Java Code Examples for org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm#NONE
The following examples show how to use
org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm#NONE .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: EncodeClaimsInStateParameter.java From oxAuth with MIT License | 6 votes |
|
@Test
public void jwtStateNONETest() throws Exception {
showTitle("jwtStateNONETest");
AbstractCryptoProvider cryptoProvider = createCryptoProviderWithAllowedNone();
String rfp = UUID.randomUUID().toString();
String jti = UUID.randomUUID().toString();
JwtState jwtState = new JwtState(SignatureAlgorithm.NONE, cryptoProvider);
jwtState.setRfp(rfp);
jwtState.setJti(jti);
jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
String encodedState = jwtState.getEncodedJwt();
assertNotNull(encodedState);
System.out.println("Encoded State: " + encodedState);
Jwt jwt = Jwt.parse(encodedState);
boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), null,
null, null, SignatureAlgorithm.NONE);
assertTrue(validJwt);
}
Example 2
| Source File: AuthorizationAction.java From oxAuth with MIT License | 5 votes |
|
public String getOpenIdRequestObject() {
openIdRequestObject = "";
try {
if (useOpenIdRequestObject) {
AuthorizationRequest req = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
req.setState(state);
req.setRequestUri(requestUri);
req.setMaxAge(maxAge);
req.setUiLocales(StringUtils.spaceSeparatedToList(uiLocales));
req.setClaimsLocales(StringUtils.spaceSeparatedToList(claimsLocales));
req.setIdTokenHint(idTokenHint);
req.setLoginHint(loginHint);
req.setAcrValues(StringUtils.spaceSeparatedToList(acrValues));
req.setRegistration(registration);
req.setDisplay(display);
req.getPrompts().addAll(prompt);
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider();
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(
req, SignatureAlgorithm.NONE, (String) null, cryptoProvider);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[]{"basic"})));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
openIdRequestObject = jwtAuthorizationRequest.getDecodedJwt();
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
return openIdRequestObject;
}
Example 3
| Source File: ServerCryptoProvider.java From oxAuth with MIT License | 5 votes |
|
@Override
public String sign(String signingInput, String keyId, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception {
if (configurationFactory.getAppConfiguration().getRejectJwtWithNoneAlg() && signatureAlgorithm == SignatureAlgorithm.NONE) {
throw new UnsupportedOperationException("None algorithm is forbidden by `rejectJwtWithNoneAlg` configuration property.");
}
return cryptoProvider.sign(signingInput, keyId, sharedSecret, signatureAlgorithm);
}
Example 4
| Source File: ServerCryptoProvider.java From oxAuth with MIT License | 5 votes |
|
@Override
public boolean verifySignature(String signingInput, String encodedSignature, String keyId, JSONObject jwks, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception {
if (configurationFactory.getAppConfiguration().getRejectJwtWithNoneAlg() && signatureAlgorithm == SignatureAlgorithm.NONE) {
LOG.trace("None algorithm is forbidden by `rejectJwtWithNoneAlg` configuration property.");
return false;
}
return cryptoProvider.verifySignature(signingInput, encodedSignature, keyId, jwks, sharedSecret, signatureAlgorithm);
}
Example 5
| Source File: OxAuthCryptoProvider.java From oxAuth with MIT License | 5 votes |
|
@Override
public String sign(String signingInput, String alias, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception {
if (signatureAlgorithm == SignatureAlgorithm.NONE) {
return "";
} else if (AlgorithmFamily.HMAC.equals(signatureAlgorithm.getFamily())) {
SecretKey secretKey = new SecretKeySpec(sharedSecret.getBytes(Util.UTF8_STRING_ENCODING), signatureAlgorithm.getAlgorithm());
Mac mac = Mac.getInstance(signatureAlgorithm.getAlgorithm());
mac.init(secretKey);
byte[] sig = mac.doFinal(signingInput.getBytes());
return Base64Util.base64urlencode(sig);
} else { // EC or RSA
PrivateKey privateKey = getPrivateKey(alias);
if (privateKey == null) {
final String error = "Failed to find private key by kid: " + alias +
", signatureAlgorithm: " + signatureAlgorithm +
"(check whether web keys JSON in persistence corresponds to keystore file.)";
LOG.error(error);
throw new RuntimeException(error);
}
Signature signer = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
signer.initSign(privateKey);
signer.update(signingInput.getBytes());
byte[] signature = signer.sign();
if (AlgorithmFamily.EC.equals(signatureAlgorithm.getFamily())) {
int signatureLenght = ECDSA.getSignatureByteArrayLength(JWSAlgorithm.parse(signatureAlgorithm.getName()));
signature = ECDSA.transcodeSignatureToConcat(signature, signatureLenght);
}
return Base64Util.base64urlencode(signature);
}
}
Example 6
| Source File: OpenIDRequestObjectHttpTest.java From oxAuth with MIT License | 4 votes |
|
@Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri"})
@Test
public void requestParameterMethodAlgNone(
final String userId, final String userSecret, final String redirectUri, final String redirectUris,
final String sectorIdentifierUri) {
try {
showTitle("requestParameterMethodAlgNone");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Client Registration
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app",
StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.NONE);
registerRequest.addCustomAttribute("oxAuthTrustedClient", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertEquals(response.getStatus(), 200, "Unexpected response code: " + response.getEntity());
assertNotNull(response.getClientId());
assertNotNull(response.getClientSecret());
assertNotNull(response.getRegistrationAccessToken());
assertNotNull(response.getClientSecretExpiresAt());
String clientId = response.getClientId();
// 2. Request authorization
AbstractCryptoProvider cryptoProvider = createCryptoProviderWithAllowedNone();
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest request = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
request.setState(state);
request.setAuthUsername(userId);
request.setAuthPassword(userSecret);
request.getPrompts().add(Prompt.NONE);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(request, SignatureAlgorithm.NONE, cryptoProvider);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[]{ACR_VALUE})));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt();
request.setRequest(authJwt);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(request);
AuthorizationResponse response1 = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(response1.getStatus(), 302, "Unexpected response code: " + response1.getStatus());
assertNotNull(response1.getLocation(), "The location is null");
assertNotNull(response1.getAccessToken(), "The accessToken is null");
assertNotNull(response1.getTokenType(), "The tokenType is null");
assertNotNull(response1.getIdToken(), "The idToken is null");
assertNotNull(response1.getState(), "The state is null");
String accessToken = response1.getAccessToken();
// 3. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse response3 = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertEquals(response3.getStatus(), 200, "Unexpected response code: " + response3.getStatus());
assertNotNull(response3.getClaim(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(response3.getClaim(JwtClaimName.NAME));
assertNotNull(response3.getClaim(JwtClaimName.GIVEN_NAME));
assertNotNull(response3.getClaim(JwtClaimName.FAMILY_NAME));
assertNotNull(response3.getClaim(JwtClaimName.EMAIL));
assertNotNull(response3.getClaim(JwtClaimName.ZONEINFO));
assertNotNull(response3.getClaim(JwtClaimName.LOCALE));
assertNotNull(response3.getClaim(JwtClaimName.ADDRESS));
} catch (Exception e) {
fail(e.getMessage(), e);
}
}
Example 7
| Source File: RegisterParamsValidator.java From oxAuth with MIT License | 4 votes |
|
/**
* Validates all algorithms received for a register client request. It throws a WebApplicationException
* whether a validation doesn't pass.
*
* @param registerRequest Object containing all parameters received to register a client.
*/
public void validateAlgorithms( RegisterRequest registerRequest ) {
if ( registerRequest.getIdTokenSignedResponseAlg() != null
&& registerRequest.getIdTokenSignedResponseAlg() != SignatureAlgorithm.NONE &&
! appConfiguration.getIdTokenSigningAlgValuesSupported().contains(
registerRequest.getIdTokenSignedResponseAlg().toString()) ) {
log.debug("Parameter id_token_signed_response_alg is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter id_token_signed_response_alg is not valid.");
}
if ( registerRequest.getIdTokenEncryptedResponseAlg() != null &&
! appConfiguration.getIdTokenEncryptionAlgValuesSupported().contains(
registerRequest.getIdTokenEncryptedResponseAlg().toString()) ) {
log.debug("Parameter id_token_encrypted_response_alg is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter id_token_encrypted_response_alg is not valid.");
}
if ( registerRequest.getIdTokenEncryptedResponseEnc() != null &&
! appConfiguration.getIdTokenEncryptionEncValuesSupported().contains(
registerRequest.getIdTokenEncryptedResponseEnc().toString()) ) {
log.debug("Parameter id_token_encrypted_response_enc is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter id_token_encrypted_response_enc is not valid.");
}
if ( registerRequest.getUserInfoSignedResponseAlg() != null &&
! appConfiguration.getUserInfoSigningAlgValuesSupported().contains(
registerRequest.getUserInfoSignedResponseAlg().toString()) ) {
log.debug("Parameter userinfo_signed_response_alg is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter userinfo_signed_response_alg is not valid.");
}
if ( registerRequest.getUserInfoEncryptedResponseAlg() != null &&
! appConfiguration.getUserInfoEncryptionAlgValuesSupported().contains(
registerRequest.getUserInfoEncryptedResponseAlg().toString()) ) {
log.debug("Parameter userinfo_encrypted_response_alg is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter userinfo_encrypted_response_alg is not valid.");
}
if ( registerRequest.getUserInfoEncryptedResponseEnc() != null &&
! appConfiguration.getUserInfoEncryptionEncValuesSupported().contains(
registerRequest.getUserInfoEncryptedResponseEnc().toString()) ) {
log.debug("Parameter userinfo_encrypted_response_enc is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter userinfo_encrypted_response_enc is not valid.");
}
if ( registerRequest.getRequestObjectSigningAlg() != null &&
! appConfiguration.getRequestObjectSigningAlgValuesSupported().contains(
registerRequest.getRequestObjectSigningAlg().toString()) ) {
log.debug("Parameter request_object_signing_alg is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter request_object_signing_alg is not valid.");
}
if ( registerRequest.getRequestObjectEncryptionAlg() != null &&
! appConfiguration.getRequestObjectEncryptionAlgValuesSupported().contains(
registerRequest.getRequestObjectEncryptionAlg().toString()) ) {
log.debug("Parameter request_object_encryption_alg is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter request_object_encryption_alg is not valid.");
}
if ( registerRequest.getRequestObjectEncryptionEnc() != null &&
! appConfiguration.getRequestObjectEncryptionEncValuesSupported().contains(
registerRequest.getRequestObjectEncryptionEnc().toString()) ) {
log.debug("Parameter request_object_encryption_enc is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter request_object_encryption_enc is not valid.");
}
if ( registerRequest.getTokenEndpointAuthMethod() != null &&
! appConfiguration.getTokenEndpointAuthMethodsSupported().contains(
registerRequest.getTokenEndpointAuthMethod().toString()) ) {
log.debug("Parameter token_endpoint_auth_method is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter token_endpoint_auth_method is not valid.");
}
if ( registerRequest.getTokenEndpointAuthSigningAlg() != null &&
! appConfiguration.getTokenEndpointAuthSigningAlgValuesSupported().contains(
registerRequest.getTokenEndpointAuthSigningAlg().toString()) ) {
log.debug("Parameter token_endpoint_auth_signing_alg is not valid.");
throw errorResponseFactory.createWebApplicationException(Response.Status.BAD_REQUEST,
RegisterErrorResponseType.INVALID_CLIENT_METADATA, "Parameter token_endpoint_auth_signing_alg is not valid.");
}
}
Example 8
| Source File: PlainTextSignature.java From oxAuth with MIT License | 4 votes |
|
public PlainTextSignature() {
super(SignatureAlgorithm.NONE);
}
