github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of github.com:jricher/OpenID-Connect-Java-Spring-Server

pull/59/head
Justin Richer 2012-02-14 16:07:21 -05:00
parent 71292bcefd c3cad0d0e2
commit 01763dbc0c
12 changed files with 623 additions and 387 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored
View File

@ -2,4 +2,13 @@
/target
*~
/bin
*.idea
*.gitignore
.gitignore
OpenIDConnect.iml
server/openid.iml
.gitignore

148
server/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java
View File

@ -1,75 +1,75 @@
package org.mitre.jwt.signer;
import java.util.List;
import org.mitre.jwt.model.Jwt;
import com.google.common.base.Objects;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
public abstract class AbstractJwtSigner implements JwtSigner {
private String algorithm;
public AbstractJwtSigner(String algorithm) {
this.algorithm = algorithm;
}
/**
* @return the algorithm
*/
public String getAlgorithm() {
return algorithm;
}
/**
* @param algorithm the algorithm to set
*/
public void setAlgorithm(String algorithm) {
this.algorithm = algorithm;
}
/**
* Ensures that the 'alg' of the given JWT matches the {@link #algorithm} of this signer
*/
@Override
public void sign(Jwt jwt) {
if (!Objects.equal(algorithm, jwt.getHeader().getAlgorithm())) {
// algorithm type doesn't match
// TODO: should this be an error or should we just fix it in the incoming jwt?
// for now, we fix the Jwt
jwt.getHeader().setAlgorithm(algorithm);
}
String sig = generateSignature(jwt.getSignatureBase());
jwt.setSignature(sig);
}
/* (non-Javadoc)
* @see org.mitre.jwt.JwtSigner#verify(java.lang.String)
*/
@Override
public boolean verify(String jwtString) {
// split on the dots
List<String> parts = Lists.newArrayList(Splitter.on(".").split(jwtString));
if (parts.size() != 3) {
throw new IllegalArgumentException("Invalid JWT format.");
}
String h64 = parts.get(0);
String c64 = parts.get(1);
String s64 = parts.get(2);
String expectedSignature = generateSignature(h64 + "." + c64 + ".");
return Strings.nullToEmpty(s64).equals(Strings.nullToEmpty(expectedSignature));
}
protected abstract String generateSignature(String signatureBase);
package org.mitre.jwt.signer;
import java.util.List;
import org.mitre.jwt.model.Jwt;
import com.google.common.base.Objects;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
public abstract class AbstractJwtSigner implements JwtSigner {
private String algorithm;
public AbstractJwtSigner(String algorithm) {
this.algorithm = algorithm;
}
/**
* @return the algorithm
*/
public String getAlgorithm() {
return algorithm;
}
/**
* @param algorithm the algorithm to set
*/
public void setAlgorithm(String algorithm) {
this.algorithm = algorithm;
}
/**
* Ensures that the 'alg' of the given JWT matches the {@link #algorithm} of this signer
*/
@Override
public void sign(Jwt jwt) {
if (!Objects.equal(algorithm, jwt.getHeader().getAlgorithm())) {
// algorithm type doesn't match
// TODO: should this be an error or should we just fix it in the incoming jwt?
// for now, we fix the Jwt
jwt.getHeader().setAlgorithm(algorithm);
}
String sig = generateSignature(jwt.getSignatureBase());
jwt.setSignature(sig);
}
/* (non-Javadoc)
* @see org.mitre.jwt.JwtSigner#verify(java.lang.String)
*/
@Override
public boolean verify(String jwtString) {
// split on the dots
List<String> parts = Lists.newArrayList(Splitter.on(".").split(jwtString));
if (parts.size() != 3) {
throw new IllegalArgumentException("Invalid JWT format.");
}
String h64 = parts.get(0);
String c64 = parts.get(1);
String s64 = parts.get(2);
String expectedSignature = generateSignature(h64 + "." + c64 + ".");
return Strings.nullToEmpty(s64).equals(Strings.nullToEmpty(expectedSignature));
}
protected abstract String generateSignature(String signatureBase);
}

36
server/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java
View File

@ -1,18 +1,18 @@
package org.mitre.jwt.signer.impl;
import org.mitre.jwt.signer.AbstractJwtSigner;
public class PlaintextSigner extends AbstractJwtSigner {
public static final String PLAINTEXT = "none";
public PlaintextSigner() {
super(PLAINTEXT);
}
@Override
protected String generateSignature(String signatureBase) {
return null;
}
}
package org.mitre.jwt.signer.impl;
import org.mitre.jwt.signer.AbstractJwtSigner;
public class PlaintextSigner extends AbstractJwtSigner {
public static final String PLAINTEXT = "none";
public PlaintextSigner() {
super(PLAINTEXT);
}
@Override
protected String generateSignature(String signatureBase) {
return null;
}
}

112
server/src/main/java/org/mitre/openid/connect/view/JSONIdTokenView.java
View File

@ -1,56 +1,56 @@
package org.mitre.openid.connect.view;
import java.io.Writer;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.web.servlet.view.AbstractView;
import com.google.gson.ExclusionStrategy;
import com.google.gson.FieldAttributes;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
public class JSONIdTokenView extends AbstractView {
/* (non-Javadoc)
* @see org.springframework.web.servlet.view.AbstractView#renderMergedOutputModel(java.util.Map, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
protected void renderMergedOutputModel(Map<String, Object> model,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
}).create();
response.setContentType("application/json");
Writer out = response.getWriter();
Object obj = model.get("entity");
if (obj == null) {
obj = model;
}
gson.toJson(obj, out);
}
}
package org.mitre.openid.connect.view;
import java.io.Writer;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.web.servlet.view.AbstractView;
import com.google.gson.ExclusionStrategy;
import com.google.gson.FieldAttributes;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
public class JSONIdTokenView extends AbstractView {
/* (non-Javadoc)
* @see org.springframework.web.servlet.view.AbstractView#renderMergedOutputModel(java.util.Map, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
protected void renderMergedOutputModel(Map<String, Object> model,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
}).create();
response.setContentType("application/json");
Writer out = response.getWriter();
Object obj = model.get("entity");
if (obj == null) {
obj = model;
}
gson.toJson(obj, out);
}
}

112
server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java
View File

@ -1,56 +1,56 @@
package org.mitre.openid.connect.view;
import java.io.Writer;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.web.servlet.view.AbstractView;
import com.google.gson.ExclusionStrategy;
import com.google.gson.FieldAttributes;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
public class JSONUserInfoView extends AbstractView{
/* (non-Javadoc)
* @see org.springframework.web.servlet.view.AbstractView#renderMergedOutputModel(java.util.Map, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
protected void renderMergedOutputModel(Map<String, Object> model,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
}).create();
response.setContentType("application/json");
Writer out = response.getWriter();
Object obj = model.get("entity");
if (obj == null) {
obj = model;
}
gson.toJson(obj, out);
}
}
package org.mitre.openid.connect.view;
import java.io.Writer;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.web.servlet.view.AbstractView;
import com.google.gson.ExclusionStrategy;
import com.google.gson.FieldAttributes;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
public class JSONUserInfoView extends AbstractView{
/* (non-Javadoc)
* @see org.springframework.web.servlet.view.AbstractView#renderMergedOutputModel(java.util.Map, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
protected void renderMergedOutputModel(Map<String, Object> model,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
}
return false;
}
}).create();
response.setContentType("application/json");
Writer out = response.getWriter();
Object obj = model.get("entity");
if (obj == null) {
obj = model;
}
gson.toJson(obj, out);
}
}

4
server/src/main/webapp/WEB-INF/tags/breadcrumbs.tag Normal file
View File

@ -0,0 +1,4 @@
<ul class="breadcrumb">
<li><a href="#">Home</a> <span class="divider">/</span></li>
<li class="active">Manage Clients</li>
</ul>

2
server/src/main/webapp/WEB-INF/tags/footer.tag Normal file
View File

@ -0,0 +1,2 @@
</body>
</html>

49
server/src/main/webapp/WEB-INF/tags/header.tag Normal file
View File

@ -0,0 +1,49 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>OpenID Connect</title>
<meta name="description" content="">
<meta name="author" content="">
<!-- Le javascript -->
<script src="http://code.jquery.com/jquery-1.7.min.js"></script>
<script src="../bootstrap/js/bootstrap-modal.js"></script>
<script src="../bootstrap/js/bootstrap-alerts.js"></script>
<script src="../bootstrap/js/bootstrap-twipsy.js"></script>
<script src="../bootstrap/js/bootstrap-popover.js"></script>
<script src="../bootstrap/js/bootstrap-dropdown.js"></script>
<script src="../bootstrap/js/bootstrap-scrollspy.js"></script>
<script src="../bootstrap/js/bootstrap-tabs.js"></script>
<script src="../bootstrap/js/bootstrap-buttons.js"></script>
<script>$(function () {
})</script>
<!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
<!--[if lt IE 9]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<!-- Le styles -->
<link href="../bootstrap/bootstrap.css" rel="stylesheet">
<style type="text/css">
body {
padding-top: 60px;
}
.logo {
background: url("../images/openid_small.png") no-repeat left center;
padding-left: 30px;
}
</style>
<!-- Le fav and touch icons -->
<link rel="shortcut icon" href="images/favicon.ico">
<link rel="apple-touch-icon" href="images/apple-touch-icon.png">
<link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png">
<link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png">
</head>
<body>

16
server/src/main/webapp/WEB-INF/tags/sidebar.tag Normal file
View File

@ -0,0 +1,16 @@
<div class="sidebar">
<div class="well">
<h5>Administrative</h5>
<ul>
<li><a href="#">Manage Clients</a></li>
<li><a href="#">White Lists</a></li>
<li><a href="#">Black Lists</a></li>
</ul>
<h5>Personal</h5>
<ul>
<li><a href="#">Manage Sites</a></li>
<li><a href="#">Manage Active Tokens</a></li>
<li><a href="#">Profile</a></li>
</ul>
</div>
</div>

14
server/src/main/webapp/WEB-INF/tags/topbar.tag Normal file
View File

@ -0,0 +1,14 @@
<div class="topbar">
<div class="topbar-inner">
<div class="container-fluid">
<a class="brand" href="#"><span class="logo">OpenID Connect Server</span></a>
<ul class="nav">
<li class="active"><a href="#">Home</a></li>
<li><a href="#about">About</a></li>
<li><a href="#about">Statistics</a></li>
<li><a href="#contact">Contact</a></li>
</ul>
<p class="pull-right">Logged in as <a href="#">username</a></p>
</div>
</div>
</div>

152
server/src/main/webapp/WEB-INF/views/admin/manage_clients.html
View File

@ -6,6 +6,21 @@
<meta name="description" content="">
<meta name="author" content="">
<!-- Le javascript -->
<script src="http://code.jquery.com/jquery-1.7.min.js"></script>
<script src="../bootstrap/js/bootstrap-modal.js"></script>
<script src="../bootstrap/js/bootstrap-alerts.js"></script>
<script src="../bootstrap/js/bootstrap-twipsy.js"></script>
<script src="../bootstrap/js/bootstrap-popover.js"></script>
<script src="../bootstrap/js/bootstrap-dropdown.js"></script>
<script src="../bootstrap/js/bootstrap-scrollspy.js"></script>
<script src="../bootstrap/js/bootstrap-tabs.js"></script>
<script src="../bootstrap/js/bootstrap-buttons.js"></script>
<script>$(function () {
})</script>
<!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
<!--[if lt IE 9]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
@ -33,6 +48,126 @@
<body>
<div id="modal-from-dom" class="modal hide fade" style="width: 577px; max-height: none; top: 35%">
<div class="modal-header">
<a href="#" class="close">&times;</a>
<h3>Edit Client</h3>
</div>
<div class="modal-body">
<form>
<fieldset>
<legend>OpenID Client</legend>
<div class="clearfix">
<label for="xlInput">Client Name</label>
<div class="input">
<input type="text" size="30" name="xlInput" id="xlInput" class="xlarge">
</div>
</div>
<div class="clearfix">
<label for="prependedInput">Redirect Url</label>
<div class="input">
<div class="input-prepend">
<span class="add-on">http://</span>
<input type="text" size="16" name="prependedInput" id="prependedInput" class="medium">
</div>
<span class="help-block">Url to be redirected</span>
</div>
</div>
<div class="clearfix">
<label id="optionsCheckboxes">Grant Types:</label>
<div class="input">
<ul class="inputs-list">
<li>
<label>
<input type="checkbox" value="option1" name="optionsCheckboxes">
<span>Grant Type Blah</span>
</label>
</li>
<li>
<label>
<input type="checkbox" value="option2" name="optionsCheckboxes">
<span>Grant Type Blah</span>
</label>
</li>
<li>
<label>
<input type="checkbox" value="option2" name="optionsCheckboxes">
<span>Grant Type Blah</span>
</label>
</li>
</ul>
<span class="help-block">
<strong>Note:</strong> Grant type help text.
</span>
</div>
</div>
<div class="clearfix">
<label for="textarea2">Scope</label>
<div class="input">
<textarea rows="3" name="textarea2" id="textarea2" class="xlarge">email,first name</textarea>
<span class="help-block">
Please enter scopes separated by commas
</span>
</div>
</div>
<div class="clearfix">
<label for="normalSelect">Authority</label>
<div class="input">
<select id="normalSelect" name="normalSelect">
<option>My Authority Option 1</option>
<option>My Authority Option 2</option>
</select>
</div>
</div>
</fieldset>
<div class="clearfix">
<label for="form-description">Description</label>
<div class="input">
<input type="text" size="30" name="form-description" id="form-description" class="xlarge">
</div>
</div>
<div class="clearfix">
<label id="form-allow-tokens">Allow refresh tokens?</label>
<div class="input">
<ul class="inputs-list">
<li>
<label>
<input type="checkbox" value="option1" name="form-allow-tokens">
<span>&nbsp;</span>
</label>
</li>
</ul>
<span class="help-block">
<strong>Note:</strong> Labels surround all the options for much larger click areas and a more usable form.
</span>
</div>
</div>
</form>
</div>
<div class="modal-footer">
<a href="#" class="btn primary">Save</a>
<a href="#" class="btn secondary">Cancel</a>
</div>
</div>
<div class="topbar">
<div class="topbar-inner">
<div class="container-fluid">
@ -66,7 +201,6 @@
</div>
</div>
<div class="content">
<!-- Main hero unit for a primary marketing message or call to action -->
<div class="">
<ul class="breadcrumb">
<li><a href="#">Home</a> <span class="divider">/</span></li>
@ -120,7 +254,9 @@
</td>
<td><input type="checkbox" checked="checked" value="" id="" name="" disabled></td>
<td>
<button class="btn">edit</button>
<button data-controls-modal="modal-from-dom" data-backdrop="true" data-keyboard="true"
class="btn">edit
</button>
</td>
<td>
<button class="btn danger">delete</button>
@ -151,7 +287,9 @@
</td>
<td><input type="checkbox" checked="checked" value="" id="" name="" disabled></td>
<td>
<button class="btn">edit</button>
<button data-controls-modal="modal-from-dom" data-backdrop="true" data-keyboard="true"
class="btn">edit
</button>
</td>
<td>
<button class="btn danger">delete</button>
@ -182,7 +320,9 @@
</td>
<td><input type="checkbox" checked="checked" value="" id="" name="" disabled></td>
<td>
<button class="btn">edit</button>
<button data-controls-modal="modal-from-dom" data-backdrop="true" data-keyboard="true"
class="btn">edit
</button>
</td>
<td>
<button class="btn danger">delete</button>
@ -213,7 +353,9 @@
</td>
<td><input type="checkbox" checked="checked" value="" id="" name="" disabled></td>
<td>
<button class="btn">edit</button>
<button data-controls-modal="modal-from-dom" data-backdrop="true" data-keyboard="true"
class="btn">edit
</button>
</td>
<td>
<button class="btn danger">delete</button>

354
server/src/test/java/org/mitre/jwt/JwtTest.java
View File

@ -1,177 +1,177 @@
package org.mitre.jwt;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.junit.Assert.assertThat;
import java.io.UnsupportedEncodingException;
import java.util.Date;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.signer.JwtSigner;
import org.mitre.jwt.signer.impl.HmacSigner;
import org.mitre.jwt.signer.impl.PlaintextSigner;
import org.mitre.jwt.signer.impl.RsaSigner;
import org.mitre.jwt.signer.service.impl.KeyStore;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {
"file:src/main/webapp/WEB-INF/spring/application-context.xml",
"classpath:test-context.xml" })
public class JwtTest {
@Autowired
@Qualifier("testKeystore")
KeyStore keystore;
@Test
public void testToStringPlaintext() {
Jwt jwt = new Jwt();
jwt.getHeader().setAlgorithm("none");
jwt.getClaims().setExpiration(new Date(1300819380L * 1000L));
jwt.getClaims().setIssuer("joe");
jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE);
// sign it with a blank signature
JwtSigner signer = new PlaintextSigner();
signer.sign(jwt);
/*
* Expected string based on the following structures, serialized exactly as follows and base64 encoded:
*
* header: {"alg":"none"}
* claims: {"exp":1300819380,"iss":"joe","http://example.com/is_root":true}
*/
String expected = "eyJhbGciOiJub25lIn0.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.";
String actual = jwt.toString();
assertThat(actual, equalTo(expected));
}
@Test
public void testGenerateHmacSignature() {
Jwt jwt = new Jwt();
jwt.getHeader().setType("JWT");
jwt.getHeader().setAlgorithm("HS256");
jwt.getClaims().setExpiration(new Date(1300819380L * 1000L));
jwt.getClaims().setIssuer("joe");
jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE);
// sign it
byte[] key = null;
try {
key = "secret".getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
JwtSigner signer = new HmacSigner(key);
signer.sign(jwt);
/*
* Expected string based on the following structures, serialized exactly as follows and base64 encoded:
*
* header: {"typ":"JWT","alg":"HS256"}
* claims: {"exp":1300819380,"iss":"joe","http://example.com/is_root":true}
*
* Expected signature: iGBPJj47S5q_HAhSoQqAdcS6A_1CFj3zrLaImqNbt9E
*
*/
String signature = "p-63Jzz7mgi3H4hvW6MFB7lmPRZjhsL666MYkmpX33Y";
String expected = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ." + signature;
String actual = jwt.toString();
assertThat(actual, equalTo(expected));
assertThat(jwt.getSignature(), equalTo(signature));
}
/**
* @throws Exception
*/
@Test
public void testGenerateRsaSignature() throws Exception {
// java.security.KeyStore ks = KeyStore.generateRsaKeyPair(keystore
// .getLocation().getFile().getPath(), "OpenID Connect Server",
// "twentyYears", KeyStore.PASSWORD, KeyStore.PASSWORD, 30, 365*20);
//
// keystore.setKeystore(ks);
Jwt jwt = new Jwt();
jwt.getHeader().setType("JWT");
jwt.getHeader().setAlgorithm("RS256");
jwt.getClaims().setExpiration(new Date(1300819380L * 1000L));
jwt.getClaims().setIssuer("joe");
jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE);
JwtSigner signer = new RsaSigner(RsaSigner.Algorithm.DEFAULT, keystore, "twentyYears");
((RsaSigner) signer).afterPropertiesSet();
signer.sign(jwt);
String signature = "TW0nOd_vr1rnV7yIS-lIV2-00V_zJMWxzOc3Z7k3gvMO2aIjIGjZ9nByZMI0iL5komMxYXPl_RCkbd9OKiPkk4iK5CDj7Mawbzu95LgEOOqdXO1f7-IqX9dIvJhVXXInLD3RsGvavyheIqNeFEVidLrJo30tBchB_niljEW7VeX8nSZfiCOdbOTW3hu0ycnon7wFpejb-cRP_S0iqGxCgbYXJzqPT192EHmRy_wmFxxIy9Lc84uqNkAZSIn1jVIeAemm22RoWbq0xLVLTRyiZoxJTUzac_VteiSPRNFlUQuOdxqNf0Hxqh_wVfX1mfXUzv0D8vHJVy6aIqTISmn-qg";
String expected = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.TW0nOd_vr1rnV7yIS-lIV2-00V_zJMWxzOc3Z7k3gvMO2aIjIGjZ9nByZMI0iL5komMxYXPl_RCkbd9OKiPkk4iK5CDj7Mawbzu95LgEOOqdXO1f7-IqX9dIvJhVXXInLD3RsGvavyheIqNeFEVidLrJo30tBchB_niljEW7VeX8nSZfiCOdbOTW3hu0ycnon7wFpejb-cRP_S0iqGxCgbYXJzqPT192EHmRy_wmFxxIy9Lc84uqNkAZSIn1jVIeAemm22RoWbq0xLVLTRyiZoxJTUzac_VteiSPRNFlUQuOdxqNf0Hxqh_wVfX1mfXUzv0D8vHJVy6aIqTISmn-qg";
String actual = jwt.toString();
assertThat(actual, equalTo(expected));
assertThat(jwt.getSignature(), equalTo(signature));
}
@Test
public void testValidateHmacSignature() {
// sign it
byte[] key = null;
try {
key = "secret".getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
JwtSigner signer = new HmacSigner(key);
/*
* Token string based on the following strucutres, serialized exactly as follows and base64 encoded:
*
* header: {"typ":"JWT","alg":"HS256"}
* claims: {"exp":1300819380,"iss":"joe","http://example.com/is_root":true}
*
* Expected signature: iGBPJj47S5q_HAhSoQqAdcS6A_1CFj3zrLaImqNbt9E
*
*/
String jwtString = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.iGBPJj47S5q_HAhSoQqAdcS6A_1CFj3zrLaImqNbt9E";
boolean valid = signer.verify(jwtString);
assertThat(valid, equalTo(Boolean.TRUE));
}
@Test
public void testParse() {
String source = "eyJhbGciOiJub25lIn0.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.";
Jwt jwt = Jwt.parse(source);
assertThat(jwt.getHeader().getAlgorithm(), equalTo(PlaintextSigner.PLAINTEXT));
assertThat(jwt.getClaims().getIssuer(), equalTo("joe"));
assertThat(jwt.getClaims().getExpiration(), equalTo(new Date(1300819380L * 1000L)));
assertThat((Boolean)jwt.getClaims().getClaim("http://example.com/is_root"), equalTo(Boolean.TRUE));
}
}
package org.mitre.jwt;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.junit.Assert.assertThat;
import java.io.UnsupportedEncodingException;
import java.util.Date;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.signer.JwtSigner;
import org.mitre.jwt.signer.impl.HmacSigner;
import org.mitre.jwt.signer.impl.PlaintextSigner;
import org.mitre.jwt.signer.impl.RsaSigner;
import org.mitre.jwt.signer.service.impl.KeyStore;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {
"file:src/main/webapp/WEB-INF/spring/application-context.xml",
"classpath:test-context.xml" })
public class JwtTest {
@Autowired
@Qualifier("testKeystore")
KeyStore keystore;
@Test
public void testToStringPlaintext() {
Jwt jwt = new Jwt();
jwt.getHeader().setAlgorithm("none");
jwt.getClaims().setExpiration(new Date(1300819380L * 1000L));
jwt.getClaims().setIssuer("joe");
jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE);
// sign it with a blank signature
JwtSigner signer = new PlaintextSigner();
signer.sign(jwt);
/*
* Expected string based on the following structures, serialized exactly as follows and base64 encoded:
*
* header: {"alg":"none"}
* claims: {"exp":1300819380,"iss":"joe","http://example.com/is_root":true}
*/
String expected = "eyJhbGciOiJub25lIn0.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.";
String actual = jwt.toString();
assertThat(actual, equalTo(expected));
}
@Test
public void testGenerateHmacSignature() {
Jwt jwt = new Jwt();
jwt.getHeader().setType("JWT");
jwt.getHeader().setAlgorithm("HS256");
jwt.getClaims().setExpiration(new Date(1300819380L * 1000L));
jwt.getClaims().setIssuer("joe");
jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE);
// sign it
byte[] key = null;
try {
key = "secret".getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
JwtSigner signer = new HmacSigner(key);
signer.sign(jwt);
/*
* Expected string based on the following structures, serialized exactly as follows and base64 encoded:
*
* header: {"typ":"JWT","alg":"HS256"}
* claims: {"exp":1300819380,"iss":"joe","http://example.com/is_root":true}
*
* Expected signature: iGBPJj47S5q_HAhSoQqAdcS6A_1CFj3zrLaImqNbt9E
*
*/
String signature = "p-63Jzz7mgi3H4hvW6MFB7lmPRZjhsL666MYkmpX33Y";
String expected = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ." + signature;
String actual = jwt.toString();
assertThat(actual, equalTo(expected));
assertThat(jwt.getSignature(), equalTo(signature));
}
/**
* @throws Exception
*/
@Test
public void testGenerateRsaSignature() throws Exception {
// java.security.KeyStore ks = KeyStore.generateRsaKeyPair(keystore
// .getLocation().getFile().getPath(), "OpenID Connect Server",
// "twentyYears", KeyStore.PASSWORD, KeyStore.PASSWORD, 30, 365*20);
//
// keystore.setKeystore(ks);
Jwt jwt = new Jwt();
jwt.getHeader().setType("JWT");
jwt.getHeader().setAlgorithm("RS256");
jwt.getClaims().setExpiration(new Date(1300819380L * 1000L));
jwt.getClaims().setIssuer("joe");
jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE);
JwtSigner signer = new RsaSigner(RsaSigner.Algorithm.DEFAULT, keystore, "twentyYears");
((RsaSigner) signer).afterPropertiesSet();
signer.sign(jwt);
String signature = "TW0nOd_vr1rnV7yIS-lIV2-00V_zJMWxzOc3Z7k3gvMO2aIjIGjZ9nByZMI0iL5komMxYXPl_RCkbd9OKiPkk4iK5CDj7Mawbzu95LgEOOqdXO1f7-IqX9dIvJhVXXInLD3RsGvavyheIqNeFEVidLrJo30tBchB_niljEW7VeX8nSZfiCOdbOTW3hu0ycnon7wFpejb-cRP_S0iqGxCgbYXJzqPT192EHmRy_wmFxxIy9Lc84uqNkAZSIn1jVIeAemm22RoWbq0xLVLTRyiZoxJTUzac_VteiSPRNFlUQuOdxqNf0Hxqh_wVfX1mfXUzv0D8vHJVy6aIqTISmn-qg";
String expected = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.TW0nOd_vr1rnV7yIS-lIV2-00V_zJMWxzOc3Z7k3gvMO2aIjIGjZ9nByZMI0iL5komMxYXPl_RCkbd9OKiPkk4iK5CDj7Mawbzu95LgEOOqdXO1f7-IqX9dIvJhVXXInLD3RsGvavyheIqNeFEVidLrJo30tBchB_niljEW7VeX8nSZfiCOdbOTW3hu0ycnon7wFpejb-cRP_S0iqGxCgbYXJzqPT192EHmRy_wmFxxIy9Lc84uqNkAZSIn1jVIeAemm22RoWbq0xLVLTRyiZoxJTUzac_VteiSPRNFlUQuOdxqNf0Hxqh_wVfX1mfXUzv0D8vHJVy6aIqTISmn-qg";
String actual = jwt.toString();
assertThat(actual, equalTo(expected));
assertThat(jwt.getSignature(), equalTo(signature));
}
@Test
public void testValidateHmacSignature() {
// sign it
byte[] key = null;
try {
key = "secret".getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
JwtSigner signer = new HmacSigner(key);
/*
* Token string based on the following strucutres, serialized exactly as follows and base64 encoded:
*
* header: {"typ":"JWT","alg":"HS256"}
* claims: {"exp":1300819380,"iss":"joe","http://example.com/is_root":true}
*
* Expected signature: iGBPJj47S5q_HAhSoQqAdcS6A_1CFj3zrLaImqNbt9E
*
*/
String jwtString = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.iGBPJj47S5q_HAhSoQqAdcS6A_1CFj3zrLaImqNbt9E";
boolean valid = signer.verify(jwtString);
assertThat(valid, equalTo(Boolean.TRUE));
}
@Test
public void testParse() {
String source = "eyJhbGciOiJub25lIn0.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.";
Jwt jwt = Jwt.parse(source);
assertThat(jwt.getHeader().getAlgorithm(), equalTo(PlaintextSigner.PLAINTEXT));
assertThat(jwt.getClaims().getIssuer(), equalTo("joe"));
assertThat(jwt.getClaims().getExpiration(), equalTo(new Date(1300819380L * 1000L)));
assertThat((Boolean)jwt.getClaims().getClaim("http://example.com/is_root"), equalTo(Boolean.TRUE));
}
}