Example 26 with JWSInput
use of org.keycloak.jose.jws.JWSInput in project keycloak by keycloak.
the class AdminRoot method authenticateRealmAdminRequest.
protected AdminAuth authenticateRealmAdminRequest(HttpHeaders headers) {
String tokenString = AppAuthManager.extractAuthorizationHeaderToken(headers);
if (tokenString == null)
throw new NotAuthorizedException("Bearer");
AccessToken token;
try {
JWSInput input = new JWSInput(tokenString);
token = input.readJsonContent(AccessToken.class);
} catch (JWSInputException e) {
throw new NotAuthorizedException("Bearer token format error");
}
String realmName = token.getIssuer().substring(token.getIssuer().lastIndexOf('/') + 1);
RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.getRealmByName(realmName);
if (realm == null) {
throw new NotAuthorizedException("Unknown realm in token");
}
session.getContext().setRealm(realm);
AuthenticationManager.AuthResult authResult = new AppAuthManager.BearerTokenAuthenticator(session).setRealm(realm).setConnection(clientConnection).setHeaders(headers).authenticate();
if (authResult == null) {
logger.debug("Token not valid");
throw new NotAuthorizedException("Bearer");
}
return new AdminAuth(realm, authResult.getToken(), authResult.getUser(), authResult.getClient());
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
AuthenticationManager(org.keycloak.services.managers.AuthenticationManager)
AccessToken(org.keycloak.representations.AccessToken)
JWSInputException(org.keycloak.jose.jws.JWSInputException)
NotAuthorizedException(javax.ws.rs.NotAuthorizedException)
JWSInput(org.keycloak.jose.jws.JWSInput)
RealmManager(org.keycloak.services.managers.RealmManager)
Example 27 with JWSInput
use of org.keycloak.jose.jws.JWSInput in project keycloak by keycloak.
the class TokenSignatureUtil method verifySignature.
public static boolean verifySignature(String sigAlgName, String token, Keycloak adminClient) throws Exception {
PublicKey publicKey = getRealmPublicKey(TEST_REALM_NAME, sigAlgName, adminClient);
JWSInput jws = new JWSInput(token);
Signature verifier = getSignature(sigAlgName);
verifier.initVerify(publicKey);
verifier.update(jws.getEncodedSignatureInput().getBytes("UTF-8"));
return verifier.verify(jws.getSignature());
}Example 28 with JWSInput
use of org.keycloak.jose.jws.JWSInput in project keycloak by keycloak.
the class DefaultHostnameTest method assertTokenIssuer.
private void assertTokenIssuer(String realm, String expectedBaseUrl) throws Exception {
oauth.realm(realm);
oauth.requestHeaders(createRequestHeaders(expectedBaseUrl));
OAuthClient.AccessTokenResponse tokenResponse = oauth.doGrantAccessTokenRequest("password", "test-user@localhost", "password");
AccessToken token = new JWSInput(tokenResponse.getAccessToken()).readJsonContent(AccessToken.class);
assertEquals(expectedBaseUrl + "/realms/" + realm, token.getIssuer());
String introspection = oauth.introspectAccessTokenWithClientCredential(oauth.getClientId(), "password", tokenResponse.getAccessToken());
ObjectMapper objectMapper = new ObjectMapper();
JsonNode introspectionNode = objectMapper.readTree(introspection);
assertTrue(introspectionNode.get("active").asBoolean());
assertEquals(expectedBaseUrl + "/realms/" + realm, introspectionNode.get("iss").asText());
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
AccessToken(org.keycloak.representations.AccessToken)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
JWSInput(org.keycloak.jose.jws.JWSInput)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Example 29 with JWSInput
use of org.keycloak.jose.jws.JWSInput in project keycloak by keycloak.
the class DefaultHostnameTest method assertInitialAccessTokenFromMasterRealm.
private void assertInitialAccessTokenFromMasterRealm(Keycloak testAdminClient, String realm, String expectedBaseUrl) throws JWSInputException, ClientRegistrationException {
ClientInitialAccessCreatePresentation rep = new ClientInitialAccessCreatePresentation();
rep.setCount(1);
rep.setExpiration(10000);
ClientInitialAccessPresentation initialAccess = testAdminClient.realm(realm).clientInitialAccess().create(rep);
JsonWebToken token = new JWSInput(initialAccess.getToken()).readJsonContent(JsonWebToken.class);
assertEquals(expectedBaseUrl + "/realms/" + realm, token.getIssuer());
ClientRegistration clientReg = ClientRegistration.create().url(AUTH_SERVER_ROOT, realm).build();
clientReg.auth(Auth.token(initialAccess.getToken()));
ClientRepresentation client = new ClientRepresentation();
client.setEnabled(true);
ClientRepresentation response = clientReg.create(client);
String registrationAccessToken = response.getRegistrationAccessToken();
JsonWebToken registrationToken = new JWSInput(registrationAccessToken).readJsonContent(JsonWebToken.class);
assertEquals(expectedBaseUrl + "/realms/" + realm, registrationToken.getIssuer());
}
Also used :
ClientRegistration(org.keycloak.client.registration.ClientRegistration)
ClientInitialAccessCreatePresentation(org.keycloak.representations.idm.ClientInitialAccessCreatePresentation)
JWSInput(org.keycloak.jose.jws.JWSInput)
ClientInitialAccessPresentation(org.keycloak.representations.idm.ClientInitialAccessPresentation)
JsonWebToken(org.keycloak.representations.JsonWebToken)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Example 30 with JWSInput
use of org.keycloak.jose.jws.JWSInput in project keycloak by keycloak.
the class FixedHostnameTest method assertInitialAccessTokenFromMasterRealm.
private void assertInitialAccessTokenFromMasterRealm(Keycloak testAdminClient, String realm, String expectedBaseUrl) throws JWSInputException, ClientRegistrationException {
ClientInitialAccessCreatePresentation rep = new ClientInitialAccessCreatePresentation();
rep.setCount(1);
rep.setExpiration(10000);
ClientInitialAccessPresentation initialAccess = testAdminClient.realm(realm).clientInitialAccess().create(rep);
JsonWebToken token = new JWSInput(initialAccess.getToken()).readJsonContent(JsonWebToken.class);
assertEquals(expectedBaseUrl + "/auth/realms/" + realm, token.getIssuer());
ClientRegistration clientReg = ClientRegistration.create().url(authServerUrl, realm).build();
clientReg.auth(Auth.token(initialAccess.getToken()));
ClientRepresentation client = new ClientRepresentation();
client.setEnabled(true);
ClientRepresentation response = clientReg.create(client);
String registrationAccessToken = response.getRegistrationAccessToken();
JsonWebToken registrationToken = new JWSInput(registrationAccessToken).readJsonContent(JsonWebToken.class);
assertEquals(expectedBaseUrl + "/auth/realms/" + realm, registrationToken.getIssuer());
}
Also used :
ClientRegistration(org.keycloak.client.registration.ClientRegistration)
ClientInitialAccessCreatePresentation(org.keycloak.representations.idm.ClientInitialAccessCreatePresentation)
JWSInput(org.keycloak.jose.jws.JWSInput)
ClientInitialAccessPresentation(org.keycloak.representations.idm.ClientInitialAccessPresentation)
JsonWebToken(org.keycloak.representations.JsonWebToken)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Aggregations
JWSInput (org.keycloak.jose.jws.JWSInput)62
AccessToken (org.keycloak.representations.AccessToken)29
OAuthClient (org.keycloak.testsuite.util.OAuthClient)20
JWSInputException (org.keycloak.jose.jws.JWSInputException)16
Test (org.junit.Test)15
JWSHeader (org.keycloak.jose.jws.JWSHeader)11
Response (javax.ws.rs.core.Response)10
RefreshToken (org.keycloak.representations.RefreshToken)10
EventRepresentation (org.keycloak.representations.idm.EventRepresentation)9
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)8
IOException (java.io.IOException)7
VerificationException (org.keycloak.common.VerificationException)7
JsonWebToken (org.keycloak.representations.JsonWebToken)7
JsonNode (com.fasterxml.jackson.databind.JsonNode)5
PublicKey (java.security.PublicKey)5
AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)5
Client (javax.ws.rs.client.Client)4
IDToken (org.keycloak.representations.IDToken)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
List (java.util.List)3
