@Test public void requestJwks() throws Exception { showTitle("requestJwks"); JwkClient jwkClient = new JwkClient(jwksUri); JwkResponse response = jwkClient.exec(); showClient(jwkClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "Unexpected result: entity is null"); assertNotNull(response.getJwks(), "Unexpected result: jwks is null"); assertNotNull(response.getJwks().getKeys(), "Unexpected result: keys is null"); assertTrue(response.getJwks().getKeys().size() > 0, "Unexpected result: keys is empty"); for (JSONWebKey JSONWebKey : response.getJwks().getKeys()) { assertNotNull(JSONWebKey.getKid(), "Unexpected result: kid is null"); assertNotNull(JSONWebKey.getUse(), "Unexpected result: use is null"); } }
@Deprecated public PublicKey getPublicKey(String keyId) { PublicKey publicKey = null; JSONWebKey JSONWebKey = getKeyValue(keyId); if (JSONWebKey != null) { switch (JSONWebKey.getKty()) { case RSA: publicKey = new RSAPublicKey( JSONWebKey.getN(), JSONWebKey.getE()); break; case EC: publicKey = new ECDSAPublicKey( JSONWebKey.getAlg(), JSONWebKey.getX(), JSONWebKey.getY()); break; default: break; } } return publicKey; }
public String getKeyId(SignatureAlgorithm signatureAlgorithm) { List<JSONWebKey> jsonWebKeys = getKeys(signatureAlgorithm); if (jsonWebKeys.size() > 0) { return jsonWebKeys.get(0).getKid(); } else { return null; } } }
public static ECDSAPublicKey getECDSAPublicKey(String jwkSetUrl, String keyId) { ECDSAPublicKey publicKey = null; JwkClient jwkClient = new JwkClient(jwkSetUrl); JwkResponse jwkResponse = jwkClient.exec(); if (jwkResponse != null && jwkResponse.getStatus() == 200) { PublicKey pk = jwkResponse.getPublicKey(keyId); if (pk instanceof ECDSAPublicKey) { publicKey = (ECDSAPublicKey) pk; } } return publicKey; } }
int status = clientResponse.getStatus(); setResponse(new JwkResponse(status)); getResponse().setHeaders(clientResponse.getMetadata()); getResponse().setEntity(entity); if (StringUtils.isNotBlank(entity)) { JSONObject jsonObj = new JSONObject(entity); if (jsonObj.has(JSON_WEB_KEY_SET)) { JSONWebKeySet jwks = JSONWebKeySet.fromJSONObject(jsonObj); getResponse().setJwks(jwks);
@Parameters({"clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testRS256(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test RS256"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.RS256); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS256); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
String serverKeyId = jwkResponse.getKeyId(SignatureAlgorithm.RS256); assertNotNull(serverKeyId);
public static RSAPublicKey getRSAPublicKey(String jwkSetUri, String keyId, ClientExecutor clientExecutor) { RSAPublicKey publicKey = null; JwkClient jwkClient = new JwkClient(jwkSetUri); jwkClient.setExecutor(clientExecutor); JwkResponse jwkResponse = jwkClient.exec(); if (jwkResponse != null && jwkResponse.getStatus() == 200) { PublicKey pk = jwkResponse.getPublicKey(keyId); if (pk instanceof RSAPublicKey) { publicKey = (RSAPublicKey) pk; } } return publicKey; }
@Parameters({"clientJwksUri", "RS384_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testRS384(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test RS384"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.RS384); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS384); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
String keyId = jwkResponse.getKeyId(SignatureAlgorithm.RS256); assertNotNull(keyId);
@Parameters({"clientJwksUri"}) @Test public void requestClientJwks(final String clientJwksUri) throws Exception { showTitle("requestJwks"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse response = jwkClient.exec(); showClient(jwkClient); assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity()); assertNotNull(response.getEntity(), "Unexpected result: entity is null"); assertNotNull(response.getJwks(), "Unexpected result: jwks is null"); assertNotNull(response.getJwks().getKeys(), "Unexpected result: keys is null"); assertTrue(response.getJwks().getKeys().size() > 0, "Unexpected result: keys is empty"); for (JSONWebKey JSONWebKey : response.getJwks().getKeys()) { assertNotNull(JSONWebKey.getKid(), "Unexpected result: kid is null"); assertNotNull(JSONWebKey.getUse(), "Unexpected result: use is null"); } } }
@Parameters({"clientJwksUri", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testRS512(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test RS512"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.RS512); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS512); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
String keyId = jwkResponse.getKeyId(SignatureAlgorithm.RS256); assertNotNull(keyId);
@Parameters({"clientJwksUri", "ES384_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testES384(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test ES384"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.ES384); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES384); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
String keyId = jwkResponse.getKeyId(SignatureAlgorithm.RS256); assertNotNull(keyId);
@Parameters({"clientJwksUri", "ES512_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testES512(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test ES512"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.ES512); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES512); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
String serverKeyId = jwkResponse.getKeyId(SignatureAlgorithm.RS256); assertNotNull(serverKeyId);
@Parameters({"clientJwksUri", "ES256_keyId", "dnName", "keyStoreFile", "keyStoreSecret"}) @Test public void testES256(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException { try { showTitle("Test ES256"); JwkClient jwkClient = new JwkClient(clientJwksUri); JwkResponse jwkResponse = jwkClient.exec(); String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19"; OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName); String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.ES256); System.out.println("Encoded Signature: " + encodedSignature); boolean signatureVerified = cryptoProvider.verifySignature( signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.ES256); assertTrue(signatureVerified, "Invalid signature"); } catch (Exception e) { fail(e.getMessage(), e); } }
String serverKeyId = jwkResponse.getKeyId(SignatureAlgorithm.RS256); assertNotNull(serverKeyId);
registerRequest.setContacts(contacts); registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT); registerRequest.setJwks(jwkResponse.getJwks().toString());