io.jsonwebtoken.security.SecurityException Java Examples

The following examples show how to use io.jsonwebtoken.security.SecurityException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: OpenIdSigningKeyResolver.java    From line-sdk-android with Apache License 2.0 6 votes vote down vote up
private Key resolveSigningKey(final JwsHeader header) {
    final LineApiResponse<JWKSet> response = apiClient.getJWKSet();
    if (!response.isSuccess()) {
        Log.e(TAG, "failed to get LINE JSON Web Key Set [JWK] document.");

        return null;
    }

    final JWKSet jwkSet = response.getResponseData();

    final String keyId = header.getKeyId();
    final JWK jwk = jwkSet.getJWK(keyId);
    if (jwk == null) {
        Log.e(TAG, "failed to find Key by Id: " + keyId);

        return null;
    }

    final String algorithm = header.getAlgorithm();
    final SignatureAlgorithm alg = SignatureAlgorithm.forName(algorithm);
    if (alg.isEllipticCurve()) {
        return generateECPublicKey(jwk);
    }

    throw new SecurityException("Unsupported signature algorithm '" + algorithm + '\'');
}
 
Example #2
Source File: FederatedJwtAuthenticator.java    From trellis with Apache License 2.0 6 votes vote down vote up
@Override
public Claims parse(final String credentials) {
    // Parse the JWT claims
    return Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() {
        @Override
        public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
            if (header.getKeyId() == null) {
                throw new JwtException("Missing Key ID (kid) header field");
            }
            try {
                if (keyIds.contains(header.getKeyId()) && keyStore.containsAlias(header.getKeyId())) {
                    return keyStore.getCertificate(header.getKeyId()).getPublicKey();
                }
            } catch (final KeyStoreException ex) {
                throw new SecurityException("Error retrieving key from keystore", ex);
            }
            throw new SecurityException("Could not locate key in keystore: " + header.getKeyId());
        }
    }).build().parseClaimsJws(credentials).getBody();
}
 
Example #3
Source File: JwksAuthenticator.java    From trellis with Apache License 2.0 6 votes vote down vote up
@Override
public Claims parse(final String token) {
    return Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() {
        @Override
        public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
            final String keyid = header.getKeyId();
            if (keyid == null) {
                throw new JwtException("Missing Key ID (kid) header field");
            }
            if (keys.containsKey(keyid)) {
                return keys.get(keyid);
            }
            throw new SecurityException("Could not locate key: " + keyid);
        }
    }).build().parseClaimsJws(token).getBody();
}
 
Example #4
Source File: FederatedJwtAuthenticatorTest.java    From trellis with Apache License 2.0 6 votes vote down vote up
@Test
void testKeyStoreException() throws Exception {
    final KeyStore mockKeyStore = mock(KeyStore.class, inv -> {
        throw new KeyStoreException("Expected");
    });

    final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    ks.load(getClass().getResourceAsStream("/keystore.jks"), passphrase);

    final String token = buildEcToken(ks.getKey("trellis-ec", passphrase), "trellis-ec");
    final Authenticator authenticator = new FederatedJwtAuthenticator(mockKeyStore,
            singletonList("trellis-ec"));

    assertThrows(SecurityException.class, () -> authenticator.authenticate(token),
            "Unexpectedly functional keystore!");
}
 
Example #5
Source File: FederatedJwtAuthenticatorTest.java    From trellis with Apache License 2.0 5 votes vote down vote up
@Test
void testAuthenticateKeystoreNoMatch() throws Exception {
    final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    ks.load(getClass().getResourceAsStream("/keystore.jks"), passphrase);

    final String token = buildEcToken(ks.getKey("trellis-ec", passphrase), "trellis-ec");
    final Authenticator authenticator = new FederatedJwtAuthenticator(ks,
            asList("trellis", "foo"));

    assertThrows(SecurityException.class, () -> authenticator.authenticate(token), "Unexpected keystore entry!");
}
 
Example #6
Source File: FederatedJwtAuthenticatorTest.java    From trellis with Apache License 2.0 5 votes vote down vote up
@Test
void testAuthenticateKeystoreAnotherNoMatch() throws Exception {
    final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    ks.load(getClass().getResourceAsStream("/keystore.jks"), passphrase);

    final String token = buildEcToken(ks.getKey("trellis-ec", passphrase), "foo");
    final Authenticator authenticator = new FederatedJwtAuthenticator(ks,
            singletonList("foo"));

    assertThrows(SecurityException.class, () -> authenticator.authenticate(token), "Unexpected keystore entry!");
}
 
Example #7
Source File: JwtAuthenticatorTest.java    From trellis with Apache License 2.0 5 votes vote down vote up
@Test
void testAuthenticationTokenWebidBadKey() {
    final String key = "2YuUlb+t36yVzrTkYLl8xBlBJSC41CE7uNF3somMDxdYDfcACv9JYIU54z17s4Ah313uKu/4Ll+vDNKpxx6v4Q==";
    final String token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ3ZWJpZCI6Imh0dHBzOi8vcGVvcGxlLmFwYWNoZS5vcmcvfm" +
        "Fjb2J1cm4vI2kiLCJzdWIiOiJhY29idXJuIiwibmFtZSI6IkFhcm9uIENvYnVybiIsImlzcyI6Imh0dHA6Ly9leGFtcGxlLm9yZy8ifQ" +
        ".kIHJDSzaisxfIF5fQou2e9rBInsDsl0vZ4QQ60zlZlSufm9nnmC7eL-875WPsVGzPAfptF6MrImrpFeNxdW9ZQ";

    final Authenticator authenticator = new JwtAuthenticator(hmacShaKeyFor(Base64.getDecoder().decode(key)));

    assertThrows(SecurityException.class, () -> authenticator.authenticate(token), "Parsed bad JWT!");
}
 
Example #8
Source File: JwksAuthenticatorTest.java    From trellis with Apache License 2.0 5 votes vote down vote up
@Test
void testAuthenticateJwksWrongKeyid() throws Exception {
    final String webid = "https://people.apache.org/~acoburn/#i";

    final Key key = KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(modulus, exponent));
    final String token = Jwts.builder().setHeaderParam(JwsHeader.KEY_ID, "non-existent")
        .setSubject(webid).signWith(key).compact();

    final Authenticator authenticator = new JwksAuthenticator(url);

    assertThrows(SecurityException.class, () -> authenticator.authenticate(token), "Unexpected principal!");
}
 
Example #9
Source File: JwksAuthenticatorTest.java    From trellis with Apache License 2.0 5 votes vote down vote up
@Test
void testAuthenticateJwksInvalidKeyLocation() throws Exception {
    final String webid = "https://people.apache.org/~acoburn/#i";

    final Key key = KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(modulus, exponent));
    final String token = Jwts.builder().setHeaderParam(JwsHeader.KEY_ID, keyid).setSubject(webid)
        .signWith(key).compact();

    final Authenticator authenticator = new JwksAuthenticator("https://www.trellisldp.org/tests/non-existent");

    assertThrows(SecurityException.class, () -> authenticator.authenticate(token), "Unexpected principal!");
}