org.jose4j.jwk.RsaJsonWebKey Java Examples
The following examples show how to use
org.jose4j.jwk.RsaJsonWebKey.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: JWKxPEMTest.java From microprofile-jwt-auth with Apache License 2.0 | 7 votes |
|
@Test
public void outputPEMfromJWKs() throws Exception {
String json = TokenUtils.readResource("/signer-keyset4k.jwk");
System.out.printf("jwk: %s\n", json);
JsonWebKeySet jwks = new JsonWebKeySet(json);
RsaJsonWebKey rsaJsonWebKey = (RsaJsonWebKey) jwks.findJsonWebKey("jwks4k-test", "RSA", "sig", "RS256");
RSAPublicKey pk = rsaJsonWebKey.getRsaPublicKey();
String pem = new String(Base64.getEncoder().encode(pk.getEncoded()));
System.out.printf("pem: %s\n", pem);
// Use the formatted output
System.out.println("-----BEGIN PUBLIC KEY-----");
int begin = 0;
String line = pem.substring(begin, 64);
System.out.println(line);
begin += 64;
while(begin < pem.length()) {
int end = Math.min(begin+64, pem.length());
line = pem.substring(begin, end);
System.out.println(line);
begin += 64;
}
System.out.println("-----END PUBLIC KEY-----");
}
Example #2
| Source File: KeyLocationResolverTest.java From smallrye-jwt with Apache License 2.0 | 6 votes |
|
@Test
public void testLoadHttpsJwksMathchingKid() throws Exception {
JWTAuthContextInfo contextInfo = new JWTAuthContextInfo("https://github.com/my_key.jwks", "issuer");
contextInfo.setJwksRefreshInterval(10);
KeyLocationResolver keyLocationResolver = new KeyLocationResolver(contextInfo) {
protected HttpsJwks initializeHttpsJwks() {
return httpsJwks;
}
};
RsaJsonWebKey jwk = new RsaJsonWebKey(key);
jwk.setKeyId("1");
when(httpsJwks.getJsonWebKeys()).thenReturn(Collections.singletonList(jwk));
keyLocationResolver = Mockito.spy(keyLocationResolver);
when(signature.getHeaders()).thenReturn(headers);
when(headers.getStringHeaderValue(JsonWebKey.KEY_ID_PARAMETER)).thenReturn("1");
assertEquals(key, keyLocationResolver.resolveKey(signature, emptyList()));
assertNull(keyLocationResolver.verificationKey);
}
Example #3
| Source File: AbstractJWKSTest.java From microprofile-jwt-auth with Apache License 2.0 | 6 votes |
|
/**
* Loads the signer-keypair.jwk resource that was generated using https://mkjwk.org
* and returns the private key
*
* @return the private key from the key pair
*/
static PrivateKey loadPrivateKey() throws Exception {
String jwk = TokenUtils.readResource("/signer-keypair.jwk");
RsaJsonWebKey rsaJsonWebKey = (RsaJsonWebKey) JsonWebKey.Factory.newJwk(jwk);
RSAPublicKey pk = rsaJsonWebKey.getRsaPublicKey();
String e = new String(Base64.getUrlEncoder().withoutPadding().encode(pk.getPublicExponent().toByteArray()));
byte[] nbytes = pk.getModulus().toByteArray();
if(nbytes[0] == 0 && nbytes.length > 1) {
byte[] tmp = new byte[nbytes.length-1];
System.arraycopy(nbytes, 1, tmp, 0, tmp.length);
nbytes = tmp;
}
String n = new String(Base64.getUrlEncoder().withoutPadding().encode(nbytes));
System.out.printf("e: %s\n", e);
System.out.printf("n: %s\n", n);
n = BigEndianBigInteger.toBase64Url(pk.getModulus());
System.out.printf("n: %s\n", n);
return rsaJsonWebKey.getRsaPrivateKey();
}
Example #4
| Source File: NegativeJweKeyTest.java From Jose4j with Apache License 2.0 | 6 votes |
|
public void testRsaTooSmall() throws JoseException
{
RsaJsonWebKey rsaJsonWebKey = (RsaJsonWebKey) RsaJsonWebKey.Factory.newPublicJwk("{\"kty\":\"RSA\"," +
"\"n\":\"hIOFEUa93kqVnqoaA1r5qj3tLhnSyQ9njLrlcJrynwt2LYfIhntUZPfS2fiHhLGzww7GamLAXwDfGZo0dY6V3cglENl6yro" +
"BWhYu15IgHVAeP1V_5m1gJ9hiWNUR3i5zhNNUR1Ewdo0E52amiRb1-xXRcxhcRlybfRcEMJEgm0c\"," +
"\"e\":\"AQAB\",\"d\":\"RhNK7jzrsT7d6n7nrLiSaM3AvG1Zg4vK5af8J1U5UpP8Fc3FZCCaG57WeQAtoiVa-563nJDGTDcow-BB" +
"N52EcG_7SRJtXc6Zk5og330nqIy0OoP2GRPJKOg6zB45RsDQmxklezrlWCMdwZIzjxyB_vDMx59uXK_i66iVXjFoqZk\"," +
"\"p\":\"7aIngX0swanIMJk-GpmJVxL7vF6Zx0RfmimOE6BJKi7COHR7ectpQtfmYhLMBtMpHF1qnuaa4vlM3S9xLHGlIw\"," +
"\"q\":\"jsF0PrAmuixIUgCinmh2-FYmBySG8B8Kv_Llj81kKRiNM35Pv_W_zrkb_oxyEMzOc9Z2_gkqhEfYZulnBVCtjQ\"," +
"\"dp\":\"ab1f6uSyR7Ku28E0u01aqZ5O2fEWaG7qQ4T-LYmDRPvtfIWIdBepTQ8Y-sb2dor7nh2LVg2zGhBovXtg1q_zFQ\"," +
"\"dq\":\"GPpaZ5mUvSCAavC3g3YN0vfn4XoPrjYQQHO0nQu4CcTE-AyS0aijLf2Pm2NhlfTv7q7I1TwvV0Pm5mLSZsiuBQ\"," +
"\"qi\":\"gVD_SEwVbiHvZAm3aqynOfMnObl8bBe1qDDNThVO3yUL8tghkKizEu1Ey_sYal-luDu9zcEFUkbrV-7jTqFUVg\"}\n");
expectBadKeyFailOnProduce(RSA_OAEP, AES_128_CBC_HMAC_SHA_256, rsaJsonWebKey.getPublicKey());
expectBadKeyFailOnProduce(RSA1_5, AES_128_CBC_HMAC_SHA_256, rsaJsonWebKey.getPublicKey());
expectBadKeyFailOnConsume("eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhDQkMtSFMyNTYifQ." +
"Ti9oxDdTy9hk3j5XOu0lPuus3pC6ZPsBY4LubTOKS6kX1XAR16u2yvcf5csZpB-3CK3UL5JQl1kye2QVytWH79FLg2R3Zfjpd21AF" +
"kjxkkI6Cl9UQjPJCO7oiYnKkBdbMiSwcdGl2z6OHpZNcqHH6jQ4BVk-zDPbg3Vj25X19vE." +
"pZyCrX1Aae9kvKEyCvUTfA.H7qnqcNKWAVhd-xAVdAgkw.kDaHS6qIiKxAH4Z316EJ6w", rsaJsonWebKey.getPrivateKey());
}
Example #5
| Source File: KeyLocationResolverTest.java From smallrye-jwt with Apache License 2.0 | 5 votes |
|
@Test
public void testLoadHttpsJwksNonMathchingKidAndRefresh() throws Exception {
JWTAuthContextInfo contextInfo = new JWTAuthContextInfo("https://github.com/my_key.jwks", "issuer");
contextInfo.setJwksRefreshInterval(10);
KeyLocationResolver keyLocationResolver = new KeyLocationResolver(contextInfo) {
protected HttpsJwks initializeHttpsJwks() {
return httpsJwks;
}
};
// token 'kid' is '1'
when(signature.getHeaders()).thenReturn(headers);
when(headers.getStringHeaderValue(JsonWebKey.KEY_ID_PARAMETER)).thenReturn("1");
final RsaJsonWebKey jwk = new RsaJsonWebKey(key);
// Return JWK Set with a non-matching JWK with 'kid' set to '2'
jwk.setKeyId("2");
when(httpsJwks.getJsonWebKeys()).thenReturn(Collections.singletonList(jwk));
// Refresh JWK Set and get a matching JWK with 'kid' set to '1'
doAnswer((i) -> {
jwk.setKeyId("1");
return null;
}).when(httpsJwks).refresh();
keyLocationResolver = Mockito.spy(keyLocationResolver);
assertEquals(key, keyLocationResolver.resolveKey(signature, emptyList()));
assertNull(keyLocationResolver.verificationKey);
}
Example #6
| Source File: JwtHelper.java From openhab-core with Eclipse Public License 2.0 | 5 votes |
|
private RsaJsonWebKey loadOrGenerateKey() throws FileNotFoundException, JoseException, IOException {
try (final BufferedReader reader = Files.newBufferedReader(Paths.get(KEY_FILE_PATH))) {
return (RsaJsonWebKey) JsonWebKey.Factory.newJwk(reader.readLine());
} catch (IOException | JoseException e) {
RsaJsonWebKey key = generateNewKey();
logger.debug("Created JWT signature key in {}", KEY_FILE_PATH);
return key;
}
}
Example #7
| Source File: JwtHelper.java From openhab-core with Eclipse Public License 2.0 | 5 votes |
|
private RsaJsonWebKey generateNewKey() throws JoseException, FileNotFoundException, IOException {
RsaJsonWebKey newKey = RsaJwkGenerator.generateJwk(2048);
File file = new File(KEY_FILE_PATH);
file.getParentFile().mkdirs();
String keyJson = newKey.toJson(OutputControlLevel.INCLUDE_PRIVATE);
Files.writeString(file.toPath(), keyJson, StandardCharsets.UTF_8);
return newKey;
}
Example #8
| Source File: Pbes2ExampleEncryptedRSAPrivateKeyJwkAppendixCTest.java From Jose4j with Apache License 2.0 | 5 votes |
|
@Test
public void decryptExample() throws JoseException
{
PbkdfKey key = new PbkdfKey(PASSWORD);
JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setCompactSerialization(CS);
jwe.setKey(key);
String payload = jwe.getPayload();
PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(payload);
assertThat("[email protected]", is(equalTo(jwk.getKeyId())));
assertThat(RsaJsonWebKey.KEY_TYPE, is(equalTo(jwk.getKeyType())));
assertThat(Use.ENCRYPTION, is(equalTo(jwk.getUse())));
}
Example #9
| Source File: RsaOaepKeyManagementAlgorithmTest.java From Jose4j with Apache License 2.0 | 5 votes |
|
@Test
public void testWorkingExampleFromMailList() throws Exception
{
// http://www.ietf.org/mail-archive/web/jose/current/msg04131.html
// okay it's my own example but it's all I've got right now
final String cs =
"eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0." +
"fL5IL5cMCjjU9G9_ZjsD2XO0HIwTOwbVwulcZVw31_rx2qTcHzbYhIvrvbcVLTfJzn8xbQ3UEL442ZgZ1PcFYKENYePXiEyvYxPN8dmvj_" +
"OfLSJDEqR6kvwOb6nghGtxfzdB_VRvFt2eehbCA3gWpiOYHHvSTFdBPGx2KZHQisLz3oZR8EWiZ1woEpHy8a7FoQ2zzuDlZEJQOUrh09b_" +
"EJxmcE2jL6wmEtgabyxy3VgWg3GqSPUISlJZV9HThuVJezzktJdpntRDnAPUqjc8IwByGpMleIQcPuBUseRRPr_OsroOJ6eTl5DuFCmBOKb-eNNw5v-GEcVYr1w7X9oXoA." +
"0frdIwx8P8UAzh1s9_PgOA." +
"RAzILH0xfs0yxzML1CzzGExCfE2_wzWKs0FVuXfM8R5H68yTqTbqIqRCp2feAH5GSvluzmztk2_CkGNSjAyoaw." +
"4nMUXOgmgWvM-08tIZ-h5w";
JceProviderTestSupport jceProviderTestSupport = new JceProviderTestSupport();
jceProviderTestSupport.setKeyManagementAlgsNeeded(KeyManagementAlgorithmIdentifiers.RSA_OAEP_256);
jceProviderTestSupport.runWithBouncyCastleProviderIfNeeded(new JceProviderTestSupport.RunnableTest()
{
@Override
public void runTest() throws Exception
{
if (!doubleCheckRsaOaep256())
{
return;
}
RsaJsonWebKey jwk = (RsaJsonWebKey) PublicJsonWebKey.Factory.newPublicJwk(JWK_JSON);
JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setCompactSerialization(cs);
jwe.setKey(jwk.getPrivateKey());
String payloadOut = jwe.getPayload();
assertEquals(EXAMPLE_PAYLOAD, payloadOut);
}
});
}
Example #10
| Source File: RsaOaepKeyManagementAlgorithmTest.java From Jose4j with Apache License 2.0 | 5 votes |
|
@Test
public void test256RoundTrip() throws Exception
{
JceProviderTestSupport jceProviderTestSupport = new JceProviderTestSupport();
jceProviderTestSupport.setKeyManagementAlgsNeeded(KeyManagementAlgorithmIdentifiers.RSA_OAEP_256);
jceProviderTestSupport.runWithBouncyCastleProviderIfNeeded(new JceProviderTestSupport.RunnableTest()
{
@Override
public void runTest() throws Exception
{
if (!doubleCheckRsaOaep256())
{
return;
}
RsaJsonWebKey jwk = (RsaJsonWebKey) PublicJsonWebKey.Factory.newPublicJwk(JWK_JSON);
JsonWebEncryption jwe = new JsonWebEncryption();
jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.RSA_OAEP_256);
jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256);
jwe.setKey(jwk.getPublicKey());
String payloadIn = EXAMPLE_PAYLOAD;
jwe.setPayload(payloadIn);
String compactSerialization = jwe.getCompactSerialization();
jwe = new JsonWebEncryption();
jwe.setCompactSerialization(compactSerialization);
jwe.setKey(jwk.getPrivateKey());
String payloadOut = jwe.getPayload();
assertEquals(payloadIn, payloadOut);
}
});
}
Example #11
| Source File: KeyLocationResolverTest.java From smallrye-jwt with Apache License 2.0 | 5 votes |
|
@Test(expected = UnresolvableKeyException.class)
public void testLoadHttpsJwksNonMathchingKidAndRefreshDeclined() throws Exception {
JWTAuthContextInfo contextInfo = new JWTAuthContextInfo("https://github.com/my_key.jwks", "issuer");
contextInfo.setJwksRefreshInterval(10);
contextInfo.setForcedJwksRefreshInterval(10);
KeyLocationResolver keyLocationResolver = new KeyLocationResolver(contextInfo) {
protected HttpsJwks initializeHttpsJwks() {
return httpsJwks;
}
};
// token 'kid' is '1'
when(signature.getHeaders()).thenReturn(headers);
when(headers.getStringHeaderValue(JsonWebKey.KEY_ID_PARAMETER)).thenReturn("1");
final RsaJsonWebKey jwk = new RsaJsonWebKey(key);
// Return JWK Set with a non-matching JWK with 'kid' set to '2'
jwk.setKeyId("2");
when(httpsJwks.getJsonWebKeys()).thenReturn(Collections.singletonList(jwk));
// Refresh JWK Set and get a matching JWK with 'kid' set to '1'
doAnswer((i) -> {
jwk.setKeyId("1");
return null;
}).when(httpsJwks).refresh();
keyLocationResolver = Mockito.spy(keyLocationResolver);
assertEquals(key, keyLocationResolver.resolveKey(signature, emptyList()));
assertNull(keyLocationResolver.verificationKey);
// Return JWK Set with a non-matching JWK with 'kid' set to '2'
jwk.setKeyId("2");
keyLocationResolver.resolveKey(signature, emptyList());
}
Example #12
| Source File: RsaUsingShaAlgorithm.java From Jose4j with Apache License 2.0 | 4 votes |
|
public RsaUsingShaAlgorithm(String id, String javaAlgo)
{
super(id, javaAlgo, RsaJsonWebKey.KEY_TYPE);
}
Example #13
| Source File: RsaKeyManagementAlgorithm.java From Jose4j with Apache License 2.0 | 4 votes |
|
public RsaKeyManagementAlgorithm(String javaAlg, String alg)
{
super(javaAlg, alg);
setKeyType(RsaJsonWebKey.KEY_TYPE);
setKeyPersuasion(KeyPersuasion.ASYMMETRIC);
}
Example #14
| Source File: JWTAuthPluginIntegrationTest.java From lucene-solr with Apache License 2.0 | 4 votes |
|
@Override
@Before
public void setUp() throws Exception {
super.setUp();
configureCluster(NUM_SERVERS)// nodes
.withSecurityJson(TEST_PATH().resolve("security").resolve("jwt_plugin_jwk_security.json"))
.addConfig("conf1", TEST_PATH().resolve("configsets").resolve("cloud-minimal").resolve("conf"))
.withDefaultClusterProperty("useLegacyReplicaAssignment", "false")
.configure();
baseUrl = cluster.getRandomJetty(random()).getBaseUrl().toString();
String jwkJSON = "{\n" +
" \"kty\": \"RSA\",\n" +
" \"d\": \"i6pyv2z3o-MlYytWsOr3IE1olu2RXZBzjPRBNgWAP1TlLNaphHEvH5aHhe_CtBAastgFFMuP29CFhaL3_tGczkvWJkSveZQN2AHWHgRShKgoSVMspkhOt3Ghha4CvpnZ9BnQzVHnaBnHDTTTfVgXz7P1ZNBhQY4URG61DKIF-JSSClyh1xKuMoJX0lILXDYGGcjVTZL_hci4IXPPTpOJHV51-pxuO7WU5M9252UYoiYyCJ56ai8N49aKIMsqhdGuO4aWUwsGIW4oQpjtce5eEojCprYl-9rDhTwLAFoBtjy6LvkqlR2Ae5dKZYpStljBjK8PJrBvWZjXAEMDdQ8PuQ\",\n" +
" \"e\": \"AQAB\",\n" +
" \"use\": \"sig\",\n" +
" \"kid\": \"test\",\n" +
" \"alg\": \"RS256\",\n" +
" \"n\": \"jeyrvOaZrmKWjyNXt0myAc_pJ1hNt3aRupExJEx1ewPaL9J9HFgSCjMrYxCB1ETO1NDyZ3nSgjZis-jHHDqBxBjRdq_t1E2rkGFaYbxAyKt220Pwgme_SFTB9MXVrFQGkKyjmQeVmOmV6zM3KK8uMdKQJ4aoKmwBcF5Zg7EZdDcKOFgpgva1Jq-FlEsaJ2xrYDYo3KnGcOHIt9_0NQeLsqZbeWYLxYni7uROFncXYV5FhSJCeR4A_rrbwlaCydGxE0ToC_9HNYibUHlkJjqyUhAgORCbNS8JLCJH8NUi5sDdIawK9GTSyvsJXZ-QHqo4cMUuxWV5AJtaRGghuMUfqQ\"\n" +
"}";
PublicJsonWebKey jwk = RsaJsonWebKey.Factory.newPublicJwk(jwkJSON);
JwtClaims claims = JWTAuthPluginTest.generateClaims();
jws = new JsonWebSignature();
jws.setPayload(claims.toJson());
jws.setKey(jwk.getPrivateKey());
jws.setKeyIdHeaderValue(jwk.getKeyId());
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
jwtTestToken = jws.getCompactSerialization();
PublicJsonWebKey jwk2 = RsaJwkGenerator.generateJwk(2048);
jwk2.setKeyId("k2");
JsonWebSignature jws2 = new JsonWebSignature();
jws2.setPayload(claims.toJson());
jws2.setKey(jwk2.getPrivateKey());
jws2.setKeyIdHeaderValue(jwk2.getKeyId());
jws2.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
jwtTokenWrongSignature = jws2.getCompactSerialization();
cluster.waitForAllNodes(10);
}
Example #15
| Source File: JWTVerificationkeyResolverTest.java From lucene-solr with Apache License 2.0 | 4 votes |
|
private RsaJsonWebKey generateKey(String kid) throws JoseException {
RsaJsonWebKey rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048);
rsaJsonWebKey.setKeyId(kid);
return rsaJsonWebKey;
}
Example #16
| Source File: JWTVerificationkeyResolverTest.java From lucene-solr with Apache License 2.0 | 4 votes |
|
public RsaJsonWebKey getRsaKey() {
return key;
}
Example #17
| Source File: JwtAuthenticationServiceImplTest.java From blueocean-plugin with MIT License | 4 votes |
|
@Test
public void anonymousUserToken() throws Exception{
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
JenkinsRule.WebClient webClient = j.createWebClient();
String token = getToken(webClient);
Assert.assertNotNull(token);
JsonWebStructure jsonWebStructure = JsonWebStructure.fromCompactSerialization(token);
Assert.assertTrue(jsonWebStructure instanceof JsonWebSignature);
JsonWebSignature jsw = (JsonWebSignature) jsonWebStructure;
String kid = jsw.getHeader("kid");
Assert.assertNotNull(kid);
Page page = webClient.goTo("jwt-auth/jwks/"+kid+"/", "application/json");
// for(NameValuePair valuePair: page.getWebResponse().getResponseHeaders()){
// System.out.println(valuePair);
// }
JSONObject jsonObject = JSONObject.fromObject(page.getWebResponse().getContentAsString());
RsaJsonWebKey rsaJsonWebKey = new RsaJsonWebKey(jsonObject,null);
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setRequireExpirationTime() // the JWT must have an expiration time
.setAllowedClockSkewInSeconds(30) // allow some leeway in validating time based claims to account for clock skew
.setRequireSubject() // the JWT must have a subject claim
.setVerificationKey(rsaJsonWebKey.getKey()) // verify the sign with the public key
.build(); // create the JwtConsumer instance
JwtClaims claims = jwtConsumer.processToClaims(token);
Assert.assertEquals("anonymous",claims.getSubject());
Map<String,Object> claimMap = claims.getClaimsMap();
Map<String,Object> context = (Map<String, Object>) claimMap.get("context");
Map<String,String> userContext = (Map<String, String>) context.get("user");
Assert.assertEquals("anonymous", userContext.get("id"));
}
Example #18
| Source File: JwtAuthenticationServiceImplTest.java From blueocean-plugin with MIT License | 2 votes |
|
@Test
public void getToken() throws Exception {
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
User user = User.get("alice");
user.setFullName("Alice Cooper");
user.addProperty(new Mailer.UserProperty("[email protected]"));
JenkinsRule.WebClient webClient = j.createWebClient();
webClient.login("alice");
String token = getToken(webClient);
Assert.assertNotNull(token);
JsonWebStructure jsonWebStructure = JsonWebStructure.fromCompactSerialization(token);
Assert.assertTrue(jsonWebStructure instanceof JsonWebSignature);
JsonWebSignature jsw = (JsonWebSignature) jsonWebStructure;
System.out.println(token);
System.out.println(jsw.toString());
String kid = jsw.getHeader("kid");
Assert.assertNotNull(kid);
Page page = webClient.goTo("jwt-auth/jwks/"+kid+"/", "application/json");
// for(NameValuePair valuePair: page.getWebResponse().getResponseHeaders()){
// System.out.println(valuePair);
// }
JSONObject jsonObject = JSONObject.fromObject(page.getWebResponse().getContentAsString());
System.out.println(jsonObject.toString());
RsaJsonWebKey rsaJsonWebKey = new RsaJsonWebKey(jsonObject,null);
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setRequireExpirationTime() // the JWT must have an expiration time
.setAllowedClockSkewInSeconds(30) // allow some leeway in validating time based claims to account for clock skew
.setRequireSubject() // the JWT must have a subject claim
.setVerificationKey(rsaJsonWebKey.getKey()) // verify the sign with the public key
.build(); // create the JwtConsumer instance
JwtClaims claims = jwtConsumer.processToClaims(token);
Assert.assertEquals("alice",claims.getSubject());
Map<String,Object> claimMap = claims.getClaimsMap();
Map<String,Object> context = (Map<String, Object>) claimMap.get("context");
Map<String,String> userContext = (Map<String, String>) context.get("user");
Assert.assertEquals("alice", userContext.get("id"));
Assert.assertEquals("Alice Cooper", userContext.get("fullName"));
Assert.assertEquals("[email protected]", userContext.get("email"));
}
