@Test public void shouldValidateExpiresAtIfPresent() throws Exception { Clock clock = mock(Clock.class); when(clock.getToday()).thenReturn(new Date(DATE_TOKEN_MS_VALUE)); String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0Nzc1OTJ9.isvT0Pqx0yjnZk53mUFSeYFJLDs-Ls9IsNAm86gIdZo"; JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(Algorithm.HMAC256("secret")); DecodedJWT jwt = verification .build(clock) .verify(token); assertThat(jwt, is(notNullValue())); }
@Test public void shouldThrowOnInvalidCustomClaimValue() throws Exception { exception.expect(InvalidClaimException.class); exception.expectMessage("The Claim 'name' value doesn't match the required one."); String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjpbInNvbWV0aGluZyJdfQ.3ENLez6tU_fG0SVFrGmISltZPiXLSHaz_dyn-XFTEGQ"; Map<String, Object> map = new HashMap<>(); map.put("name", new Object()); JWTVerifier verifier = new JWTVerifier(Algorithm.HMAC256("secret"), map, new ClockImpl()); verifier.verify(token); }
@Override public boolean validateId(String id) { requireNonNull(id, "id"); try { // Verifier will check whether its issuer is me and also check whether it has been expired or not. verifier.verify(id); return true; } catch (Throwable cause) { logger.trace("JWT token validation failed", cause); return false; } }
/** * Creates a new and reusable instance of the JWTVerifier with the configuration already provided. * ONLY FOR TEST PURPOSES. * * @param clock the instance that will handle the current time. * @return a new JWTVerifier instance with a custom Clock. */ public JWTVerifier build(Clock clock) { addLeewayToDateClaims(); return new JWTVerifier(algorithm, claims, clock); }
/** * Returns a {@link JWTVerifier} builder with the algorithm to be used to validate token signature. * * @param algorithm that will be used to verify the token's signature. * @return {@link JWTVerifier} builder * @throws IllegalArgumentException if the provided algorithm is null. */ public static Verification require(Algorithm algorithm) { return JWTVerifier.init(algorithm); }
@Override public boolean verifyToken(String token) { try { verifier.verify(token); return true; } catch (JWTVerificationException exception) { monitor.debug(() -> "Error verifying token", exception); return false; } }
public JwtServerInterceptor(String secret) { this.secret = secret; this.verifier = new JWTVerifier(secret); }
@Test public void shouldThrowWhenInitializedWithoutAlgorithm() throws Exception { exception.expect(IllegalArgumentException.class); exception.expectMessage("The Algorithm cannot be null"); JWTVerifier.init(null); }
@Test public void shouldValidateNotBeforeIfPresent() throws Exception { Clock clock = mock(Clock.class); when(clock.getToday()).thenReturn(new Date(DATE_TOKEN_MS_VALUE)); String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0Nzc1OTJ9.isvT0Pqx0yjnZk53mUFSeYFJLDs-Ls9IsNAm86gIdZo"; JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(Algorithm.HMAC256("secret")); DecodedJWT jwt = verification .build(clock) .verify(token); assertThat(jwt, is(notNullValue())); }
/** * Perform the verification against the given Token, using any previous configured options. * * @param token to verify. * @return a verified and decoded JWT. * @throws AlgorithmMismatchException if the algorithm stated in the token's header it's not equal to the one defined in the {@link JWTVerifier}. * @throws SignatureVerificationException if the signature is invalid. * @throws TokenExpiredException if the token has expired. * @throws InvalidClaimException if a claim contained a different value than the expected one. */ @Override public DecodedJWT verify(String token) throws JWTVerificationException { DecodedJWT jwt = new JWTDecoder(parser, token); return verify(jwt); }
final String secret = "{{secret used for signing}}"; try { final JWTVerifier verifier = new JWTVerifier(secret); final Map<String, Object> claims= verifier.verify(jwt); } catch (JWTVerifyException e) { // Invalid Token }
public JWTAuthenticationFilter(final String jwtSecret, final JWTCookieGenerator jwtCookieGenerator) { this.jwtVerifier = new JWTVerifier(jwtSecret); this.jwtCookieGenerator = jwtCookieGenerator; }
@Test public void shouldThrowOnNegativeExpiresAtLeeway() throws Exception { exception.expect(IllegalArgumentException.class); exception.expectMessage("Leeway value can't be negative."); Algorithm algorithm = mock(Algorithm.class); JWTVerifier.init(algorithm) .acceptExpiresAt(-1); }
@Test (expected = InvalidClaimException.class) public void shouldThrowOnFutureIssuedAt() throws Exception { Clock clock = mock(Clock.class); when(clock.getToday()).thenReturn(new Date(DATE_TOKEN_MS_VALUE - 1000)); String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0Nzc1OTJ9.CWq-6pUXl1bFg81vqOUZbZrheO2kUBd2Xr3FUZmvudE"; JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(Algorithm.HMAC256("secret")); DecodedJWT jwt = verification.build(clock).verify(token); assertThat(jwt, is(notNullValue())); }
@Override public UUID getJobIdFromToken(String token) { try { DecodedJWT jwt = verifier.verify(token); // Token is verified, get claim Claim claim = jwt.getClaim(JWTTokenManager.ID_CLAIM_KEY); if (claim.isNull()) { return null; } return claim.isNull() ? null : UUID.fromString(claim.asString()); } catch (JWTVerificationException exception) { monitor.debug(() -> "Error verifying token", exception); throw new RuntimeException("Error verifying token: " + token); } }
@Test public void testConstructToken() throws Exception { String constructedToken = auth.constructToken(1234, "1111111"); byte[] keyBytes = testUtils.loadKey("test/keys/application_public_key.der"); X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes); KeyFactory kf = KeyFactory.getInstance("RSA"); PublicKey key = kf.generatePublic(spec); final JWTVerifier verifier = new JWTVerifier(key); final Map<String, Object> claims = verifier.verify(constructedToken); assertEquals(1234, claims.get("iat")); assertEquals("1111111", claims.get("jti")); assertEquals("application-id", claims.get("application_id")); }
public JWTAuthenticationFilter(final String jwtSecret, final JWTCookieGenerator jwtCookieGenerator) { this.jwtVerifier = new JWTVerifier(jwtSecret); this.jwtCookieGenerator = jwtCookieGenerator; }
@Test public void shouldThrowOnNegativeIssuedAtLeeway() throws Exception { exception.expect(IllegalArgumentException.class); exception.expectMessage("Leeway value can't be negative."); Algorithm algorithm = mock(Algorithm.class); JWTVerifier.init(algorithm) .acceptIssuedAt(-1); }
@Test public void shouldValidateIssuedAtIfPresent() throws Exception { Clock clock = mock(Clock.class); when(clock.getToday()).thenReturn(new Date(DATE_TOKEN_MS_VALUE)); String token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0Nzc1OTJ9.0WJky9eLN7kuxLyZlmbcXRL3Wy8hLoNCEk5CCl2M4lo"; JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWTVerifier.init(Algorithm.HMAC256("secret")); DecodedJWT jwt = verification .build(clock) .verify(token); assertThat(jwt, is(notNullValue())); }
@Test public void shouldGetExpirationTime() throws Exception { Date expectedDate = new Date(1477592 * 1000); Clock clock = mock(Clock.class); when(clock.getToday()).thenReturn(expectedDate); String token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0Nzc1OTJ9.x_ZjkPkKYUV5tdvc0l8go6D_z2kez1MQcOxokXrDc3k"; JWTVerifier.BaseVerification verification = (JWTVerifier.BaseVerification) JWT.require(Algorithm.HMAC256("secret")); DecodedJWT jwt = verification .build(clock) .verify(token); assertThat(jwt, is(notNullValue())); assertThat(jwt.getExpiresAt(), is(instanceOf(Date.class))); assertThat(jwt.getExpiresAt(), is(notNullValue())); assertThat(jwt.getExpiresAt(), is(equalTo(expectedDate))); }