Java Code Examples for org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm#RS384
The following examples show how to use
org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm#RS384 .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: EncodeClaimsInStateParameter.java From oxAuth with MIT License | 6 votes |
@Parameters({"keyStoreFile", "keyStoreSecret", "dnName", "RS384_keyId"}) @Test public void jwtStateRS384Test(final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception { showTitle("jwtStateRS384Test"); OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String rfp = UUID.randomUUID().toString(); String jti = UUID.randomUUID().toString(); JwtState jwtState = new JwtState(SignatureAlgorithm.RS384, cryptoProvider); jwtState.setKeyId(keyId); jwtState.setRfp(rfp); jwtState.setJti(jti); jwtState.setAdditionalClaims(new JSONObject(additionalClaims)); String encodedState = jwtState.getEncodedJwt(); assertNotNull(encodedState); System.out.println("Signed JWS State: " + encodedState); Jwt jwt = Jwt.parse(encodedState); boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.RS384); assertTrue(validJwt); }
Example 2
Source File: SignatureTest.java From oxAuth with MIT License | 6 votes |
@Test public void generateRS384Keys() throws Exception { showTitle("TEST: generateRS384Keys"); KeyFactory<RSAPrivateKey, RSAPublicKey> keyFactory = new RSAKeyFactory(SignatureAlgorithm.RS384, "CN=Test CA Certificate"); Key<RSAPrivateKey, RSAPublicKey> key = keyFactory.getKey(); RSAPrivateKey privateKey = key.getPrivateKey(); RSAPublicKey publicKey = key.getPublicKey(); Certificate certificate = key.getCertificate(); System.out.println(key); String signingInput = "Hello World!"; RSASigner rsaSigner1 = new RSASigner(SignatureAlgorithm.RS384, privateKey); String signature = rsaSigner1.generateSignature(signingInput); RSASigner rsaSigner2 = new RSASigner(SignatureAlgorithm.RS384, publicKey); assertTrue(rsaSigner2.validateSignature(signingInput, signature)); RSASigner rsaSigner3 = new RSASigner(SignatureAlgorithm.RS384, certificate); assertTrue(rsaSigner3.validateSignature(signingInput, signature)); }
Example 3
Source File: AuthorizationAction.java From oxAuth with MIT License | 5 votes |
public boolean isKeyIdRequired() { if (isJWSSelected()) { return requestObjectSigningAlg == SignatureAlgorithm.RS256 || requestObjectSigningAlg == SignatureAlgorithm.RS384 || requestObjectSigningAlg == SignatureAlgorithm.RS512 || requestObjectSigningAlg == SignatureAlgorithm.ES256 || requestObjectSigningAlg == SignatureAlgorithm.ES384 || requestObjectSigningAlg == SignatureAlgorithm.ES512; } else { return requestObjectEncryptionAlg == KeyEncryptionAlgorithm.RSA1_5 || requestObjectEncryptionAlg == KeyEncryptionAlgorithm.RSA_OAEP; } }
Example 4
Source File: AuthorizationAction.java From oxAuth with MIT License | 5 votes |
public boolean isKeyStoreRequired() { if (isJWSSelected()) { return requestObjectSigningAlg == SignatureAlgorithm.RS256 || requestObjectSigningAlg == SignatureAlgorithm.RS384 || requestObjectSigningAlg == SignatureAlgorithm.RS512 || requestObjectSigningAlg == SignatureAlgorithm.ES256 || requestObjectSigningAlg == SignatureAlgorithm.ES384 || requestObjectSigningAlg == SignatureAlgorithm.ES512; } else { return false; } }
Example 5
Source File: HashUtil.java From oxAuth with MIT License | 5 votes |
public static String getHash(String input, SignatureAlgorithm signatureAlgorithm) { try { final byte[] digest; if (signatureAlgorithm == SignatureAlgorithm.HS256 || signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.PS256 || signatureAlgorithm == SignatureAlgorithm.ES256) { digest = JwtUtil.getMessageDigestSHA256(input); } else if (signatureAlgorithm == SignatureAlgorithm.HS384 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.PS384 || signatureAlgorithm == SignatureAlgorithm.ES384) { digest = JwtUtil.getMessageDigestSHA384(input); } else if (signatureAlgorithm == SignatureAlgorithm.HS512 || signatureAlgorithm == SignatureAlgorithm.RS512 || signatureAlgorithm == SignatureAlgorithm.PS512 || signatureAlgorithm == SignatureAlgorithm.ES512) { digest = JwtUtil.getMessageDigestSHA512(input); } else { // Default digest = JwtUtil.getMessageDigestSHA256(input); } if (digest != null) { byte[] lefMostHalf = new byte[digest.length / 2]; System.arraycopy(digest, 0, lefMostHalf, 0, lefMostHalf.length); return Base64Util.base64urlencode(lefMostHalf); } } catch (Exception e) { log.error("Failed to calculate hash.", e); } return null; }
Example 6
Source File: CibaPollModeJwtAuthRequestTests.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri"}) @Test public void idTokenHintRS384( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception { showTitle("idTokenHintRS384"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS384); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request authorization List<String> scopes = Arrays.asList("openid"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String idToken = authorizationResponse.getIdToken(); // 3. Validate id_token Jwt jwt = Jwt.parse(idToken); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME)); RSAPublicKey publicKey = JwkClient.getRSAPublicKey( jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID)); RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS384, publicKey); assertTrue(rsaSigner.validate(jwt)); idTokenHintRS384 = idToken; }
Example 7
Source File: CibaPingModeJwtAuthRequestTests.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri"}) @Test public void idTokenHintRS384( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception { showTitle("idTokenHintRS384"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS384); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request authorization List<String> scopes = Arrays.asList("openid"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(authorizationRequest); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String idToken = authorizationResponse.getIdToken(); // 3. Validate id_token Jwt jwt = Jwt.parse(idToken); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE)); assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH)); assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME)); RSAPublicKey publicKey = JwkClient.getRSAPublicKey( jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID)); RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS384, publicKey); assertTrue(rsaSigner.validate(jwt)); idTokenHintRS384 = idToken; }
Example 8
Source File: EncodeClaimsInStateParameter.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS384_keyId"}) @Test public void encodeClaimsInStateParameterRS384( final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception { showTitle("encodeClaimsInStateParameterRS384"); List<ResponseType> responseTypes = Arrays.asList( ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Register client RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientIdIssuedAt()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String rfp = UUID.randomUUID().toString(); String jti = UUID.randomUUID().toString(); JwtState jwtState = new JwtState(SignatureAlgorithm.RS384, cryptoProvider); jwtState.setKeyId(keyId); jwtState.setRfp(rfp); jwtState.setJti(jti); jwtState.setAdditionalClaims(new JSONObject(additionalClaims)); String encodedState = jwtState.getEncodedJwt(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(encodedState); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation(), "The location is null"); assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null"); assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null"); assertNotNull(authorizationResponse.getIdToken(), "The idToken is null"); assertNotNull(authorizationResponse.getState(), "The state is null"); String state = authorizationResponse.getState(); // 3. Validate state Jwt jwt = Jwt.parse(state); boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.RS384); assertTrue(validJwt); }
Example 9
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) @Test public void requestParameterMethodRS384( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception { showTitle("requestParameterMethodRS384"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setJwksUri(jwksUri); registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS384); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); String clientId = response.getClientId(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); request.setState(state); request.setAuthUsername(userId); request.setAuthPassword(userSecret); request.getPrompts().add(Prompt.NONE); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest( request, SignatureAlgorithm.RS384, cryptoProvider); jwtAuthorizationRequest.setKeyId(keyId); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull())); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[]{ACR_VALUE}))); jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); request.setRequest(authJwt); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(request); AuthorizationResponse response1 = authorizeClient.exec(); showClient(authorizeClient); assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus()); assertNotNull(response1.getLocation(), "The location is null"); assertNotNull(response1.getAccessToken(), "The accessToken is null"); assertNotNull(response1.getTokenType(), "The tokenType is null"); assertNotNull(response1.getIdToken(), "The idToken is null"); assertNotNull(response1.getState(), "The state is null"); String accessToken = response1.getAccessToken(); // 3. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus()); assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(response3.getClaim(JwtClaimName.NAME)); assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(response3.getClaim(JwtClaimName.EMAIL)); assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(response3.getClaim(JwtClaimName.LOCALE)); }
Example 10
Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri"}) @Test public void requestParameterMethodRS384X509Cert( final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String jwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception { showTitle("requestParameterMethodRS384X509Cert"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN); // 1. Dynamic Client Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setJwksUri(jwksUri); registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.RS384); registerRequest.addCustomAttribute("oxAuthTrustedClient", "true"); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse response = registerClient.exec(); showClient(registerClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getClientId()); assertNotNull(response.getClientSecret()); assertNotNull(response.getRegistrationAccessToken()); assertNotNull(response.getClientSecretExpiresAt()); String clientId = response.getClientId(); // 2. Request authorization OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); request.setState(state); request.setAuthUsername(userId); request.setAuthPassword(userSecret); request.getPrompts().add(Prompt.NONE); JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.RS384, cryptoProvider); jwtAuthorizationRequest.setKeyId(keyId); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull())); jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false))); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull())); jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[]{ACR_VALUE}))); jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); request.setRequest(authJwt); AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint); authorizeClient.setRequest(request); AuthorizationResponse response1 = authorizeClient.exec(); showClient(authorizeClient); assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus()); assertNotNull(response1.getLocation(), "The location is null"); assertNotNull(response1.getAccessToken(), "The accessToken is null"); assertNotNull(response1.getTokenType(), "The tokenType is null"); assertNotNull(response1.getIdToken(), "The idToken is null"); assertNotNull(response1.getState(), "The state is null"); String accessToken = response1.getAccessToken(); // 3. Request user info UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint); UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken); showClient(userInfoClient); assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus()); assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER)); assertNotNull(response3.getClaim(JwtClaimName.NAME)); assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME)); assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME)); assertNotNull(response3.getClaim(JwtClaimName.EMAIL)); assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO)); assertNotNull(response3.getClaim(JwtClaimName.LOCALE)); }
Example 11
Source File: UsesAsymmetricIdTokenSignatures.java From oxAuth with MIT License | 4 votes |
@Parameters({"redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri"}) @Test public void usesAsymmetricIdTokenSignaturesRS384( final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception { showTitle("OC5:FeatureTest-Uses Asymmetric ID Token Signatures RS384"); List<ResponseType> responseTypes = Arrays.asList(ResponseType.ID_TOKEN); // 1. Registration RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris)); registerRequest.setResponseTypes(responseTypes); registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS384); registerRequest.setSectorIdentifierUri(sectorIdentifierUri); RegisterClient registerClient = new RegisterClient(registrationEndpoint); registerClient.setRequest(registerRequest); RegisterResponse registerResponse = registerClient.exec(); showClient(registerClient); assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity()); assertNotNull(registerResponse.getClientId()); assertNotNull(registerResponse.getClientSecret()); assertNotNull(registerResponse.getRegistrationAccessToken()); assertNotNull(registerResponse.getClientSecretExpiresAt()); String clientId = registerResponse.getClientId(); // 2. Request Authorization List<String> scopes = Arrays.asList("openid", "profile", "address", "email"); String nonce = UUID.randomUUID().toString(); String state = UUID.randomUUID().toString(); AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce); authorizationRequest.setState(state); AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess( authorizationEndpoint, authorizationRequest, userId, userSecret); assertNotNull(authorizationResponse.getLocation()); assertNotNull(authorizationResponse.getIdToken()); assertNotNull(authorizationResponse.getState()); String idToken = authorizationResponse.getIdToken(); // 3. Validate id_token Jwt jwt = Jwt.parse(idToken); RSAPublicKey publicKey = JwkClient.getRSAPublicKey( jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID)); RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS384, publicKey); assertTrue(rsaSigner.validate(jwt)); }
Example 12
Source File: JwtUtil.java From oxAuth with MIT License | 4 votes |
public static PublicKey getPublicKey( String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) { log.debug("Retrieving JWK..."); JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId); if (jsonKeyValue == null) { return null; } org.gluu.oxauth.model.crypto.PublicKey publicKey = null; try { String resultKeyId = jsonKeyValue.getString(KEY_ID); if (signatureAlgorithm == null) { signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM)); if (signatureAlgorithm == null) { log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId)); return null; } } JSONObject jsonPublicKey = jsonKeyValue; if (jsonKeyValue.has(PUBLIC_KEY)) { // Use internal jwks.json format jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY); } if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) { //String alg = jsonKeyValue.getString(ALGORITHM); //String use = jsonKeyValue.getString(KEY_USE); String exp = jsonPublicKey.getString(EXPONENT); String mod = jsonPublicKey.getString(MODULUS); BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp)); BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod)); publicKey = new RSAPublicKey(modulus, publicExponent); } else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) { //String alg = jsonKeyValue.getString(ALGORITHM); //String use = jsonKeyValue.getString(KEY_USE); //String crv = jsonKeyValue.getString(CURVE); String xx = jsonPublicKey.getString(X); String yy = jsonPublicKey.getString(Y); BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx)); BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy)); publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y); } if (publicKey != null && jsonKeyValue.has(CERTIFICATE_CHAIN)) { final String BEGIN = "-----BEGIN CERTIFICATE-----"; final String END = "-----END CERTIFICATE-----"; JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN); String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END; StringReader sr = new StringReader(certificateString); PEMParser pemReader = new PEMParser(sr); X509Certificate cert = (X509CertificateObject) pemReader.readObject(); Certificate certificate = new Certificate(signatureAlgorithm, cert); publicKey.setCertificate(certificate); } if (publicKey != null) { publicKey.setKeyId(resultKeyId); publicKey.setSignatureAlgorithm(signatureAlgorithm); } } catch (Exception ex) { log.error(ex.getMessage(), ex); } return publicKey; }