@Override public JWSAlgorithm convertToEntityAttribute(String dbData) { if (dbData != null) { return JWSAlgorithm.parse(dbData); } else { return null; } } }
public void setDefaultSigningAlgorithmName(String algName) { defaultAlgorithm = JWSAlgorithm.parse(algName); }
/** * Use the given signing * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>. * * @param jwsAlgorithm the algorithm to use * @return a {@link JwtProcessors} for further configurations */ public JwkSetUriJwtProcessorBuilder jwsAlgorithm(String jwsAlgorithm) { Assert.hasText(jwsAlgorithm, "jwsAlgorithm cannot be empty"); this.jwsAlgorithm = JWSAlgorithm.parse(jwsAlgorithm); return this; }
/** * Use the given signing * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>. * * The value should be one of * <a href="https://tools.ietf.org/html/rfc7518#section-3.3" target="_blank">RS256, RS384, or RS512</a>. * * @param jwsAlgorithm the algorithm to use * @return a {@link JwtProcessors} for further configurations */ public PublicKeyJwtProcessorBuilder jwsAlgorithm(String jwsAlgorithm) { Assert.hasText(jwsAlgorithm, "jwsAlgorithm cannot be empty"); this.jwsAlgorithm = JWSAlgorithm.parse(jwsAlgorithm); return this; }
private PublicKeyJwtProcessorBuilder(RSAPublicKey key) { Assert.notNull(key, "key cannot be null"); this.jwsAlgorithm = JWSAlgorithm.parse(JwsAlgorithms.RS256); this.key = rsaKey(key); }
/** * Gets the value of the given member as a JWS Algorithm, null if it doesn't exist */ public static JWSAlgorithm getAsJwsAlgorithm(JsonObject o, String member) { String s = getAsString(o, member); if (s != null) { return JWSAlgorithm.parse(s); } else { return null; } }
/** * Gets the value of the given member as a list of JWS Algorithms, null if it doesn't exist */ public static List<JWSAlgorithm> getAsJwsAlgorithmList(JsonObject o, String member) { List<String> strings = getAsStringList(o, member); if (strings != null) { List<JWSAlgorithm> algs = new ArrayList<>(); for (String alg : strings) { algs.add(JWSAlgorithm.parse(alg)); } return algs; } else { return null; } }
/** * Constructs a {@code NimbusJwtDecoderJwkSupport} using the provided parameters. * * @param jwkSetUrl the JSON Web Key (JWK) Set {@code URL} */ public NimbusReactiveJwtDecoder(String jwkSetUrl) { Assert.hasText(jwkSetUrl, "jwkSetUrl cannot be empty"); String jwsAlgorithm = JwsAlgorithms.RS256; JWSAlgorithm algorithm = JWSAlgorithm.parse(jwsAlgorithm); JWKSource jwkSource = new JWKContextJWKSource(); JWSKeySelector<JWKContext> jwsKeySelector = new JWSVerificationKeySelector<>(algorithm, jwkSource); DefaultJWTProcessor<JWKContext> jwtProcessor = new DefaultJWTProcessor<>(); jwtProcessor.setJWSKeySelector(jwsKeySelector); jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {}); this.jwtProcessor = jwtProcessor; this.reactiveJwkSource = new ReactiveRemoteJWKSource(jwkSetUrl); this.jwkSelectorFactory = new JWKSelectorFactory(algorithm); }
public PKCEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException { if (json.isJsonPrimitive()) { return PKCEAlgorithm.parse(json.getAsString()); } else { return null;
client.setJwksUri(reader.nextString()); } else if (name.equals("requestObjectSigningAlg")) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setRequestObjectSigningAlg(alg); } else if (name.equals("userInfoEncryptedResponseAlg")) { client.setUserInfoEncryptedResponseEnc(alg); } else if (name.equals("userInfoSignedResponseAlg")) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setUserInfoSignedResponseAlg(alg); } else if (name.equals("idTokenSignedResonseAlg")) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setIdTokenSignedResponseAlg(alg); } else if (name.equals("idTokenEncryptedResponseAlg")) { client.setIdTokenEncryptedResponseEnc(alg); } else if (name.equals("tokenEndpointAuthSigningAlg")) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setTokenEndpointAuthSigningAlg(alg); } else if (name.equals("defaultMaxAge")) {
client.setJwksUri(reader.nextString()); } else if (name.equals("requestObjectSigningAlg")) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setRequestObjectSigningAlg(alg); } else if (name.equals("userInfoEncryptedResponseAlg")) { client.setUserInfoEncryptedResponseEnc(alg); } else if (name.equals("userInfoSignedResponseAlg")) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setUserInfoSignedResponseAlg(alg); } else if (name.equals("idTokenSignedResonseAlg")) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setIdTokenSignedResponseAlg(alg); } else if (name.equals("idTokenEncryptedResponseAlg")) { client.setIdTokenEncryptedResponseEnc(alg); } else if (name.equals("tokenEndpointAuthSigningAlg")) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setTokenEndpointAuthSigningAlg(alg); } else if (name.equals("defaultMaxAge")) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setRequestObjectSigningAlg(alg); } else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) { client.setUserInfoEncryptedResponseEnc(alg); } else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setUserInfoSignedResponseAlg(alg); } else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setIdTokenSignedResponseAlg(alg); } else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) { client.setIdTokenEncryptedResponseEnc(alg); } else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setTokenEndpointAuthSigningAlg(alg); } else if (name.equals(DEFAULT_MAX_AGE)) {
JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setRequestObjectSigningAlg(alg); } else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) { client.setUserInfoEncryptedResponseEnc(alg); } else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setUserInfoSignedResponseAlg(alg); } else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setIdTokenSignedResponseAlg(alg); } else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) { client.setIdTokenEncryptedResponseEnc(alg); } else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) { JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString()); client.setTokenEndpointAuthSigningAlg(alg); } else if (name.equals(DEFAULT_MAX_AGE)) {
public NimbusReactiveJwtDecoder(RSAPublicKey publicKey) { JWSAlgorithm algorithm = JWSAlgorithm.parse(JwsAlgorithms.RS256); RSAKey rsaKey = rsaKey(publicKey); JWKSet jwkSet = new JWKSet(rsaKey); JWKSource jwkSource = new ImmutableJWKSet<>(jwkSet); JWSKeySelector<JWKContext> jwsKeySelector = new JWSVerificationKeySelector<>(algorithm, jwkSource); DefaultJWTProcessor jwtProcessor = new DefaultJWTProcessor<>(); jwtProcessor.setJWSKeySelector(jwsKeySelector); jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {}); this.jwtProcessor = jwtProcessor; this.reactiveJwkSource = new ReactiveJWKSourceAdapter(jwkSource); this.jwkSelectorFactory = new JWKSelectorFactory(algorithm); }
preferredJwsAlgorithm = null; } else { preferredJwsAlgorithm = JWSAlgorithm.parse(rawPreferredJwsAlgorithm);
break; case TOKEN_ENDPOINT_AUTH_SIGNING_ALG: newClient.setTokenEndpointAuthSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case ID_TOKEN_ENCRYPTED_RESPONSE_ENC: break; case ID_TOKEN_SIGNED_RESPONSE_ALG: newClient.setIdTokenSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case USERINFO_ENCRYPTED_RESPONSE_ENC: break; case USERINFO_SIGNED_RESPONSE_ALG: newClient.setUserInfoSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case REQUEST_OBJECT_SIGNING_ALG: newClient.setRequestObjectSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case SUBJECT_TYPE:
break; case TOKEN_ENDPOINT_AUTH_SIGNING_ALG: newClient.setTokenEndpointAuthSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case ID_TOKEN_ENCRYPTED_RESPONSE_ENC: break; case ID_TOKEN_SIGNED_RESPONSE_ALG: newClient.setIdTokenSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case USERINFO_ENCRYPTED_RESPONSE_ENC: break; case USERINFO_SIGNED_RESPONSE_ALG: newClient.setUserInfoSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case REQUEST_OBJECT_SIGNING_ALG: newClient.setRequestObjectSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim))); break; case SUBJECT_TYPE:
public JWSAlgorithm getAlgorithm() { return JWSAlgorithm.parse(this.algorithm); }
private void setJWKeySelector(String jwksUri, String algorithm) throws MalformedURLException { /* The public RSA keys to validate the signatures will be sourced from the OAuth 2.0 server's JWK set, published at a well-known URL. The RemoteJWKSet object caches the retrieved keys to speed up subsequent look-ups and can also gracefully handle key-rollover. */ JWKSource<SecurityContext> keySource = JWKSourceDataProvider.getInstance().getJWKSource(jwksUri); // The expected JWS algorithm of the access tokens (agreed out-of-band). JWSAlgorithm expectedJWSAlg = JWSAlgorithm.parse(algorithm); /* Configure the JWT processor with a key selector to feed matching public RSA keys sourced from the JWK set URL. */ JWSKeySelector<SecurityContext> keySelector = new JWSVerificationKeySelector<>(expectedJWSAlg, keySource); jwtProcessor.setJWSKeySelector(keySelector); } }
public NimbusReactiveJwtDecoder(RSAPublicKey publicKey) { JWSAlgorithm algorithm = JWSAlgorithm.parse(JwsAlgorithms.RS256); RSAKey rsaKey = rsaKey(publicKey); JWKSet jwkSet = new JWKSet(rsaKey); JWKSource jwkSource = new ImmutableJWKSet<>(jwkSet); JWSKeySelector<JWKContext> jwsKeySelector = new JWSVerificationKeySelector<>(algorithm, jwkSource); DefaultJWTProcessor jwtProcessor = new DefaultJWTProcessor<>(); jwtProcessor.setJWSKeySelector(jwsKeySelector); jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {}); this.jwtProcessor = jwtProcessor; this.reactiveJwkSource = new ReactiveJWKSourceAdapter(jwkSource); this.jwkSelectorFactory = new JWKSelectorFactory(algorithm); }