com.google.api.client.json.webtoken.JsonWebSignature Java Examples
The following examples show how to use
com.google.api.client.json.webtoken.JsonWebSignature.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TestCertificates.java From google-http-java-client with Apache License 2.0 | 6 votes |
|
public static JsonWebSignature getJsonWebSignature() throws IOException {
if (jsonWebSignature == null) {
JsonWebSignature.Header header = new JsonWebSignature.Header();
header.setAlgorithm("RS256");
List<String> certificates = Lists.newArrayList();
certificates.add(FOO_BAR_COM_CERT.getBase64Der());
certificates.add(CA_CERT.getBase64Der());
header.setX509Certificates(certificates);
JsonWebToken.Payload payload = new JsonWebToken.Payload();
payload.set("foo", "bar");
int firstDot = JWS_SIGNATURE.indexOf('.');
int secondDot = JWS_SIGNATURE.indexOf('.', firstDot + 1);
byte[] signatureBytes = Base64.decodeBase64(JWS_SIGNATURE.substring(secondDot + 1));
byte[] signedContentBytes = StringUtils.getBytesUtf8(JWS_SIGNATURE.substring(0, secondDot));
JsonWebSignature signature =
new JsonWebSignature(header, payload, signatureBytes, signedContentBytes);
jsonWebSignature = signature;
}
return jsonWebSignature;
}
Example #2
| Source File: GoogleIdTokenVerifierTest.java From styx with Apache License 2.0 | 6 votes |
|
private String createToken() throws GeneralSecurityException, IOException {
var issuedAt = Instant.now().getEpochSecond();
var expiredAt = issuedAt + 3600; // One hour later
var payload = new GoogleIdToken.Payload();
payload.setAuthorizedParty("103411466401044735393");
payload.setEmail("[email protected]");
payload.setEmailVerified(true);
payload.setIssuedAtTimeSeconds(issuedAt);
payload.setExpirationTimeSeconds(expiredAt);
payload.setIssuer("https://accounts.google.com");
payload.setSubject("103411466401044735393");
GenericJson googleMetadata = new GenericJson()
.set("compute_engine", new GenericJson()
.set("instance_creation_timestamp", 1556025719L)
.set("instance_id", "5850837338805153689")
.set("instance_name", "gew1-metricscatalogbro-b-b7z2")
.set("project_id", "metrics-catalog")
.set("project_number", 283581591831L)
.set("zone", "europe-west1-d")
);
payload.set("google", googleMetadata);
var header = new JsonWebSignature.Header().setAlgorithm("RS256");
return JsonWebSignature.signUsingRsaSha256(privateKey, Utils.getDefaultJsonFactory(), header, payload);
}
Example #3
| Source File: FirebaseTokenFactory.java From firebase-admin-java with Apache License 2.0 | 5 votes |
|
private String signPayload(JsonWebSignature.Header header,
FirebaseCustomAuthToken.Payload payload) throws IOException {
String headerString = Base64.encodeBase64URLSafeString(jsonFactory.toByteArray(header));
String payloadString = Base64.encodeBase64URLSafeString(jsonFactory.toByteArray(payload));
String content = headerString + "." + payloadString;
byte[] contentBytes = StringUtils.getBytesUtf8(content);
String signature = Base64.encodeBase64URLSafeString(signer.sign(contentBytes));
return content + "." + signature;
}
Example #4
| Source File: GoogleIdToken.java From google-api-java-client with Apache License 2.0 | 5 votes |
|
/**
* Parses the given ID token string and returns the parsed {@link GoogleIdToken}.
*
* @param jsonFactory JSON factory
* @param idTokenString ID token string
* @return parsed Google ID token
*/
public static GoogleIdToken parse(JsonFactory jsonFactory, String idTokenString)
throws IOException {
JsonWebSignature jws =
JsonWebSignature.parser(jsonFactory).setPayloadClass(Payload.class).parse(idTokenString);
return new GoogleIdToken(jws.getHeader(), (Payload) jws.getPayload(), jws.getSignatureBytes(),
jws.getSignedContentBytes());
}
Example #5
| Source File: GoogleCredential.java From google-api-java-client with Apache License 2.0 | 5 votes |
|
@Override
@Beta
protected TokenResponse executeRefreshToken() throws IOException {
if (serviceAccountPrivateKey == null) {
return super.executeRefreshToken();
}
// service accounts: no refresh token; instead use private key to request new access token
JsonWebSignature.Header header = new JsonWebSignature.Header();
header.setAlgorithm("RS256");
header.setType("JWT");
header.setKeyId(serviceAccountPrivateKeyId);
JsonWebToken.Payload payload = new JsonWebToken.Payload();
long currentTime = getClock().currentTimeMillis();
payload.setIssuer(serviceAccountId);
payload.setAudience(getTokenServerEncodedUrl());
payload.setIssuedAtTimeSeconds(currentTime / 1000);
payload.setExpirationTimeSeconds(currentTime / 1000 + 3600);
payload.setSubject(serviceAccountUser);
payload.put("scope", Joiner.on(' ').join(serviceAccountScopes));
try {
String assertion = JsonWebSignature.signUsingRsaSha256(
serviceAccountPrivateKey, getJsonFactory(), header, payload);
TokenRequest request = new TokenRequest(
getTransport(), getJsonFactory(), new GenericUrl(getTokenServerEncodedUrl()),
"urn:ietf:params:oauth:grant-type:jwt-bearer");
request.put("assertion", assertion);
return request.execute();
} catch (GeneralSecurityException exception) {
IOException e = new IOException();
e.initCause(exception);
throw e;
}
}
Example #6
| Source File: CredentialFactory.java From hadoop-connectors with Apache License 2.0 | 5 votes |
|
@Override
protected TokenResponse executeRefreshToken() throws IOException {
if (getServiceAccountPrivateKey() == null) {
return super.executeRefreshToken();
}
// service accounts: no refresh token; instead use private key to request new access token
JsonWebSignature.Header header =
new JsonWebSignature.Header()
.setAlgorithm("RS256")
.setType("JWT")
.setKeyId(getServiceAccountPrivateKeyId());
long currentTime = getClock().currentTimeMillis();
JsonWebToken.Payload payload =
new JsonWebToken.Payload()
.setIssuer(getServiceAccountId())
.setAudience(getTokenServerEncodedUrl())
.setIssuedAtTimeSeconds(currentTime / 1000)
.setExpirationTimeSeconds(currentTime / 1000 + DEFAULT_TOKEN_EXPIRATION_SECONDS)
.setSubject(getServiceAccountUser());
payload.put("scope", WHITESPACE_JOINER.join(getServiceAccountScopes()));
try {
String assertion =
JsonWebSignature.signUsingRsaSha256(
getServiceAccountPrivateKey(), getJsonFactory(), header, payload);
TokenRequest request =
new TokenRequest(
getTransport(),
getJsonFactory(),
new GenericUrl(getTokenServerEncodedUrl()),
"urn:ietf:params:oauth:grant-type:jwt-bearer")
.setRequestInitializer(getRequestInitializer());
request.put("assertion", assertion);
return request.execute();
} catch (GeneralSecurityException e) {
throw new IOException("Failed to refresh token", e);
}
}
Example #7
| Source File: PluginTest.java From oic-auth-plugin with MIT License | 5 votes |
|
private String createIdToken(PrivateKey privateKey, Map<String, Object> keyValues) throws Exception {
JsonWebSignature.Header header = new JsonWebSignature.Header()
.setAlgorithm("RS256");
IdToken.Payload payload = new IdToken.Payload()
.setIssuer("issuer")
.setSubject(TEST_USER_USERNAME)
.setAudience(Collections.singletonList("clientId"))
.setAudience(System.currentTimeMillis() / 60 + 5)
.setIssuedAtTimeSeconds(System.currentTimeMillis() / 60);
for(Map.Entry<String, Object> keyValue : keyValues.entrySet()) {
payload.set(keyValue.getKey(), keyValue.getValue());
}
return JsonWebSignature.signUsingRsaSha256(privateKey, JSON_FACORY, header, payload);
}
Example #8
| Source File: GoogleIdTokenAuth.java From styx with Apache License 2.0 | 5 votes |
|
private String getServiceAccountToken(ServiceAccountCredentials credential, String targetAudience)
throws IOException, GeneralSecurityException {
log.debug("Fetching service account id token for {}", credential.getAccount());
final TokenRequest request = new TokenRequest(
this.httpTransport, JSON_FACTORY,
new GenericUrl(credential.getTokenServerUri()),
"urn:ietf:params:oauth:grant-type:jwt-bearer");
final Header header = jwtHeader();
final Payload payload = jwtPayload(
targetAudience, credential.getAccount(), credential.getTokenServerUri().toString());
request.put("assertion", JsonWebSignature.signUsingRsaSha256(
credential.getPrivateKey(), JSON_FACTORY, header, payload));
final TokenResponse response = request.execute();
return (String) response.get("id_token");
}
Example #9
| Source File: ServiceAccountAccessTokenProvider.java From curiostack with MIT License | 5 votes |
|
private String createAssertion(Type type, long currentTimeMillis) {
JsonWebSignature.Header header = new JsonWebSignature.Header();
header.setAlgorithm("RS256");
header.setType("JWT");
header.setKeyId(credentials.getPrivateKeyId());
long currentTimeSecs = TimeUnit.MILLISECONDS.toSeconds(currentTimeMillis);
JsonWebToken.Payload payload = new JsonWebToken.Payload();
String serviceAccount =
MoreObjects.firstNonNull(credentials.getServiceAccountUser(), credentials.getClientEmail());
payload.setIssuer(serviceAccount);
payload.setAudience(AUDIENCE);
payload.setIssuedAtTimeSeconds(currentTimeSecs);
payload.setExpirationTimeSeconds(currentTimeSecs + 3600);
payload.setSubject(serviceAccount);
payload.put(
"scope",
type == Type.ID_TOKEN
? credentials.getClientEmail()
: String.join(" ", credentials.getScopes()));
String assertion;
try {
assertion =
JsonWebSignature.signUsingRsaSha256(
credentials.getPrivateKey(), JacksonFactory.getDefaultInstance(), header, payload);
} catch (GeneralSecurityException | IOException e) {
throw new IllegalStateException(
"Error signing service account access token request with private key.", e);
}
return assertion;
}
Example #10
| Source File: TestUtils.java From firebase-admin-java with Apache License 2.0 | 5 votes |
|
public static boolean verifySignature(JsonWebSignature token, List<PublicKey> keys)
throws Exception {
for (PublicKey key : keys) {
if (token.verifySignature(key)) {
return true;
}
}
return false;
}
Example #11
| Source File: FirebaseTokenVerifierImplTest.java From firebase-admin-java with Apache License 2.0 | 5 votes |
|
private String createCustomToken() {
JsonWebSignature.Header header = tokenFactory.createHeader();
header.setKeyId(null);
Payload payload = tokenFactory.createTokenPayload();
payload.setAudience(CUSTOM_TOKEN_AUDIENCE);
return tokenFactory.createToken(header, payload);
}
Example #12
| Source File: TestTokenFactory.java From firebase-admin-java with Apache License 2.0 | 5 votes |
|
public JsonWebSignature.Header createHeader() {
JsonWebSignature.Header header = new JsonWebSignature.Header();
header.setAlgorithm("RS256");
header.setType("JWT");
header.setKeyId(PRIVATE_KEY_ID);
return header;
}
Example #13
| Source File: TestTokenFactory.java From firebase-admin-java with Apache License 2.0 | 5 votes |
|
public String createToken(JsonWebSignature.Header header, JsonWebToken.Payload payload) {
try {
return JsonWebSignature.signUsingRsaSha256(privateKey, JSON_FACTORY, header, payload);
} catch (GeneralSecurityException | IOException e) {
throw new RuntimeException("Failed to create test token", e);
}
}
Example #14
| Source File: FirebaseCustomAuthToken.java From firebase-admin-java with Apache License 2.0 | 5 votes |
|
/** Parses a JWT token string and extracts its headers and payload fields. */
public static FirebaseCustomAuthToken parse(JsonFactory jsonFactory, String tokenString)
throws IOException {
JsonWebSignature jws =
JsonWebSignature.parser(jsonFactory).setPayloadClass(Payload.class).parse(tokenString);
return new FirebaseCustomAuthToken(
jws.getHeader(),
(Payload) jws.getPayload(),
jws.getSignatureBytes(),
jws.getSignedContentBytes());
}
Example #15
| Source File: FirebaseTokenFactory.java From firebase-admin-java with Apache License 2.0 | 5 votes |
|
public String createSignedCustomAuthTokenForUser(
String uid, Map<String, Object> developerClaims) throws IOException {
checkArgument(!Strings.isNullOrEmpty(uid), "Uid must be provided.");
checkArgument(uid.length() <= 128, "Uid must be shorter than 128 characters.");
JsonWebSignature.Header header = new JsonWebSignature.Header().setAlgorithm("RS256");
final long issuedAt = clock.currentTimeMillis() / 1000;
FirebaseCustomAuthToken.Payload payload =
new FirebaseCustomAuthToken.Payload()
.setUid(uid)
.setIssuer(signer.getAccount())
.setSubject(signer.getAccount())
.setAudience(FirebaseCustomAuthToken.FIREBASE_AUDIENCE)
.setIssuedAtTimeSeconds(issuedAt)
.setExpirationTimeSeconds(issuedAt + FirebaseCustomAuthToken.TOKEN_DURATION_SECONDS);
if (developerClaims != null) {
Collection<String> reservedNames = payload.getClassInfo().getNames();
for (String key : developerClaims.keySet()) {
if (reservedNames.contains(key)) {
throw new IllegalArgumentException(
String.format("developerClaims must not contain a reserved key: %s", key));
}
}
GenericJson jsonObject = new GenericJson();
jsonObject.putAll(developerClaims);
payload.setDeveloperClaims(jsonObject);
}
return signPayload(header, payload);
}
Example #16
| Source File: FirebaseTokenVerifierImplTest.java From firebase-admin-java with Apache License 2.0 | 4 votes |
|
private String createTokenWithIncorrectAlgorithm() {
JsonWebSignature.Header header = tokenFactory.createHeader();
header.setAlgorithm("HSA");
return tokenFactory.createToken(header);
}
Example #17
| Source File: FirebaseTokenVerifierImplTest.java From firebase-admin-java with Apache License 2.0 | 4 votes |
|
private String createTokenWithoutKeyId() {
JsonWebSignature.Header header = tokenFactory.createHeader();
header.setKeyId(null);
return tokenFactory.createToken(header);
}
Example #18
| Source File: TestTokenFactory.java From firebase-admin-java with Apache License 2.0 | 4 votes |
|
public String createToken(JsonWebSignature.Payload payload) {
return createToken(createHeader(), payload);
}
Example #19
| Source File: TestTokenFactory.java From firebase-admin-java with Apache License 2.0 | 4 votes |
|
public String createToken(JsonWebSignature.Header header) {
return createToken(header, createTokenPayload());
}
Example #20
| Source File: MockTokenServerTransport.java From google-api-java-client with Apache License 2.0 | 4 votes |
|
private MockLowLevelHttpRequest buildTokenRequest(String url) {
return new MockLowLevelHttpRequest(url) {
@Override
public LowLevelHttpResponse execute() throws IOException {
String content = this.getContentAsString();
Map<String, String> query = TestUtils.parseQuery(content);
String accessToken = null;
String foundId = query.get("client_id");
if (foundId != null) {
if (!clients.containsKey(foundId)) {
throw new IOException("Client ID not found.");
}
String foundSecret = query.get("client_secret");
String expectedSecret = clients.get(foundId);
if (foundSecret == null || !foundSecret.equals(expectedSecret)) {
throw new IOException("Client secret not found.");
}
String foundRefresh = query.get("refresh_token");
if (!refreshTokens.containsKey(foundRefresh)) {
throw new IOException("Refresh Token not found.");
}
accessToken = refreshTokens.get(foundRefresh);
} else if (query.containsKey("grant_type")) {
String grantType = query.get("grant_type");
if (!EXPECTED_GRANT_TYPE.equals(grantType)) {
throw new IOException("Unexpected Grant Type.");
}
String assertion = query.get("assertion");
JsonWebSignature signature = JsonWebSignature.parse(JSON_FACTORY, assertion);
String foundEmail = signature.getPayload().getIssuer();
if (!serviceAccounts.containsKey(foundEmail)) {
throw new IOException("Service Account Email not found as issuer.");
}
accessToken = serviceAccounts.get(foundEmail);
String foundScopes = (String) signature.getPayload().get("scope");
if (foundScopes == null || foundScopes.length() == 0) {
throw new IOException("Scopes not found.");
}
} else {
throw new IOException("Unknown token type.");
}
// Create the JSon response
GenericJson refreshContents = new GenericJson();
refreshContents.setFactory(JSON_FACTORY);
refreshContents.put("access_token", accessToken);
refreshContents.put("expires_in", 3600);
refreshContents.put("token_type", "Bearer");
String refreshText = refreshContents.toPrettyString();
MockLowLevelHttpResponse response = new MockLowLevelHttpResponse()
.setContentType(Json.MEDIA_TYPE)
.setContent(refreshText);
return response;
}
};
}
Example #21
| Source File: IdToken.java From google-oauth-java-client with Apache License 2.0 | 3 votes |
|
/**
* Parses the given ID token string and returns the parsed ID token.
*
* @param jsonFactory JSON factory
* @param idTokenString ID token string
* @return parsed ID token
*/
public static IdToken parse(JsonFactory jsonFactory, String idTokenString) throws IOException {
JsonWebSignature jws =
JsonWebSignature.parser(jsonFactory).setPayloadClass(Payload.class).parse(idTokenString);
return new IdToken(jws.getHeader(), (Payload) jws.getPayload(), jws.getSignatureBytes(),
jws.getSignedContentBytes());
}
