Java Code Examples for org.jose4j.jwt.consumer.JwtConsumerBuilder#setRequireIssuedAt()
The following examples show how to use
org.jose4j.jwt.consumer.JwtConsumerBuilder#setRequireIssuedAt() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: TokenUtilsEncryptTest.java From microprofile-jwt-auth with Apache License 2.0 | 4 votes |
|
private void validateToken(String token, Long expectedExpValue) throws Exception {
RSAPrivateKey privateKey = (RSAPrivateKey) TokenUtils.readPrivateKey("/privateKey.pem");
int expGracePeriodSecs = 60;
JwtConsumerBuilder builder = new JwtConsumerBuilder();
builder.setDisableRequireSignature();
builder.setEnableRequireEncryption();
// 'exp' must be available
builder.setRequireExpirationTime();
builder.setSkipDefaultAudienceValidation();
// 'iat' must be available
builder.setRequireIssuedAt();
// 'RSA-OAEP' is required
builder.setJwsAlgorithmConstraints(
new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, "RSA-OAEP"));
// issuer must be equal to TCKConstants.TEST_ISSUER
builder.setExpectedIssuer(true, TCKConstants.TEST_ISSUER);
builder.setDecryptionKey(privateKey);
builder.setAllowedClockSkewInSeconds(expGracePeriodSecs);
JwtClaims claimsSet = builder.build().processToClaims(token);
// Confirm all the claims available in /Token1.json have made it into the verified claimSet
Assert.assertEquals(claimsSet.getClaimsMap().size(), 19);
Assert.assertEquals(claimsSet.getIssuer(), "https://server.example.com");
Assert.assertEquals(claimsSet.getJwtId(), "a-123");
Assert.assertEquals(claimsSet.getSubject(), "24400320");
Assert.assertEquals(claimsSet.getClaimValueAsString("upn"), "[email protected]");
Assert.assertEquals(claimsSet.getClaimValueAsString("preferred_username"), "jdoe");
Assert.assertEquals(claimsSet.getAudience().size(), 1);
Assert.assertEquals(claimsSet.getAudience().get(0), "s6BhdRkqt3");
if (expectedExpValue != null) {
Assert.assertEquals(claimsSet.getExpirationTime().getValue(), (long)expectedExpValue);
Assert.assertEquals(claimsSet.getIssuedAt().getValue(), expectedExpValue - 5);
Assert.assertEquals(NumericDate.fromSeconds(claimsSet.getClaimValue("auth_time", Long.class)).getValue(),
expectedExpValue - 5);
}
else {
Assert.assertNotNull(claimsSet.getExpirationTime());
long exp = claimsSet.getExpirationTime().getValue();
Assert.assertEquals(claimsSet.getIssuedAt().getValue(), exp - 300);
Assert.assertEquals(NumericDate.fromSeconds(claimsSet.getClaimValue("auth_time", Long.class)).getValue(),
exp - 300);
}
Assert.assertEquals(claimsSet.getClaimValueAsString("customString"), "customStringValue");
Assert.assertEquals(claimsSet.getClaimValue("customInteger", Long.class), Long.valueOf(123456789));
Assert.assertEquals(claimsSet.getClaimValue("customDouble", Double.class), 3.141592653589793);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("roles")).size(), 1);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("groups")).size(), 4);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("customStringArray")).size(), 3);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("customIntegerArray")).size(), 4);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("customDoubleArray")).size(), 5);
Assert.assertEquals(((Map<?, ?>)claimsSet.getClaimsMap().get("customObject")).size(), 3);
}
Example 2
| Source File: TokenUtilsTest.java From microprofile-jwt-auth with Apache License 2.0 | 4 votes |
|
private void validateToken(String token, SignatureAlgorithm algorithm, Long expectedExpValue) throws Exception {
PublicKey publicKey = algorithm == SignatureAlgorithm.RS256 ? TokenUtils.readPublicKey("/publicKey.pem")
: TokenUtils.readECPublicKey("/ecPublicKey.pem");
int expGracePeriodSecs = 60;
JwtConsumerBuilder builder = new JwtConsumerBuilder();
// 'exp' must be available
builder.setRequireExpirationTime();
builder.setSkipDefaultAudienceValidation();
// 'iat' must be available
builder.setRequireIssuedAt();
// 'RS256' is required
builder.setJwsAlgorithmConstraints(
new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, algorithm.getAlgorithm()));
// issuer must be equal to TCKConstants.TEST_ISSUER
builder.setExpectedIssuer(true, TCKConstants.TEST_ISSUER);
builder.setVerificationKey(publicKey);
builder.setAllowedClockSkewInSeconds(expGracePeriodSecs);
JwtClaims claimsSet = builder.build().processToClaims(token);
// Confirm all the claims available in /Token1.json have made it into the verified claimSet
Assert.assertEquals(claimsSet.getClaimsMap().size(), 19);
Assert.assertEquals(claimsSet.getIssuer(), "https://server.example.com");
Assert.assertEquals(claimsSet.getJwtId(), "a-123");
Assert.assertEquals(claimsSet.getSubject(), "24400320");
Assert.assertEquals(claimsSet.getClaimValueAsString("upn"), "[email protected]");
Assert.assertEquals(claimsSet.getClaimValueAsString("preferred_username"), "jdoe");
Assert.assertEquals(claimsSet.getAudience().size(), 1);
Assert.assertEquals(claimsSet.getAudience().get(0), "s6BhdRkqt3");
if (expectedExpValue != null) {
Assert.assertEquals(claimsSet.getExpirationTime().getValue(), (long)expectedExpValue);
Assert.assertEquals(claimsSet.getIssuedAt().getValue(), expectedExpValue - 5);
Assert.assertEquals(NumericDate.fromSeconds(claimsSet.getClaimValue("auth_time", Long.class)).getValue(),
expectedExpValue - 5);
}
else {
Assert.assertNotNull(claimsSet.getExpirationTime());
long exp = claimsSet.getExpirationTime().getValue();
Assert.assertEquals(claimsSet.getIssuedAt().getValue(), exp - 300);
Assert.assertEquals(NumericDate.fromSeconds(claimsSet.getClaimValue("auth_time", Long.class)).getValue(),
exp - 300);
}
Assert.assertEquals(claimsSet.getClaimValueAsString("customString"), "customStringValue");
Assert.assertEquals(claimsSet.getClaimValue("customInteger", Long.class), Long.valueOf(123456789));
Assert.assertEquals(claimsSet.getClaimValue("customDouble", Double.class), 3.141592653589793);
Assert.assertTrue(claimsSet.getClaimValue("customBoolean", Boolean.class));
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("roles")).size(), 1);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("groups")).size(), 4);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("customStringArray")).size(), 3);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("customIntegerArray")).size(), 4);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("customDoubleArray")).size(), 5);
Assert.assertEquals(((Map<?, ?>)claimsSet.getClaimsMap().get("customObject")).size(), 3);
}
Example 3
| Source File: TokenUtilsSignEncryptTest.java From microprofile-jwt-auth with Apache License 2.0 | 4 votes |
|
private void validateToken(String jweCompact, SignatureAlgorithm signatureAlgorithm, boolean jwtExpected) throws Exception {
JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setAlgorithmConstraints(
new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, "RSA-OAEP"));
jwe.setCompactSerialization(jweCompact);
RSAPrivateKey privateKey = (RSAPrivateKey) TokenUtils.readPrivateKey("/privateKey.pem");
jwe.setKey(privateKey);
String token = jwe.getPlaintextString();
if (jwtExpected) {
if (!"JWT".equals(jwe.getHeader("cty"))) {
throw new InvalidJwtException("'cty' header is missing", Collections.emptyList(), null);
}
}
else {
Assert.assertNull(jwe.getHeader("cty"));
}
// verify the nested token
PublicKey publicKey = signatureAlgorithm == SignatureAlgorithm.RS256 ? TokenUtils.readPublicKey("/publicKey.pem")
: TokenUtils.readECPublicKey("/ecPublicKey.pem");
int expGracePeriodSecs = 60;
JwtConsumerBuilder builder = new JwtConsumerBuilder();
// 'exp' must be available
builder.setRequireExpirationTime();
builder.setSkipDefaultAudienceValidation();
// 'iat' must be available
builder.setRequireIssuedAt();
// 'RS256' is required
builder.setJwsAlgorithmConstraints(
new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, signatureAlgorithm.getAlgorithm()));
// issuer must be equal to TCKConstants.TEST_ISSUER
builder.setExpectedIssuer(true, TCKConstants.TEST_ISSUER);
builder.setVerificationKey(publicKey);
builder.setAllowedClockSkewInSeconds(expGracePeriodSecs);
JwtClaims claimsSet = builder.build().processToClaims(token);
// Confirm all the claims available in /Token1.json have made it into the verified claimSet
Assert.assertEquals(claimsSet.getClaimsMap().size(), 19);
Assert.assertEquals(claimsSet.getIssuer(), "https://server.example.com");
Assert.assertEquals(claimsSet.getJwtId(), "a-123");
Assert.assertEquals(claimsSet.getSubject(), "24400320");
Assert.assertEquals(claimsSet.getClaimValueAsString("upn"), "[email protected]");
Assert.assertEquals(claimsSet.getClaimValueAsString("preferred_username"), "jdoe");
Assert.assertEquals(claimsSet.getAudience().size(), 1);
Assert.assertEquals(claimsSet.getAudience().get(0), "s6BhdRkqt3");
Assert.assertNotNull(claimsSet.getExpirationTime());
long exp = claimsSet.getExpirationTime().getValue();
Assert.assertEquals(claimsSet.getIssuedAt().getValue(), exp - 300);
Assert.assertEquals(NumericDate.fromSeconds(claimsSet.getClaimValue("auth_time", Long.class)).getValue(),
exp - 300);
Assert.assertEquals(claimsSet.getClaimValueAsString("customString"), "customStringValue");
Assert.assertEquals(claimsSet.getClaimValue("customInteger", Long.class), Long.valueOf(123456789));
Assert.assertEquals(claimsSet.getClaimValue("customDouble", Double.class), 3.141592653589793);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("roles")).size(), 1);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("groups")).size(), 4);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("customStringArray")).size(), 3);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("customIntegerArray")).size(), 4);
Assert.assertEquals(((List<?>)claimsSet.getClaimsMap().get("customDoubleArray")).size(), 5);
Assert.assertEquals(((Map<?, ?>)claimsSet.getClaimsMap().get("customObject")).size(), 3);
}
