JWSBuilder().jsonContent(jwt).hmac256(clientSecret);
    }
    return signedRequestToken;
}
Also used : JsonWebToken(org.keycloak.representations.JsonWebToken) JWSBuilder(org.keycloak.jose.jws.JWSBuilder)

Example 18 with JWSBuilder

use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.

the class RefreshableKeycloakSecurityContextTest method testSerialization.

@Test
public void testSerialization() throws Exception {
    AccessToken token = createSimpleToken();
    IDToken idToken = new IDToken();
    idToken.setEmail("joe@email.cz");
    KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
    String encoded = new JWSBuilder().jsonContent(token).rsa256(keyPair.getPrivate());
    String encodedIdToken = new JWSBuilder().jsonContent(idToken).rsa256(keyPair.getPrivate());
    KeycloakDeployment keycloakDeployment = new KeycloakDeployment();
    keycloakDeployment.setNotBefore(5000);
    KeycloakSecurityContext ctx = new RefreshableKeycloakSecurityContext(keycloakDeployment, null, encoded, token, encodedIdToken, null, null);
    KeycloakPrincipal principal = new KeycloakPrincipal("joe", ctx);
    // Serialize
    ByteArrayOutputStream bso = new ByteArrayOutputStream();
    ObjectOutputStream oos = new ObjectOutputStream(bso);
    oos.writeObject(principal);
    oos.close();
    // Deserialize
    byte[] bytes = bso.toByteArray();
    ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
    ObjectInputStream ois = new ObjectInputStream(bis);
    principal = (KeycloakPrincipal) ois.readObject();
    ctx = principal.getKeycloakSecurityContext();
    token = ctx.getToken();
    idToken = ctx.getIdToken();
    System.out.println("Size of serialized principal: " + bytes.length);
    Assert.assertEquals(encoded, ctx.getTokenString());
    Assert.assertEquals(encodedIdToken, ctx.getIdTokenString());
    Assert.assertEquals("111", token.getId());
    Assert.assertEquals("111", token.getId());
    Assert.assertTrue(token.getResourceAccess("foo").isUserInRole("admin"));
    Assert.assertTrue(token.getResourceAccess("bar").isUserInRole("user"));
    Assert.assertEquals("joe@email.cz", idToken.getEmail());
    Assert.assertEquals("acme", ctx.getRealm());
    ois.close();
}
Also used : KeyPair(java.security.KeyPair) KeycloakSecurityContext(org.keycloak.KeycloakSecurityContext) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectOutputStream(java.io.ObjectOutputStream) JWSBuilder(org.keycloak.jose.jws.JWSBuilder) ByteArrayInputStream(java.io.ByteArrayInputStream) AccessToken(org.keycloak.representations.AccessToken) IDToken(org.keycloak.representations.IDToken) KeycloakPrincipal(org.keycloak.KeycloakPrincipal) ObjectInputStream(java.io.ObjectInputStream) Test(org.junit.Test)

Example 19 with JWSBuilder

use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.

the class RSAVerifierTest method testNotBeforeGood.

@Test
public void testNotBeforeGood() throws Exception {
    token.notBefore(Time.currentTime() - 100);
    String encoded = new JWSBuilder().jsonContent(token).rsa256(idpPair.getPrivate());
    AccessToken v = null;
    try {
        v = verifySkeletonKeyToken(encoded);
    } catch (VerificationException ignored) {
        throw ignored;
    }
}
Also used : AccessToken(org.keycloak.representations.AccessToken) VerificationException(org.keycloak.common.VerificationException) JWSBuilder(org.keycloak.jose.jws.JWSBuilder) Test(org.junit.Test)

Example 20 with JWSBuilder

use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.

the class SkeletonKeyTokenTest method testSerialization.

@Test
public void testSerialization() throws Exception {
    AccessToken token = createSimpleToken();
    IDToken idToken = new IDToken();
    idToken.setEmail("joe@email.cz");
    KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
    String encoded = new JWSBuilder().jsonContent(token).rsa256(keyPair.getPrivate());
    String encodedIdToken = new JWSBuilder().jsonContent(idToken).rsa256(keyPair.getPrivate());
    KeycloakSecurityContext ctx = new KeycloakSecurityContext(encoded, token, encodedIdToken, idToken);
    KeycloakPrincipal principal = new KeycloakPrincipal("joe", ctx);
    // Serialize
    ByteArrayOutputStream bso = new ByteArrayOutputStream();
    ObjectOutputStream oos = new ObjectOutputStream(bso);
    oos.writeObject(principal);
    oos.close();
    // Deserialize
    byte[] bytes = bso.toByteArray();
    ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
    ObjectInputStream ois = new ObjectInputStream(bis);
    principal = (KeycloakPrincipal) ois.readObject();
    ctx = principal.getKeycloakSecurityContext();
    token = ctx.getToken();
    idToken = ctx.getIdToken();
    System.out.println("Size of serialized principal: " + bytes.length);
    Assert.assertEquals(encoded, ctx.getTokenString());
    Assert.assertEquals(encodedIdToken, ctx.getIdTokenString());
    Assert.assertEquals("111", token.getId());
    Assert.assertEquals("111", token.getId());
    Assert.assertTrue(token.getResourceAccess("foo").isUserInRole("admin"));
    Assert.assertTrue(token.getResourceAccess("bar").isUserInRole("user"));
    Assert.assertEquals("joe@email.cz", idToken.getEmail());
    Assert.assertEquals("acme", ctx.getRealm());
    ois.close();
}
Also used : KeyPair(java.security.KeyPair) ByteArrayInputStream(java.io.ByteArrayInputStream) AccessToken(org.keycloak.representations.AccessToken) IDToken(org.keycloak.representations.IDToken) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectOutputStream(java.io.ObjectOutputStream) JWSBuilder(org.keycloak.jose.jws.JWSBuilder) ObjectInputStream(java.io.ObjectInputStream) Test(org.junit.Test)

Aggregations

JWSBuilder (org.keycloak.jose.jws.JWSBuilder)28 Test (org.junit.Test)15 AccessToken (org.keycloak.representations.AccessToken)12 VerificationException (org.keycloak.common.VerificationException)8 SignatureSignerContext (org.keycloak.crypto.SignatureSignerContext)6 KeyPair (java.security.KeyPair)5 RealmModel (org.keycloak.models.RealmModel)4 JsonWebToken (org.keycloak.representations.JsonWebToken)4 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)4 SecretKey (javax.crypto.SecretKey)3 Response (javax.ws.rs.core.Response)3 JWSInput (org.keycloak.jose.jws.JWSInput)3 AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)3 KeyManager (org.keycloak.models.KeyManager)3 KeycloakSession (org.keycloak.models.KeycloakSession)3 UserSessionModel (org.keycloak.models.UserSessionModel)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 IOException (java.io.IOException)2 ObjectInputStream (java.io.ObjectInputStream)2