@Override public void signJwt(SignedJWT jwt, JWSAlgorithm alg) { JWSSigner signer = null; for (JWSSigner s : signers.values()) { if (s.supportedJWSAlgorithms().contains(alg)) { signer = s; break; } } if (signer == null) { //If we can't find an algorithm that matches, we can't sign logger.error("No matching algirthm found for alg=" + alg); } try { jwt.sign(signer); } catch (JOSEException e) { logger.error("Failed to sign JWT, error was: ", e); } }
/** * Sign a jwt in place using the configured default signer. */ @Override public void signJwt(SignedJWT jwt) { if (getDefaultSignerKeyId() == null) { throw new IllegalStateException("Tried to call default signing with no default signer ID set"); } JWSSigner signer = signers.get(getDefaultSignerKeyId()); try { jwt.sign(signer); } catch (JOSEException e) { logger.error("Failed to sign JWT, error was: ", e); } }
private static String getSignedJwt(ServiceAccountCredentials credentials, String iapClientId) throws Exception { Instant now = Instant.now(clock); long expirationTime = now.getEpochSecond() + EXPIRATION_TIME_IN_SECONDS; // generate jwt signed by service account // header must contain algorithm ("alg") and key ID ("kid") JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(credentials.getPrivateKeyId()).build(); // set required claims JWTClaimsSet claims = new JWTClaimsSet.Builder() .audience(OAUTH_TOKEN_URI) .issuer(credentials.getClientEmail()) .subject(credentials.getClientEmail()) .issueTime(Date.from(now)) .expirationTime(Date.from(Instant.ofEpochSecond(expirationTime))) .claim("target_audience", iapClientId) .build(); // sign using service account private key JWSSigner signer = new RSASSASigner(credentials.getPrivateKey()); SignedJWT signedJwt = new SignedJWT(jwsHeader, claims); signedJwt.sign(signer); return signedJwt.serialize(); }
@Override public void sign(JWSSigner signer) { try { jwt.sign(signer); } catch (JOSEException e) { log.unableToSignToken(e); } }
@Override public void sign(JWSSigner signer) { try { jwt.sign(signer); } catch (JOSEException e) { log.unableToSignToken(e); } }
// Generate random 256-bit (32-byte) shared secret SecureRandom random = new SecureRandom(); byte[] sharedSecret = new byte[32]; random.nextBytes(sharedSecret); // Create HMAC signer JWSSigner signer = new MACSigner(sharedSecret); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setSubject("alice"); claimsSet.setIssuer("https://c2id.com"); claimsSet.setExpirationTime(new Date(new Date().getTime() + 60 * 1000)); SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet); // Apply the HMAC protection signedJWT.sign(signer); // Serialize to compact form, produces something like // eyJhbGciOiJIUzI1NiJ9.SGVsbG8sIHdvcmxkIQ.onO9Ihudz3WkiauDO2Uhyuz0Y18UASXlSc1eS0NkWyA String s = signedJWT.serialize();
private JWT generateAuthenticationJwt() { // Create RSA-signer with the private key JWSSigner signer = new RSASSASigner(this.rsaPrivateKey); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setIssuer(issuer); claimsSet.setSubject(subject); claimsSet.setAudience(audience); claimsSet.setIssueTime(new Date()); claimsSet.setExpirationTime(new Date(new Date().getTime() + durationSeconds * 1000)); claimsSet.setJWTID(tokenReference); SignedJWT signedJWT = new SignedJWT(new com.nimbusds.jose.JWSHeader(JWSAlgorithm.RS256), claimsSet); try { signedJWT.sign(signer); } catch (JOSEException jose_ex) { throw new RuntimeException("Error signing JSON Web Token.", jose_ex); } return signedJWT; } }
private JWT generateAuthenticationJwt() { // Create RSA-signer with the private key JWSSigner signer = new RSASSASigner(this.rsaPrivateKey); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setIssuer(issuer); claimsSet.setSubject(subject); claimsSet.setAudience(audience); claimsSet.setIssueTime(new Date()); claimsSet.setExpirationTime(new Date(new Date().getTime() + durationSeconds * 1000)); claimsSet.setJWTID(tokenReference); SignedJWT signedJWT = new SignedJWT(new com.nimbusds.jose.JWSHeader(JWSAlgorithm.RS256), claimsSet); try { signedJWT.sign(signer); } catch (JOSEException jose_ex) { throw new RuntimeException("Error signing JSON Web Token.", jose_ex); } return signedJWT; } }
@Override public SignedJWT sign(final JWTClaimsSet claims) { init(); try { final JWSSigner signer = new MACSigner(this.secret); final SignedJWT signedJWT = new SignedJWT(new JWSHeader(algorithm), claims); signedJWT.sign(signer); return signedJWT; } catch (final JOSEException e) { throw new TechnicalException(e); } }
private static String signJWT(String uid, PrivateKey privateKey) { final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(); final JWTClaimsSet payload = new JWTClaimsSet.Builder().claim("uid", uid).build(); final SignedJWT signedJWT = new SignedJWT(header, payload); try { signedJWT.sign(new RSASSASigner(privateKey)); return signedJWT.serialize(); } catch (JOSEException e) { throw new RuntimeException(e); } }
private static String signJWT(String uid, PrivateKey privateKey) { final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(); final JWTClaimsSet payload = new JWTClaimsSet.Builder().claim("uid", uid).build(); final SignedJWT signedJWT = new SignedJWT(header, payload); try { signedJWT.sign(new RSASSASigner(privateKey)); return signedJWT.serialize(); } catch (JOSEException e) { throw new RuntimeException(e); } }
@Test(groups = TCKConstants.TEST_GROUP_DEBUG, description = "Validate how to use the HS256 signature alg") public void testHS256() throws Exception { JWTClaimsSet claimsSet = JWTClaimsSet.parse("{\"sub\":\"jdoe\"}"); SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet); SecureRandom random = new SecureRandom(); BigInteger secret = BigInteger.probablePrime(256, random); JWSSigner signer = new MACSigner(secret.toByteArray()); signedJWT.sign(signer); }
@Override public SignedJWT sign(JWTClaimsSet claims) { init(); CommonHelper.assertNotNull("privateKey", privateKey); try { final JWSSigner signer = new ECDSASigner(this.privateKey); final SignedJWT signedJWT = new SignedJWT(new JWSHeader(algorithm), claims); signedJWT.sign(signer); return signedJWT; } catch (final JOSEException e) { throw new TechnicalException(e); } }
public static String serialize(JWTClaimsSet claimsSet, byte[] key) { try { // Create HMAC signer JWSSigner signer = new MACSigner(key); SignedJWT signedJWT = new SignedJWT(HEADER, claimsSet); // Apply the HMAC signedJWT.sign(signer); // Create JWE object with signed JWT as payload JWEObject jweObject = new JWEObject( JWE_HEADER, new Payload(signedJWT)); // Perform encryption jweObject.encrypt(new DirectEncrypter(key)); // Serialise to JWE compact form String jweString = jweObject.serialize(); return jweString; } catch (JOSEException e) { throw new IllegalStateException(e); } }
@Override public SignedJWT sign(JWTClaimsSet claims) { init(); CommonHelper.assertNotNull("privateKey", privateKey); try { final JWSSigner signer = new RSASSASigner(this.privateKey); final SignedJWT signedJWT = new SignedJWT(new JWSHeader(algorithm), claims); signedJWT.sign(signer); return signedJWT; } catch (final JOSEException e) { throw new TechnicalException(e); } }
protected String generateJWT(User user) throws Exception { RSAPrivateKey privateKey = getPrivateKey(keyStore, keyStorePassword, alias); // Create RSA-signer with the private key JWSSigner signer = new RSASSASigner(privateKey); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setSubject(user.getName()); claimsSet.setClaim("email", user.getEmail()); claimsSet.setClaim("roles", user.getRoles()); claimsSet.setIssuer("wso2.org/products/msf4j"); claimsSet.setExpirationTime(new Date(new Date().getTime() + 60 * 60 * 1000)); //60 min SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet); // Compute the RSA signature signedJWT.sign(signer); // To serialize to compact form, produces something like // eyJhbGciOiJSUzI1NiJ9.SW4gUlNBIHdlIHRydXN0IQ.IRMQENi4nJyp4er2L // mZq3ivwoAjqa1uUkSBKFIX7ATndFF5ivnt-m8uApHO4kfIFOrW7w2Ezmlg3Qd // maXlS9DhN0nUk_hGI3amEjkKd0BWYCB8vfUbUv0XGjQip78AI4z1PrFRNidm7 // -jPDm5Iq0SZnjKjCNS5Q15fokXZc8u0A return signedJWT.serialize(); }
/** Get the private key for signing * * @return * @throws JOSEException */ public SignedJWT sign(JWTClaimsSet claims) throws JOSEException{ JWSSigner signer = new RSASSASigner(privateJWK); JWSHeader.Builder head = new JWSHeader.Builder(defaultAlg); head.keyID(getDefaultKeyID()); SignedJWT signedJWT = new SignedJWT(head.build(), claims); signedJWT.sign(signer); return signedJWT; /* For HMAC we could do the following. This may be useful for the implicit flow: ClientDetailsEntity clientEntity = clientDetailsEntityCacheManager.retrieve(authentication.getOAuth2Request().getClientId()); JWSSigner signer = new MACSigner(StringUtils.rightPad(clientEntity.getDecryptedClientSecret(), 32, "#").getBytes()); signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claims.build()); signedJWT.sign(signer); */ }
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) throws Exception { JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setSubject(sub); claimsSet.setIssueTime(new Date(new Date().getTime())); claimsSet.setIssuer("https://c2id.com"); claimsSet.setCustomClaim("scope", "openid"); claimsSet.setExpirationTime(expires); List<String> aud = new ArrayList<String>(); aud.add("bar"); claimsSet.setAudience("bar"); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build(); SignedJWT signedJWT = new SignedJWT(header, claimsSet); JWSSigner signer = new RSASSASigner(privateKey); signedJWT.sign(signer); return signedJWT; }
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) throws Exception { JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setSubject(sub); claimsSet.setIssueTime(new Date(new Date().getTime())); claimsSet.setIssuer("https://c2id.com"); claimsSet.setCustomClaim("scope", "openid"); claimsSet.setExpirationTime(expires); List<String> aud = new ArrayList<String>(); aud.add("bar"); claimsSet.setAudience("bar"); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build(); SignedJWT signedJWT = new SignedJWT(header, claimsSet); JWSSigner signer = new RSASSASigner(privateKey); signedJWT.sign(signer); return signedJWT; }
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey) throws Exception { JWTClaimsSet claimsSet = new JWTClaimsSet.Builder() .subject(sub) .issueTime(new Date(new Date().getTime())) .issuer("https://c2id.com") .claim("scope", "openid") .audience("bar") .expirationTime(expires) .build(); List<String> aud = new ArrayList<String>(); aud.add("bar"); JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build(); SignedJWT signedJWT = new SignedJWT(header, claimsSet); JWSSigner signer = new RSASSASigner(privateKey); signedJWT.sign(signer); return signedJWT; } }