Java Code Examples for org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm#NONE

The following examples show how to use org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm#NONE . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OidcUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up 
private static String calculateHash(String value, SignatureAlgorithm sigAlgo) {
    if (sigAlgo == SignatureAlgorithm.NONE) {
        throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
    }
    String algoShaSizeString = sigAlgo.getJwaName().substring(2);
    String javaShaAlgo = "SHA-" + algoShaSizeString;
    int algoShaSize = Integer.parseInt(algoShaSizeString);
    int valueHashSize = (algoShaSize / 8) / 2;
    try {
        byte[] atBytes = StringUtils.toBytesASCII(value);
        byte[] digest = MessageDigestUtils.createDigest(atBytes,  javaShaAlgo);
        return Base64UrlUtility.encodeChunk(digest, 0, valueHashSize);
    } catch (NoSuchAlgorithmException ex) {
        throw new OAuthServiceException(ex);
    }
}
Example 2
Source File: JWTITCase.java    From syncope with Apache License 2.0 5 votes vote down vote up 
@Test
public void noneSignature() throws ParseException {
    // Get an initial token
    SyncopeClient localClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD);
    AccessTokenService accessTokenService = localClient.getService(AccessTokenService.class);

    Response response = accessTokenService.login();
    String token = response.getHeaderString(RESTHeaders.TOKEN);
    assertNotNull(token);
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
    String tokenId = consumer.getJwtClaims().getTokenId();

    // Create a new token using the Id of the first token
    JwtClaims jwtClaims = new JwtClaims();
    jwtClaims.setTokenId(tokenId);
    jwtClaims.setSubject(consumer.getJwtClaims().getSubject());
    jwtClaims.setIssuedAt(consumer.getJwtClaims().getIssuedAt());
    jwtClaims.setIssuer(consumer.getJwtClaims().getIssuer());
    jwtClaims.setExpiryTime(consumer.getJwtClaims().getExpiryTime());
    jwtClaims.setNotBefore(consumer.getJwtClaims().getNotBefore());

    JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.NONE);
    JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
    JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);

    JwsSignatureProvider noneJwsSignatureProvider = new NoneJwsSignatureProvider();
    String signed = producer.signWith(noneJwsSignatureProvider);

    SyncopeClient jwtClient = clientFactory.create(signed);
    UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class);
    try {
        jwtUserSelfService.read();
        fail("Failure expected on no signature");
    } catch (AccessControlException ex) {
        // expected
    }
}
Example 3
Source File: NoneJwsSignatureVerifier.java    From cxf with Apache License 2.0 4 votes vote down vote up 
@Override
public SignatureAlgorithm getAlgorithm() {
    return SignatureAlgorithm.NONE;
}
Example 4
Source File: JwsCompactProducer.java    From cxf with Apache License 2.0 4 votes vote down vote up 
public boolean isPlainText() {
    return SignatureAlgorithm.NONE == getAlgorithm();
}
Example 5
Source File: NoneJwsSignatureProvider.java    From cxf with Apache License 2.0 4 votes vote down vote up 
@Override
public SignatureAlgorithm getAlgorithm() {
    return SignatureAlgorithm.NONE;
}
Example 6
Source File: IdTokenResponseFilter.java    From cxf with Apache License 2.0 4 votes vote down vote up 
private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
    String rType = st.getResponseType();
    boolean atHashRequired = idToken.getAccessTokenHash() == null
        && (rType == null || !rType.equals(OidcUtils.ID_TOKEN_RESPONSE_TYPE));
    boolean cHashRequired = idToken.getAuthorizationCodeHash() == null
        && rType != null
        && (rType.equals(OidcUtils.CODE_ID_TOKEN_AT_RESPONSE_TYPE)
            || rType.equals(OidcUtils.CODE_ID_TOKEN_RESPONSE_TYPE));

    Message m = JAXRSUtils.getCurrentMessage();
    if (atHashRequired || cHashRequired) {
        Properties props = JwsUtils.loadSignatureOutProperties(false);
        final SignatureAlgorithm sigAlgo;
        if (super.isSignWithClientSecret()) {
            sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props);
        } else {
            sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256);
        }
        if (sigAlgo != SignatureAlgorithm.NONE) {
            if (atHashRequired) {
                String tokenKey = st.getEncodedToken() != null ? st.getEncodedToken() : st.getTokenKey();
                String atHash = OidcUtils.calculateAccessTokenHash(tokenKey, sigAlgo);
                idToken.setAccessTokenHash(atHash);
            }
            if (cHashRequired) {
                // c_hash can be returned from either Authorization or Token endpoints
                String code;
                if (st.getGrantCode() != null) {
                    // This is a token endpoint, the code has been exchanged for a token
                    code = st.getGrantCode();
                } else {
                    // Authorization endpoint: hybrid flow, implicit part
                    code = (String)m.getExchange().get(OAuthConstants.AUTHORIZATION_CODE_VALUE);
                }
                if (code != null) {
                    idToken.setAuthorizationCodeHash(OidcUtils.calculateAuthorizationCodeHash(code, sigAlgo));
                }
            }
        }
    }

    if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) {
        idToken.setNonce((String)m.getExchange().get(OAuthConstants.NONCE));
    } else if (st.getNonce() != null) {
        idToken.setNonce(st.getNonce());
    }

}