org.jose4j.jwt.JwtClaims Java Examples
The following examples show how to use
Example #1
Source File: From rufus with MIT License | 6 votes |
public String generateToken(String subject) { final JwtClaims claims = new JwtClaims(); claims.setSubject(subject); claims.setExpirationTimeMinutesInTheFuture(TOKEN_EXPIRATION_IN_MINUTES); final JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setAlgorithmHeaderValue(HMAC_SHA256); jws.setKey(new HmacKey(tokenSecret)); jws.setDoKeyValidation(false); //relaxes hmac key length restrictions try { return jws.getCompactSerialization(); } catch (JoseException e) { throw new RuntimeException(e); } }
Example #2
Source File: From eplmp with Eclipse Public License 1.0 | 6 votes |
private static String createToken(Key key, JsonObject jsonClaims) { JwtClaims claims = new JwtClaims(); claims.setSubject(jsonClaims.toString()); claims.setIssuedAtToNow(); claims.setExpirationTime(NumericDate.fromSeconds( + JWT_TOKEN_EXPIRES_TIME)); JsonWebSignature jws = new JsonWebSignature(); jws.setDoKeyValidation(false); jws.setPayload(claims.toJson()); jws.setKey(key); jws.setAlgorithmHeaderValue(ALG); try { return jws.getCompactSerialization(); } catch (JoseException ex) { LOGGER.log(Level.SEVERE, null, ex); } return null; }
Example #3
Source File: From microprofile-jwt-auth with Apache License 2.0 | 6 votes |
/** * Utility method to generate a JWT string from a JSON resource file that is encrypted by the public key, * possibly with invalid fields. * * @param pk - the public key to encrypt the token with * @param kid - the kid header to assign to the token * @param jsonResName - name of test resources file * @param invalidClaims - the set of claims that should be added with invalid values to test failure modes * @param timeClaims - used to return the exp, iat, auth_time claims * @return the JWT string * @throws Exception on parse failure */ public static String encryptClaims(PublicKey pk, String kid, String jsonResName, Set<InvalidClaims> invalidClaims, Map<String, Long> timeClaims) throws Exception { if (invalidClaims == null) { invalidClaims = Collections.emptySet(); } JwtClaims claims = createJwtClaims(jsonResName, invalidClaims, timeClaims); Key key = null; if (invalidClaims.contains(InvalidClaims.ENCRYPTOR)) { // Generate a new random private key to sign with to test invalid signatures KeyPair keyPair = generateKeyPair(2048); key = keyPair.getPublic(); } else if (invalidClaims.contains(InvalidClaims.ALG)) { key = KeyGenerator.getInstance("AES").generateKey(); } else { key = pk; } return encryptString(key, kid, claims.toJson(), false); }
Example #4
Source File: From smallrye-jwt with Apache License 2.0 | 6 votes |
private void verifyTimeToLive(JWTAuthContextInfo authContextInfo, JwtClaims claimsSet) throws ParseException { final Long maxTimeToLiveSecs = authContextInfo.getMaxTimeToLiveSecs(); if (maxTimeToLiveSecs != null) { final NumericDate iat; final NumericDate exp; try { iat = claimsSet.getIssuedAt(); exp = claimsSet.getExpirationTime(); } catch (Exception e) { throw PrincipalMessages.msg.failedToVerifyMaxTTL(e); } if (exp.getValue() - iat.getValue() > maxTimeToLiveSecs) { throw PrincipalMessages.msg.expExceeded(exp, maxTimeToLiveSecs, iat); } } else { PrincipalLogging.log.noMaxTTLSpecified(); } }
Example #5
Source File: From lucene-solr with Apache License 2.0 | 6 votes |
protected static JwtClaims generateClaims() { JwtClaims claims = new JwtClaims(); claims.setIssuer("IDServer"); // who creates the token and signs it claims.setAudience("Solr"); // to whom the token is intended to be sent claims.setExpirationTimeMinutesInTheFuture(10); // time when the token will expire (10 minutes from now) claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setSubject("solruser"); // the subject/principal is whom the token is about claims.setStringClaim("scope", "solr:read"); claims.setClaim("name", "Solr User"); // additional claims/attributes about the subject can be added claims.setClaim("customPrincipal", "custom"); // additional claims/attributes about the subject can be added claims.setClaim("claim1", "foo"); // additional claims/attributes about the subject can be added claims.setClaim("claim2", "bar"); // additional claims/attributes about the subject can be added claims.setClaim("claim3", "foo"); // additional claims/attributes about the subject can be added List<String> roles = Arrays.asList("group-one", "other-group", "group-three"); claims.setStringListClaim("roles", roles); // multi-valued claims work too and will end up as a JSON array return claims; }
Example #6
Source File: From eplmp with Eclipse Public License 1.0 | 6 votes |
public static String validateSharedResourceToken(Key key, String jwt) { JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setVerificationKey(key) .setRelaxVerificationKeyValidation() .build(); try { JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt); String subject = jwtClaims.getSubject(); try (JsonReader reader = Json.createReader(new StringReader(subject))) { JsonObject subjectObject = reader.readObject(); // JsonParsingException return subjectObject.getString(SHARED_ENTITY_UUID); // Npe } } catch (InvalidJwtException | MalformedClaimException | JsonParsingException | NullPointerException e) { LOGGER.log(Level.FINE, "Cannot validate jwt token", e); } return null; }
Example #7
Source File: From Jose4j with Apache License 2.0 | 6 votes |
@Test public void testNpeWithNonExtractableKeyDataHS256() throws Exception { byte[] raw = Base64Url.decode("hup76LcA9B7pqrEtqyb4EBg6XCcr9r0iOCFF1FeZiJM"); FakeHsmNonExtractableSecretKeySpec key = new FakeHsmNonExtractableSecretKeySpec(raw, "HmacSHA256"); JwtClaims claims = new JwtClaims(); claims.setExpirationTimeMinutesInTheFuture(5); claims.setSubject("subject"); claims.setIssuer("issuer"); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256); jws.setKey(key); String jwt = jws.getCompactSerialization(); JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder(); jwtConsumerBuilder.setAllowedClockSkewInSeconds(60); jwtConsumerBuilder.setRequireSubject(); jwtConsumerBuilder.setExpectedIssuer("issuer"); jwtConsumerBuilder.setVerificationKey(key); JwtConsumer jwtConsumer =; JwtClaims processedClaims = jwtConsumer.processToClaims(jwt); System.out.println(processedClaims); }
Example #8
Source File: From smallrye-jwt with Apache License 2.0 | 6 votes |
static void setDefaultJwtClaims(JwtClaims claims) { long currentTimeInSecs = currentTimeInSecs(); if (!claims.hasClaim( { claims.setIssuedAt(NumericDate.fromSeconds(currentTimeInSecs)); } setExpiryClaim(claims); if (!claims.hasClaim( { claims.setGeneratedJwtId(); } if (!claims.hasClaim( { String issuer = getConfigProperty("", String.class); if (issuer != null) { claims.setIssuer(issuer); } } }
Example #9
Source File: From box-java-sdk with Apache License 2.0 | 6 votes |
private JwtClaims getClaimsFromRequest(Request request) throws Exception { // Get the JWT out of the request body String body = request.getBodyAsString(); String[] tokens = body.split("&"); String jwt = null; for (String s : tokens) { String[] parts = s.split("="); if (parts[0] != null && parts[0].equals("assertion") && parts[1] != null) { jwt = parts[1]; } } if (jwt == null) { throw new Exception("No jwt assertion found in request body"); } // Parse out the JWT to verify the claims JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setSkipSignatureVerification() .setSkipAllValidators() .build(); return jwtConsumer.processToClaims(jwt); }
Example #10
Source File: From trellis with Apache License 2.0 | 6 votes |
@Test void testJwtAuthWebidFilter() { final ContainerRequestContext mockContext = mock(ContainerRequestContext.class); assertNotNull(filter); assertNotNull(producer); final String webid = ""; final String iss = ""; final String sub = "acoburn"; final JwtClaims claims = new JwtClaims(); claims.setSubject(sub); claims.setIssuer(iss); claims.setClaim("webid", webid); producer.setJsonWebToken(new DefaultJWTCallerPrincipal(claims)); assertDoesNotThrow(() -> filter.filter(mockContext)); verify(mockContext).setSecurityContext(securityArgument.capture()); assertEquals(webid, securityArgument.getValue().getUserPrincipal().getName()); }
Example #11
Source File: From trellis with Apache License 2.0 | 6 votes |
@Test void testJwtAuthFilter() { final ContainerRequestContext mockContext = mock(ContainerRequestContext.class); assertNotNull(filter); assertNotNull(producer); final String iss = ""; final String sub = "acoburn"; final JwtClaims claims = new JwtClaims(); claims.setSubject(sub); claims.setIssuer(iss); producer.setJsonWebToken(new DefaultJWTCallerPrincipal(claims)); assertDoesNotThrow(() -> filter.filter(mockContext)); verify(mockContext).setSecurityContext(securityArgument.capture()); assertEquals(iss + sub, securityArgument.getValue().getUserPrincipal().getName()); }
Example #12
Source File: From light-oauth2 with Apache License 2.0 | 6 votes |
private JwtClaims mockAcClaims(String clientId, String scopeString, String userId, String userType, String roles, String csrf, Map<String, Object> formMap) { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("user_id", userId); claims.setClaim("user_type", userType); claims.setClaim("client_id", clientId); if(csrf != null) claims.setClaim("csrf", csrf); if(scopeString != null && scopeString.trim().length() > 0) { List<String> scope = Arrays.asList(scopeString.split("\\s+")); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array } if(roles != null && roles.trim().length() > 0) { claims.setClaim("roles", roles); } if(formMap != null) { for(Map.Entry<String, Object> entry : formMap.entrySet()) { claims.setClaim(entry.getKey(), entry.getValue()); } } return claims; }
Example #13
Source File: From lucene-solr with Apache License 2.0 | 6 votes |
@BeforeClass public static void beforeAll() throws Exception { JwtClaims claims = generateClaims(); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(rsaJsonWebKey.getPrivateKey()); jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); String testJwt = jws.getCompactSerialization(); testHeader = "Bearer" + " " + testJwt; claims.unsetClaim("iss"); claims.unsetClaim("aud"); claims.unsetClaim("exp"); jws.setPayload(claims.toJson()); String slimJwt = jws.getCompactSerialization(); slimHeader = "Bearer" + " " + slimJwt; }
Example #14
Source File: From dropwizard-auth-jwt with Apache License 2.0 | 6 votes |
private JwtContext tokenTwo() { final JwtClaims claims = new JwtClaims(); claims.setSubject("good-guy-two"); claims.setIssuer("Issuer"); claims.setAudience("Audience"); final JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512); jws.setKey(new HmacKey(SECRET.getBytes(UTF_8))); jws.setDoKeyValidation(false); try { return consumer.process(jws.getCompactSerialization()); } catch (Exception e) { throw Throwables.propagate(e); } }
Example #15
Source File: From smallrye-jwt with Apache License 2.0 | 6 votes |
private static void checkClaimsAndJwsHeaders(String jwsCompact, JwtClaims claims, String algo, String keyId) throws Exception { Assert.assertNotNull(claims.getIssuedAt()); Assert.assertNotNull(claims.getExpirationTime()); Assert.assertNotNull(claims.getJwtId()); Map<String, Object> headers = getJwsHeaders(jwsCompact); Assert.assertEquals(keyId != null ? 3 : 2, headers.size()); Assert.assertEquals(algo, headers.get("alg")); Assert.assertEquals("JWT", headers.get("typ")); if (keyId != null) { Assert.assertEquals(keyId, headers.get("kid")); } else { Assert.assertNull(headers.get("kid")); } }
Example #16
Source File: From light-oauth2 with Apache License 2.0 | 5 votes |
@Test public void testJwtGen() throws Exception { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("user_id", "steve"); claims.setClaim("user_type", "EMPLOYEE"); claims.setClaim("client_id", "ddcaf0ba-1131-2232-3313-d6f2753f25dc"); claims.setClaim("csrf", Util.getUUID()); List<String> scope = Arrays.asList("api.r", "api.w"); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array String jwt = JwtIssuer.getJwt(claims); Assert.assertNotNull(jwt); System.out.println(jwt); }
Example #17
Source File: From light-4j with Apache License 2.0 | 5 votes |
public static String getJwt(JwtClaims claims) throws JoseException { String jwt; RSAPrivateKey privateKey = (RSAPrivateKey) getPrivateKey( "/config/primary.jks", "password", "selfsigned"); // A JWT is a JWS and/or a JWE with JSON claims as the payload. // In this example it is a JWS nested inside a JWE // So we first create a JsonWebSignature object. JsonWebSignature jws = new JsonWebSignature(); // The payload of the JWS is JSON content of the JWT Claims jws.setPayload(claims.toJson()); // The JWT is signed using the sender's private key jws.setKey(privateKey); jws.setKeyIdHeaderValue("100"); // Set the signature algorithm on the JWT/JWS that will integrity protect the claims jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); // Sign the JWS and produce the compact serialization, which will be the inner JWT/JWS // representation, which is a string consisting of three dot ('.') separated // base64url-encoded parts in the form Header.Payload.Signature jwt = jws.getCompactSerialization(); return jwt; }
Example #18
Source File: From Jose4j with Apache License 2.0 | 5 votes |
@Test public void firstWorkaroundUsingTwoPass() throws Exception { // Build a JwtConsumer that doesn't check signatures or do any validation. JwtConsumer firstPassJwtConsumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); //The first JwtConsumer is basically just used to parse the JWT into a JwtContext object. JwtContext jwtContext = firstPassJwtConsumer.process(ID_TOKEN); // turn off key key validation (chiefly the enforcement of RSA 2048 as min key size) on the the inner most JOSE object (the JWS) jwtContext.getJoseObjects().iterator().next().setDoKeyValidation(false); JsonWebKeySet jwks = new JsonWebKeySet(JWKS_JSON); JwksVerificationKeyResolver verificationKeyResolver = new JwksVerificationKeyResolver(jwks.getJsonWebKeys()); JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() // the JWT must have an expiration time .setEvaluationTime(EVALUATION_TIME) .setRequireSubject() // the JWT must have a subject claim .setExpectedIssuer(ISSUER) .setExpectedAudience(CLIENT_ID) // to whom the JWT is intended for .setVerificationKeyResolver(verificationKeyResolver) // pretend to use Google's jwks endpoint to find the key for signature checks .build(); // create the JwtConsumer instance jwtConsumer.processContext(jwtContext); JwtClaims jwtClaims = jwtContext.getJwtClaims(); assertThat(SUBJECT_VALUE, equalTo(jwtClaims.getSubject())); }
Example #19
Source File: From smallrye-jwt with Apache License 2.0 | 5 votes |
private void checkNameClaims(JwtContext jwtContext) throws InvalidJwtException { JwtClaims claimsSet = jwtContext.getJwtClaims(); final boolean hasPrincipalClaim = claimsSet.getClaimValue( != null || claimsSet.getClaimValue( != null || claimsSet.getClaimValue( != null; if (!hasPrincipalClaim) { throw PrincipalMessages.msg.claimNotFound(s -> new InvalidJwtException(s, emptyList(), jwtContext)); } }
Example #20
Source File: From server_face_recognition with GNU General Public License v3.0 | 5 votes |
public static Token cypherToken(String username, String password, int userId) { JwtClaims claims = new JwtClaims(); claims.setIssuer("Sanstorik"); claims.setAudience("User"); claims.setExpirationTimeMinutesInTheFuture(60); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(0.05f); claims.setSubject("neuralnetwork"); claims.setClaim(USERNAME_KEY, username); claims.setClaim(PASSWORD_KEY, password); claims.setClaim(USERID_KEY, userId); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(key.getPrivateKey()); jws.setKeyIdHeaderValue(key.getKeyId()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); Token token = null; try { token = new Token(jws.getCompactSerialization(), username, password, userId); } catch (JoseException e) { e.printStackTrace(); } return token; }
Example #21
Source File: From microprofile-sandbox with Apache License 2.0 | 5 votes |
public static String buildJwt(String subject, String issuer, String[] claims) { me = new JwtBuilder(); init(); = new JwtClaims(); me.jws = new JsonWebSignature(); me.jws.setKeyIdHeaderValue(rsajwk.getKeyId()); me.jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); // The JWT is signed using the private key, get the key we'll use every time. me.jws.setKey(rsajwk.getPrivateKey()); if (subject != null) {"sub", subject);"upn", subject); };; if (issuer != null) {; } setClaims(claims); try { if ( == null) {; } } catch (MalformedClaimException e1) { e1.printStackTrace(System.out); } me.jws.setPayload(; try { return me.jws.getCompactSerialization(); } catch (JoseException e) { e.printStackTrace(System.out); return null; } }
Example #22
Source File: From server_face_recognition with GNU General Public License v3.0 | 5 votes |
public static Token decypherToken(String token) { JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setAllowedClockSkewInSeconds(30) .setRequireSubject() .setExpectedIssuer("Sanstorik") .setExpectedAudience("User") .setVerificationKey(key.getKey()) .setJwsAlgorithmConstraints( new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, AlgorithmIdentifiers.RSA_USING_SHA256)) .build(); Token decypheredToken = null; try { JwtClaims jwtClaims = jwtConsumer.processToClaims(token); decypheredToken = new Token(token, jwtClaims.getClaimValue(USERNAME_KEY).toString(), jwtClaims.getClaimValue(PASSWORD_KEY).toString(), Integer.valueOf(jwtClaims.getClaimValue(USERID_KEY).toString()) ); } catch (InvalidJwtException e) { e.printStackTrace(); } return decypheredToken; }
Example #23
Source File: From light-oauth2 with Apache License 2.0 | 5 votes |
private JwtClaims mockCcClaims(String clientId, String scopeString, Map<String, Object> formMap) { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("client_id", clientId); List<String> scope = Arrays.asList(scopeString.split("\\s+")); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array if(formMap != null) { for(Map.Entry<String, Object> entry : formMap.entrySet()) { claims.setClaim(entry.getKey(), entry.getValue()); } } return claims; }
Example #24
Source File: From uyuni with GNU General Public License v2.0 | 5 votes |
/** * Validate a given token for a given channel. * * @param token the token to validate * @param channel the channel * @param filename the filename */ private static void validateToken(String token, String channel, String filename) { AccessTokenFactory.lookupByToken(token).ifPresent(obj -> { if (!obj.getValid()) { halt(HttpStatus.SC_FORBIDDEN, "This token is not valid"); } }); try { JwtClaims claims = JWT_CONSUMER.processToClaims(token); // enforce channel claim Optional<List<String>> channelClaim = Optional.ofNullable(claims.getStringListClaimValue("onlyChannels")) // new versions of getStringListClaimValue() return an empty list instead of null .filter(l -> !l.isEmpty()); if (Opt.fold(channelClaim, () -> false, channels -> !channels.contains(channel))) { halt(HttpStatus.SC_FORBIDDEN, "Token does not provide access to channel " + channel); } // enforce org claim Optional<Long> orgClaim = Optional.ofNullable(claims.getClaimValue("org", Long.class)); Opt.consume(orgClaim, () -> { halt(HttpStatus.SC_BAD_REQUEST, "Token does not specify the organization"); }, orgId -> { if (!ChannelFactory.isAccessibleBy(channel, orgId)) { halt(HttpStatus.SC_FORBIDDEN, "Token does not provide access to channel %s" + channel); } }); } catch (InvalidJwtException | MalformedClaimException e) { halt(HttpStatus.SC_FORBIDDEN, String.format("Token is not valid to access %s in %s: %s", filename, channel, e.getMessage())); } }
Example #25
Source File: From uyuni with GNU General Public License v2.0 | 5 votes |
/** * @return the current token JWT claims */ @Override public JwtClaims getClaims() { JwtClaims claims = super.getClaims(); claims.setClaim("org", this.orgId); onlyChannels.ifPresent(channels -> claims.setStringListClaim("onlyChannels",; return claims; }
Example #26
Source File: From uyuni with GNU General Public License v2.0 | 5 votes |
@Override public JwtClaims getClaims() { JwtClaims claims = super.getClaims(); claims.setClaim("host",; claims.setClaim("port", this.port); return claims; }
Example #27
Source File: From trellis with Apache License 2.0 | 5 votes |
@Test void testIssNoSlashPrincipal() { final String iss = ""; final String sub = "acoburn"; final JwtClaims claims = new JwtClaims(); claims.setSubject(sub); claims.setIssuer(iss); final JsonWebToken principal = new WebIdPrincipal(new DefaultJWTCallerPrincipal(claims)); assertTrue(principal.getClaimNames().contains("sub")); assertEquals(iss + "/" + sub, principal.getName()); assertEquals(iss, principal.getIssuer()); assertEquals(iss, principal.getClaim("iss")); }
Example #28
Source File: From Jose4j with Apache License 2.0 | 5 votes |
@Test public void rsaPublicKeyEncodingDecodingAndSign() throws Exception { PublicJsonWebKey publicJsonWebKey = ExampleRsaJwksFromJwe.APPENDIX_A_1; String pem = KeyPairUtil.pemEncode(publicJsonWebKey.getPublicKey()); String expectedPem = "-----BEGIN PUBLIC KEY-----\r\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoahUIoWw0K0usKNuOR6H\r\n" + "4wkf4oBUXHTxRvgb48E+BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINX\r\n" + "tqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk/ZkoFnilakGygTwpZ3uesH+PFABNI\r\n" + "UYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h+\r\n" + "QChLOln0/mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC+FCMfra36C9knD\r\n" + "FGzKsNa7LZK2djYgyD3JR/MB/4NUJW/TqOQtwHYbxevoJArm+L5StowjzGy+/bq6\r\n" + "GwIDAQAB\r\n" + "-----END PUBLIC KEY-----"; Assert.assertThat(pem, equalTo(expectedPem)); RsaKeyUtil rsaKeyUtil = new RsaKeyUtil(); PublicKey publicKey = rsaKeyUtil.fromPemEncoded(pem); Assert.assertThat(publicKey, equalTo(publicJsonWebKey.getPublicKey())); JwtClaims claims = new JwtClaims(); claims.setSubject("meh"); claims.setExpirationTimeMinutesInTheFuture(20); claims.setGeneratedJwtId(); claims.setAudience("you"); claims.setIssuer("me"); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(publicJsonWebKey.getPrivateKey()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); String jwt = jws.getCompactSerialization(); Logger log = LoggerFactory.getLogger(this.getClass()); log.debug("The following JWT and public key should be (and were on 11/11/15) usable and produce a valid " + "result at (related to\n" + jwt + "\n" + pem); }
Example #29
Source File: From thorntail with Apache License 2.0 | 5 votes |
public static String createToken(String subject, String groupName) throws Exception { JwtClaims claims = new JwtClaims(); claims.setIssuer(""); claims.setSubject(subject); if (groupName != null) { claims.setStringListClaim("groups", groupName); } claims.setClaim("upn", ""); claims.setExpirationTimeMinutesInTheFuture(1); return createTokenFromJson(claims.toJson()); }
Example #30
Source File: From thorntail with Apache License 2.0 | 5 votes |
/** * This just parses the token without validation to extract one of the following in order to obtain * the name to be used for the principal: * upn * preferred_username * subject * * If there is an exception it sets the name to INVALID_TOKEN_NAME and saves the exception for access * via {@link #getJwtException()} * * @return the name to use for the principal */ public String getName() { if (name == null) { name = "INVALID_TOKEN_NAME"; try { // Build a JwtConsumer that doesn't check signatures or do any validation. JwtConsumer firstPassJwtConsumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); //The first JwtConsumer is basically just used to parse the JWT into a JwtContext object. JwtContext jwtContext = firstPassJwtConsumer.process(bearerToken); JwtClaims claimsSet = jwtContext.getJwtClaims(); // We have to determine the unique name to use as the principal name. It comes from upn, preferred_username, sub in that order name = claimsSet.getClaimValue("upn", String.class); if (name == null) { name = claimsSet.getClaimValue("preferred_username", String.class); if (name == null) { name = claimsSet.getSubject(); } } } catch (Exception e) { jwtException = e; } } return name; }