io.jsonwebtoken.SigningKeyResolver Java Examples
The following examples show how to use
io.jsonwebtoken.SigningKeyResolver.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: IdTokenParser.java From line-sdk-android with Apache License 2.0 | 6 votes |
|
public static LineIdToken parse(final String idTokenStr, final SigningKeyResolver signingKeyResolver)
throws Exception {
if (TextUtils.isEmpty(idTokenStr)) {
return null;
}
try {
final Claims claims = Jwts.parser()
.setAllowedClockSkewSeconds(ALLOWED_CLOCK_SKEW_SECONDS)
.setSigningKeyResolver(signingKeyResolver)
.parseClaimsJws(idTokenStr)
.getBody();
return buildIdToken(idTokenStr, claims);
} catch (final Exception e) {
Log.e(TAG, "failed to parse IdToken: " + idTokenStr, e);
throw e;
}
}
Example #2
| Source File: DefaultJwtParser.java From jjwt with Apache License 2.0 | 6 votes |
|
DefaultJwtParser(SigningKeyResolver signingKeyResolver,
Key key,
byte[] keyBytes,
Clock clock,
long allowedClockSkewMillis,
Claims expectedClaims,
Decoder<String, byte[]> base64UrlDecoder,
Deserializer<Map<String, ?>> deserializer,
CompressionCodecResolver compressionCodecResolver) {
this.signingKeyResolver = signingKeyResolver;
this.key = key;
this.keyBytes = keyBytes;
this.clock = clock;
this.allowedClockSkewMillis = allowedClockSkewMillis;
this.expectedClaims = expectedClaims;
this.base64UrlDecoder = base64UrlDecoder;
this.deserializer = deserializer;
this.compressionCodecResolver = compressionCodecResolver;
}
Example #3
| Source File: DefaultOAuthJwtAccessTokenParser.java From athenz with Apache License 2.0 | 5 votes |
|
/**
* Create parser for DefaultOAuthJwtAccessToken
* @param keyStore key store get the JWT public keys
* @param jwksUrl JWKS URL to download the JWT public keys
* @throws IllegalArgumentException key store or JWKS error
*/
public DefaultOAuthJwtAccessTokenParser(KeyStore keyStore, String jwksUrl) throws IllegalArgumentException {
if (keyStore == null) {
throw new IllegalArgumentException("DefaultOAuthJwtAccessTokenParser: keyStore is null");
}
SigningKeyResolver signingKeyResolver = new KeyStoreJwkKeyResolver(keyStore, jwksUrl, null);
this.parser = Jwts.parserBuilder()
.setSigningKeyResolver(signingKeyResolver)
.setAllowedClockSkewSeconds(ALLOWED_CLOCK_SKEW_SECONDS)
.build();
}
Example #4
| Source File: DefaultJwtParser.java From lams with GNU General Public License v2.0 | 4 votes |
|
@Override
public JwtParser setSigningKeyResolver(SigningKeyResolver signingKeyResolver) {
Assert.notNull(signingKeyResolver, "SigningKeyResolver cannot be null.");
this.signingKeyResolver = signingKeyResolver;
return this;
}
Example #5
| Source File: JuiserAutoConfiguration.java From juiser with Apache License 2.0 | 4 votes |
|
@Bean
@ConditionalOnMissingBean(name = "juiserForwardedUserJwtSigningKeyResolver")
public SigningKeyResolver juiserForwardedUserJwtSigningKeyResolver() {
return this.signingKeyResolver;
}
Example #6
| Source File: JuiserAutoConfiguration.java From juiser with Apache License 2.0 | 4 votes |
|
@Bean
@ConditionalOnMissingBean(name = "juiserForwardedUserJwsClaimsExtractor")
public Function<String, Claims> juiserForwardedUserJwsClaimsExtractor() {
final JwtConfig jwt = forwardedHeaderConfig.getJwt();
final JwkConfig jwk = jwt.getKey();
boolean keyEnabled = jwt.isEnabled() && jwk.isEnabled();
Key key = null;
if (keyEnabled) {
ResourceLoader resourceLoader = new SpringResourceLoader(appCtx);
ConfigJwkResolver keyFactory = new ConfigJwkResolver(resourceLoader);
key = keyFactory.apply(jwk);
}
SigningKeyResolver resolver = juiserForwardedUserJwtSigningKeyResolver();
if (keyEnabled && key == null && resolver == null) {
String msg = "JWT signature validation is enabled, but no SigningKeyResolver or default/fallback key has " +
"been configured.";
throw new IllegalArgumentException(msg);
}
JwsClaimsExtractor extractor;
if (resolver != null) {
if (key != null) {
resolver = new FallbackSigningKeyResolver(resolver, key);
}
extractor = new JwsClaimsExtractor(resolver);
} else {
if (key != null) {
extractor = new JwsClaimsExtractor(key);
} else {
extractor = new JwsClaimsExtractor();
}
}
Long allowedClockSkewSeconds = jwt.getAllowedClockSkewSeconds();
extractor.setAllowedClockSkewSeconds(allowedClockSkewSeconds);
return extractor;
}
Example #7
| Source File: JwsClaimsExtractor.java From juiser with Apache License 2.0 | 4 votes |
|
public JwsClaimsExtractor(SigningKeyResolver signingKeyResolver) {
Assert.notNull(signingKeyResolver, "signingKeyResolver argument cannot be null.");
this.signingKeyResolver = signingKeyResolver;
this.signingKeyBytes = null;
this.signingKey = null;
}
Example #8
| Source File: FallbackSigningKeyResolver.java From juiser with Apache License 2.0 | 4 votes |
|
public FallbackSigningKeyResolver(SigningKeyResolver delegate, Key fallbackKey) {
Assert.notNull(delegate, "SigningKeyResolver argument cannot be null.");
Assert.notNull(fallbackKey, "fallbackKey argument cannot be null.");
this.delegate = delegate;
this.fallbackKey = fallbackKey;
}
Example #9
| Source File: KeyStoreJwkKeyResolverTest.java From athenz with Apache License 2.0 | 4 votes |
|
@Test
public void testResolveSigningKey() throws Exception {
// mocks
KeyStore keyStoreMock = Mockito.spy(baseKeyStore);
SigningKeyResolver jwksResolverMock = Mockito.spy(basejwksResolver);
// instance
KeyStoreJwkKeyResolver resolver = new KeyStoreJwkKeyResolver(null, "file:///", null);
Field keyStoreField = resolver.getClass().getDeclaredField("keyStore");
keyStoreField.setAccessible(true);
Field providerField = resolver.getClass().getDeclaredField("jwksResolver");
providerField.setAccessible(true);
providerField.set(resolver, jwksResolverMock);
// args
DefaultJwsHeader jwsHeader = new DefaultJwsHeader();
DefaultClaims claims = new DefaultClaims();
// 1. null key store, find in JWKS
PublicKey pk11 = Mockito.spy(basePublicKey);
Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk11);
jwsHeader.setKeyId("11");
claims.setIssuer(null);
assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk11);
// set key store mock
keyStoreField.set(resolver, keyStoreMock);
// 2. invalid issuer, find in JWKS
PublicKey pk21 = Mockito.spy(basePublicKey);
Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk21);
jwsHeader.setKeyId("21");
claims.setIssuer(null);
assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk21);
PublicKey pk22 = Mockito.spy(basePublicKey);
Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk22);
jwsHeader.setKeyId("22");
claims.setIssuer("");
assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk22);
PublicKey pk23 = Mockito.spy(basePublicKey);
Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk23);
jwsHeader.setKeyId("23");
claims.setIssuer("domain23-----service23");
assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk23);
// 2. invalid domain, find in JWKS
PublicKey pk24 = Mockito.spy(basePublicKey);
Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk24);
jwsHeader.setKeyId("24");
claims.setIssuer("domain24.service24");
assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk24);
// 3. found in key store, skip JWKS
PublicKey pk31 = null;
try (PemReader reader = new PemReader(new FileReader(this.classLoader.getResource("jwt_public.key").getFile()))) {
pk31 = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(reader.readPemObject().getContent()));
}
Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk31);
Mockito.when(keyStoreMock.getPublicKey("sys.auth", "service31", "31")).thenReturn("-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy3c3TEePZZPaxqNU2xV4\nortsXrw1EXTNQj2QUgL8UOPaQS0lbHJtD1cbcCFnzfXRXTOGqh8l+XWTRIOlt4yU\n+mEhgR0/JKILTPwmS0fj3D1PT6IjZShuNyd4USVdcjfCRBRb9ExIptJyeTTUu0Uu\njWNEcGOWAkUZcsonmiEz7bIMVkGy5uYnWGbsKP51Zf/PFMb96RcHeE0ZUitIB4YK\n1bgHLyAEBJIka5mRC/jWq/mlq3jiP5RaVWbzQiJbrjuYWd1Vps/xnrABx6/4Ft/M\n0AnSQN0SYjc/nWT1yGPpCwtWmWUU5NNHd+w6TdgOjdu00wownwblovtEYED+rncb\n913qfBM98kNHyj357BSzlvhiwEH5Ayo9DTnx1j9HuJGZXzymVypuQXLu/tkHMEt+\nc4kytKJNi6MLiauy9xtXGLXgOvZUM8V0Z27Z6CTfCzWZ0nwnEWDdH+NJyusL6pJg\nEGUBh6E9fdJInV7YOCF+P9/19imPHrZ0blTXK1TDfKS/pCLOXO/OmmH+p+UxQ77O\npeP5wlt5Jem0ErSisl/Qxhh1OtJcLwFdA7uC7rOTMrSEGLO++5+CatsXj7BEK2l+\n3As8fJEkoWXd1+4KOUMfV/fnT/z6U8+bcsYn0nvWPl8XuMbwNWjqHYgqhl1RLA7M\n17HCydWCF50HI2XojtGgRN0CAwEAAQ==\n-----END PUBLIC KEY-----\n");
jwsHeader.setKeyId("31");
claims.setIssuer("sys.auth.service31");
assertEquals(resolver.resolveSigningKey(jwsHeader, claims), pk31);
// 3. NOT found in key store, find in JWKS
PublicKey pk32 = Mockito.spy(basePublicKey);
Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk32);
Mockito.when(keyStoreMock.getPublicKey("sys.auth", "service32", "32")).thenReturn(null);
jwsHeader.setKeyId("32");
claims.setIssuer("sys.auth.service32");
assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk32);
// 3. found in key store but public key invalid, find in JWKS
PublicKey pk33 = Mockito.spy(basePublicKey);
Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk33);
Mockito.when(keyStoreMock.getPublicKey("sys.auth", "service33", "33")).thenReturn("");
jwsHeader.setKeyId("33");
claims.setIssuer("sys.auth.service33");
assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk33);
PublicKey pk34 = Mockito.spy(basePublicKey);
Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(pk34);
Mockito.when(keyStoreMock.getPublicKey("sys.auth", "service34", "34")).thenReturn("-----BEGIN PUBLIC KEY-----\ninvalid\n-----END PUBLIC KEY-----\n");
jwsHeader.setKeyId("34");
claims.setIssuer("sys.auth.service34");
assertSame(resolver.resolveSigningKey(jwsHeader, claims), pk34);
// 4. both NOT found
jwsHeader.setKeyId("41");
claims.setIssuer("sys.auth.service41");
Mockito.when(jwksResolverMock.resolveSigningKey(jwsHeader, claims)).thenReturn(null);
Mockito.when(keyStoreMock.getPublicKey("sys.auth", "service41", "41")).thenReturn(null);
assertNull(resolver.resolveSigningKey(jwsHeader, claims));
// 5. skip, empty key ID
jwsHeader.setKeyId(null);
claims.setIssuer(null);
assertNull(resolver.resolveSigningKey(jwsHeader, claims));
jwsHeader.setKeyId("");
claims.setIssuer(null);
assertNull(resolver.resolveSigningKey(jwsHeader, claims));
}
Example #10
| Source File: ImmutableJwtParser.java From jjwt with Apache License 2.0 | 4 votes |
|
@Override
public JwtParser setSigningKeyResolver(SigningKeyResolver signingKeyResolver) {
throw doNotMutate();
}
Example #11
| Source File: DefaultJwtParser.java From jjwt with Apache License 2.0 | 4 votes |
|
@Override
public JwtParser setSigningKeyResolver(SigningKeyResolver signingKeyResolver) {
Assert.notNull(signingKeyResolver, "SigningKeyResolver cannot be null.");
this.signingKeyResolver = signingKeyResolver;
return this;
}
Example #12
| Source File: DefaultJwtParserBuilder.java From jjwt with Apache License 2.0 | 4 votes |
|
@Override
public JwtParserBuilder setSigningKeyResolver(SigningKeyResolver signingKeyResolver) {
Assert.notNull(signingKeyResolver, "SigningKeyResolver cannot be null.");
this.signingKeyResolver = signingKeyResolver;
return this;
}
Example #13
| Source File: SecretService.java From tutorials with MIT License | 4 votes |
|
public SigningKeyResolver getSigningKeyResolver() {
return signingKeyResolver;
}
