signer = new MACSigner(secret.toByteArray()); JWSHeader jwtHeader = new JWSHeader.Builder(alg) .keyID(kid) .type(JOSEObjectType.JWT) .build(); SignedJWT signedJWT = new SignedJWT(jwtHeader, claimsSet); signedJWT.sign(signer);
JWSAlgorithm jwsAlgo = KeyConverter.getJWSAlgo(randomKey); JWSHeader jwsHeader = new JWSHeader.Builder(jwsAlgo) .type(JOSEObjectType.JWT) .keyID(randomKey.jwk.getKeyID()) .build();
JWSHeader.Builder headerBuilder = new JWSHeader.Builder((JWSAlgorithm) signatureAlgorithm); String certThumbPrint = OAuth2Util.getThumbPrint(tenantDomain, tenantId); headerBuilder.keyID(certThumbPrint); headerBuilder.x509CertThumbprint(new Base64URL(certThumbPrint)); SignedJWT signedJWT = new SignedJWT(headerBuilder.build(), jwtClaimsSet); signedJWT.sign(signer); return signedJWT.serialize();
JWSAlgorithm jwsAlgo = KeyConverter.getJWSAlgo(randomKey); JWSHeader jwsHeader = new JWSHeader.Builder(jwsAlgo) .type(JOSEObjectType.JWT) .keyID(randomKey.jwk.getKeyID()) .build();
final JWSHeader.Builder builder = new JWSHeader.Builder(JWSAlgorithm.parse(algo)); builder.contentType(contentType); final JWSHeader header = builder.keyID(key.getName()).type(JOSEObjectType.JWT).build(); final JWSObject jwsObject = new JWSObject(header, payload); jwsObject.sign(signer);
JWSHeader.Builder header = new Builder((JWSAlgorithm)alg).parsedBase64URL(parsedBase64URL); header = header.type(new JOSEObjectType(JSONObjectUtils.getString(jsonObject, name))); } else if("cty".equals(name)) { header = header.contentType(JSONObjectUtils.getString(jsonObject, name)); } else if("crit".equals(name)) { header = header.criticalParams(new HashSet<>(JSONObjectUtils.getStringList(jsonObject, name))); } else if("jku".equals(name)) { header = header.jwkURL(JSONObjectUtils.getURI(jsonObject, name)); } else if("jwk".equals(name)) { header = header.jwk(JWK.parse(JSONObjectUtils.getJSONObject(jsonObject, name))); } else if("x5u".equals(name)) { header = header.x509CertURL(JSONObjectUtils.getURI(jsonObject, name)); } else if("x5t".equals(name)) { header = header.x509CertThumbprint(new Base64URL(JSONObjectUtils.getString(jsonObject, name))); } else if("x5t#S256".equals(name)) { header = header.x509CertSHA256Thumbprint(new Base64URL(JSONObjectUtils.getString(jsonObject, name))); } else if("x5c".equals(name)) { header = header.x509CertChain(X509CertChainUtils.toBase64List(JSONObjectUtils.getJSONArray(jsonObject, name))); } else if("kid".equals(name)) { header = header.keyID(JSONObjectUtils.getString(jsonObject, name)); } else { header = header.customParam(name, jsonObject.get(name)); return header.build();
JWSHeader.Builder builder = new Builder(JWSAlgorithm.RS256); List<Base64> certs = new ArrayList<Base64>(); certs.add(new Base64(credential.getPublicCertificate())); builder.x509CertChain(certs); builder.x509CertThumbprint(new Base64URL(credential .getPublicCertificateHash())); jwt = new SignedJWT(builder.build(), claimsSet); final RSASSASigner signer = new RSASSASigner(credential.getKey());
JWSHeader.Builder builder = new Builder(JWSAlgorithm.RS256); List<Base64> certs = new ArrayList<Base64>(); certs.add(new Base64(credential.getPublicCertificate())); builder.x509CertChain(certs); builder.x509CertThumbprint(new Base64URL(credential .getPublicCertificateHash())); jwt = new SignedJWT(builder.build(), claimsSet); final RSASSASigner signer = new RSASSASigner(credential.getKey());
Key privateKey = getPrivateKey(tenantDomain, tenantId); JWSSigner signer = new RSASSASigner((RSAPrivateKey) privateKey); JWSHeader.Builder headerBuilder = new JWSHeader.Builder((JWSAlgorithm) signatureAlgorithm); headerBuilder.keyID(getThumbPrint(tenantDomain, tenantId)); headerBuilder.x509CertThumbprint(new Base64URL(getThumbPrint(tenantDomain, tenantId))); SignedJWT signedJWT = new SignedJWT(headerBuilder.build(), jwtClaimsSet); signedJWT.sign(signer); return signedJWT;
SignedJWT jwt = null; try { JWSHeader.Builder builder = new Builder(JWSAlgorithm.RS256); List<Base64> certs = new ArrayList<Base64>(); certs.add(new Base64(credential.getPublicCertificate())); builder.x509CertChain(certs); builder.x509CertThumbprint(new Base64URL(credential .getPublicCertificateHash())); jwt = new SignedJWT(builder.build(), claimsSet); final RSASSASigner signer = new RSASSASigner( (RSAPrivateKey) credential.getKey());
private String signJwt(JWTClaimsSet jwtClaimsSet) throws AuthException { if (JWSAlgorithm.RS256.equals(signatureAlgorithm) || JWSAlgorithm.RS384.equals(signatureAlgorithm) || JWSAlgorithm.RS512.equals(signatureAlgorithm)) { try { JWSSigner signer = new RSASSASigner(ServiceReferenceHolder.getInstance().getPrivateKey()); JWSAlgorithm jwsAlgorithm; if (signatureAlgorithm instanceof JWSAlgorithm) { jwsAlgorithm = (JWSAlgorithm) signatureAlgorithm; } else { throw new AuthException("Signature Algorithm couldn't convert to JWSAlgorithm"); } JWSHeader.Builder headerBuilder = new JWSHeader.Builder(jwsAlgorithm); String certThumbPrint = getThumbPrint(ServiceReferenceHolder.getInstance().getPublicKey()); headerBuilder.keyID(certThumbPrint); headerBuilder.x509CertThumbprint(new Base64URL(certThumbPrint)); SignedJWT signedJWT = new SignedJWT(headerBuilder.build(), jwtClaimsSet); signedJWT.sign(signer); return signedJWT.serialize(); } catch (NoSuchAlgorithmException | CertificateEncodingException | JOSEException e) { throw new AuthException("Invalid signature algorithm provided. " + signatureAlgorithm); } } else { throw new AuthException("Invalid signature algorithm provided. " + signatureAlgorithm); } }
@Test public void nestedJWT() throws Exception { RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson); RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson)); // Create JWT SignedJWT signedJWT = new SignedJWT( new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(senderJWK.getKeyID()).build(), new JWTClaimsSet.Builder() .subject("testi") .issuer("https:devgluu.saminet.local") .build()); signedJWT.sign(new RSASSASigner(senderJWK)); JWEObject jweObject = new JWEObject( new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A128GCM) .contentType("JWT") // required to indicate nested JWT .build(), new Payload(signedJWT)); // Encrypt with the recipient's public key RSAEncrypter encrypter = new RSAEncrypter(recipientPublicJWK); jweObject.encrypt(encrypter); final String jweString = jweObject.serialize(); decryptAndValidateSignatureWithGluu(jweString); }
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) throws Exception { JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .subject(sub) .issueTime(new Date(new Date().getTime())) .issuer("https://c2id.com") .claim("scope", "openid") .audience("bar") .expirationTime(expires) .build(); List<String> aud = new ArrayList<String>(); aud.add("bar"); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build(); SignedJWT signedJWT = new SignedJWT(header, claimsSet); JWSSigner signer = new RSASSASigner(privateKey); signedJWT.sign(signer); return signedJWT; } }
@VisibleForTesting JWSObject getSignedJwsObject(Jwt jwt, PrivateKey privateKey) throws UnsupportedAlgorithmException { SigningAlgorithm algorithm = jwt.getHeader().getAlgorithm(); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.parse(algorithm.name())) // fails if algorithm is None .keyID(jwt.getHeader().getKeyId()) .build(); Payload payload = new Payload(toJsonPayload(jwt.getClaims())); JWSObject jwsObject = new JWSObject(header, payload); try { jwsObject.sign(getSigner(algorithm, privateKey)); } catch (JOSEException e) { logger.error("Unexpected error when signing JWT token", e); throw new SigningException(); } return jwsObject; }
/** Get the private key for signing * * @return * @throws JOSEException */ public SignedJWT sign(JWTClaimsSet claims) throws JOSEException{ JWSSigner signer = new RSASSASigner(privateJWK); JWSHeader.Builder head = new JWSHeader.Builder(defaultAlg); head.keyID(getDefaultKeyID()); SignedJWT signedJWT = new SignedJWT(head.build(), claims); signedJWT.sign(signer); return signedJWT; /* For HMAC we could do the following. This may be useful for the implicit flow: ClientDetailsEntity clientEntity = clientDetailsEntityCacheManager.retrieve(authentication.getOAuth2Request().getClientId()); JWSSigner signer = new MACSigner(StringUtils.rightPad(clientEntity.getDecryptedClientSecret(), 32, "#").getBytes()); signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claims.build()); signedJWT.sign(signer); */ }
@VisibleForTesting JWSObject generateJwsObject(String payload) { JWSHeader header = new JWSHeader.Builder(algorithm) .type(new JOSEObjectType(JWT)) .build(); // Create JWS object JWSObject jwsObject = new JWSObject(header, new Payload(payload)); try { jwsObject.sign(signer); } catch (JOSEException e) { throw new JwtSigningException(e); } return jwsObject; } }
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) throws Exception { JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setSubject(sub); claimsSet.setIssueTime(new Date(new Date().getTime())); claimsSet.setIssuer("https://c2id.com"); claimsSet.setCustomClaim("scope", "openid"); claimsSet.setExpirationTime(expires); List<String> aud = new ArrayList<String>(); aud.add("bar"); claimsSet.setAudience("bar"); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build(); SignedJWT signedJWT = new SignedJWT(header, claimsSet); JWSSigner signer = new RSASSASigner(privateKey); signedJWT.sign(signer); return signedJWT; }
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) throws Exception { JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setSubject(sub); claimsSet.setIssueTime(new Date(new Date().getTime())); claimsSet.setIssuer("https://c2id.com"); claimsSet.setCustomClaim("scope", "openid"); claimsSet.setExpirationTime(expires); List<String> aud = new ArrayList<String>(); aud.add("bar"); claimsSet.setAudience("bar"); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build(); SignedJWT signedJWT = new SignedJWT(header, claimsSet); JWSSigner signer = new RSASSASigner(privateKey); signedJWT.sign(signer); return signedJWT; }
JWSObject generateJwsObject(String payload) { JWSHeader header = new JWSHeader.Builder(algorithm) .type(new JOSEObjectType(JWT)) .build(); // Create JWS object JWSObject jwsObject = new JWSObject(header, new Payload(payload)); try { jwsObject.sign(signer); } catch (JOSEException e) { throw new JwtSigningException(e); } return jwsObject; } }
private static String signJWT(String uid, PrivateKey privateKey) { final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(); final JWTClaimsSet payload = new JWTClaimsSet.Builder().claim("uid", uid).build(); final SignedJWT signedJWT = new SignedJWT(header, payload); try { signedJWT.sign(new RSASSASigner(privateKey)); return signedJWT.serialize(); } catch (JOSEException e) { throw new RuntimeException(e); } }