Example 26 with JWSBuilder
use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.
the class ClientAuthSignedJWTTest method createSignledRequestToken.
private String createSignledRequestToken(PrivateKey privateKey, PublicKey publicKey, String algorithm, JsonWebToken jwt) {
String kid = KeyUtils.createKeyId(publicKey);
SignatureSignerContext signer = oauth.createSigner(privateKey, kid, algorithm);
String ret = new JWSBuilder().kid(kid).jsonContent(jwt).sign(signer);
return ret;
}
Also used :
SignatureSignerContext(org.keycloak.crypto.SignatureSignerContext)
JWSBuilder(org.keycloak.jose.jws.JWSBuilder)
Example 27 with JWSBuilder
use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.
the class AuthUtil method getSignedRequestToken.
public static String getSignedRequestToken(String keystore, String storePass, String keyPass, String alias, int sigLifetime, String clientId, String realmInfoUrl) {
KeyPair keypair = KeystoreUtil.loadKeyPairFromKeystore(keystore, storePass, keyPass, alias, KeystoreUtil.KeystoreFormat.JKS);
JsonWebToken reqToken = new JsonWebToken();
reqToken.id(UUID.randomUUID().toString());
reqToken.issuer(clientId);
reqToken.subject(clientId);
reqToken.audience(realmInfoUrl);
int now = Time.currentTime();
reqToken.issuedAt(now);
reqToken.expiration(now + sigLifetime);
reqToken.notBefore(now);
String signedRequestToken = new JWSBuilder().jsonContent(reqToken).rsa256(keypair.getPrivate());
return signedRequestToken;
}
Also used :
KeyPair(java.security.KeyPair)
JsonWebToken(org.keycloak.representations.JsonWebToken)
JWSBuilder(org.keycloak.jose.jws.JWSBuilder)
Example 28 with JWSBuilder
use of org.keycloak.jose.jws.JWSBuilder in project keycloak by keycloak.
the class ClientRegistrationTokenUtils method updateTokenSignature.
public static String updateTokenSignature(KeycloakSession session, ClientRegistrationAuth auth) {
String algorithm = session.tokens().signatureAlgorithm(TokenCategory.INTERNAL);
SignatureSignerContext signer = session.getProvider(SignatureProvider.class, algorithm).signer();
if (signer.getKid().equals(auth.getKid())) {
return auth.getToken();
} else {
RegistrationAccessToken regToken = new RegistrationAccessToken();
regToken.setRegistrationAuth(auth.getRegistrationAuth().toString().toLowerCase());
regToken.type(auth.getJwt().getType());
regToken.id(auth.getJwt().getId());
regToken.issuedAt(Time.currentTime());
regToken.expiration(0);
regToken.issuer(auth.getJwt().getIssuer());
regToken.audience(auth.getJwt().getIssuer());
String token = new JWSBuilder().jsonContent(regToken).sign(signer);
return token;
}
}
Also used :
SignatureProvider(org.keycloak.crypto.SignatureProvider)
SignatureSignerContext(org.keycloak.crypto.SignatureSignerContext)
JWSBuilder(org.keycloak.jose.jws.JWSBuilder)
Aggregations
JWSBuilder (org.keycloak.jose.jws.JWSBuilder)28
Test (org.junit.Test)15
AccessToken (org.keycloak.representations.AccessToken)12
VerificationException (org.keycloak.common.VerificationException)8
SignatureSignerContext (org.keycloak.crypto.SignatureSignerContext)6
KeyPair (java.security.KeyPair)5
RealmModel (org.keycloak.models.RealmModel)4
JsonWebToken (org.keycloak.representations.JsonWebToken)4
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)4
SecretKey (javax.crypto.SecretKey)3
Response (javax.ws.rs.core.Response)3
JWSInput (org.keycloak.jose.jws.JWSInput)3
AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)3
KeyManager (org.keycloak.models.KeyManager)3
KeycloakSession (org.keycloak.models.KeycloakSession)3
UserSessionModel (org.keycloak.models.UserSessionModel)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
IOException (java.io.IOException)2
ObjectInputStream (java.io.ObjectInputStream)2
