Java源码示例:org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm
示例1
protected String processIdToken(OAuthRedirectionState state, IdToken idToken) {
OAuthJoseJwtProducer processor = idTokenHandler == null ? new OAuthJoseJwtProducer() : idTokenHandler;
String code =
(String)JAXRSUtils.getCurrentMessage().getExchange().get(OAuthConstants.AUTHORIZATION_CODE_VALUE);
if (code != null) {
// this service is invoked as part of the hybrid flow
Properties props = JwsUtils.loadSignatureOutProperties(false);
SignatureAlgorithm sigAlgo = null;
if (processor.isSignWithClientSecret()) {
sigAlgo = OAuthUtils.getClientSecretSignatureAlgorithm(props);
} else {
sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.RS256);
}
idToken.setAuthorizationCodeHash(OidcUtils.calculateAuthorizationCodeHash(code, sigAlgo));
}
idToken.setNonce(state.getNonce());
return processor.processJwt(new JwtToken(idToken));
}
示例2
@BeforeAll
public static void securitySetup() {
try (InputStream propStream = Encryptor.class.getResourceAsStream("/security.properties")) {
Properties props = new Properties();
props.load(propStream);
ANONYMOUS_UNAME = props.getProperty("anonymousUser");
ANONYMOUS_KEY = props.getProperty("anonymousKey");
JWT_ISSUER = props.getProperty("jwtIssuer");
JWS_ALGORITHM = SignatureAlgorithm.valueOf(props.getProperty("jwsAlgorithm"));
JWS_KEY = props.getProperty("jwsKey");
} catch (Exception e) {
LOG.error("Could not read secretKey", e);
}
assertNotNull(ANONYMOUS_UNAME);
assertNotNull(ANONYMOUS_KEY);
assertNotNull(JWS_KEY);
assertNotNull(JWT_ISSUER);
}
示例3
@Test
public void testReadJwsWithJwkSignedByMac() throws Exception {
JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC);
assertTrue(jws.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
SignatureAlgorithm.HS256)));
JwtToken token = jws.getJwtToken();
JwsHeaders headers = new JwsHeaders(token.getJwsHeaders());
assertEquals(JoseType.JWT, headers.getType());
assertEquals(SignatureAlgorithm.HS256, headers.getSignatureAlgorithm());
JsonWebKey key = headers.getJsonWebKey();
assertEquals(KeyType.OCTET, key.getKeyType());
List<KeyOperation> keyOps = key.getKeyOperation();
assertEquals(2, keyOps.size());
assertEquals(KeyOperation.SIGN, keyOps.get(0));
assertEquals(KeyOperation.VERIFY, keyOps.get(1));
validateSpecClaim(token.getClaims());
}
示例4
private static ClientAccessToken getAccessToken(PrivateKey privateKey, String issuer) {
JwsHeaders headers = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.RS256);
JwtClaims claims = new JwtClaims();
claims.setIssuer(issuer);
claims.setAudience("https://www.googleapis.com/oauth2/v3/token");
long issuedAt = OAuthUtils.getIssuedAt();
claims.setIssuedAt(issuedAt);
claims.setExpiryTime(issuedAt + 60 * 60);
claims.setProperty("scope", "https://www.googleapis.com/auth/bigquery.readonly");
JwtToken token = new JwtToken(headers, claims);
JwsJwtCompactProducer p = new JwsJwtCompactProducer(token);
String base64UrlAssertion = p.signWith(privateKey);
JwtBearerGrant grant = new JwtBearerGrant(base64UrlAssertion);
WebClient accessTokenService = WebClient.create("https://www.googleapis.com/oauth2/v3/token",
Arrays.asList(new OAuthJSONProvider(),
new AccessTokenGrantWriter()));
WebClient.getConfig(accessTokenService).getInInterceptors().add(new LoggingInInterceptor());
accessTokenService.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
return accessTokenService.post(grant, ClientAccessToken.class);
}
示例5
private void validateIdToken(String idToken, String nonce)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
JwtToken jwt = jwtConsumer.getJwtToken();
// Validate claims
assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
assertEquals("OIDC IdP", jwt.getClaim(JwtConstants.CLAIM_ISSUER));
assertEquals("consumer-id", jwt.getClaim(JwtConstants.CLAIM_AUDIENCE));
assertNotNull(jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
assertNotNull(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
if (nonce != null) {
assertEquals(nonce, jwt.getClaim(IdToken.NONCE_CLAIM));
}
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(ClassLoaderUtils.getResourceAsStream("keys/alice.jks", this.getClass()),
"password".toCharArray());
Certificate cert = keystore.getCertificate("alice");
assertNotNull(cert);
assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert,
SignatureAlgorithm.RS256));
}
示例6
protected void consumeCompactJWS(String signedData, String plainText, JsonWebKeys keys) {
// Validate Signature
// 1. Read data to get key id (only need to do this if you don't know the key)
JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(signedData);
String kid = jwsConsumer.getJwsHeaders().getKeyId();
Assert.assertNotNull("Data does not contain kid header.", kid);
// 2. Get key
JsonWebKey key = keys.getKey(kid);
Assert.assertNotNull("Data signed with unknown key", key);
// 3. Verify
SignatureAlgorithm signAlgo = jwsConsumer.getJwsHeaders().getSignatureAlgorithm();
Assert.assertNotNull("Signed data does not define algorithm used", signAlgo);
JwsSignatureVerifier signatureVerifier = JwsUtils.getSignatureVerifier(key, signAlgo);
Assert.assertTrue("Signature validation failed", jwsConsumer.verifySignatureWith(signatureVerifier));
// Validate plain text
Assert.assertEquals(plainText, jwsConsumer.getDecodedJwsPayload());
}
示例7
@Test
public void testJwsPsSha() throws Exception {
Security.addProvider(new BouncyCastleProvider());
try {
JwsHeaders outHeaders = new JwsHeaders();
outHeaders.setSignatureAlgorithm(SignatureAlgorithm.PS256);
JwsCompactProducer producer = initSpecJwtTokenWriter(outHeaders);
PrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);
String signed = producer.signWith(
new PrivateKeyJwsSignatureProvider(privateKey, SignatureAlgorithm.PS256));
JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(signed);
RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.PS256)));
JwtToken token = jws.getJwtToken();
JwsHeaders inHeaders = new JwsHeaders(token.getJwsHeaders());
assertEquals(SignatureAlgorithm.PS256,
inHeaders.getSignatureAlgorithm());
validateSpecClaim(token.getClaims());
} finally {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
}
示例8
private static void validateAccessToken(String accessToken)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(accessToken);
JwtClaims jwtClaims = jwtConsumer.getJwtToken().getClaims();
// Validate claims
if (!OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(jwtClaims.getStringProperty(OAuthConstants.GRANT_TYPE))) {
// We don't have a Subject for the client credential grant
assertNotNull(jwtClaims.getSubject());
}
assertNotNull(jwtClaims.getIssuedAt());
assertNotNull(jwtClaims.getExpiryTime());
assertEquals(ISSUER, jwtClaims.getIssuer());
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(ClassLoaderUtils.getResourceAsStream("keys/alice.jks", AuthorizationGrantTest.class),
"password".toCharArray());
Certificate cert = keystore.getCertificate("alice");
assertNotNull(cert);
assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert,
SignatureAlgorithm.RS256));
}
示例9
private static JwtToken validateJWTToken(String token)
throws Exception {
assertNotNull(token);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
// Validate claims
assertEquals("DoubleItSTSIssuer", jwt.getClaims().getIssuer());
assertNotNull(jwt.getClaims().getExpiryTime());
assertNotNull(jwt.getClaims().getIssuedAt());
CryptoType alias = new CryptoType(CryptoType.TYPE.ALIAS);
alias.setAlias("mystskey");
X509Certificate stsCertificate = serviceCrypto.getX509Certificates(alias)[0];
assertTrue(jwtConsumer.verifySignatureWith(stsCertificate, SignatureAlgorithm.RS256));
return jwt;
}
示例10
@Test
public void testWriteReadJwsSignedByESPrivateKey() throws Exception {
JwsHeaders headers = new JwsHeaders();
headers.setSignatureAlgorithm(SignatureAlgorithm.ES256);
JwsCompactProducer jws = initSpecJwtTokenWriter(headers);
ECPrivateKey privateKey = CryptoUtils.getECPrivateKey(JsonWebKey.EC_CURVE_P256,
EC_PRIVATE_KEY_ENCODED);
jws.signWith(new EcDsaJwsSignatureProvider(privateKey, SignatureAlgorithm.ES256));
String signedJws = jws.getSignedEncodedJws();
ECPublicKey publicKey = CryptoUtils.getECPublicKey(JsonWebKey.EC_CURVE_P256,
EC_X_POINT_ENCODED,
EC_Y_POINT_ENCODED);
JwsJwtCompactConsumer jwsConsumer = new JwsJwtCompactConsumer(signedJws);
assertTrue(jwsConsumer.verifySignatureWith(new EcDsaJwsSignatureVerifier(publicKey,
SignatureAlgorithm.ES256)));
JwtToken token = jwsConsumer.getJwtToken();
JwsHeaders headersReceived = new JwsHeaders(token.getJwsHeaders());
assertEquals(SignatureAlgorithm.ES256, headersReceived.getSignatureAlgorithm());
validateSpecClaim(token.getClaims());
}
示例11
private void doTestWriteJwsWithJwkSignedByMac(Object jsonWebKey) throws Exception {
JwsHeaders headers = new JwsHeaders();
headers.setType(JoseType.JWT);
headers.setSignatureAlgorithm(SignatureAlgorithm.HS256);
headers.setHeader(JoseConstants.HEADER_JSON_WEB_KEY, jsonWebKey);
JwtClaims claims = new JwtClaims();
claims.setIssuer("joe");
claims.setExpiryTime(1300819380L);
claims.setClaim("http://example.com/is_root", Boolean.TRUE);
JwtToken token = new JwtToken(headers, claims);
JwsCompactProducer jws = new JwsJwtCompactProducer(token, getWriter());
jws.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256));
assertEquals(ENCODED_TOKEN_WITH_JSON_KEY_SIGNED_BY_MAC, jws.getSignedEncodedJws());
}
示例12
@Test
public void testWriteReadJwsUnsigned() throws Exception {
JwsHeaders headers = new JwsHeaders(JoseType.JWT);
headers.setSignatureAlgorithm(SignatureAlgorithm.NONE);
JwtClaims claims = new JwtClaims();
claims.setIssuer("https://jwt-idp.example.com");
claims.setSubject("mailto:[email protected]");
claims.setAudiences(Collections.singletonList("https://jwt-rp.example.net"));
claims.setNotBefore(1300815780L);
claims.setExpiryTime(1300819380L);
claims.setClaim("http://claims.example.com/member", true);
JwsCompactProducer writer = new JwsJwtCompactProducer(headers, claims);
String signed = writer.getSignedEncodedJws();
JwsJwtCompactConsumer reader = new JwsJwtCompactConsumer(signed);
assertEquals(0, reader.getDecodedSignature().length);
JwtToken token = reader.getJwtToken();
assertEquals(new JwtToken(headers, claims), token);
}
示例13
private static String calculateHash(String value, SignatureAlgorithm sigAlgo) {
if (sigAlgo == SignatureAlgorithm.NONE) {
throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
}
String algoShaSizeString = sigAlgo.getJwaName().substring(2);
String javaShaAlgo = "SHA-" + algoShaSizeString;
int algoShaSize = Integer.parseInt(algoShaSizeString);
int valueHashSize = (algoShaSize / 8) / 2;
try {
byte[] atBytes = StringUtils.toBytesASCII(value);
byte[] digest = MessageDigestUtils.createDigest(atBytes, javaShaAlgo);
return Base64UrlUtility.encodeChunk(digest, 0, valueHashSize);
} catch (NoSuchAlgorithmException ex) {
throw new OAuthServiceException(ex);
}
}
示例14
private static SignatureAlgorithm getDefaultPrivateKeyAlgorithm(PrivateKey key) {
if (key instanceof RSAPrivateKey) {
return SignatureAlgorithm.RS256;
} else if (key instanceof ECPrivateKey) {
return SignatureAlgorithm.ES256;
} else {
return null;
}
}
示例15
@Test
public void testSignWithProtectedHeaderOnlyFlat() {
JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT, true);
JwsHeaders headerEntries = new JwsHeaders();
headerEntries.setSignatureAlgorithm(SignatureAlgorithm.HS256);
producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256),
headerEntries);
assertEquals(SIGNED_JWS_JSON_FLAT_DOCUMENT,
producer.getJwsJsonSignedDocument());
}
示例16
@Test
public void thirdPartyToken() throws ParseException {
assumeFalse(SignatureAlgorithm.isPublicKeyAlgorithm(JWS_ALGORITHM));
// Create a new token
Date now = new Date();
long currentTime = now.getTime() / 1000L;
Calendar expiry = Calendar.getInstance();
expiry.setTime(now);
expiry.add(Calendar.MINUTE, 5);
JwtClaims jwtClaims = new JwtClaims();
jwtClaims.setTokenId(UUID.randomUUID().toString());
jwtClaims.setSubject("[email protected]");
jwtClaims.setIssuedAt(currentTime);
jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
jwtClaims.setNotBefore(currentTime);
JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, JWS_ALGORITHM);
JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
JwsSignatureProvider customSignatureProvider =
new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), JWS_ALGORITHM);
String signed = producer.signWith(customSignatureProvider);
SyncopeClient jwtClient = clientFactory.create(signed);
Pair<Map<String, Set<String>>, UserTO> self = jwtClient.self();
assertFalse(self.getLeft().isEmpty());
assertEquals("puccini", self.getRight().getUsername());
}
示例17
@Test
public void thirdPartyTokenUnknownUser() throws ParseException {
assumeFalse(SignatureAlgorithm.isPublicKeyAlgorithm(JWS_ALGORITHM));
// Create a new token
Date now = new Date();
long currentTime = now.getTime() / 1000L;
Calendar expiry = Calendar.getInstance();
expiry.setTime(now);
expiry.add(Calendar.MINUTE, 5);
JwtClaims jwtClaims = new JwtClaims();
jwtClaims.setTokenId(UUID.randomUUID().toString());
jwtClaims.setSubject("[email protected]");
jwtClaims.setIssuedAt(currentTime);
jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
jwtClaims.setExpiryTime(expiry.getTime().getTime() / 1000L);
jwtClaims.setNotBefore(currentTime);
JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, JWS_ALGORITHM);
JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
JwsSignatureProvider customSignatureProvider =
new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), JWS_ALGORITHM);
String signed = producer.signWith(customSignatureProvider);
SyncopeClient jwtClient = clientFactory.create(signed);
try {
jwtClient.self();
fail("Failure expected on an unknown subject");
} catch (AccessControlException ex) {
// expected
}
}
示例18
private void checkAlgorithm() {
if (getAlgorithm() == null) {
Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
Message m = PhaseInterceptorChain.getCurrentMessage();
SignatureAlgorithm signatureAlgo = JwsUtils.getSignatureAlgorithm(m, sigProps, null, null);
if (signatureAlgo != null) {
getJwsHeaders().setSignatureAlgorithm(signatureAlgo);
}
}
if (getAlgorithm() == null) {
throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
}
}
示例19
@ConditionalOnMissingBean
@Bean
public AccessTokenJwsSignatureVerifier accessTokenJwsSignatureVerifier() {
AccessTokenJwsSignatureVerifier verifier = new AccessTokenJwsSignatureVerifier();
verifier.setJwsAlgorithm(env.getProperty("jwsAlgorithm", SignatureAlgorithm.class));
verifier.setJwsKey(jwsKey());
return verifier;
}
示例20
@ConditionalOnMissingBean
@Bean
public AccessTokenJwsSignatureProvider accessTokenJwsSignatureProvider() {
AccessTokenJwsSignatureProvider provider = new AccessTokenJwsSignatureProvider();
provider.setJwsAlgorithm(env.getProperty("jwsAlgorithm", SignatureAlgorithm.class));
provider.setJwsKey(jwsKey());
return provider;
}
示例21
@Override
public void afterPropertiesSet() throws Exception {
if (jwsAlgorithm == null) {
throw new IllegalArgumentException("An instance of " + SignatureAlgorithm.class + " is required");
}
if (SignatureAlgorithm.isPublicKeyAlgorithm(jwsAlgorithm)) {
if (!jwsAlgorithm.getJwaName().startsWith("RS")) {
throw new IllegalArgumentException(jwsAlgorithm.getJavaName() + " not supported.");
}
if (jwsKey == null || jwsKey.indexOf(':') == -1) {
throw new IllegalArgumentException("A key pair is required, in the 'private:public' format");
}
KeyFactory kf = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(
Base64.getDecoder().decode(StringUtils.substringAfter(jwsKey, ":").getBytes()));
delegate = new PublicKeyJwsSignatureVerifier(kf.generatePublic(keySpecX509), jwsAlgorithm);
} else {
if (jwsKey == null) {
throw new IllegalArgumentException("A shared key is required");
}
delegate = new HmacJwsSignatureVerifier(jwsKey.getBytes(), jwsAlgorithm);
}
}
示例22
public static JwsSignatureVerifier getHmacSignatureVerifier(byte[] key, SignatureAlgorithm algo) {
if (algo == null) {
LOG.warning("No signature algorithm was defined");
throw new JwsException(JwsException.Error.ALGORITHM_NOT_SET);
}
if (AlgorithmUtils.isHmacSign(algo.getJwaName())) {
return new HmacJwsSignatureVerifier(key, algo);
}
return null;
}
示例23
@org.junit.Test
public void testAuthorizationCodeFlowWithKey() throws Exception {
URL busFile = OIDCFlowTest.class.getResource("client.xml");
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
"alice", "security", busFile.toString());
// Save the Cookie for the second request...
WebClient.getConfig(client).getRequestContext().put(
org.apache.cxf.message.Message.MAINTAIN_SESSION, Boolean.TRUE);
// Get Authorization Code
String code = OAuth2TestUtils.getAuthorizationCode(client, "openid");
assertNotNull(code);
// Now get the access token
client = WebClient.create(address, "consumer-id", "this-is-a-secret", busFile.toString());
ClientAccessToken accessToken =
OAuth2TestUtils.getAccessTokenWithAuthorizationCode(client, code);
assertNotNull(accessToken.getTokenKey());
assertTrue(accessToken.getApprovedScope().contains("openid"));
String idToken = accessToken.getParameters().get("id_token");
assertNotNull(idToken);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
// Now get the key to validate the token
client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
"alice", "security", busFile.toString());
client.accept("application/json");
client.path("keys/");
Response response = client.get();
JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
assertTrue(jwtConsumer.verifySignatureWith(jsonWebKeys.getKeys().get(0),
SignatureAlgorithm.RS256));
}
示例24
@Test
public void testWriteReadJwsUnencodedPayload() throws Exception {
JwsHeaders headers = new JwsHeaders(SignatureAlgorithm.HS256);
headers.setPayloadEncodingStatus(false);
JwsCompactProducer producer = new JwsCompactProducer(headers,
UNSIGNED_PLAIN_DOCUMENT,
true);
producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY, SignatureAlgorithm.HS256));
assertEquals(TOKEN_WITH_DETACHED_UNENCODED_PAYLOAD, producer.getSignedEncodedJws());
JwsCompactConsumer consumer =
new JwsCompactConsumer(TOKEN_WITH_DETACHED_UNENCODED_PAYLOAD, UNSIGNED_PLAIN_DOCUMENT);
assertTrue(consumer.verifySignatureWith(
new HmacJwsSignatureVerifier(ENCODED_MAC_KEY, SignatureAlgorithm.HS256)));
}
示例25
@Test
public void verifyJwsWithTwoAlgHeaderFieldsBogusFieldLast() throws Exception {
JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(TWO_ALG_HEADER_FIELDS_IN_JWS_BOGUS_LAST);
assertFalse(jwsConsumer.verifySignatureWith(new HmacJwsSignatureVerifier(ENCODED_MAC_KEY,
SignatureAlgorithm.HS256)));
}
示例26
@Test
public void testDualSignWithProtectedHeaderOnly() {
JwsJsonProducer producer = new JwsJsonProducer(UNSIGNED_PLAIN_JSON_DOCUMENT);
JwsHeaders headerEntries = new JwsHeaders();
headerEntries.setSignatureAlgorithm(SignatureAlgorithm.HS256);
producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_1, SignatureAlgorithm.HS256),
headerEntries);
producer.signWith(new HmacJwsSignatureProvider(ENCODED_MAC_KEY_2, SignatureAlgorithm.HS256),
headerEntries);
assertEquals(DUAL_SIGNED_JWS_JSON_DOCUMENT,
producer.getJwsJsonSignedDocument());
}
示例27
@Test
public void testProtectingSpecificHeaderFieldsSignature() throws Exception {
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
JwsHeaders unprotectedHeader = new JwsHeaders();
unprotectedHeader.setKeyId(HMAC_KID_VALUE);
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
protectedHeader, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
protectedHeader, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
示例28
public static SignatureAlgorithm getSignatureAlgorithm(Message m, Properties props,
SignatureAlgorithm algo,
SignatureAlgorithm defaultAlgo) {
if (algo == null) {
algo = getSignatureAlgorithm(m, props, defaultAlgo);
}
return algo;
}
示例29
protected JwsSignatureVerifier getInitializedSigVerifier(Client c) {
if (verifyWithClientCertificates) {
X509Certificate cert =
(X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0));
return JwsUtils.getPublicKeySignatureVerifier(cert, SignatureAlgorithm.RS256);
}
return super.getInitializedSignatureVerifier(c.getClientSecret());
}
示例30
protected static void initializeProvider(AbstractOAuthDataProvider dataProvider) {
dataProvider.setSupportedScopes(Collections.singletonMap("a", "A Scope"));
dataProvider.setSupportedScopes(Collections.singletonMap("refreshToken", "RefreshToken"));
// Configure the means of signing the issued JWT tokens
if (dataProvider.isUseJwtFormatForAccessTokens()) {
final JwsSignatureProvider signatureProvider =
new PrivateKeyJwsSignatureProvider(keyPair.getPrivate(), SignatureAlgorithm.RS256);
OAuthJoseJwtProducer jwtAccessTokenProducer = new OAuthJoseJwtProducer();
jwtAccessTokenProducer.setSignatureProvider(signatureProvider);
dataProvider.setJwtAccessTokenProducer(jwtAccessTokenProducer);
}
}
