use of org.keycloak.jose.jws.JWSBuilder in project alfresco-repository by Alfresco.
the class IdentityServiceRemoteUserMapperTest method generateToken.
/**
* Utility method to create tokens for testing.
*
* @param expired Determines whether to create an expired JWT
* @return The string representation of the JWT
*/
private String generateToken(boolean expired) throws Exception {
String issuerUrl = this.identityServiceConfig.getAuthServerUrl() + "/realms/" + this.identityServiceConfig.getRealm();
AccessToken token = new AccessToken();
token.type("Bearer");
token.id("1234");
token.subject("abc123");
token.issuer(issuerUrl);
token.setPreferredUsername(TEST_USER_USERNAME);
token.setEmail(TEST_USER_EMAIL);
token.setGivenName("Joe");
token.setFamilyName("Bloggs");
if (expired) {
token.expiration(Time.currentTime() - 60);
}
String jwt = new JWSBuilder().jsonContent(token).rsa256(keyPair.getPrivate());
return jwt;
}
use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.
the class JWTClientSecretCredentialsProvider method createSignedRequestToken.
public String createSignedRequestToken(String clientId, String realmInfoUrl, String algorithm) {
JsonWebToken jwt = createRequestToken(clientId, realmInfoUrl);
String signedRequestToken = null;
if (Algorithm.HS512.equals(algorithm)) {
signedRequestToken = new JWSBuilder().jsonContent(jwt).hmac512(clientSecret);
} else if (Algorithm.HS384.equals(algorithm)) {
signedRequestToken = new JWSBuilder().jsonContent(jwt).hmac384(clientSecret);
} else {
signedRequestToken = new JWSBuilder().jsonContent(jwt).hmac256(clientSecret);
}
return signedRequestToken;
}
use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.
the class RefreshableKeycloakSecurityContextTest method testSerialization.
@Test
public void testSerialization() throws Exception {
AccessToken token = createSimpleToken();
IDToken idToken = new IDToken();
idToken.setEmail("joe@email.cz");
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
String encoded = new JWSBuilder().jsonContent(token).rsa256(keyPair.getPrivate());
String encodedIdToken = new JWSBuilder().jsonContent(idToken).rsa256(keyPair.getPrivate());
KeycloakDeployment keycloakDeployment = new KeycloakDeployment();
keycloakDeployment.setNotBefore(5000);
KeycloakSecurityContext ctx = new RefreshableKeycloakSecurityContext(keycloakDeployment, null, encoded, token, encodedIdToken, null, null);
KeycloakPrincipal principal = new KeycloakPrincipal("joe", ctx);
// Serialize
ByteArrayOutputStream bso = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(bso);
oos.writeObject(principal);
oos.close();
// Deserialize
byte[] bytes = bso.toByteArray();
ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bis);
principal = (KeycloakPrincipal) ois.readObject();
ctx = principal.getKeycloakSecurityContext();
token = ctx.getToken();
idToken = ctx.getIdToken();
System.out.println("Size of serialized principal: " + bytes.length);
Assert.assertEquals(encoded, ctx.getTokenString());
Assert.assertEquals(encodedIdToken, ctx.getIdTokenString());
Assert.assertEquals("111", token.getId());
Assert.assertEquals("111", token.getId());
Assert.assertTrue(token.getResourceAccess("foo").isUserInRole("admin"));
Assert.assertTrue(token.getResourceAccess("bar").isUserInRole("user"));
Assert.assertEquals("joe@email.cz", idToken.getEmail());
Assert.assertEquals("acme", ctx.getRealm());
ois.close();
}
use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.
the class RSAVerifierTest method testNotBeforeGood.
@Test
public void testNotBeforeGood() throws Exception {
token.notBefore(Time.currentTime() - 100);
String encoded = new JWSBuilder().jsonContent(token).rsa256(idpPair.getPrivate());
AccessToken v = null;
try {
v = verifySkeletonKeyToken(encoded);
} catch (VerificationException ignored) {
throw ignored;
}
}
use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.
the class SkeletonKeyTokenTest method testSerialization.
@Test
public void testSerialization() throws Exception {
AccessToken token = createSimpleToken();
IDToken idToken = new IDToken();
idToken.setEmail("joe@email.cz");
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
String encoded = new JWSBuilder().jsonContent(token).rsa256(keyPair.getPrivate());
String encodedIdToken = new JWSBuilder().jsonContent(idToken).rsa256(keyPair.getPrivate());
KeycloakSecurityContext ctx = new KeycloakSecurityContext(encoded, token, encodedIdToken, idToken);
KeycloakPrincipal principal = new KeycloakPrincipal("joe", ctx);
// Serialize
ByteArrayOutputStream bso = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(bso);
oos.writeObject(principal);
oos.close();
// Deserialize
byte[] bytes = bso.toByteArray();
ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bis);
principal = (KeycloakPrincipal) ois.readObject();
ctx = principal.getKeycloakSecurityContext();
token = ctx.getToken();
idToken = ctx.getIdToken();
System.out.println("Size of serialized principal: " + bytes.length);
Assert.assertEquals(encoded, ctx.getTokenString());
Assert.assertEquals(encodedIdToken, ctx.getIdTokenString());
Assert.assertEquals("111", token.getId());
Assert.assertEquals("111", token.getId());
Assert.assertTrue(token.getResourceAccess("foo").isUserInRole("admin"));
Assert.assertTrue(token.getResourceAccess("bar").isUserInRole("user"));
Assert.assertEquals("joe@email.cz", idToken.getEmail());
Assert.assertEquals("acme", ctx.getRealm());
ois.close();
}
Aggregations