Java Code Examples for org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm#HS384
The following examples show how to use
org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm#HS384 .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: EncodeClaimsInStateParameter.java From oxAuth with MIT License | 6 votes |
|
@Test
public void jwtStateHS384Test() throws Exception {
showTitle("jwtStateHS384Test");
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
String sharedKey = "shared_key";
String rfp = UUID.randomUUID().toString();
String jti = UUID.randomUUID().toString();
JwtState jwtState = new JwtState(SignatureAlgorithm.HS384, sharedKey, cryptoProvider);
jwtState.setRfp(rfp);
jwtState.setJti(jti);
jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
String encodedState = jwtState.getEncodedJwt();
assertNotNull(encodedState);
System.out.println("Signed JWS State: " + encodedState);
Jwt jwt = Jwt.parse(encodedState);
boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), null,
null, sharedKey, SignatureAlgorithm.HS384);
assertTrue(validJwt);
}
Example 2
| Source File: AuthorizationAction.java From oxAuth with MIT License | 5 votes |
|
public boolean isClientSecretRequired() {
if (isJWSSelected()) {
return requestObjectSigningAlg == SignatureAlgorithm.HS256
|| requestObjectSigningAlg == SignatureAlgorithm.HS384
|| requestObjectSigningAlg == SignatureAlgorithm.HS512;
} else {
return requestObjectEncryptionAlg == KeyEncryptionAlgorithm.A128KW
|| requestObjectEncryptionAlg == KeyEncryptionAlgorithm.A256KW;
}
}
Example 3
| Source File: HashUtil.java From oxAuth with MIT License | 5 votes |
|
public static String getHash(String input, SignatureAlgorithm signatureAlgorithm) {
try {
final byte[] digest;
if (signatureAlgorithm == SignatureAlgorithm.HS256 ||
signatureAlgorithm == SignatureAlgorithm.RS256 ||
signatureAlgorithm == SignatureAlgorithm.PS256 ||
signatureAlgorithm == SignatureAlgorithm.ES256) {
digest = JwtUtil.getMessageDigestSHA256(input);
} else if (signatureAlgorithm == SignatureAlgorithm.HS384 ||
signatureAlgorithm == SignatureAlgorithm.RS384 ||
signatureAlgorithm == SignatureAlgorithm.PS384 ||
signatureAlgorithm == SignatureAlgorithm.ES384) {
digest = JwtUtil.getMessageDigestSHA384(input);
} else if (signatureAlgorithm == SignatureAlgorithm.HS512 ||
signatureAlgorithm == SignatureAlgorithm.RS512 ||
signatureAlgorithm == SignatureAlgorithm.PS512 ||
signatureAlgorithm == SignatureAlgorithm.ES512) {
digest = JwtUtil.getMessageDigestSHA512(input);
} else { // Default
digest = JwtUtil.getMessageDigestSHA256(input);
}
if (digest != null) {
byte[] lefMostHalf = new byte[digest.length / 2];
System.arraycopy(digest, 0, lefMostHalf, 0, lefMostHalf.length);
return Base64Util.base64urlencode(lefMostHalf);
}
} catch (Exception e) {
log.error("Failed to calculate hash.", e);
}
return null;
}
Example 4
| Source File: EncodeClaimsInStateParameter.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void encodeClaimsInStateParameterHS384(
final String userId, final String userSecret, final String redirectUris, final String redirectUri,
final String sectorIdentifierUri) throws Exception {
showTitle("encodeClaimsInStateParameterHS384");
List<ResponseType> responseTypes = Arrays.asList(
ResponseType.TOKEN,
ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String rfp = UUID.randomUUID().toString();
String jti = UUID.randomUUID().toString();
JwtState jwtState = new JwtState(SignatureAlgorithm.HS384, clientSecret, cryptoProvider);
jwtState.setRfp(rfp);
jwtState.setJti(jti);
jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
String encodedState = jwtState.getEncodedJwt();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(encodedState);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(
authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String state = authorizationResponse.getState();
// 3. Validate state
Jwt jwt = Jwt.parse(state);
boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), null,
null, clientSecret, SignatureAlgorithm.HS384);
assertTrue(validJwt);
}
Example 5
| Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
@Test
public void requestParameterMethod4(
final String userId, final String userSecret, final String redirectUris, final String redirectUri,
final String sectorIdentifierUri) throws Exception {
showTitle("requestParameterMethod4");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
List<String> scopes = Arrays.asList("openid");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(
authorizationRequest, SignatureAlgorithm.HS384, clientSecret, cryptoProvider);
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.SUBJECT_IDENTIFIER, ClaimValue.createSingleValue(userId)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(
authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
}
Example 6
| Source File: UsesSymmetricIdTokenSignatures.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri"})
@Test
public void usesSymmetricIdTokenSignaturesHS384(
final String redirectUris, final String userId, final String userSecret, final String redirectUri,
final String sectorIdentifierUri) throws Exception {
showTitle("OC5:FeatureTest-Uses Symmetric ID Token Signatures HS384");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.ID_TOKEN);
// 1. Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.HS384);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request Authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(
authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation());
assertNotNull(authorizationResponse.getIdToken());
assertNotNull(authorizationResponse.getState());
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
HMACSigner hmacSigner = new HMACSigner(SignatureAlgorithm.HS384, clientSecret);
assertTrue(hmacSigner.validate(jwt));
}
Example 7
| Source File: UserInfoRestWebServiceEmbeddedTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"authorizePath", "userId", "userSecret", "redirectUri"})
@Test(dependsOnMethods = "requestUserInfoHS384Step1")
public void requestUserInfoHS384Step2(final String authorizePath, final String userId, final String userSecret,
final String redirectUri) throws Exception {
final String state = UUID.randomUUID().toString();
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
List<String> scopes = Arrays.asList("openid", "profile", "email");
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId2, scopes,
redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.getPrompts().add(Prompt.NONE);
authorizationRequest.setAuthUsername(userId);
authorizationRequest.setAuthPassword(userSecret);
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest,
SignatureAlgorithm.HS384, clientSecret2, cryptoProvider);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
authorizationRequest.setRequest(authJwt);
System.out.println("Request JWT: " + authJwt);
Builder request = ResteasyClientBuilder.newClient()
.target(url.toString() + authorizePath + "?" + authorizationRequest.getQueryString()).request();
request.header("Authorization", "Basic " + authorizationRequest.getEncodedCredentials());
request.header("Accept", MediaType.TEXT_PLAIN);
Response response = request.get();
String entity = response.readEntity(String.class);
showResponse("requestUserInfoHS384Step2", response, entity);
assertEquals(response.getStatus(), 302, "Unexpected response code.");
assertNotNull(response.getLocation(), "Unexpected result: " + response.getLocation());
try {
URI uri = new URI(response.getLocation().toString());
assertNotNull(uri.getFragment(), "Query string is null");
Map<String, String> params = QueryStringDecoder.decode(uri.getFragment());
assertNotNull(params.get(AuthorizeResponseParam.ACCESS_TOKEN), "The accessToken is null");
assertNotNull(params.get(AuthorizeResponseParam.SCOPE), "The scope is null");
assertNotNull(params.get(AuthorizeResponseParam.STATE), "The state is null");
assertEquals(params.get(AuthorizeResponseParam.STATE), state);
accessToken6 = params.get(AuthorizeResponseParam.ACCESS_TOKEN);
} catch (URISyntaxException e) {
e.printStackTrace();
fail("Response URI is not well formed");
}
}
