/** * Returns the JSON object representation of the claims set. The claims * are serialised according to their insertion order. Claims with * {@code null} values are not output. * * @return The JSON object representation. */ public JSONObject toJSONObject() { return toJSONObject(false); }
/** * Creates a new unsecured (plain) JSON Web Token (JWT) with the * specified header and claims set. * * @param header The unsecured header. Must not be {@code null}. * @param claimsSet The JWT claims set. Must not be {@code null}. */ public PlainJWT(final PlainHeader header, final JWTClaimsSet claimsSet) { super(header, new Payload(claimsSet.toJSONObject())); }
@Override public String toString() { return toJSONObject().toJSONString(); }
/** * Creates a new to-be-encrypted JSON Web Token (JWT) with the specified * header and claims set. The initial state will be * {@link com.nimbusds.jose.JWEObject.State#UNENCRYPTED unencrypted}. * * @param header The JWE header. Must not be {@code null}. * @param claimsSet The JWT claims set. Must not be {@code null}. */ public EncryptedJWT(final JWEHeader header, final JWTClaimsSet claimsSet) { super(header, new Payload(claimsSet.toJSONObject())); }
/** * Creates a new to-be-signed JSON Web Token (JWT) with the specified * header and claims set. The initial state will be * {@link com.nimbusds.jose.JWSObject.State#UNSIGNED unsigned}. * * @param header The JWS header. Must not be {@code null}. * @param claimsSet The JWT claims set. Must not be {@code null}. */ public SignedJWT(final JWSHeader header, final JWTClaimsSet claimsSet) { super(header, new Payload(claimsSet.toJSONObject())); }
/** * Creates a new unsecured (plain) JSON Web Token (JWT) with a default * {@link com.nimbusds.jose.PlainHeader} and the specified claims * set. * * @param claimsSet The JWT claims set. Must not be {@code null}. */ public PlainJWT(final JWTClaimsSet claimsSet) { super(new Payload(claimsSet.toJSONObject())); }
protected Payload createPayload(String aud, String subject, Long expirationMillis, Map<String, Object> claimMap) { JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); builder //.issueTime(new Date()) .expirationTime(new Date(System.currentTimeMillis() + expirationMillis)) .audience(aud) .subject(subject) .claim(LEMON_IAT, System.currentTimeMillis()); claimMap.forEach(builder::claim); JWTClaimsSet claims = builder.build(); return new Payload(claims.toJSONObject()); }
@Override public String getClaims() { String c = null; JWTClaimsSet claims; try { claims = jwt.getJWTClaimsSet(); c = claims.toJSONObject().toJSONString(); } catch (ParseException e) { log.unableToParseToken(e); } return c; }
@Override public String getClaims() { String c = null; JWTClaimsSet claims = null; try { claims = jwt.getJWTClaimsSet(); c = claims.toJSONObject().toJSONString(); } catch (ParseException e) { log.unableToParseToken(e); } return c; }
return jwtClaimsSetBuilder.build().toJSONObject().toJSONString();
return jwtClaimsSetBuilder.build().toJSONObject().toJSONString();
@Override public String getSecret(String token) { TokenResponse tokenResponse = tokenExchangeClient.exchangeToken(secretServerUri, audience, token); String exchangedAccessToken = tokenResponse.getAccess_token(); BearerToken bearerToken = bearerTokenValidator.extract(exchangedAccessToken); if(!bearerToken.isValid()) { throw new IllegalArgumentException("Exchanged token is invalid"); } JSONObject claims = bearerToken.getClaims().toJSONObject(); JSONObject encryptedSecrets = (JSONObject)claims.get(TokenExchangeConstants.SECRETS_CLAIM_KEY); String decryptedSecretForAudience = encryptedSecrets.get(audience).toString(); return decryptionService.decrypt(decryptedSecretForAudience); } }
default String createToken(Object userId) { try { JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder(); builder.issuer(getIssuer()); builder.subject(userId.toString()); builder.issueTime(new Date()); builder.notBeforeTime(new Date()); builder.expirationTime(new Date(new Date().getTime() + getExpirationDate())); builder.jwtID(UUID.randomUUID().toString()); JWTClaimsSet claimsSet = builder.build(); JWSHeader header = new JWSHeader(JWSAlgorithm.HS256); Payload payload = new Payload(claimsSet.toJSONObject()); JWSObject jwsObject = new JWSObject(header, payload); JWSSigner signer = new MACSigner(getSharedKey()); jwsObject.sign(signer); return jwsObject.serialize(); } catch (JOSEException ex) { return null; } }
public String sign(final boolean internalOnlyClient, final JWTClaimsSet claimsSet, final ActivableAndExpirable internalKey, final ActivableAndExpirable externalKey, final boolean isRefreshToken) { final ProfileMetaData.ProfileOAuth2 profile = this.profile.getProfile(); final String inner = super.signJWT(new Payload(claimsSet.toJSONObject()), profile.getInternalKeyAlgorithm(), internalKey, isRefreshToken, Jwt.CTY.DEFAULT.getValue()); // no need to wrap if both keys are equals - this is the case for internal clients who are going to set both to internal key // obviously the JWT algorithm will reject the token if it is used to get in as the internal key isn't in the permitted keys if (internalOnlyClient || externalKey == null || internalKey.equals(externalKey)) { LOGGER.fine(Oauth2Codes.PLAIN_INNER_TOKEN_1, "Return plain inner token with JTI {0}, internal-private-key={1}, external-private-key={2}", claimsSet.getJWTID(), internalKey, externalKey); return inner; } // add inner token of the internal JWT token as a claim in the tag-internal section final JSONObject tagInternal = (JSONObject) claimsSet.getClaim("tag-internal"); tagInternal.put("inner-jwt", inner); return super.signJWT(new Payload(claimsSet.toJSONObject()), profile.getExternalKeyAlgorithm(), externalKey, isRefreshToken, Jwt.CTY.EMBEDDED.getValue()); } }
/** * Extract jwtclaimset from plain jwt and extract claimsforClaimRequestor * * @param plainJWT * @throws ParseException */ public void setPlainJWT(PlainJWT plainJWT) throws RequestObjectException { this.plainJWT = plainJWT; try { this.setClaimSet(plainJWT.getJWTClaimsSet()); } catch (ParseException e) { throw new RequestObjectException(OAuth2ErrorCodes.INVALID_REQUEST, "Unable to parse Claim Set in " + "the Request Object."); } if (this.claimsSet.getClaim(CLAIMS) != null) { JSONObject claims = this.claimsSet.toJSONObject(); processClaimObject(claims); } }
/** * Mark the object as signed. * Extract jwtclaimset from signed jwt and extract claimsforClaimRequestor * * @param signedJWT * @throws ParseException */ public void setSignedJWT(SignedJWT signedJWT) throws RequestObjectException { this.signedJWT = signedJWT; try { setClaimSet(signedJWT.getJWTClaimsSet()); } catch (ParseException e) { throw new RequestObjectException(OAuth2ErrorCodes.INVALID_REQUEST, "Unable to parse Claim Set in " + "the Request Object."); } if (this.claimsSet.getClaim(CLAIMS) != null) { JSONObject claims = this.claimsSet.toJSONObject(); processClaimObject(claims); } }
@Override public JSONObject toJSONObject() { final JSONObject jo = super.toJSONObject(); // Service does not support arrays. If more than 1 value is passed for // audience, first one is selected. if (jo.get(AUDIENCE_CLAIM) != null) { if (!(jo.get(AUDIENCE_CLAIM) instanceof String)) { final JSONArray arr = (JSONArray) jo.get(AUDIENCE_CLAIM); if (!arr.isEmpty()) { jo.put(AUDIENCE_CLAIM, arr.get(0)); } else { jo.remove(AUDIENCE_CLAIM); } } } return jo; } }
public String sign(final boolean internalOnly, final JWTClaimsSet claimsSet, final ActivableAndExpirable internalKey, final ActivableAndExpirable externalKey, final boolean isRefreshToken) { final ProfileOAuth2 profile = this.profile.getProfile(); final String inner = super.signJWT(new Payload(claimsSet.toJSONObject()), profile.getInternalKeyAlgorithm(), internalKey, isRefreshToken, Jwt.CTY.DEFAULT.getValue()); // no need to wrap if both keys are equals - this is the case for internal clients who are going to set both to internal key // obviously the JWT algorithm will reject the token if it is used to get in as the internal key isn't in the permitted keys if (internalOnly || externalKey == null || internalKey.equals(externalKey)) { LOGGER.fine(Oauth2Codes.PLAIN_INNER_TOKEN_2, "Return plain inner token with JTI {0}, internal-key={1}, external-key={2}", claimsSet.getJWTID(), internalKey, externalKey); return inner; } return super.signJWT(new Payload(Base64URL.encode(inner)), profile.getExternalKeyAlgorithm(), externalKey, isRefreshToken, Jwt.CTY.WRAPPED.getValue()); } }
final String token = signJWT(new Payload(jwtClaimsSet.toJSONObject().toString(JSONStyle.LT_COMPRESS)), profile.getExternalKeyAlgorithm(), key, true, contentType); final String token = signJWT(new Payload(jwtClaimsSet.toJSONObject().toString(JSONStyle.LT_COMPRESS)), profile.getExternalKeyAlgorithm(), key, false, contentType);
final JSONObject object = claimsSet.toJSONObject(); return tokenCipherExecutor.encode(object.toJSONString()); } catch (final Exception e) {