本文整理汇总了Java中com.nimbusds.jwt.JWTClaimsSet.setAudience方法的典型用法代码示例。如果您正苦于以下问题:Java JWTClaimsSet.setAudience方法的具体用法?Java JWTClaimsSet.setAudience怎么用?Java JWTClaimsSet.setAudience使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类com.nimbusds.jwt.JWTClaimsSet
的用法示例。
在下文中一共展示了JWTClaimsSet.setAudience方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getJWT
import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey)
throws Exception {
JWTClaimsSet claimsSet = new JWTClaimsSet();
claimsSet.setSubject(sub);
claimsSet.setIssueTime(new Date(new Date().getTime()));
claimsSet.setIssuer("https://c2id.com");
claimsSet.setCustomClaim("scope", "openid");
claimsSet.setExpirationTime(expires);
List<String> aud = new ArrayList<String>();
aud.add("bar");
claimsSet.setAudience("bar");
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build();
SignedJWT signedJWT = new SignedJWT(header, claimsSet);
Base64URL sigInput = Base64URL.encode(signedJWT.getSigningInput());
JWSSigner signer = new RSASSASigner(privateKey);
signedJWT.sign(signer);
return signedJWT;
}
示例2: selfIssue
import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
public String selfIssue() {
JWSSigner signer = new RSASSASigner((RSAPrivateKey) keyPair.getPrivate());
List<String> aud = new ArrayList<String>();
aud.add(Constants.POYNT_API_HOST);
JWTClaimsSet claimsSet = new JWTClaimsSet();
claimsSet.setAudience(aud);
claimsSet.setSubject(config.getAppId());
claimsSet.setIssuer(config.getAppId());
Calendar now = Calendar.getInstance();
claimsSet.setIssueTime(now.getTime());
now.add(Calendar.MINUTE, 15);
claimsSet.setExpirationTime(now.getTime());
claimsSet.setJWTID(UUID.randomUUID().toString());
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);
try {
signedJWT.sign(signer);
} catch (JOSEException e) {
throw new PoyntSdkException("Failed to sign self issued JWT.");
}
return signedJWT.serialize();
}
示例3: getJWT
import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey)
throws Exception {
JWTClaimsSet claimsSet = new JWTClaimsSet();
claimsSet.setSubject(sub);
claimsSet.setIssueTime(new Date(new Date().getTime()));
claimsSet.setIssuer("https://c2id.com");
claimsSet.setCustomClaim("scope", "openid");
claimsSet.setExpirationTime(expires);
List<String> aud = new ArrayList<String>();
aud.add("bar");
claimsSet.setAudience("bar");
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build();
SignedJWT signedJWT = new SignedJWT(header, claimsSet);
JWSSigner signer = new RSASSASigner(privateKey);
signedJWT.sign(signer);
return signedJWT;
}
示例4: buildIDToken
import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
/**
* To build id token from OauthToken request message context
*
* @param request Token request message context
* @return Signed jwt string.
* @throws IdentityOAuth2Exception
*/
protected String buildIDToken(OAuthTokenReqMessageContext request)
throws IdentityOAuth2Exception {
String issuer = OAuth2Util.getIDTokenIssuer();
long lifetimeInMillis = OAuthServerConfiguration.getInstance().
getApplicationAccessTokenValidityPeriodInSeconds() * 1000;
long curTimeInMillis = Calendar.getInstance().getTimeInMillis();
// setting subject
String subject = request.getAuthorizedUser().getAuthenticatedSubjectIdentifier();
if (!StringUtils.isNotBlank(subject)) {
subject = request.getAuthorizedUser().getUserName();
}
// Set claims to jwt token.
JWTClaimsSet jwtClaimsSet = new JWTClaimsSet();
jwtClaimsSet.setIssuer(issuer);
jwtClaimsSet.setSubject(subject);
jwtClaimsSet.setAudience(Arrays.asList(request.getOauth2AccessTokenReqDTO().getClientId()));
jwtClaimsSet.setClaim(Constants.AUTHORIZATION_PARTY, request.getOauth2AccessTokenReqDTO().getClientId());
jwtClaimsSet.setExpirationTime(new Date(curTimeInMillis + lifetimeInMillis));
jwtClaimsSet.setIssueTime(new Date(curTimeInMillis));
addUserClaims(jwtClaimsSet, request.getAuthorizedUser());
if (JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName())) {
return new PlainJWT(jwtClaimsSet).serialize();
}
return signJWT(jwtClaimsSet, request);
}
示例5: generateIdToken
import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
@Override
public void generateIdToken(String code, String userId, String clientId, String nonce, long authTime, String accessToken, long expireTime) {
try {
byte[] encoded = Base64.decodeBase64(JophielProperties.getInstance().getIdTokenPrivateKey().getBytes("utf-8"));
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
KeyFactory kf = KeyFactory.getInstance("RSA");
RSAPrivateKey privateKey = (RSAPrivateKey) kf.generatePrivate(keySpec);
JWSSigner signer = new RSASSASigner(privateKey);
JWTClaimsSet claimsSet = new JWTClaimsSet();
claimsSet.setSubject(userId);
claimsSet.setAudience(clientId);
claimsSet.setIssuer(JophielProperties.getInstance().getJophielBaseUrl());
claimsSet.setIssueTime(new Date(System.currentTimeMillis()));
claimsSet.setExpirationTime(new Date(expireTime));
claimsSet.setClaim("auth_time", authTime);
claimsSet.setClaim("at_hash", JudgelsPlayUtils.hashMD5(accessToken).substring(accessToken.length() / 2));
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS512), claimsSet);
signedJWT.sign(signer);
IdTokenModel idTokenModel = new IdTokenModel();
idTokenModel.userJid = userId;
idTokenModel.clientJid = clientId;
idTokenModel.code = code;
idTokenModel.redeemed = false;
idTokenModel.token = signedJWT.serialize();
idTokenDao.persist(idTokenModel, IdentityUtils.getUserJid(), IdentityUtils.getIpAddress());
} catch (NoSuchAlgorithmException | InvalidKeySpecException | JOSEException | UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
}
示例6: userToClaims
import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
/**
* Converts a User and its Groups into a JWTClaimsSet.
*
* Groups are converted into a List so the List will get serialized as a
* JSON Array, which GoInstant requires.
*/
private static JWTClaimsSet userToClaims(User user) {
JWTClaimsSet claims = new JWTClaimsSet();
String id = user.getID();
String displayName = user.getDisplayName();
checkIdAndDn(id, displayName);
String domain = user.getDomain();
if (domain == null || domain.length() == 0)
throw new IllegalArgumentException(
"domain must be a non-empty String");
claims.setAudience(AUDIENCE);
claims.setSubject(id);
claims.setIssuer(domain);
claims.setCustomClaim("dn", displayName != null ? displayName : id);
Map<String,Object> custom = user.getCustomClaims();
for (Map.Entry<String,Object> entry : custom.entrySet()) {
String key = entry.getKey();
if (RESERVED_CLAIMS.contains(key)) {
throw new IllegalArgumentException("The '"+key+"' claim cannot be custom for a User");
}
claims.setClaim(key, entry.getValue());
}
Set<Group> groups = user.getGroups();
if (groups.size() > 0) {
// Lists will get serialized as JSON Arrays
ArrayList<Object> g = new ArrayList<Object>(groups.size());
for (Group group : groups) {
g.add(groupToMap(group));
}
claims.setCustomClaim("g", g);
}
return claims;
}
示例7: issueToken
import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
public static JWT issueToken(String principal, String group, String role) {
// must have for kerb-token
String krbPrincipal = principal + "@SH.INTEL.COM";
PlainHeader header = new PlainHeader();
//header.setCustomParameter("krbPrincipal", krbPrincipal);
JWTClaimsSet jwtClaims = new JWTClaimsSet();
String iss = "token-service";
jwtClaims.setIssuer(iss);
String sub = principal;
jwtClaims.setSubject(sub);
// must have for kerb-token
jwtClaims.setSubject(krbPrincipal);
jwtClaims.setClaim("group", group);
if (role != null) {
jwtClaims.setClaim("role", role);
}
List<String> aud = new ArrayList<String>();
aud.add("krb5kdc-with-token-extension");
jwtClaims.setAudience(aud);
// Set expiration in 60 minutes
final Date NOW = new Date(new Date().getTime() / 1000 * 1000);
Date exp = new Date(NOW.getTime() + 1000 * 60 * 60);
jwtClaims.setExpirationTime(exp);
Date nbf = NOW;
jwtClaims.setNotBeforeTime(nbf);
Date iat = NOW;
jwtClaims.setIssueTime(iat);
String jti = UUID.randomUUID().toString();
jwtClaims.setJWTID(jti);
PlainJWT jwt = new PlainJWT(header, jwtClaims);
return jwt;
}
示例8: buildIDToken
import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
@Override
public String buildIDToken(OAuthAuthzReqMessageContext request, OAuth2AuthorizeRespDTO tokenRespDTO)
throws IdentityOAuth2Exception {
String issuer = OAuth2Util.getIDTokenIssuer();
long lifetimeInMillis = Integer.parseInt(config.getOpenIDConnectIDTokenExpiration()) * 1000;
long curTimeInMillis = Calendar.getInstance().getTimeInMillis();
// setting subject
String subject = request.getAuthorizationReqDTO().getUser().getAuthenticatedSubjectIdentifier();
String nonceValue = request.getAuthorizationReqDTO().getNonce();
// Get access token issued time
long accessTokenIssuedTime = getAccessTokenIssuedTime(tokenRespDTO.getAccessToken(), request) / 1000;
String atHash = null;
String responseType = request.getAuthorizationReqDTO().getResponseType();
//at_hash is generated on access token. Hence the check on response type to be id_token token or code
if (!JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName()) &&
!OAuthConstants.ID_TOKEN.equalsIgnoreCase(responseType) &&
!OAuthConstants.NONE.equalsIgnoreCase(responseType)) {
String digAlg = mapDigestAlgorithm(signatureAlgorithm);
MessageDigest md;
try {
md = MessageDigest.getInstance(digAlg);
} catch (NoSuchAlgorithmException e) {
throw new IdentityOAuth2Exception("Invalid Algorithm : " + digAlg);
}
md.update(tokenRespDTO.getAccessToken().getBytes(Charsets.UTF_8));
byte[] digest = md.digest();
int leftHalfBytes = 16;
if (SHA384.equals(digAlg)) {
leftHalfBytes = 24;
} else if (SHA512.equals(digAlg)) {
leftHalfBytes = 32;
}
byte[] leftmost = new byte[leftHalfBytes];
for (int i = 0; i < leftHalfBytes; i++) {
leftmost[i] = digest[i];
}
atHash = new String(Base64.encodeBase64URLSafe(leftmost), Charsets.UTF_8);
}
if (log.isDebugEnabled()) {
StringBuilder stringBuilder = (new StringBuilder())
.append("Using issuer ").append(issuer).append("\n")
.append("Subject ").append(subject).append("\n")
.append("ID Token life time ").append(lifetimeInMillis / 1000).append("\n")
.append("Current time ").append(curTimeInMillis / 1000).append("\n")
.append("Nonce Value ").append(nonceValue).append("\n")
.append("Signature Algorithm ").append(signatureAlgorithm).append("\n");
if (log.isDebugEnabled()) {
log.debug(stringBuilder.toString());
}
}
JWTClaimsSet jwtClaimsSet = new JWTClaimsSet();
jwtClaimsSet.setIssuer(issuer);
jwtClaimsSet.setSubject(subject);
jwtClaimsSet.setAudience(Arrays.asList(request.getAuthorizationReqDTO().getConsumerKey()));
jwtClaimsSet.setClaim("azp", request.getAuthorizationReqDTO().getConsumerKey());
jwtClaimsSet.setExpirationTime(new Date(curTimeInMillis + lifetimeInMillis));
jwtClaimsSet.setIssueTime(new Date(curTimeInMillis));
jwtClaimsSet.setClaim("auth_time", accessTokenIssuedTime);
if(atHash != null){
jwtClaimsSet.setClaim("at_hash", atHash);
}
if (nonceValue != null) {
jwtClaimsSet.setClaim("nonce", nonceValue);
}
request.addProperty(OAuthConstants.ACCESS_TOKEN, tokenRespDTO.getAccessToken());
CustomClaimsCallbackHandler claimsCallBackHandler =
OAuthServerConfiguration.getInstance().getOpenIDConnectCustomClaimsCallbackHandler();
claimsCallBackHandler.handleCustomClaims(jwtClaimsSet, request);
if (JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName())) {
return new PlainJWT(jwtClaimsSet).serialize();
}
return signJWT(jwtClaimsSet, request);
}