io.jsonwebtoken.SigningKeyResolverAdapter Java Examples
The following examples show how to use
io.jsonwebtoken.SigningKeyResolverAdapter.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: JwtService.java From localization_nifi with Apache License 2.0 | 6 votes |
|
private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
try {
return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
final String identity = claims.getSubject();
// Get the key based on the key id in the claims
final Integer keyId = claims.get(KEY_ID_CLAIM, Integer.class);
final Key key = keyService.getKey(keyId);
// Ensure we were able to find a key that was previously issued by this key service for this user
if (key == null || key.getKey() == null) {
throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
}
return key.getKey().getBytes(StandardCharsets.UTF_8);
}
}).parseClaimsJws(base64EncodedToken);
} catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException | AdministrationException e) {
// TODO: Exercise all exceptions to ensure none leak key material to logs
final String errorMessage = "Unable to validate the access token.";
throw new JwtException(errorMessage, e);
}
}
Example #2
| Source File: JwtService.java From nifi-registry with Apache License 2.0 | 6 votes |
|
private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
try {
return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
final String identity = claims.getSubject();
// Get the key based on the key id in the claims
final String keyId = claims.get(KEY_ID_CLAIM, String.class);
final Key key = keyService.getKey(keyId);
// Ensure we were able to find a key that was previously issued by this key service for this user
if (key == null || key.getKey() == null) {
throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
}
return key.getKey().getBytes(StandardCharsets.UTF_8);
}
}).parseClaimsJws(base64EncodedToken);
} catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException e) {
// TODO: Exercise all exceptions to ensure none leak key material to logs
final String errorMessage = "Unable to validate the access token.";
throw new JwtException(errorMessage, e);
}
}
Example #3
| Source File: FederatedJwtAuthenticator.java From trellis with Apache License 2.0 | 6 votes |
|
@Override
public Claims parse(final String credentials) {
// Parse the JWT claims
return Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
if (header.getKeyId() == null) {
throw new JwtException("Missing Key ID (kid) header field");
}
try {
if (keyIds.contains(header.getKeyId()) && keyStore.containsAlias(header.getKeyId())) {
return keyStore.getCertificate(header.getKeyId()).getPublicKey();
}
} catch (final KeyStoreException ex) {
throw new SecurityException("Error retrieving key from keystore", ex);
}
throw new SecurityException("Could not locate key in keystore: " + header.getKeyId());
}
}).build().parseClaimsJws(credentials).getBody();
}
Example #4
| Source File: JwksAuthenticator.java From trellis with Apache License 2.0 | 6 votes |
|
@Override
public Claims parse(final String token) {
return Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
final String keyid = header.getKeyId();
if (keyid == null) {
throw new JwtException("Missing Key ID (kid) header field");
}
if (keys.containsKey(keyid)) {
return keys.get(keyid);
}
throw new SecurityException("Could not locate key: " + keyid);
}
}).build().parseClaimsJws(token).getBody();
}
Example #5
| Source File: JwtService.java From nifi with Apache License 2.0 | 6 votes |
|
private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
try {
return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
final String identity = claims.getSubject();
// Get the key based on the key id in the claims
final Integer keyId = claims.get(KEY_ID_CLAIM, Integer.class);
final Key key = keyService.getKey(keyId);
// Ensure we were able to find a key that was previously issued by this key service for this user
if (key == null || key.getKey() == null) {
throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
}
return key.getKey().getBytes(StandardCharsets.UTF_8);
}
}).parseClaimsJws(base64EncodedToken);
} catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException | AdministrationException e) {
// TODO: Exercise all exceptions to ensure none leak key material to logs
final String errorMessage = "Unable to validate the access token.";
throw new JwtException(errorMessage, e);
}
}
Example #6
| Source File: JwtHelper.java From hono with Eclipse Public License 2.0 | 5 votes |
|
/**
* Gets the value of the <em>exp</em> claim of a JWT.
*
* @param token The token.
* @return The expiration.
* @throws NullPointerException if the token is {@code null}.
* @throws IllegalArgumentException if the given token contains no <em>exp</em> claim.
*/
public static final Date getExpiration(final String token) {
if (token == null) {
throw new NullPointerException("token must not be null");
}
final AtomicReference<Date> result = new AtomicReference<>();
try {
Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
final Date exp = claims.getExpiration();
if (exp != null) {
result.set(exp);
}
return DUMMY_KEY;
}
}).parse(token);
} catch (final JwtException e) {
// expected since we do not know the signing key
}
if (result.get() == null) {
throw new IllegalArgumentException("token contains no exp claim");
} else {
return result.get();
}
}
