org.jose4j.jwt.JwtClaims Java Examples
The following examples show how to use
org.jose4j.jwt.JwtClaims.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: TokenGenerator.java From rufus with MIT License | 6 votes |
public String generateToken(String subject) { final JwtClaims claims = new JwtClaims(); claims.setSubject(subject); claims.setExpirationTimeMinutesInTheFuture(TOKEN_EXPIRATION_IN_MINUTES); final JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setAlgorithmHeaderValue(HMAC_SHA256); jws.setKey(new HmacKey(tokenSecret)); jws.setDoKeyValidation(false); //relaxes hmac key length restrictions try { return jws.getCompactSerialization(); } catch (JoseException e) { throw new RuntimeException(e); } }
Example #2
Source File: JWTokenFactory.java From eplmp with Eclipse Public License 1.0 | 6 votes |
private static String createToken(Key key, JsonObject jsonClaims) { JwtClaims claims = new JwtClaims(); claims.setSubject(jsonClaims.toString()); claims.setIssuedAtToNow(); claims.setExpirationTime(NumericDate.fromSeconds(NumericDate.now().getValue() + JWT_TOKEN_EXPIRES_TIME)); JsonWebSignature jws = new JsonWebSignature(); jws.setDoKeyValidation(false); jws.setPayload(claims.toJson()); jws.setKey(key); jws.setAlgorithmHeaderValue(ALG); try { return jws.getCompactSerialization(); } catch (JoseException ex) { LOGGER.log(Level.SEVERE, null, ex); } return null; }
Example #3
Source File: TokenUtils.java From microprofile-jwt-auth with Apache License 2.0 | 6 votes |
/** * Utility method to generate a JWT string from a JSON resource file that is encrypted by the public key, * possibly with invalid fields. * * @param pk - the public key to encrypt the token with * @param kid - the kid header to assign to the token * @param jsonResName - name of test resources file * @param invalidClaims - the set of claims that should be added with invalid values to test failure modes * @param timeClaims - used to return the exp, iat, auth_time claims * @return the JWT string * @throws Exception on parse failure */ public static String encryptClaims(PublicKey pk, String kid, String jsonResName, Set<InvalidClaims> invalidClaims, Map<String, Long> timeClaims) throws Exception { if (invalidClaims == null) { invalidClaims = Collections.emptySet(); } JwtClaims claims = createJwtClaims(jsonResName, invalidClaims, timeClaims); Key key = null; if (invalidClaims.contains(InvalidClaims.ENCRYPTOR)) { // Generate a new random private key to sign with to test invalid signatures KeyPair keyPair = generateKeyPair(2048); key = keyPair.getPublic(); } else if (invalidClaims.contains(InvalidClaims.ALG)) { key = KeyGenerator.getInstance("AES").generateKey(); } else { key = pk; } return encryptString(key, kid, claims.toJson(), false); }
Example #4
Source File: DefaultJWTTokenParser.java From smallrye-jwt with Apache License 2.0 | 6 votes |
private void verifyTimeToLive(JWTAuthContextInfo authContextInfo, JwtClaims claimsSet) throws ParseException { final Long maxTimeToLiveSecs = authContextInfo.getMaxTimeToLiveSecs(); if (maxTimeToLiveSecs != null) { final NumericDate iat; final NumericDate exp; try { iat = claimsSet.getIssuedAt(); exp = claimsSet.getExpirationTime(); } catch (Exception e) { throw PrincipalMessages.msg.failedToVerifyMaxTTL(e); } if (exp.getValue() - iat.getValue() > maxTimeToLiveSecs) { throw PrincipalMessages.msg.expExceeded(exp, maxTimeToLiveSecs, iat); } } else { PrincipalLogging.log.noMaxTTLSpecified(); } }
Example #5
Source File: JWTAuthPluginTest.java From lucene-solr with Apache License 2.0 | 6 votes |
protected static JwtClaims generateClaims() { JwtClaims claims = new JwtClaims(); claims.setIssuer("IDServer"); // who creates the token and signs it claims.setAudience("Solr"); // to whom the token is intended to be sent claims.setExpirationTimeMinutesInTheFuture(10); // time when the token will expire (10 minutes from now) claims.setGeneratedJwtId(); // a unique identifier for the token claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setSubject("solruser"); // the subject/principal is whom the token is about claims.setStringClaim("scope", "solr:read"); claims.setClaim("name", "Solr User"); // additional claims/attributes about the subject can be added claims.setClaim("customPrincipal", "custom"); // additional claims/attributes about the subject can be added claims.setClaim("claim1", "foo"); // additional claims/attributes about the subject can be added claims.setClaim("claim2", "bar"); // additional claims/attributes about the subject can be added claims.setClaim("claim3", "foo"); // additional claims/attributes about the subject can be added List<String> roles = Arrays.asList("group-one", "other-group", "group-three"); claims.setStringListClaim("roles", roles); // multi-valued claims work too and will end up as a JSON array return claims; }
Example #6
Source File: JWTokenFactory.java From eplmp with Eclipse Public License 1.0 | 6 votes |
public static String validateSharedResourceToken(Key key, String jwt) { JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setVerificationKey(key) .setRelaxVerificationKeyValidation() .build(); try { JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt); String subject = jwtClaims.getSubject(); try (JsonReader reader = Json.createReader(new StringReader(subject))) { JsonObject subjectObject = reader.readObject(); // JsonParsingException return subjectObject.getString(SHARED_ENTITY_UUID); // Npe } } catch (InvalidJwtException | MalformedClaimException | JsonParsingException | NullPointerException e) { LOGGER.log(Level.FINE, "Cannot validate jwt token", e); } return null; }
Example #7
Source File: JwtConsumerTest.java From Jose4j with Apache License 2.0 | 6 votes |
@Test public void testNpeWithNonExtractableKeyDataHS256() throws Exception { byte[] raw = Base64Url.decode("hup76LcA9B7pqrEtqyb4EBg6XCcr9r0iOCFF1FeZiJM"); FakeHsmNonExtractableSecretKeySpec key = new FakeHsmNonExtractableSecretKeySpec(raw, "HmacSHA256"); JwtClaims claims = new JwtClaims(); claims.setExpirationTimeMinutesInTheFuture(5); claims.setSubject("subject"); claims.setIssuer("issuer"); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256); jws.setKey(key); String jwt = jws.getCompactSerialization(); JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder(); jwtConsumerBuilder.setAllowedClockSkewInSeconds(60); jwtConsumerBuilder.setRequireSubject(); jwtConsumerBuilder.setExpectedIssuer("issuer"); jwtConsumerBuilder.setVerificationKey(key); JwtConsumer jwtConsumer = jwtConsumerBuilder.build(); JwtClaims processedClaims = jwtConsumer.processToClaims(jwt); System.out.println(processedClaims); }
Example #8
Source File: JwtBuildUtils.java From smallrye-jwt with Apache License 2.0 | 6 votes |
static void setDefaultJwtClaims(JwtClaims claims) { long currentTimeInSecs = currentTimeInSecs(); if (!claims.hasClaim(Claims.iat.name())) { claims.setIssuedAt(NumericDate.fromSeconds(currentTimeInSecs)); } setExpiryClaim(claims); if (!claims.hasClaim(Claims.jti.name())) { claims.setGeneratedJwtId(); } if (!claims.hasClaim(Claims.iss.name())) { String issuer = getConfigProperty("smallrye.jwt.new-token.issuer", String.class); if (issuer != null) { claims.setIssuer(issuer); } } }
Example #9
Source File: BoxDeveloperEditionAPIConnectionTest.java From box-java-sdk with Apache License 2.0 | 6 votes |
private JwtClaims getClaimsFromRequest(Request request) throws Exception { // Get the JWT out of the request body String body = request.getBodyAsString(); String[] tokens = body.split("&"); String jwt = null; for (String s : tokens) { String[] parts = s.split("="); if (parts[0] != null && parts[0].equals("assertion") && parts[1] != null) { jwt = parts[1]; } } if (jwt == null) { throw new Exception("No jwt assertion found in request body"); } // Parse out the JWT to verify the claims JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setSkipSignatureVerification() .setSkipAllValidators() .build(); return jwtConsumer.processToClaims(jwt); }
Example #10
Source File: JwtAuthFilterTest.java From trellis with Apache License 2.0 | 6 votes |
@Test void testJwtAuthWebidFilter() { final ContainerRequestContext mockContext = mock(ContainerRequestContext.class); assertNotNull(filter); assertNotNull(producer); final String webid = "https://people.apache.org/~acoburn/#i"; final String iss = "https://example.com/idp/"; final String sub = "acoburn"; final JwtClaims claims = new JwtClaims(); claims.setSubject(sub); claims.setIssuer(iss); claims.setClaim("webid", webid); producer.setJsonWebToken(new DefaultJWTCallerPrincipal(claims)); assertDoesNotThrow(() -> filter.filter(mockContext)); verify(mockContext).setSecurityContext(securityArgument.capture()); assertEquals(webid, securityArgument.getValue().getUserPrincipal().getName()); }
Example #11
Source File: JwtAuthFilterTest.java From trellis with Apache License 2.0 | 6 votes |
@Test void testJwtAuthFilter() { final ContainerRequestContext mockContext = mock(ContainerRequestContext.class); assertNotNull(filter); assertNotNull(producer); final String iss = "https://example.com/idp/"; final String sub = "acoburn"; final JwtClaims claims = new JwtClaims(); claims.setSubject(sub); claims.setIssuer(iss); producer.setJsonWebToken(new DefaultJWTCallerPrincipal(claims)); assertDoesNotThrow(() -> filter.filter(mockContext)); verify(mockContext).setSecurityContext(securityArgument.capture()); assertEquals(iss + sub, securityArgument.getValue().getUserPrincipal().getName()); }
Example #12
Source File: Oauth2TokenPostHandler.java From light-oauth2 with Apache License 2.0 | 6 votes |
private JwtClaims mockAcClaims(String clientId, String scopeString, String userId, String userType, String roles, String csrf, Map<String, Object> formMap) { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("user_id", userId); claims.setClaim("user_type", userType); claims.setClaim("client_id", clientId); if(csrf != null) claims.setClaim("csrf", csrf); if(scopeString != null && scopeString.trim().length() > 0) { List<String> scope = Arrays.asList(scopeString.split("\\s+")); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array } if(roles != null && roles.trim().length() > 0) { claims.setClaim("roles", roles); } if(formMap != null) { for(Map.Entry<String, Object> entry : formMap.entrySet()) { claims.setClaim(entry.getKey(), entry.getValue()); } } return claims; }
Example #13
Source File: JWTAuthPluginTest.java From lucene-solr with Apache License 2.0 | 6 votes |
@BeforeClass public static void beforeAll() throws Exception { JwtClaims claims = generateClaims(); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(rsaJsonWebKey.getPrivateKey()); jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); String testJwt = jws.getCompactSerialization(); testHeader = "Bearer" + " " + testJwt; claims.unsetClaim("iss"); claims.unsetClaim("aud"); claims.unsetClaim("exp"); jws.setPayload(claims.toJson()); String slimJwt = jws.getCompactSerialization(); slimHeader = "Bearer" + " " + slimJwt; }
Example #14
Source File: JwtCachingAuthenticatorTest.java From dropwizard-auth-jwt with Apache License 2.0 | 6 votes |
private JwtContext tokenTwo() { final JwtClaims claims = new JwtClaims(); claims.setSubject("good-guy-two"); claims.setIssuer("Issuer"); claims.setAudience("Audience"); final JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA512); jws.setKey(new HmacKey(SECRET.getBytes(UTF_8))); jws.setDoKeyValidation(false); try { return consumer.process(jws.getCompactSerialization()); } catch (Exception e) { throw Throwables.propagate(e); } }
Example #15
Source File: JwtSignEncryptTest.java From smallrye-jwt with Apache License 2.0 | 6 votes |
private static void checkClaimsAndJwsHeaders(String jwsCompact, JwtClaims claims, String algo, String keyId) throws Exception { Assert.assertNotNull(claims.getIssuedAt()); Assert.assertNotNull(claims.getExpirationTime()); Assert.assertNotNull(claims.getJwtId()); Map<String, Object> headers = getJwsHeaders(jwsCompact); Assert.assertEquals(keyId != null ? 3 : 2, headers.size()); Assert.assertEquals(algo, headers.get("alg")); Assert.assertEquals("JWT", headers.get("typ")); if (keyId != null) { Assert.assertEquals(keyId, headers.get("kid")); } else { Assert.assertNull(headers.get("kid")); } }
Example #16
Source File: JwtGeneratorTest.java From light-oauth2 with Apache License 2.0 | 5 votes |
@Test public void testJwtGen() throws Exception { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("user_id", "steve"); claims.setClaim("user_type", "EMPLOYEE"); claims.setClaim("client_id", "ddcaf0ba-1131-2232-3313-d6f2753f25dc"); claims.setClaim("csrf", Util.getUUID()); List<String> scope = Arrays.asList("api.r", "api.w"); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array String jwt = JwtIssuer.getJwt(claims); Assert.assertNotNull(jwt); System.out.println(jwt); }
Example #17
Source File: OauthHelperTest.java From light-4j with Apache License 2.0 | 5 votes |
public static String getJwt(JwtClaims claims) throws JoseException { String jwt; RSAPrivateKey privateKey = (RSAPrivateKey) getPrivateKey( "/config/primary.jks", "password", "selfsigned"); // A JWT is a JWS and/or a JWE with JSON claims as the payload. // In this example it is a JWS nested inside a JWE // So we first create a JsonWebSignature object. JsonWebSignature jws = new JsonWebSignature(); // The payload of the JWS is JSON content of the JWT Claims jws.setPayload(claims.toJson()); // The JWT is signed using the sender's private key jws.setKey(privateKey); jws.setKeyIdHeaderValue("100"); // Set the signature algorithm on the JWT/JWS that will integrity protect the claims jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); // Sign the JWS and produce the compact serialization, which will be the inner JWT/JWS // representation, which is a string consisting of three dot ('.') separated // base64url-encoded parts in the form Header.Payload.Signature jwt = jws.getCompactSerialization(); return jwt; }
Example #18
Source File: GoogsTooSmallKeyJwtConsumerTest.java From Jose4j with Apache License 2.0 | 5 votes |
@Test public void firstWorkaroundUsingTwoPass() throws Exception { // Build a JwtConsumer that doesn't check signatures or do any validation. JwtConsumer firstPassJwtConsumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); //The first JwtConsumer is basically just used to parse the JWT into a JwtContext object. JwtContext jwtContext = firstPassJwtConsumer.process(ID_TOKEN); // turn off key key validation (chiefly the enforcement of RSA 2048 as min key size) on the the inner most JOSE object (the JWS) jwtContext.getJoseObjects().iterator().next().setDoKeyValidation(false); JsonWebKeySet jwks = new JsonWebKeySet(JWKS_JSON); JwksVerificationKeyResolver verificationKeyResolver = new JwksVerificationKeyResolver(jwks.getJsonWebKeys()); JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() // the JWT must have an expiration time .setEvaluationTime(EVALUATION_TIME) .setRequireSubject() // the JWT must have a subject claim .setExpectedIssuer(ISSUER) .setExpectedAudience(CLIENT_ID) // to whom the JWT is intended for .setVerificationKeyResolver(verificationKeyResolver) // pretend to use Google's jwks endpoint to find the key for signature checks .build(); // create the JwtConsumer instance jwtConsumer.processContext(jwtContext); JwtClaims jwtClaims = jwtContext.getJwtClaims(); assertThat(SUBJECT_VALUE, equalTo(jwtClaims.getSubject())); }
Example #19
Source File: DefaultJWTTokenParser.java From smallrye-jwt with Apache License 2.0 | 5 votes |
private void checkNameClaims(JwtContext jwtContext) throws InvalidJwtException { JwtClaims claimsSet = jwtContext.getJwtClaims(); final boolean hasPrincipalClaim = claimsSet.getClaimValue(Claims.sub.name()) != null || claimsSet.getClaimValue(Claims.upn.name()) != null || claimsSet.getClaimValue(Claims.preferred_username.name()) != null; if (!hasPrincipalClaim) { throw PrincipalMessages.msg.claimNotFound(s -> new InvalidJwtException(s, emptyList(), jwtContext)); } }
Example #20
Source File: Token.java From server_face_recognition with GNU General Public License v3.0 | 5 votes |
public static Token cypherToken(String username, String password, int userId) { JwtClaims claims = new JwtClaims(); claims.setIssuer("Sanstorik"); claims.setAudience("User"); claims.setExpirationTimeMinutesInTheFuture(60); claims.setGeneratedJwtId(); claims.setIssuedAtToNow(); claims.setNotBeforeMinutesInThePast(0.05f); claims.setSubject("neuralnetwork"); claims.setClaim(USERNAME_KEY, username); claims.setClaim(PASSWORD_KEY, password); claims.setClaim(USERID_KEY, userId); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(key.getPrivateKey()); jws.setKeyIdHeaderValue(key.getKeyId()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); Token token = null; try { token = new Token(jws.getCompactSerialization(), username, password, userId); } catch (JoseException e) { e.printStackTrace(); } return token; }
Example #21
Source File: JwtBuilder.java From microprofile-sandbox with Apache License 2.0 | 5 votes |
public static String buildJwt(String subject, String issuer, String[] claims) { me = new JwtBuilder(); init(); me.claims = new JwtClaims(); me.jws = new JsonWebSignature(); me.jws.setKeyIdHeaderValue(rsajwk.getKeyId()); me.jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); // The JWT is signed using the private key, get the key we'll use every time. me.jws.setKey(rsajwk.getPrivateKey()); if (subject != null) { me.claims.setClaim("sub", subject); me.claims.setClaim("upn", subject); } me.claims.setIssuer(DEFAULT_ISSUER); me.claims.setExpirationTimeMinutesInTheFuture(60); if (issuer != null) { me.claims.setIssuer(issuer); } setClaims(claims); try { if (me.claims.getIssuedAt() == null) { me.claims.setIssuedAtToNow(); } } catch (MalformedClaimException e1) { e1.printStackTrace(System.out); } me.jws.setPayload(me.claims.toJson()); try { return me.jws.getCompactSerialization(); } catch (JoseException e) { e.printStackTrace(System.out); return null; } }
Example #22
Source File: Token.java From server_face_recognition with GNU General Public License v3.0 | 5 votes |
public static Token decypherToken(String token) { JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() .setAllowedClockSkewInSeconds(30) .setRequireSubject() .setExpectedIssuer("Sanstorik") .setExpectedAudience("User") .setVerificationKey(key.getKey()) .setJwsAlgorithmConstraints( new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, AlgorithmIdentifiers.RSA_USING_SHA256)) .build(); Token decypheredToken = null; try { JwtClaims jwtClaims = jwtConsumer.processToClaims(token); decypheredToken = new Token(token, jwtClaims.getClaimValue(USERNAME_KEY).toString(), jwtClaims.getClaimValue(PASSWORD_KEY).toString(), Integer.valueOf(jwtClaims.getClaimValue(USERID_KEY).toString()) ); } catch (InvalidJwtException e) { e.printStackTrace(); } return decypheredToken; }
Example #23
Source File: Oauth2TokenPostHandler.java From light-oauth2 with Apache License 2.0 | 5 votes |
private JwtClaims mockCcClaims(String clientId, String scopeString, Map<String, Object> formMap) { JwtClaims claims = JwtIssuer.getDefaultJwtClaims(); claims.setClaim("client_id", clientId); List<String> scope = Arrays.asList(scopeString.split("\\s+")); claims.setStringListClaim("scope", scope); // multi-valued claims work too and will end up as a JSON array if(formMap != null) { for(Map.Entry<String, Object> entry : formMap.entrySet()) { claims.setClaim(entry.getKey(), entry.getValue()); } } return claims; }
Example #24
Source File: DownloadController.java From uyuni with GNU General Public License v2.0 | 5 votes |
/** * Validate a given token for a given channel. * * @param token the token to validate * @param channel the channel * @param filename the filename */ private static void validateToken(String token, String channel, String filename) { AccessTokenFactory.lookupByToken(token).ifPresent(obj -> { if (!obj.getValid()) { halt(HttpStatus.SC_FORBIDDEN, "This token is not valid"); } }); try { JwtClaims claims = JWT_CONSUMER.processToClaims(token); // enforce channel claim Optional<List<String>> channelClaim = Optional.ofNullable(claims.getStringListClaimValue("onlyChannels")) // new versions of getStringListClaimValue() return an empty list instead of null .filter(l -> !l.isEmpty()); if (Opt.fold(channelClaim, () -> false, channels -> !channels.contains(channel))) { halt(HttpStatus.SC_FORBIDDEN, "Token does not provide access to channel " + channel); } // enforce org claim Optional<Long> orgClaim = Optional.ofNullable(claims.getClaimValue("org", Long.class)); Opt.consume(orgClaim, () -> { halt(HttpStatus.SC_BAD_REQUEST, "Token does not specify the organization"); }, orgId -> { if (!ChannelFactory.isAccessibleBy(channel, orgId)) { halt(HttpStatus.SC_FORBIDDEN, "Token does not provide access to channel %s" + channel); } }); } catch (InvalidJwtException | MalformedClaimException e) { halt(HttpStatus.SC_FORBIDDEN, String.format("Token is not valid to access %s in %s: %s", filename, channel, e.getMessage())); } }
Example #25
Source File: DownloadTokenBuilder.java From uyuni with GNU General Public License v2.0 | 5 votes |
/** * @return the current token JWT claims */ @Override public JwtClaims getClaims() { JwtClaims claims = super.getClaims(); claims.setClaim("org", this.orgId); onlyChannels.ifPresent(channels -> claims.setStringListClaim("onlyChannels", channels.stream().collect(Collectors.toList()))); return claims; }
Example #26
Source File: WebSockifyTokenBuilder.java From uyuni with GNU General Public License v2.0 | 5 votes |
@Override public JwtClaims getClaims() { JwtClaims claims = super.getClaims(); claims.setClaim("host", this.host); claims.setClaim("port", this.port); return claims; }
Example #27
Source File: WebIdPrincipalTest.java From trellis with Apache License 2.0 | 5 votes |
@Test void testIssNoSlashPrincipal() { final String iss = "http://idp.example.com"; final String sub = "acoburn"; final JwtClaims claims = new JwtClaims(); claims.setSubject(sub); claims.setIssuer(iss); final JsonWebToken principal = new WebIdPrincipal(new DefaultJWTCallerPrincipal(claims)); assertTrue(principal.getClaimNames().contains("sub")); assertEquals(iss + "/" + sub, principal.getName()); assertEquals(iss, principal.getIssuer()); assertEquals(iss, principal.getClaim("iss")); }
Example #28
Source File: KeyPairUtilTest.java From Jose4j with Apache License 2.0 | 5 votes |
@Test public void rsaPublicKeyEncodingDecodingAndSign() throws Exception { PublicJsonWebKey publicJsonWebKey = ExampleRsaJwksFromJwe.APPENDIX_A_1; String pem = KeyPairUtil.pemEncode(publicJsonWebKey.getPublicKey()); String expectedPem = "-----BEGIN PUBLIC KEY-----\r\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoahUIoWw0K0usKNuOR6H\r\n" + "4wkf4oBUXHTxRvgb48E+BVvxkeDNjbC4he8rUWcJoZmds2h7M70imEVhRU5djINX\r\n" + "tqllXI4DFqcI1DgjT9LewND8MW2Krf3Spsk/ZkoFnilakGygTwpZ3uesH+PFABNI\r\n" + "UYpOiN15dsQRkgr0vEhxN92i2asbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h+\r\n" + "QChLOln0/mtUZwfsRaMStPs6mS6XrgxnxbWhojf663tuEQueGC+FCMfra36C9knD\r\n" + "FGzKsNa7LZK2djYgyD3JR/MB/4NUJW/TqOQtwHYbxevoJArm+L5StowjzGy+/bq6\r\n" + "GwIDAQAB\r\n" + "-----END PUBLIC KEY-----"; Assert.assertThat(pem, equalTo(expectedPem)); RsaKeyUtil rsaKeyUtil = new RsaKeyUtil(); PublicKey publicKey = rsaKeyUtil.fromPemEncoded(pem); Assert.assertThat(publicKey, equalTo(publicJsonWebKey.getPublicKey())); JwtClaims claims = new JwtClaims(); claims.setSubject("meh"); claims.setExpirationTimeMinutesInTheFuture(20); claims.setGeneratedJwtId(); claims.setAudience("you"); claims.setIssuer("me"); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(publicJsonWebKey.getPrivateKey()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); String jwt = jws.getCompactSerialization(); Logger log = LoggerFactory.getLogger(this.getClass()); log.debug("The following JWT and public key should be (and were on 11/11/15) usable and produce a valid " + "result at jwt.io (related to http://stackoverflow.com/questions/32744172):\n" + jwt + "\n" + pem); }
Example #29
Source File: TokenUtils.java From thorntail with Apache License 2.0 | 5 votes |
public static String createToken(String subject, String groupName) throws Exception { JwtClaims claims = new JwtClaims(); claims.setIssuer("http://testsuite-jwt-issuer.io"); claims.setSubject(subject); if (groupName != null) { claims.setStringListClaim("groups", groupName); } claims.setClaim("upn", "jdoe@example.com"); claims.setExpirationTimeMinutesInTheFuture(1); return createTokenFromJson(claims.toJson()); }
Example #30
Source File: JWTCredential.java From thorntail with Apache License 2.0 | 5 votes |
/** * This just parses the token without validation to extract one of the following in order to obtain * the name to be used for the principal: * upn * preferred_username * subject * * If there is an exception it sets the name to INVALID_TOKEN_NAME and saves the exception for access * via {@link #getJwtException()} * * @return the name to use for the principal */ public String getName() { if (name == null) { name = "INVALID_TOKEN_NAME"; try { // Build a JwtConsumer that doesn't check signatures or do any validation. JwtConsumer firstPassJwtConsumer = new JwtConsumerBuilder() .setSkipAllValidators() .setDisableRequireSignature() .setSkipSignatureVerification() .build(); //The first JwtConsumer is basically just used to parse the JWT into a JwtContext object. JwtContext jwtContext = firstPassJwtConsumer.process(bearerToken); JwtClaims claimsSet = jwtContext.getJwtClaims(); // We have to determine the unique name to use as the principal name. It comes from upn, preferred_username, sub in that order name = claimsSet.getClaimValue("upn", String.class); if (name == null) { name = claimsSet.getClaimValue("preferred_username", String.class); if (name == null) { name = claimsSet.getSubject(); } } } catch (Exception e) { jwtException = e; } } return name; }