Examples with Jwe org.xdi.oxauth.model.jwe.Jwe used on opensource projects

Search in sources :

Example 16 with Jwe

use of org.xdi.oxauth.model.jwe.Jwe in project oxAuth by GluuFederation.

the class EncodeClaimsInStateParameter method jwtStateAlgRSA15EncA128CBCPLUSHS256Test.

@Parameters({ "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void jwtStateAlgRSA15EncA128CBCPLUSHS256Test(final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("jwtStateAlgRSA15EncA128CBCPLUSHS256Test");
    JSONObject jwks = JwtUtil.getJSONWebKeys(clientJwksUri);
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A128CBC_PLUS_HS256, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt(jwks);
    assertNotNull(encodedState);
    System.out.println("Encrypted JWE State: " + encodedState);
    PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
    Jwe jwe = Jwe.parse(encodedState, privateKey, null);
    assertNotNull(jwe.getClaims().getClaimAsString(KID));
    assertNotNull(jwe.getClaims().getClaimAsString(RFP));
    assertNotNull(jwe.getClaims().getClaimAsString(JTI));
    assertNotNull(jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS));
    JSONObject addClaims = jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS);
    assertEquals(addClaims.getString("first_name"), "Javier");
    assertEquals(addClaims.getString("last_name"), "Rojas");
    assertEquals(addClaims.getInt("age"), 34);
    assertNotNull(addClaims.getJSONArray("more"));
    assertEquals(addClaims.getJSONArray("more").length(), 2);
}
Also used : OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) PrivateKey(java.security.PrivateKey) JSONObject(org.codehaus.jettison.json.JSONObject) Jwe(org.xdi.oxauth.model.jwe.Jwe) JwtState(org.xdi.oxauth.client.model.JwtState) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 17 with Jwe

use of org.xdi.oxauth.model.jwe.Jwe in project oxAuth by GluuFederation.

the class EncodeClaimsInStateParameter method encodeClaimsInStateParameterAlgRSA15EncA128CBCPLUSHS256.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void encodeClaimsInStateParameterAlgRSA15EncA128CBCPLUSHS256(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("encodeClaimsInStateParameterAlgRSA15EncA128CBCPLUSHS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
    assertNotNull(registerResponse.getClientId());
    assertNotNull(registerResponse.getClientSecret());
    assertNotNull(registerResponse.getRegistrationAccessToken());
    assertNotNull(registerResponse.getClientIdIssuedAt());
    assertNotNull(registerResponse.getClientSecretExpiresAt());
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(clientJwksUri);
    OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A128CBC_PLUS_HS256, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt(jwks);
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(encodedState);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation(), "The location is null");
    assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
    assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
    assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
    assertNotNull(authorizationResponse.getState(), "The state is null");
    String state = authorizationResponse.getState();
    // 3. Decrypt state
    PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
    Jwe jwe = Jwe.parse(state, privateKey, null);
    assertNotNull(jwe.getClaims().getClaimAsString(KID));
    assertNotNull(jwe.getClaims().getClaimAsString(RFP));
    assertNotNull(jwe.getClaims().getClaimAsString(JTI));
    assertNotNull(jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS));
    JSONObject addClaims = jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS);
    assertEquals(addClaims.getString("first_name"), "Javier");
    assertEquals(addClaims.getString("last_name"), "Rojas");
    assertEquals(addClaims.getInt("age"), 34);
    assertNotNull(addClaims.getJSONArray("more"));
    assertEquals(addClaims.getJSONArray("more").length(), 2);
}
Also used : PrivateKey(java.security.PrivateKey) ResponseType(org.xdi.oxauth.model.common.ResponseType) OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) JSONObject(org.codehaus.jettison.json.JSONObject) Jwe(org.xdi.oxauth.model.jwe.Jwe) JwtState(org.xdi.oxauth.client.model.JwtState) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 18 with Jwe

use of org.xdi.oxauth.model.jwe.Jwe in project oxAuth by GluuFederation.

the class EncodeClaimsInStateParameter method jwtStateAlgA128KWEncA128GCMTest.

@Test
public void jwtStateAlgA128KWEncA128GCMTest() throws Exception {
    showTitle("jwtStateAlgA128KWEncA128GCMTest");
    String sharedKey = "shared_key";
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(KeyEncryptionAlgorithm.A128KW, BlockEncryptionAlgorithm.A128GCM, sharedKey);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    assertNotNull(encodedState);
    System.out.println("Encrypted JWE State: " + encodedState);
    Jwe jwe = Jwe.parse(encodedState, null, sharedKey.getBytes());
    assertNotNull(jwe.getClaims().getClaimAsString(RFP));
    assertNotNull(jwe.getClaims().getClaimAsString(JTI));
    assertNotNull(jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS));
    JSONObject addClaims = jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS);
    assertEquals(addClaims.getString("first_name"), "Javier");
    assertEquals(addClaims.getString("last_name"), "Rojas");
    assertEquals(addClaims.getInt("age"), 34);
    assertNotNull(addClaims.getJSONArray("more"));
    assertEquals(addClaims.getJSONArray("more").length(), 2);
}
Also used : JSONObject(org.codehaus.jettison.json.JSONObject) Jwe(org.xdi.oxauth.model.jwe.Jwe) JwtState(org.xdi.oxauth.client.model.JwtState) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 19 with Jwe

use of org.xdi.oxauth.model.jwe.Jwe in project oxAuth by GluuFederation.

the class TokenEncryptionHttpTest method requestIdTokenAlgA128KWEncA128GCM.

@Parameters({ "userId", "userSecret", "redirectUris", "sectorIdentifierUri" })
@Test
public void requestIdTokenAlgA128KWEncA128GCM(final String userId, final String userSecret, final String redirectUris, final String sectorIdentifierUri) {
    try {
        showTitle("requestIdTokenAlgA128KWEncA128GCM");
        // 1. Dynamic Client Registration
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.A128KW);
        registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A128GCM);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse response = registerClient.exec();
        showClient(registerClient);
        assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
        assertNotNull(response.getClientId());
        assertNotNull(response.getClientSecret());
        assertNotNull(response.getRegistrationAccessToken());
        assertNotNull(response.getClientSecretExpiresAt());
        String clientId = response.getClientId();
        String clientSecret = response.getClientSecret();
        // 2. Request authorization
        TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
        tokenRequest.setUsername(userId);
        tokenRequest.setPassword(userSecret);
        tokenRequest.setScope("openid");
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        TokenResponse tokenResponse = tokenClient.exec();
        showClient(tokenClient);
        assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
        assertNotNull(tokenResponse.getEntity(), "The entity is null");
        assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
        assertNotNull(tokenResponse.getTokenType(), "The token type is null");
        assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
        assertNotNull(tokenResponse.getScope(), "The scope is null");
        assertNotNull(tokenResponse.getIdToken(), "The id token is null");
        String idToken = tokenResponse.getIdToken();
        // 3. Read Encrypted ID Token
        Jwe jwe = Jwe.parse(idToken, null, clientSecret.getBytes(Util.UTF8_STRING_ENCODING));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
    } catch (Exception ex) {
        fail(ex.getMessage(), ex);
    }
}
Also used : Jwe(org.xdi.oxauth.model.jwe.Jwe) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 20 with Jwe

use of org.xdi.oxauth.model.jwe.Jwe in project oxAuth by GluuFederation.

the class TokenEncryptionHttpTest method requestIdTokenAlgRSA15EncA256CBCPLUSHS512.

@Parameters({ "userId", "userSecret", "redirectUris", "clientJwksUri", "RS256_keyId", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void requestIdTokenAlgRSA15EncA256CBCPLUSHS512(final String userId, final String userSecret, final String redirectUris, final String jwksUri, final String keyId, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) {
    try {
        showTitle("requestIdTokenAlgRSA15EncA256CBCPLUSHS512");
        // 1. Dynamic Client Registration
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
        registerRequest.setJwksUri(jwksUri);
        registerRequest.setIdTokenEncryptedResponseAlg(KeyEncryptionAlgorithm.RSA1_5);
        registerRequest.setIdTokenEncryptedResponseEnc(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
        registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
        registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
        RegisterClient registerClient = new RegisterClient(registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse response = registerClient.exec();
        showClient(registerClient);
        assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
        assertNotNull(response.getClientId());
        assertNotNull(response.getClientSecret());
        assertNotNull(response.getRegistrationAccessToken());
        assertNotNull(response.getClientSecretExpiresAt());
        String clientId = response.getClientId();
        String clientSecret = response.getClientSecret();
        // 2. Request authorization
        TokenRequest tokenRequest = new TokenRequest(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
        tokenRequest.setUsername(userId);
        tokenRequest.setPassword(userSecret);
        tokenRequest.setScope("openid");
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        TokenClient tokenClient = new TokenClient(tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        TokenResponse tokenResponse = tokenClient.exec();
        showClient(tokenClient);
        assertEquals(tokenResponse.getStatus(), 200, "Unexpected response code: " + tokenResponse.getStatus());
        assertNotNull(tokenResponse.getEntity(), "The entity is null");
        assertNotNull(tokenResponse.getAccessToken(), "The access token is null");
        assertNotNull(tokenResponse.getTokenType(), "The token type is null");
        assertNotNull(tokenResponse.getRefreshToken(), "The refresh token is null");
        assertNotNull(tokenResponse.getScope(), "The scope is null");
        assertNotNull(tokenResponse.getIdToken(), "The id token is null");
        String idToken = tokenResponse.getIdToken();
        // 3. Read Encrypted ID Token
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, null);
        PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
        Jwe jwe = Jwe.parse(idToken, privateKey, null);
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.TYPE));
        assertNotNull(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
        assertNotNull(jwe.getClaims().getClaimAsString(JwtClaimName.OX_OPENID_CONNECT_VERSION));
    } catch (Exception ex) {
        fail(ex.getMessage(), ex);
    }
}
Also used : OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) PrivateKey(java.security.PrivateKey) Jwe(org.xdi.oxauth.model.jwe.Jwe) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Aggregations

Jwe (org.xdi.oxauth.model.jwe.Jwe)24 Test (org.testng.annotations.Test)21 BaseTest (org.xdi.oxauth.BaseTest)21 Parameters (org.testng.annotations.Parameters)19 JSONObject (org.codehaus.jettison.json.JSONObject)13 OxAuthCryptoProvider (org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)13 PrivateKey (java.security.PrivateKey)12 ResponseType (org.xdi.oxauth.model.common.ResponseType)11 JwtState (org.xdi.oxauth.client.model.JwtState)10 JSONArray (org.codehaus.jettison.json.JSONArray)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 PublicKey (java.security.PublicKey)2 GluuAttribute (org.xdi.model.GluuAttribute)2 Claim (org.xdi.oxauth.model.authorize.Claim)2 AbstractCryptoProvider (org.xdi.oxauth.model.crypto.AbstractCryptoProvider)2 InvalidJweException (org.xdi.oxauth.model.exception.InvalidJweException)2 JweEncrypter (org.xdi.oxauth.model.jwe.JweEncrypter)2 JweEncrypterImpl (org.xdi.oxauth.model.jwe.JweEncrypterImpl)2 JwtSubClaimObject (org.xdi.oxauth.model.jwt.JwtSubClaimObject)2 PairwiseIdentifier (org.xdi.oxauth.model.ldap.PairwiseIdentifier)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial