Examples with Jwe org.xdi.oxauth.model.jwe.Jwe used on opensource projects

Search in sources :

Example 6 with Jwe

use of org.xdi.oxauth.model.jwe.Jwe in project oxAuth by GluuFederation.

the class EncodeClaimsInStateParameter method jwtStateAlgRSA15EncA256CBCPLUSHS512Test.

@Parameters({ "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void jwtStateAlgRSA15EncA256CBCPLUSHS512Test(final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("jwtStateAlgRSA15EncA256CBCPLUSHS512Test");
    JSONObject jwks = JwtUtil.getJSONWebKeys(clientJwksUri);
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A256CBC_PLUS_HS512, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt(jwks);
    assertNotNull(encodedState);
    System.out.println("Encrypted JWE State: " + encodedState);
    PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
    Jwe jwe = Jwe.parse(encodedState, privateKey, null);
    assertNotNull(jwe.getClaims().getClaimAsString(KID));
    assertNotNull(jwe.getClaims().getClaimAsString(RFP));
    assertNotNull(jwe.getClaims().getClaimAsString(JTI));
    assertNotNull(jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS));
    JSONObject addClaims = jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS);
    assertEquals(addClaims.getString("first_name"), "Javier");
    assertEquals(addClaims.getString("last_name"), "Rojas");
    assertEquals(addClaims.getInt("age"), 34);
    assertNotNull(addClaims.getJSONArray("more"));
    assertEquals(addClaims.getJSONArray("more").length(), 2);
}
Also used : OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) PrivateKey(java.security.PrivateKey) JSONObject(org.codehaus.jettison.json.JSONObject) Jwe(org.xdi.oxauth.model.jwe.Jwe) JwtState(org.xdi.oxauth.client.model.JwtState) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 7 with Jwe

use of org.xdi.oxauth.model.jwe.Jwe in project oxAuth by GluuFederation.

the class EncodeClaimsInStateParameter method jwtStateAlgA256KWEncA256GCMTest.

@Test
public void jwtStateAlgA256KWEncA256GCMTest() throws Exception {
    showTitle("jwtStateAlgA256KWEncA256GCMTest");
    String sharedKey = "shared_key";
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(KeyEncryptionAlgorithm.A256KW, BlockEncryptionAlgorithm.A256GCM, sharedKey);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    assertNotNull(encodedState);
    System.out.println("Encrypted JWE State: " + encodedState);
    Jwe jwe = Jwe.parse(encodedState, null, sharedKey.getBytes());
    assertNotNull(jwe.getClaims().getClaimAsString(RFP));
    assertNotNull(jwe.getClaims().getClaimAsString(JTI));
    assertNotNull(jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS));
    JSONObject addClaims = jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS);
    assertEquals(addClaims.getString("first_name"), "Javier");
    assertEquals(addClaims.getString("last_name"), "Rojas");
    assertEquals(addClaims.getInt("age"), 34);
    assertNotNull(addClaims.getJSONArray("more"));
    assertEquals(addClaims.getJSONArray("more").length(), 2);
}
Also used : JSONObject(org.codehaus.jettison.json.JSONObject) Jwe(org.xdi.oxauth.model.jwe.Jwe) JwtState(org.xdi.oxauth.client.model.JwtState) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 8 with Jwe

use of org.xdi.oxauth.model.jwe.Jwe in project oxAuth by GluuFederation.

the class CanProvideEncryptedIdTokenResponse method canProvideEncryptedIdTokenResponseAlgA128KWEncA128GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void canProvideEncryptedIdTokenResponseAlgA128KWEncA128GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) {
    try {
        showTitle("OC5:FeatureTest-Can Provide Encrypted ID Token Response A128KW A128GCM");
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
        // 1. Register client
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setResponseTypes(responseTypes);
        registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.A128KW);
        registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128GCM);
        registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse registerResponse = registerClient.exec();
        showClient(registerClient);
        assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
        assertNotNull(registerResponse.getClientId());
        assertNotNull(registerResponse.getClientSecret());
        assertNotNull(registerResponse.getRegistrationAccessToken());
        assertNotNull(registerResponse.getClientIdIssuedAt());
        assertNotNull(registerResponse.getClientSecretExpiresAt());
        String clientId = registerResponse.getClientId();
        String clientSecret = registerResponse.getClientSecret();
        // 2. Request authorization
        List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
        String nonce = UUID.randomUUID().toString();
        String state = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        authorizationRequest.setState(state);
        AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
        authorizeClient.setRequest(authorizationRequest);
        AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
        assertNotNull(authorizationResponse.getLocation(), "The location is null");
        assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
        assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
        assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
        assertNotNull(authorizationResponse.getState(), "The state is null");
        String idToken = authorizationResponse.getIdToken();
        // 3. Read Encrypted ID Token
        Jwe jwe = Jwe.parse(idToken, null, clientSecret.getBytes(Util.UTF8_STRING_ENCODING));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    } catch (Exception ex) {
        fail(ex.getMessage(), ex);
    }
}
Also used : Jwe(org.xdi.oxauth.model.jwe.Jwe) ResponseType(org.xdi.oxauth.model.common.ResponseType) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 9 with Jwe

use of org.xdi.oxauth.model.jwe.Jwe in project oxAuth by GluuFederation.

the class CanProvideEncryptedIdTokenResponse method canProvideEncryptedIdTokenResponseAlgRSAOAEPEncA256GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS256_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void canProvideEncryptedIdTokenResponseAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) {
    try {
        showTitle("OC5:FeatureTest-Can Provide Encrypted ID Token Response RSA_OAEP A256GCM");
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
        // 1. Register client
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setResponseTypes(responseTypes);
        registerRequest.setJwksUri(jwksUri);
        registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA_OAEP);
        registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256GCM);
        registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse registerResponse = registerClient.exec();
        showClient(registerClient);
        assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
        assertNotNull(registerResponse.getClientId());
        assertNotNull(registerResponse.getClientSecret());
        assertNotNull(registerResponse.getRegistrationAccessToken());
        assertNotNull(registerResponse.getClientIdIssuedAt());
        assertNotNull(registerResponse.getClientSecretExpiresAt());
        String clientId = registerResponse.getClientId();
        // 2. Request authorization
        List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
        String nonce = UUID.randomUUID().toString();
        String state = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        authorizationRequest.setState(state);
        AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
        authorizeClient.setRequest(authorizationRequest);
        AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
        assertNotNull(authorizationResponse.getLocation(), "The location is null");
        assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
        assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
        assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
        assertNotNull(authorizationResponse.getState(), "The state is null");
        String idToken = authorizationResponse.getIdToken();
        // 3. Read Encrypted ID Token
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
        PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
        Jwe jwe = Jwe.parse(idToken, privateKey, null);
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    } catch (Exception ex) {
        fail(ex.getMessage(), ex);
    }
}
Also used : PrivateKey(java.security.PrivateKey) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) Jwe(org.xdi.oxauth.model.jwe.Jwe) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 10 with Jwe

use of org.xdi.oxauth.model.jwe.Jwe in project oxAuth by GluuFederation.

the class CanProvideEncryptedIdTokenResponse method canProvideEncryptedIdTokenResponseAlgRSA15EncA128CBCPLUSHS256.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS256_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void canProvideEncryptedIdTokenResponseAlgRSA15EncA128CBCPLUSHS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) {
    try {
        showTitle("OC5:FeatureTest-Can Provide Encrypted ID Token Response RSA1_5 A128CBC_PLUS_HS256");
        List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
        // 1. Register client
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setResponseTypes(responseTypes);
        registerRequest.setJwksUri(jwksUri);
        registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
        registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
        registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse registerResponse = registerClient.exec();
        showClient(registerClient);
        assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
        assertNotNull(registerResponse.getClientId());
        assertNotNull(registerResponse.getClientSecret());
        assertNotNull(registerResponse.getRegistrationAccessToken());
        assertNotNull(registerResponse.getClientIdIssuedAt());
        assertNotNull(registerResponse.getClientSecretExpiresAt());
        String clientId = registerResponse.getClientId();
        // 2. Request authorization
        List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
        String nonce = UUID.randomUUID().toString();
        String state = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
        authorizationRequest.setState(state);
        AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
        authorizeClient.setRequest(authorizationRequest);
        AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
        assertNotNull(authorizationResponse.getLocation(), "The location is null");
        assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
        assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
        assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
        assertNotNull(authorizationResponse.getState(), "The state is null");
        String idToken = authorizationResponse.getIdToken();
        // 3. Read Encrypted ID Token
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
        PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
        Jwe jwe = Jwe.parse(idToken, privateKey, null);
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
    } catch (Exception ex) {
        fail(ex.getMessage(), ex);
    }
}
Also used : PrivateKey(java.security.PrivateKey) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) Jwe(org.xdi.oxauth.model.jwe.Jwe) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Aggregations

Jwe (org.xdi.oxauth.model.jwe.Jwe)24 Test (org.testng.annotations.Test)21 BaseTest (org.xdi.oxauth.BaseTest)21 Parameters (org.testng.annotations.Parameters)19 JSONObject (org.codehaus.jettison.json.JSONObject)13 OxAuthCryptoProvider (org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)13 PrivateKey (java.security.PrivateKey)12 ResponseType (org.xdi.oxauth.model.common.ResponseType)11 JwtState (org.xdi.oxauth.client.model.JwtState)10 JSONArray (org.codehaus.jettison.json.JSONArray)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 PublicKey (java.security.PublicKey)2 GluuAttribute (org.xdi.model.GluuAttribute)2 Claim (org.xdi.oxauth.model.authorize.Claim)2 AbstractCryptoProvider (org.xdi.oxauth.model.crypto.AbstractCryptoProvider)2 InvalidJweException (org.xdi.oxauth.model.exception.InvalidJweException)2 JweEncrypter (org.xdi.oxauth.model.jwe.JweEncrypter)2 JweEncrypterImpl (org.xdi.oxauth.model.jwe.JweEncrypterImpl)2 JwtSubClaimObject (org.xdi.oxauth.model.jwt.JwtSubClaimObject)2 PairwiseIdentifier (org.xdi.oxauth.model.ldap.PairwiseIdentifier)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial