github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

removed idtoken class, removed all jwe/jwt tests

pull/306/merge
Justin Richer 2013-02-19 14:01:45 -05:00
parent d00b351f32
commit 46a3e70377
14 changed files with 0 additions and 1482 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdToken.java
View File

@ -1,133 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.openid.connect.model;
import java.util.List;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Transient;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import com.google.common.base.Splitter;
import com.google.common.collect.Lists;
@Entity
@Table(name="idtoken")
@NamedQueries({
@NamedQuery(name = "IdToken.getAll", query = "select i from IdToken i")
})
public class IdToken extends Jwt {
/**
* Create a blank IdToken
*/
public IdToken() {
super();
}
/**
* Create an IdToken from the requisite pieces.
* @param header
* @param claims
* @param signature
*/
public IdToken(JwtHeader header, IdTokenClaims claims, String signature) {
super(header, claims, signature);
}
private Long id;
/**
* @return the id
*/
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
public Long getId() {
return id;
}
/**
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
/**
* @return the tokenClaims
*/
@Transient
public IdTokenClaims getClaims() {
return (IdTokenClaims) super.getClaims();
}
/**
* @param tokenClaims the tokenClaims to set
*/
public void setClaims(JwtClaims tokenClaims) {
if (tokenClaims instanceof IdTokenClaims) {
super.setClaims(tokenClaims);
} else {
super.setClaims(new IdTokenClaims(tokenClaims));
}
}
/**
* Parse a wire-encoded IdToken.
*
*/
public static IdToken parse(String s) {
// TODO: this code was copied nearly verbatim from Jwt.parse, and
// we should figure out how to re-use and abstract bits, likely
// null string is a null token
if (s == null) {
return null;
}
// split on the dots
List<String> parts = Lists.newArrayList(Splitter.on(".").split(s));
if (parts.size() != 3) {
throw new IllegalArgumentException("Invalid JWT format.");
}
String h64 = parts.get(0);
String c64 = parts.get(1);
String s64 = parts.get(2);
// shuttle for return value
IdToken idToken = new IdToken(new JwtHeader(h64), new IdTokenClaims(c64), s64);
// TODO: save the wire-encoded string in the Jwt object itself?
return idToken;
}
}

130
openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java
View File

@ -1,130 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.openid.connect.model;
import java.util.Date;
import java.util.Map.Entry;
import javax.persistence.Basic;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Transient;
import org.mitre.jwt.model.JwtClaims;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
@Entity
@Table(name="idtokenclaims")
public class IdTokenClaims extends JwtClaims {
public static final String AUTHENTICATION_CONTEXT_CLASS_REFERENCE = "acr";
public static final String AUTH_TIME = "auth_time";
public static final String AUTHORIZED_PARTY = "azp";
private Long id;
public IdTokenClaims() {
super();
}
public IdTokenClaims(JsonObject json) {
super(json);
}
public IdTokenClaims(String b64) {
super(b64);
}
public IdTokenClaims(JwtClaims jwtClaims) {
super(jwtClaims);
}
/**
* @return the id
*/
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
public Long getId() {
return id;
}
/**
* @param id the id to set
*/
public void setId(Long id) {
this.id = id;
}
@Transient
public String getAuthContext() {
return getClaimAsString(AUTHENTICATION_CONTEXT_CLASS_REFERENCE);
}
public void setAuthContext(String acr) {
setClaim(AUTHENTICATION_CONTEXT_CLASS_REFERENCE, acr);
}
@Transient
public Date getAuthTime() {
return getClaimAsDate(AUTH_TIME);
}
public void setAuthTime(Date authTime) {
setClaim(AUTH_TIME, authTime);
}
@Transient
public String getAuthorizedParty() {
return getClaimAsString(AUTHORIZED_PARTY);
}
public void setAuthorizedParty(String azp) {
setClaim(AUTHORIZED_PARTY, azp);
}
/**
* Load this IdToken from a JSON Object
*/
@Override
public void loadFromJsonObject(JsonObject json) {
JsonObject pass = new JsonObject();
for (Entry<String, JsonElement> element : json.entrySet()) {
if (element.getValue().isJsonNull()) {
pass.add(element.getKey(), element.getValue());
} else if (element.getKey().equals(AUTHENTICATION_CONTEXT_CLASS_REFERENCE)) {
setAuthContext(element.getValue().getAsString());
} else if (element.getKey().equals(AUTH_TIME)) {
setAuthTime(new Date(element.getValue().getAsLong() * 1000L));
} else if (element.getKey().equals(AUTHORIZED_PARTY)) {
setAuthorizedParty(element.getValue().getAsString());
} else {
pass.add(element.getKey(), element.getValue());
}
}
super.loadFromJsonObject(pass);
}
}

55
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/IdTokenClaimsRepository.java
View File

@ -1,55 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.openid.connect.repository;
import org.mitre.openid.connect.model.IdTokenClaims;
public interface IdTokenClaimsRepository {
/**
* Returns the IdTokenClaims for the given id
*
* @param id
* id the id of the Address
* @return a valid IdTokenClaims if it exists, null otherwise
*/
public IdTokenClaims getById(Long id);
/**
* Removes the given IdTokenClaims from the repository
*
* @param address
* the IdTokenClaims object to remove
*/
public void remove(IdTokenClaims idTokenClaims);
/**
* Removes an IdTokenClaims from the repository
*
* @param id
* the id of the IdTokenClaims to remove
*/
public void removeById(Long id);
/**
* Persists a IdTokenClaims
*
* @param idTokenClaims
* the IdTokenClaims to be saved
* @return
*/
public IdTokenClaims save(IdTokenClaims idTokenClaims);
}

60
openid-connect-common/src/main/java/org/mitre/openid/connect/repository/IdTokenRepository.java
View File

@ -1,60 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.openid.connect.repository;
import org.mitre.openid.connect.model.IdToken;
/**
* IdToken repository interface
*
* @author Michael Joseph Walsh
*
*/
public interface IdTokenRepository {
/**
* Returns the IdToken for the given id
*
* @param id
* id the id of the IdToken
* @return a valid IdToken if it exists, null otherwise
*/
public IdToken getById(Long id);
/**
* Removes the given IdToken from the repository
*
* @param idToken
* the IdToken object to remove
*/
public void remove(IdToken idToken);
/**
* Removes an IdToken from the repository
*
* @param id
* the id of the IdToken to remove
*/
public void removeById(Long id);
/**
* Persists a IdToken
*
* @param idToken
* @return
*/
public IdToken save(IdToken idToken);
}

99
openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java
View File

@ -1,99 +0,0 @@
package org.mitre.jwe.encryption.impl;
import static org.junit.Assert.assertEquals;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.junit.After;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwe.model.Jwe;
import org.mitre.jwe.model.JweHeader;
import org.mitre.jwt.encryption.impl.RsaDecrypter;
import org.mitre.jwt.encryption.impl.RsaEncrypter;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.google.gson.JsonIOException;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class RsaEncrypterDecrypterTest {
URL jweHeaderUrl = this.getClass().getResource("/jwe/jweHeader");
String jwePlaintextString = new String("Why couldn't the bike move? It was two tired.");
@Before
public void setUp() throws NoSuchAlgorithmException{
Assume.assumeTrue(Cipher.getMaxAllowedKeyLength("AES") > 128); // if we're capped at 128 bits then we can't run these tests
}
@After
public void tearDown(){
}
@Test
public void encryptDecryptTest() throws JsonIOException, JsonSyntaxException, IOException, NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeySpecException {
//
//read in header and plaintext from files
JsonParser parser = new JsonParser();
JsonObject jweHeaderObject = parser.parse(new BufferedReader(new InputStreamReader(jweHeaderUrl.openStream()))).getAsJsonObject();
//generate key pair. this will be passed in from the user
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(4096);
KeyPair pair = keyGen.generateKeyPair();
PublicKey publicKey = pair.getPublic();
PrivateKey privateKey = pair.getPrivate();
//create jwe based on header and plaintext
Jwe jwe = new Jwe(new JweHeader(jweHeaderObject), null, jwePlaintextString.getBytes(), null);
//encrypt
RsaEncrypter rsaEncrypter = new RsaEncrypter();
rsaEncrypter.setPublicKey(publicKey);
rsaEncrypter.setPrivateKey(privateKey);
jwe = rsaEncrypter.encryptAndSign(jwe);
//decrypt
RsaDecrypter rsaDecrypter = new RsaDecrypter();
rsaDecrypter.setPublicKey(publicKey);
rsaDecrypter.setPrivateKey(privateKey);
String encryptedJweString = jwe.toString();
jwe = rsaDecrypter.decrypt(encryptedJweString);
String jweDecryptedCleartext = new String(jwe.getCiphertext());
//test ALL THE THINGS
assertEquals(jweDecryptedCleartext, jwePlaintextString);
assertEquals(jwe.getHeader().getAlgorithm(), jweHeaderObject.get("alg").getAsString());
assertEquals(jwe.getHeader().getEncryptionMethod(), jweHeaderObject.get("enc").getAsString());
assertEquals(jwe.getHeader().getIntegrity(), jweHeaderObject.get("int").getAsString());
assertEquals(jwe.getHeader().getInitializationVector(), jweHeaderObject.get("iv").getAsString());
}
// TODO: add independent unit test for encryption and decryption
}

68
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac256Test.java
View File

@ -1,68 +0,0 @@
package org.mitre.jwt.signer.impl;
import static org.junit.Assert.assertEquals;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.google.gson.JsonIOException;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class Hmac256Test{
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL hs256Url = this.getClass().getResource("/jwt/hs256");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
/**
* @throws IOException
* @throws JsonSyntaxException
* @throws JsonIOException
* @throws java.lang.Exception
*/
@Before
public void setUp() throws JsonIOException, JsonSyntaxException, IOException{
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(hs256Url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown(){
}
@Test
public void testHmacSigner256() throws Exception {
setUp();
HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret");
jwt = hmac.sign(jwt);
assertEquals(hmac.verify(jwt.toString()), true);
}
}

68
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac384Test.java
View File

@ -1,68 +0,0 @@
package org.mitre.jwt.signer.impl;
import static org.junit.Assert.assertEquals;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.google.gson.JsonIOException;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class Hmac384Test {
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL hs384Url = this.getClass().getResource("/jwt/hs384");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
/**
* @throws IOException
* @throws JsonSyntaxException
* @throws JsonIOException
* @throws java.lang.Exception
*/
@Before
public void setUp() throws JsonIOException, JsonSyntaxException, IOException{
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(hs384Url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown(){
}
@Test
public void testHmacSigner384() throws Exception {
setUp();
HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret");
jwt = hmac.sign(jwt);
assertEquals(hmac.verify(jwt.toString()), true);
}
}

68
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Hmac512Test.java
View File

@ -1,68 +0,0 @@
package org.mitre.jwt.signer.impl;
import static org.junit.Assert.assertEquals;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.google.gson.JsonIOException;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class Hmac512Test {
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL hs512Url = this.getClass().getResource("/jwt/hs512");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
/**
* @throws IOException
* @throws JsonSyntaxException
* @throws JsonIOException
* @throws java.lang.Exception
*/
@Before
public void setUp() throws JsonIOException, JsonSyntaxException, IOException{
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(hs512Url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown(){
}
@Test
public void testHmacSigner512() throws Exception {
setUp();
HmacSigner hmac = new HmacSigner(header.getAlgorithm(), "secret");
jwt = hmac.sign(jwt);
assertEquals(hmac.verify(jwt.toString()), true);
}
}

67
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/PlaintextSignerTest.java
View File

@ -1,67 +0,0 @@
package org.mitre.jwt.signer.impl;
import static org.junit.Assert.assertEquals;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.google.gson.JsonIOException;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class PlaintextSignerTest{
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL plaintextUrl = this.getClass().getResource("/jwt/plaintext");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
/**
* @throws IOException
* @throws JsonSyntaxException
* @throws JsonIOException
* @throws java.lang.Exception
*/
@Before
public void setUp() throws JsonIOException, JsonSyntaxException, IOException {
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(plaintextUrl.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown() {
}
@Test
public void testPlaintextSigner() throws JsonIOException, JsonSyntaxException, IOException, NoSuchAlgorithmException {
setUp();
PlaintextSigner plaintext = new PlaintextSigner();
jwt = plaintext.sign(jwt);
assertEquals(plaintext.verify(jwt.toString()), true);
}
}

82
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa256Test.java
View File

@ -1,82 +0,0 @@
package org.mitre.jwt.signer.impl;
import static org.junit.Assert.assertEquals;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import org.mitre.jwt.signer.JwsAlgorithm;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.google.gson.JsonIOException;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class Rsa256Test{
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL rs256Url = this.getClass().getResource("/jwt/rs256");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
KeyPairGenerator keyGen;
KeyPair keyPair;
PublicKey publicKey;
PrivateKey privateKey;
/**
* @throws IOException
* @throws JsonSyntaxException
* @throws JsonIOException
* @throws java.lang.Exception
*/
@Before
public void setUp() throws JsonIOException, JsonSyntaxException, IOException{
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(rs256Url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown(){
}
@Test
public void testRsaSigner256() throws Exception {
keyGen = KeyPairGenerator.getInstance("RSA");
keyPair = keyGen.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS256.getJwaName(), publicKey, privateKey);
jwt = rsa.sign(jwt);
assertEquals(rsa.verify(jwt.toString()), true);
}
}

81
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa384Test.java
View File

@ -1,81 +0,0 @@
package org.mitre.jwt.signer.impl;
import static org.junit.Assert.assertEquals;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import org.mitre.jwt.signer.JwsAlgorithm;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.google.gson.JsonIOException;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class Rsa384Test {
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL rs384Url = this.getClass().getResource("/jwt/rs384");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
KeyPairGenerator keyGen;
KeyPair keyPair;
PublicKey publicKey;
PrivateKey privateKey;
/**
* @throws IOException
* @throws JsonSyntaxException
* @throws JsonIOException
* @throws java.lang.Exception
*/
@Before
public void setUp() throws JsonIOException, JsonSyntaxException, IOException{
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(rs384Url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown(){
}
@Test
public void testRsaSigner384() throws Exception{
setUp();
keyGen = KeyPairGenerator.getInstance("RSA");
keyPair = keyGen.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS384.getJwaName(), publicKey, privateKey);
jwt = rsa.sign(jwt);
assertEquals(rsa.verify(jwt.toString()), true);
}
}

81
openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa512Test.java
View File

@ -1,81 +0,0 @@
package org.mitre.jwt.signer.impl;
import static org.junit.Assert.assertEquals;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import org.mitre.jwt.signer.JwsAlgorithm;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import com.google.gson.JsonIOException;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class Rsa512Test {
URL claimsUrl = this.getClass().getResource("/jwt/claims");
URL rs512Url = this.getClass().getResource("/jwt/rs512");
Jwt jwt = null;
JwtClaims claims = null;
JwtHeader header = null;
KeyPairGenerator keyGen;
KeyPair keyPair;
PublicKey publicKey;
PrivateKey privateKey;
/**
* @throws IOException
* @throws JsonSyntaxException
* @throws JsonIOException
* @throws java.lang.Exception
*/
@Before
public void setUp() throws JsonIOException, JsonSyntaxException, IOException{
JsonParser parser = new JsonParser();
JsonObject claimsObject = parser.parse(new BufferedReader(new InputStreamReader(claimsUrl.openStream()))).getAsJsonObject();
JsonObject headerObject = parser.parse(new BufferedReader(new InputStreamReader(rs512Url.openStream()))).getAsJsonObject();
claims = new JwtClaims(claimsObject);
header = new JwtHeader(headerObject);
jwt = new Jwt(header, claims, null);
}
/**
* @throws java.lang.Exception
*/
@After
public void tearDown(){
}
@Test
public void testRsaSigner512() throws Exception{
setUp();
keyGen = KeyPairGenerator.getInstance("RSA");
keyPair = keyGen.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS512.getJwaName(), publicKey, privateKey);
jwt = rsa.sign(jwt);
assertEquals(rsa.verify(jwt.toString()), true);
}
}

287
openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java
View File

@ -1,287 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.jwt;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.junit.Assert.assertThat;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Date;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.encryption.impl.KeyStore;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.signer.JwsAlgorithm;
import org.mitre.jwt.signer.JwtSigner;
import org.mitre.jwt.signer.impl.HmacSigner;
import org.mitre.jwt.signer.impl.PlaintextSigner;
import org.mitre.jwt.signer.impl.RsaSigner;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@SuppressWarnings("deprecation")
// BC sez X509V3CertificateGenerator is deprecated and the docs say to use
// another, but it seemingly isn't included jar...
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class JwtTest {
@Autowired
KeyStore keystore;
@Test
public void testGenerateHmacSignature() {
Jwt jwt = new Jwt();
jwt.getHeader().setType("JWT");
jwt.getHeader().setAlgorithm("HS256");
jwt.getClaims().setExpiration(new Date(1300819380L * 1000L));
jwt.getClaims().setIssuer("joe");
jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE);
byte[] key = null;
JwtSigner signer;
// sign it
try {
key = "secret".getBytes("UTF-8");
signer = new HmacSigner();
((HmacSigner) signer).setPassphrase(key);
((HmacSigner) signer).afterPropertiesSet();
signer.sign(jwt);
/*
* Expected string based on the following structures, serialized exactly
* as follows and base64 encoded:
*
* header: {"typ":"JWT","alg":"HS256"} claims:
* {"exp":1300819380,"iss":"joe","http://example.com/is_root":true}
*
* Expected signature: iGBPJj47S5q_HAhSoQqAdcS6A_1CFj3zrLaImqNbt9E
*/
String signature = "p-63Jzz7mgi3H4hvW6MFB7lmPRZjhsL666MYkmpX33Y";
String expected = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ." + signature;
String actual = jwt.toString();
assertThat(actual, equalTo(expected));
assertThat(jwt.getSignature(), equalTo(signature));
assertThat(signer.verify(actual), equalTo(true));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
/**
* @throws Exception
*/
@Test
public void testGenerateRsaSignature() throws Exception {
// Hard code the private/public key so as not to depend on it being in
// the keystore...
RSAPrivateKeySpec privateSpec = new RSAPrivateKeySpec(
new BigInteger(
"AD6E684550542947AD95EF9BACDC0AC2C9168C6EB3212D378C23E5539266111DB2E5B4D42B1E47EB4F7A65DB63D9782C72BC365492FD1E5C7B4CD2174C611668C29013FEDE22619B3F58DA3531BB6C02B3266768B7895CBDAFB3F9AC7A7B2F3DB17EF4DCF03BD2575604BDE0A01BB1FB7B0E733AD63E464DB4D7D89626297A214D7CECCD0C50421A322A01E9DCEA23443F6A9339576B31DFA504A133076394562CB57F3FDEDB26F9A82BED2F6D52D6F6BF8286E2497EF0B5C8456F32B4668F5A9F5FCD3781345DDDB749792C37238A53D18FD976C0C9D1F1E211F1A4A9AAE679C45B92D1741EF0D3C3F373232CE7FB93E9BC461E1C508A20B74E7E3361B3C527",
16),
new BigInteger(
"627CDD67E75B33EA0990A8F64DEED389942A62EB867C23B274B9F9C440D2078C47089D6D136369D21E5B52B688F8797F3C54D7C1A58B6A8F7851C2C90A4DE42CEFB864328B31191ED19582AD4CA5B38BC0F2E12C9D75BB1DD946AA55A1648D0A4ADEDEED0CDBDBF24EDDF87A345225FBBB0114BCE7E78B831B5CAC197068837AB0B3F07157952A05F67A72B9852972C704B6B32A70C3BB3DEB186936B0F7D6ABE012DEB89BC2DBE1F88AE7A28C06C53D1FB2459E58D8ED266E3BFC28266981D2A5F624D36555DD64F410461ADA5D53F448BA5EEBBD4BCEC3AF53285FB394650D7B3BFB06712E081AAD160EED6E83A3EA2D092712C07A6331209F62D27184BFC9",
16));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(privateSpec);
RSAPublicKeySpec publicSpec = new RSAPublicKeySpec(
new BigInteger(
"AD6E684550542947AD95EF9BACDC0AC2C9168C6EB3212D378C23E5539266111DB2E5B4D42B1E47EB4F7A65DB63D9782C72BC365492FD1E5C7B4CD2174C611668C29013FEDE22619B3F58DA3531BB6C02B3266768B7895CBDAFB3F9AC7A7B2F3DB17EF4DCF03BD2575604BDE0A01BB1FB7B0E733AD63E464DB4D7D89626297A214D7CECCD0C50421A322A01E9DCEA23443F6A9339576B31DFA504A133076394562CB57F3FDEDB26F9A82BED2F6D52D6F6BF8286E2497EF0B5C8456F32B4668F5A9F5FCD3781345DDDB749792C37238A53D18FD976C0C9D1F1E211F1A4A9AAE679C45B92D1741EF0D3C3F373232CE7FB93E9BC461E1C508A20B74E7E3361B3C527",
16), new BigInteger("10001", 16));
PublicKey publicKey = keyFactory.generatePublic(publicSpec);
Jwt jwt = new Jwt();
jwt.getHeader().setType("JWT");
jwt.getHeader().setAlgorithm("RS256");
jwt.getClaims().setExpiration(new Date(1300819380L * 1000L));
jwt.getClaims().setIssuer("joe");
jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE);
JwtSigner signer = new RsaSigner(JwsAlgorithm.RS256.getJwaName(), publicKey, privateKey);
((RsaSigner) signer).afterPropertiesSet();
/*
* Expected string based on the following structures, serialized exactly
* as follows and base64 encoded:
*
* header: {"typ":"JWT","alg":"HS256"} claims:
* {"exp":1300819380,"iss":"joe","http://example.com/is_root":true}
*
* Expected signature: dSRvtD-ExzGN-
* fRXd1wRZOPo1JFPuqgwvaIKp8jgcyMXJegy6IUjssfUfUcICN5yvh0ggOMWMeWkwQ7
* -PlXMJWymdhXVI3BOpNt7ZOB2vMFYSOOHNBJUunQoe1lmNxuHQdhxqoHahn3u1cLDXz
* -xx-
* JELduuMmaDWqnTFPodVPl45WBKHaQhlOiFWj3ZClUV2k5p2yBT8TmxekL8gWwgVbQk5yPnYOs
* -PcMjzODc9MZX4yI10ZSCSDciwf-
* rgkQLT7wW4uZCoqTZ7187sCodHd6nw3nghqbtqN05fQ3Yq7ykwaR8pdQBFb2L9l7DhLLuXIREDKIFUHBSUs8OnvXFMg
*/
String signature = "dSRvtD-ExzGN-fRXd1wRZOPo1JFPuqgwvaIKp8jgcyMXJegy6IUjssfUfUcICN5yvh0ggOMWMeWkwQ7-PlXMJWymdhXVI3BOpNt7ZOB2vMFYSOOHNBJUunQoe1lmNxuHQdhxqoHahn3u1cLDXz-xx-JELduuMmaDWqnTFPodVPl45WBKHaQhlOiFWj3ZClUV2k5p2yBT8TmxekL8gWwgVbQk5yPnYOs-PcMjzODc9MZX4yI10ZSCSDciwf-rgkQLT7wW4uZCoqTZ7187sCodHd6nw3nghqbtqN05fQ3Yq7ykwaR8pdQBFb2L9l7DhLLuXIREDKIFUHBSUs8OnvXFMg";
String expected = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"
+ "." + signature;
signer.sign(jwt);
String actual = jwt.toString();
assertThat(signer.verify(actual), equalTo(true));
assertThat(actual, equalTo(expected));
assertThat(jwt.getSignature(), equalTo(signature));
}
@Test
public void testParse() {
String source = "eyJhbGciOiJub25lIn0.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.";
Jwt jwt = Jwt.parse(source);
assertThat(jwt.getHeader().getAlgorithm(), equalTo(JwsAlgorithm.NONE.getJwaName()));
assertThat(jwt.getClaims().getIssuer(), equalTo("joe"));
assertThat(jwt.getClaims().getExpiration(), equalTo(new Date(1300819380L * 1000L)));
assertThat((Boolean) jwt.getClaims().getClaim("http://example.com/is_root"), equalTo(Boolean.TRUE));
}
@Test
public void testToStringPlaintext() throws NoSuchAlgorithmException {
Jwt jwt = new Jwt();
jwt.getHeader().setAlgorithm("none");
jwt.getClaims().setExpiration(new Date(1300819380L * 1000L));
jwt.getClaims().setIssuer("joe");
jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE);
// sign it with a blank signature
JwtSigner signer = new PlaintextSigner();
signer.sign(jwt);
/*
* Expected string based on the following structures, serialized exactly
* as follows and base64 encoded:
*
* header: {"alg":"none"} claims:
* {"exp":1300819380,"iss":"joe","http://example.com/is_root":true}
*/
String expected = "eyJhbGciOiJub25lIn0.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.";
String actual = jwt.toString();
assertThat(actual, equalTo(expected));
}
@Test
public void testValidateHmacSignature() {
byte[] key = null;
JwtSigner signer;
// sign it
try {
key = "secret".getBytes("UTF-8");
signer = new HmacSigner();
((HmacSigner) signer).setPassphrase(key);
((HmacSigner) signer).afterPropertiesSet();
/*
* Token string based on the following structures, serialized exactly as
* follows and base64 encoded:
*
* header: {"typ":"JWT","alg":"HS256"} claims:
* {"exp":1300819380,"iss":"joe","http://example.com/is_root":true}
*
* Python script to generate signature:
*
* import hashlib
* import hmac
* import base64
*
* m = hmac.new('secret', 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ', hashlib.sha256)
* base64.urlsafe_b64encode(m.digest())
*
* Expected signature: p-63Jzz7mgi3H4hvW6MFB7lmPRZjhsL666MYkmpX33Y
*/
String jwtString = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.p-63Jzz7mgi3H4hvW6MFB7lmPRZjhsL666MYkmpX33Y";
boolean valid = signer.verify(jwtString);
assertThat(valid, equalTo(Boolean.TRUE));
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
/**
* Creates a certificate.
*
* @param commonName
* @param daysNotValidBefore
* @param daysNotValidAfter
* @return
*/
public static X509V3CertificateGenerator createCertificate(
String commonName, int daysNotValidBefore, int daysNotValidAfter) {
// BC sez X509V3CertificateGenerator is deprecated and the docs say to
// use another, but it seemingly isn't included jar...
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen
.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
v3CertGen.setIssuerDN(new X509Principal("CN=" + commonName
+ ", OU=None, O=None L=None, C=None"));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis()
- (1000L * 60 * 60 * 24 * daysNotValidBefore)));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
+ (1000L * 60 * 60 * 24 * daysNotValidAfter)));
v3CertGen.setSubjectDN(new X509Principal("CN=" + commonName
+ ", OU=None, O=None L=None, C=None"));
return v3CertGen;
}
}

203
openid-connect-server/src/test/java/org/mitre/jwt/signer/service/impl/KeyStoreTest.java
View File

@ -1,203 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.jwt.signer.service.impl;
import static org.hamcrest.CoreMatchers.not;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.junit.Assert.assertThat;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.jwt.encryption.impl.KeyStore;
import org.mitre.jwt.signer.impl.RsaSigner;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
@SuppressWarnings("deprecation")
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:test-context.xml" })
public class KeyStoreTest {
@Autowired
@Qualifier("testKeystore")
KeyStore keystore;
static final String PROVIDER = "BC";
static {
Security.addProvider(new BouncyCastleProvider());
}
/**
* Creates a certificate.
*
* @param commonName
* @param daysNotValidBefore
* @param daysNotValidAfter
* @return
*/
public static X509V3CertificateGenerator createCertificate(
String commonName, int daysNotValidBefore, int daysNotValidAfter) {
// BC sez X509V3CertificateGenerator is deprecated and the docs say to
// use another, but it seemingly isn't included jar...
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen
.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
v3CertGen.setIssuerDN(new X509Principal("CN=" + commonName
+ ", OU=None, O=None L=None, C=None"));
v3CertGen.setNotBefore(new Date(System.currentTimeMillis()
- (1000L * 60 * 60 * 24 * daysNotValidBefore)));
v3CertGen.setNotAfter(new Date(System.currentTimeMillis()
+ (1000L * 60 * 60 * 24 * daysNotValidAfter)));
v3CertGen.setSubjectDN(new X509Principal("CN=" + commonName
+ ", OU=None, O=None L=None, C=None"));
return v3CertGen;
}
/**
* Create an RSA KeyPair and insert into specified KeyStore
*
* @param location
* @param domainName
* @param alias
* @param keystorePassword
* @param aliasPassword
* @param daysNotValidBefore
* @param daysNotValidAfter
* @return
* @throws GeneralSecurityException
* @throws IOException
*/
public static java.security.KeyStore generateKeyPair(KeyStore keystore,
String keyPairAlgorithm, int keySize, String signatureAlgorithm,
String domainName, String alias, String aliasPassword,
int daysNotValidBefore, int daysNotValidAfter)
throws GeneralSecurityException, IOException {
java.security.KeyStore ks;
if (keystore != null ) {
ks = keystore.getKeystore();
} else {
ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
ks.load(null, null);
}
KeyPairGenerator rsaKeyPairGenerator = null;
rsaKeyPairGenerator = KeyPairGenerator.getInstance(keyPairAlgorithm);
rsaKeyPairGenerator.initialize(keySize);
KeyPair rsaKeyPair = rsaKeyPairGenerator.generateKeyPair();
// BC sez X509V3CertificateGenerator is deprecated and the docs say to
// use another, but it seemingly isn't included jar...
X509V3CertificateGenerator v3CertGen = createCertificate(domainName,
daysNotValidBefore, daysNotValidAfter);
PrivateKey privateKey = rsaKeyPair.getPrivate();
v3CertGen.setPublicKey(rsaKeyPair.getPublic());
v3CertGen.setSignatureAlgorithm(signatureAlgorithm);
// BC docs say to use another, but it seemingly isn't included...
X509Certificate certificate = v3CertGen
.generateX509Certificate(privateKey);
// if exist, overwrite
ks.setKeyEntry(alias, privateKey, aliasPassword.toCharArray(),
new java.security.cert.Certificate[] { certificate });
if (keystore != null) {
keystore.setKeystore(ks);
}
return ks;
}
@Test
public void storeRsaKeyPair() throws GeneralSecurityException, IOException {
java.security.KeyStore ks = null;
try {
ks = KeyStoreTest.generateKeyPair(keystore,
RsaSigner.KEYPAIR_ALGORITHM, 2048,
"SHA256WithRSAEncryption", "OpenID Connect Server",
"rsa", RsaSigner.DEFAULT_PASSWORD, 30, 365);
} catch (GeneralSecurityException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
assertThat(ks, not(nullValue()));
}
@Test
public void readKey() throws GeneralSecurityException {
Key key = keystore.getKeystore().getKey("rsa",
KeyStore.PASSWORD.toCharArray());
assertThat(key, not(nullValue()));
}
/**
* Saves the keystore for future use.
*
* @param keystore
* @param path
* @param password
* @throws GeneralSecurityException
* @throws IOException
*/
public static void persistKeystoreToFile(final java.security.KeyStore keystore,
final String path, final String password) throws GeneralSecurityException,
IOException {
FileOutputStream fos = new FileOutputStream(new File(path));
try {
keystore.store(fos, password.toCharArray());
System.out.println("Wrote keystore to " + path);
} finally {
fos.close();
}
}
}