Examples of JWT


Examples of com.atlassian.jwt.Jwt

                Either<Status, Jwt> authResult = authenticator.authenticate(context.request(), context.response()).getResult();
                if (authResult.left.isDefined()) {
                    return Promise.pure((SimpleResult)authResult.left.get());
                }

                Jwt jwt = authResult.right.get();
                AC.setAcHost(jwt.getIssuer());
                AC.setUser(jwt.getSubject());
                AC.refreshToken(false);

                return delegate.call(context);
            }
            catch (InvalidAuthenticationRequestException e)
View Full Code Here

Examples of com.jetdrone.vertx.yoke.security.JWT

    @Test
    public void testJWT() {
        final Yoke yoke = new Yoke(this);
        yoke.secretSecurity("keyboard cat");

        JWT jwt = new JWT(yoke.security());
        testComplete();
    }
View Full Code Here

Examples of com.jetdrone.vertx.yoke.security.JWT

    @Test
    public void testJWT2() {
        Yoke yoke = new Yoke(this);
        yoke.secretSecurity("keyboard cat");

        JWT jwt = new JWT(yoke.security());

        long now = System.currentTimeMillis();

        JsonObject json = new JsonObject()
                .putString("name", "Paulo Lopes")
                .putNumber("uid", 0)
                .putNumber("iat", now)
                .putNumber("exp", now + 24*60*60*1000)
                .putArray("claims", new JsonArray().add("a").add("b"));

        String token = jwt.encode(json);

        assertTrue(!token.contains("\n"));

        JsonObject decoded = jwt.decode(token);

        assertEquals("Paulo Lopes", decoded.getString("name"));
        assertEquals(0, decoded.getNumber("uid"));
        assertEquals(now, decoded.getNumber("iat"));
        assertEquals(now + 24*60*60*1000, decoded.getNumber("exp"));
View Full Code Here

Examples of com.nimbusds.jwt.JWT

    // check for appropriate parameters
    String assertionType = request.getParameter("client_assertion_type");
    String assertion = request.getParameter("client_assertion");

    try {
      JWT jwt = JWTParser.parse(assertion);

      String clientId = jwt.getJWTClaimsSet().getSubject();

      Authentication authRequest = new JwtBearerAssertionAuthenticationToken(clientId, jwt);

      return this.getAuthenticationManager().authenticate(authRequest);
    } catch (ParseException e) {
View Full Code Here

Examples of com.nimbusds.jwt.JWT

        logger.error("Couldn't find encrypter for client: " + client.getClientId());
      }

    } else {
     
      JWT idToken;
     
      if (signingAlg.equals(JWSAlgorithm.NONE)) {
        // unsigned ID token
        idToken = new PlainJWT(idClaims);
View Full Code Here

Examples of com.nimbusds.jwt.JWT

   */
  private void processRequestObject(String jwtString, AuthorizationRequest request) {

    // parse the request object
    try {
      JWT jwt = JWTParser.parse(jwtString);

      // TODO: move keys to constants

      if (jwt instanceof SignedJWT) {
        // it's a signed JWT, check the signature

        SignedJWT signedJwt = (SignedJWT)jwt;

        // need to check clientId first so that we can load the client to check other fields
        if (request.getClientId() == null) {
          request.setClientId(signedJwt.getJWTClaimsSet().getStringClaim("client_id"));
        }

        ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId());

        if (client == null) {
          throw new InvalidClientException("Client not found: " + request.getClientId());
        }


        JWSAlgorithm alg = signedJwt.getHeader().getAlgorithm();

        if (client.getRequestObjectSigningAlg() == null ||
            !client.getRequestObjectSigningAlg().equals(alg)) {
          throw new InvalidClientException("Client's registered request object signing algorithm (" + client.getRequestObjectSigningAlg() + ") does not match request object's actual algorithm (" + alg.getName() + ")");
        }

        if (alg.equals(JWSAlgorithm.RS256)
            || alg.equals(JWSAlgorithm.RS384)
            || alg.equals(JWSAlgorithm.RS512)) {

          // it's RSA, need to find the JWK URI and fetch the key

          if (client.getJwksUri() == null) {
            throw new InvalidClientException("Client must have a JWKS URI registered to use signed request objects.");
          }

          // check JWT signature
          JwtSigningAndValidationService validator = validators.getValidator(client.getJwksUri());

          if (validator == null) {
            throw new InvalidClientException("Unable to create signature validator for client's JWKS URI: " + client.getJwksUri());
          }

          if (!validator.validateSignature(signedJwt)) {
            throw new InvalidClientException("Signature did not validate for presented JWT request object.");
          }
        } else if (alg.equals(JWSAlgorithm.HS256)
            || alg.equals(JWSAlgorithm.HS384)
            || alg.equals(JWSAlgorithm.HS512)) {

          // it's HMAC, we need to make a validator based on the client secret

          JwtSigningAndValidationService validator = symmetricCacheService.getSymmetricValidtor(client);

          if (validator == null) {
            throw new InvalidClientException("Unable to create signature validator for client's secret: " + client.getClientSecret());
          }

          if (!validator.validateSignature(signedJwt)) {
            throw new InvalidClientException("Signature did not validate for presented JWT request object.");
          }


        }


      } else if (jwt instanceof PlainJWT) {
        PlainJWT plainJwt = (PlainJWT)jwt;

        // need to check clientId first so that we can load the client to check other fields
        if (request.getClientId() == null) {
          request.setClientId(plainJwt.getJWTClaimsSet().getStringClaim("client_id"));
        }

        ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId());

        if (client == null) {
          throw new InvalidClientException("Client not found: " + request.getClientId());
        }

        if (client.getRequestObjectSigningAlg() == null) {
          throw new InvalidClientException("Client is not registered for unsigned request objects (no request_object_signing_alg registered)");
        } else if (!client.getRequestObjectSigningAlg().equals(Algorithm.NONE)) {
          throw new InvalidClientException("Client is not registered for unsigned request objects (request_object_signing_alg is " + client.getRequestObjectSigningAlg() +")");
        }

        // if we got here, we're OK, keep processing

      } else if (jwt instanceof EncryptedJWT) {

        EncryptedJWT encryptedJWT = (EncryptedJWT)jwt;

        // decrypt the jwt if we can

        encryptionService.decryptJwt(encryptedJWT);

        // TODO: what if the content is a signed JWT? (#525)

        if (!encryptedJWT.getState().equals(State.DECRYPTED)) {
          throw new InvalidClientException("Unable to decrypt the request object");
        }

        // need to check clientId first so that we can load the client to check other fields
        if (request.getClientId() == null) {
          request.setClientId(encryptedJWT.getJWTClaimsSet().getStringClaim("client_id"));
        }

        ClientDetailsEntity client = clientDetailsService.loadClientByClientId(request.getClientId());

        if (client == null) {
          throw new InvalidClientException("Client not found: " + request.getClientId());
        }


      }


      /*
       * NOTE: Claims inside the request object always take precedence over those in the parameter map.
       */

      // now that we've got the JWT, and it's been parsed, validated, and/or decrypted, we can process the claims

      ReadOnlyJWTClaimsSet claims = jwt.getJWTClaimsSet();

      Set<String> responseTypes = OAuth2Utils.parseParameterList(claims.getStringClaim("response_type"));
      if (responseTypes != null && !responseTypes.isEmpty()) {
        if (!responseTypes.equals(request.getResponseTypes())) {
          logger.info("Mismatch between request object and regular parameter for response_type, using request object");
View Full Code Here

Examples of com.nimbusds.jwt.JWT

      // it's an ID token, process it accordingly

      try {

        // TODO: make this use a more specific idtoken class
        JWT idToken = JWTParser.parse(incomingTokenValue);

        OAuth2AccessTokenEntity accessToken = tokenServices.getAccessTokenForIdToken(incomingToken);

        if (accessToken != null) {

          //OAuth2AccessTokenEntity newIdToken = tokenServices.get

          OAuth2AccessTokenEntity newIdTokenEntity = new OAuth2AccessTokenEntity();

          // copy over all existing claims
          JWTClaimsSet claims = new JWTClaimsSet(idToken.getJWTClaimsSet());

          if (client instanceof ClientDetailsEntity) {

            ClientDetailsEntity clientEntity = (ClientDetailsEntity) client;

            // update expiration and issued-at claims
            if (clientEntity.getIdTokenValiditySeconds() != null) {
              Date expiration = new Date(System.currentTimeMillis() + (clientEntity.getIdTokenValiditySeconds() * 1000L));
              claims.setExpirationTime(expiration);
              newIdTokenEntity.setExpiration(expiration);
            }

          } else {
            //This should never happen
            logger.fatal("SEVERE: Client is not an instance of OAuth2AccessTokenEntity.");
            throw new BadCredentialsException("SEVERE: Client is not an instance of ClientDetailsEntity; JwtAssertionTokenGranter cannot process this request.");
          }

          claims.setIssueTime(new Date());


          SignedJWT newIdToken = new SignedJWT((JWSHeader) idToken.getHeader(), claims);
          jwtService.signJwt(newIdToken);

          newIdTokenEntity.setJwt(newIdToken);
          newIdTokenEntity.setAuthenticationHolder(incomingToken.getAuthenticationHolder());
          newIdTokenEntity.setScope(incomingToken.getScope());
View Full Code Here

Examples of com.nimbusds.jwt.JWT

      if (tokenResponse.has("refresh_token")) {
        refreshTokenValue = tokenResponse.get("refresh_token").getAsString();
      }

      try {
        JWT idToken = JWTParser.parse(idTokenValue);

        // validate our ID Token over a number of tests
        ReadOnlyJWTClaimsSet idClaims = idToken.getJWTClaimsSet();

        // check the signature
        JwtSigningAndValidationService jwtValidator = null;

        Algorithm tokenAlg = idToken.getHeader().getAlgorithm();
       
        Algorithm clientAlg = clientConfig.getIdTokenSignedResponseAlg();
       
        if (clientAlg != null) {
          if (!clientAlg.equals(tokenAlg)) {
View Full Code Here

Examples of com.nimbusds.jwt.JWT

    this.clientConfigurationService = clientConfigurationService;
  }

  private String getIssuer(String accessToken) {
    try {
      JWT jwt = JWTParser.parse(accessToken);

      String issuer = jwt.getJWTClaimsSet().getIssuer();

      return issuer;

    } catch (ParseException e) {
      throw new IllegalArgumentException("Unable to parse JWT", e);
View Full Code Here

Examples of com.nimbusds.jwt.JWT


    try {
      ClientDetailsEntity client = clientService.loadClientByClientId(jwtAuth.getClientId());

      JWT jwt = jwtAuth.getJwt();
      ReadOnlyJWTClaimsSet jwtClaims = jwt.getJWTClaimsSet();

      // check the signature with nimbus
      if (jwt instanceof SignedJWT) {
        SignedJWT jws = (SignedJWT)jwt;
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.