Created
March 9, 2017 10:26
-
-
Save caoxudong/c891c3992875f9188ef67bc970c3792b to your computer and use it in GitHub Desktop.
json web token
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package codec; | |
| import java.security.Key; | |
| import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; | |
| import org.jose4j.jwe.JsonWebEncryption; | |
| import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; | |
| import org.jose4j.keys.AesKey; | |
| import org.jose4j.lang.ByteUtil; | |
| import org.jose4j.lang.JoseException; | |
| import org.springframework.security.jwt.Jwt; | |
| import org.springframework.security.jwt.JwtHelper; | |
| import org.springframework.security.jwt.crypto.sign.InvalidSignatureException; | |
| import org.springframework.security.jwt.crypto.sign.MacSigner; | |
| import org.springframework.security.jwt.crypto.sign.RsaSigner; | |
| import org.springframework.security.jwt.crypto.sign.RsaVerifier; | |
| import org.testng.annotations.Test; | |
| import static org.testng.Assert.*; | |
| import static codec.JwtSpecData.*; | |
| public class JWTTest { | |
| @Test | |
| public void testJose4j() throws JoseException { | |
| Key key = new AesKey(ByteUtil.randomBytes(16)); | |
| JsonWebEncryption jwe = new JsonWebEncryption(); | |
| jwe.setPayload("fkslhfklahflksdajfhldk gjlfjgl;dfkguao[ i0pefi09sd8f0 sdajlfkjsdl;kfjsd uosdfusadjlfjsadklfjasdlfjasdlkfjsakl;dfjaksldj"); | |
| jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.A128KW); | |
| jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256); | |
| jwe.setKey(key); | |
| String serializedJwe = jwe.getCompactSerialization(); | |
| System.out.println("Serialized Encrypted JWE: " + serializedJwe); | |
| jwe = new JsonWebEncryption(); | |
| jwe.setKey(key); | |
| jwe.setCompactSerialization(serializedJwe); | |
| System.out.println("Payload: " + jwe.getPayload()); | |
| } | |
| /** | |
| * Sample from the JWT spec. | |
| */ | |
| static final String JOE_CLAIM_SEGMENT = "{\"iss\":\"joe\",\r\n" + " \"exp\":1300819380,\r\n" + " \"http://example.com/is_root\":true}"; | |
| static final String JOE_HEADER_HMAC = "{\"typ\":\"JWT\",\r\n" + " \"alg\":\"HS256\"}"; | |
| static final String JOE_HMAC_TOKEN = "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9." + "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ." + "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"; | |
| static final String JOE_RSA_TOKEN = "eyJhbGciOiJSUzI1NiJ9." + "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ." + "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds" + "9uJdbF9CUAr7t1dnZcAcQjbKBYNX4BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K0GarZR" + "mB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqvhJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs9" + "8rqVt5AXLIhWkWywlVmtVrBp0igcN_IoypGlUPQGe77Rw"; | |
| static final String JOE_HEADER_RSA = "{\"alg\":\"RS256\"}"; | |
| static final MacSigner hmac = new MacSigner(JwtSpecData.HMAC_KEY); | |
| @Test | |
| public void tokenBytesCreateSameToken() throws Exception { | |
| Jwt token = JwtHelper.decode(JOE_HMAC_TOKEN); | |
| assertEquals(JOE_HMAC_TOKEN, new String(token.bytes(), "UTF-8")); | |
| assertEquals(JOE_HMAC_TOKEN, token.getEncoded()); | |
| } | |
| @Test | |
| public void expectedClaimsValueIsReturned() { | |
| assertEquals(JOE_CLAIM_SEGMENT, JwtHelper.decode(JOE_HMAC_TOKEN).getClaims()); | |
| } | |
| @Test | |
| public void hmacSignedTokenParsesAndVerifies() { | |
| JwtHelper.decode(JOE_HMAC_TOKEN).verifySignature(hmac); | |
| } | |
| @Test(expectedExceptions=InvalidSignatureException.class) | |
| public void invalidHmacSignatureRaisesException() { | |
| JwtHelper.decode(JOE_HMAC_TOKEN).verifySignature(new MacSigner("differentkey".getBytes())); | |
| } | |
| @Test(expectedExceptions = IllegalArgumentException.class) | |
| public void tokenMissingSignatureIsRejected() { | |
| JwtHelper.decode(JOE_HMAC_TOKEN.substring(0, JOE_HMAC_TOKEN.lastIndexOf('.') + 1)); | |
| } | |
| @Test | |
| public void hmacVerificationIsInverseOfSigning() { | |
| Jwt jwt = JwtHelper.encode(JOE_CLAIM_SEGMENT, hmac); | |
| jwt.verifySignature(hmac); | |
| assertEquals (JOE_CLAIM_SEGMENT, jwt.getClaims()); | |
| } | |
| @Test | |
| public void rsaSignedTokenParsesAndVerifies() { | |
| Jwt jwt = JwtHelper.decode(JOE_RSA_TOKEN); | |
| jwt.verifySignature(new RsaVerifier(N, E)); | |
| assertEquals(JOE_CLAIM_SEGMENT, jwt.getClaims()); | |
| } | |
| @Test(expectedExceptions = InvalidSignatureException.class) | |
| public void invalidRsaSignatureRaisesException() { | |
| JwtHelper.decodeAndVerify(JOE_RSA_TOKEN, new RsaVerifier(N, D)); | |
| } | |
| @Test | |
| public void rsaVerificationIsInverseOfSigning() { | |
| Jwt jwt = JwtHelper.encode(JOE_CLAIM_SEGMENT, new RsaSigner(N, E)); | |
| jwt.verifySignature(new RsaVerifier(N, D)); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment