/** * Parses a token */ protected JWTClaimsSet parseToken(String token) { // Parse the JWS and verify it, e.g. on client-side JWSObject jwsObject; try { jwsObject = JWSObject.parse(token); if (jwsObject.verify(verifier)) return JWTClaimsSet.parse(jwsObject.getPayload().toJSONObject()); } catch (JOSEException | ParseException e) { throw new BadCredentialsException(e.getMessage()); } throw new BadCredentialsException("JWS verification failed!"); } }
@Override public String createToken(String aud, String subject, Long expirationMillis, Map<String, Object> claimMap) { Payload payload = createPayload(aud, subject, expirationMillis, claimMap); // Prepare JWS object JWSObject jwsObject = new JWSObject(new JWSHeader(JWSAlgorithm.HS256), payload); try { // Apply the HMAC jwsObject.sign(signer); } catch (JOSEException e) { throw new RuntimeException(e); } // To serialize to compact form, produces something like // eyJhbGciOiJIUzI1NiJ9.SGVsbG8sIHdvcmxkIQ.onO9Ihudz3WkiauDO2Uhyuz0Y18UASXlSc1eS0NkWyA return jwsObject.serialize(); }
List<? extends Key> keyCandidates = getJWSKeySelector().selectJWSKeys(jwsObject.getHeader(), context); JWSVerifier verifier = getJWSVerifierFactory().createJWSVerifier(jwsObject.getHeader(), it.next()); final boolean validSignature = jwsObject.verify(verifier); return jwsObject.getPayload();
/** * Signs this JWS object with the specified signer. The JWS object must * be in a {@link State#UNSIGNED unsigned} state. * * @param signer The JWS signer. Must not be {@code null}. * * @throws IllegalStateException If the JWS object is not in an * {@link State#UNSIGNED unsigned state}. * @throws JOSEException If the JWS object couldn't be signed. */ public synchronized void sign(final JWSSigner signer) throws JOSEException { ensureUnsignedState(); ensureJWSSignerSupport(signer); try { signature = signer.sign(getHeader(), getSigningInput()); } catch (JOSEException e) { throw e; } catch (Exception e) { // Prevent throwing unchecked exceptions at this point, // see issue #20 throw new JOSEException(e.getMessage(), e); } state = State.SIGNED; }
public JWTAuthenticationToken createToken(String token) { try { JWSObject jwsObject = JWSObject.parse(token); String decrypted = jwsObject.getPayload().toString(); try (JsonReader jr = Json.createReader(new StringReader(decrypted))) { JsonObject object = jr.readObject(); String userId = object.getString("sub", null); return new JWTAuthenticationToken(userId, token); } } catch (ParseException ex) { throw new AuthenticationException(ex); } }
try { reader = Files.newBufferedReader(path); JWSObject jwsObject = JWSObject.parse(reader.readLine()); List<String> certificateChain = jwsObject.getHeader().getX509CertChain().stream().map(c -> base64Service.encodeToString(c.decode())) .collect(Collectors.toList()); JWSAlgorithm algorithm = jwsObject.getHeader().getAlgorithm(); if (!jwsObject.verify(verifier)) { log.warn("Unable to verify JWS object using algorithm {} for file {}", algorithm, path); return Collections.emptyMap(); String jwtPayload = jwsObject.getPayload().toString(); JsonNode toc = dataMapperService.readTree(jwtPayload); log.info("Legal header {}", toc.get("legalHeader"));
public UserPrincipal buildUserPrincipal(String idToken) throws ParseException, JOSEException, BadJOSEException { final JWSObject jwsObject = JWSObject.parse(idToken); final ConfigurableJWTProcessor<SecurityContext> validator = getAadJwtTokenValidator(jwsObject.getHeader().getAlgorithm()); final JWTClaimsSet jwtClaimsSet = validator.process(idToken, null); final JWTClaimsSetVerifier<SecurityContext> verifier = validator.getJWTClaimsSetVerifier(); verifier.verify(jwtClaimsSet, null); return new UserPrincipal(jwsObject, jwtClaimsSet); }
private JWSObject verify(final String jwt) throws JwtParseException, JwtVerificationException { try { final JWSObject jwsObject = JWSObject.parse(jwt); if (!jwsObject.verify(verifier)) { throw new JwtSignatureMismatchException(jwt); } return jwsObject; } catch (ParseException e) { throw new JwtParseException(e); } catch (JOSEException e) { throw new JwtSignatureMismatchException(e); } } }
private JWSObject parseJWSObject(String jwt) throws JwtParseException { JWSObject jwsObject; try { jwsObject = JWSObject.parse(jwt); } catch (ParseException e) { throw new JwtParseException(e); } return jwsObject; } }
@Override public JsonObject process(String jwt) throws JWTException { String[] parts = jwt.split("\\."); if(parts.length == 3) { Base64URL first = new Base64URL(parts[0]); Base64URL second = new Base64URL(parts[1]); Base64URL third = new Base64URL(parts[2]); try { String rawJwt = new JWSObject(first, second, third).getPayload().toString(); return Json.createReader(new StringReader(rawJwt)).readObject(); } catch (ParseException e) { throw new JWTException("Unable to parse JWT", e); } } else { return null; } } }
public SimpleUnverifiedJwt parse(String jwt) throws JwtParseException { JWSObject jwsObject = parseJWSObject(jwt); try { JWTClaimsSet claims = JWTClaimsSet.parse(jwsObject.getPayload().toJSONObject()); return new SimpleUnverifiedJwt(jwsObject.getHeader().getAlgorithm().getName(), claims.getIssuer(), claims.getSubject(), jwsObject.getPayload().toString()); } catch (ParseException e) { throw new JwtParseException(e); } }
public String getKid() { return jwsObject == null ? null : jwsObject.getHeader().getKeyID(); }
@Nonnull @Override public String jsonToJwt(@Nonnull String json) throws JwtSigningException { // Serialise JWS object to compact format return generateJwsObject(json).serialize(); }
public JWTClaimsSet parse(String jwt) throws JwtParseException { JWSObject jwsObject = parseJWSObject(jwt); try { return JWTClaimsSet.parse(jwsObject.getPayload().toJSONObject()); } catch (ParseException e) { throw new JwtParseException(e); } }
throws JOSEException { ensureSignedOrVerifiedState(); verified = verifier.verify(getHeader(), getSigningInput(), getSignature());
/** * Parses a JWS object from the specified string in compact format. The * parsed JWS object will be given a {@link State#SIGNED} state. * * @param s The string to parse. Must not be {@code null}. * * @return The JWS object. * * @throws ParseException If the string couldn't be parsed to a valid * JWS object. */ public static JWSObject parse(final String s) throws ParseException { Base64URL[] parts = JOSEObject.split(s); if (parts.length != 3) { throw new ParseException("Unexpected number of Base64URL parts, must be three", 0); } return new JWSObject(parts[0], parts[1], parts[2]); } }
/** * Returns a string representation of this payload. * * @return The string representation. */ @Override public String toString() { if (string != null) { return string; } // Convert if (jwsObject != null) { if (jwsObject.getParsedString() != null) { return jwsObject.getParsedString(); } else { return jwsObject.serialize(); } } else if (jsonObject != null) { return jsonObject.toString(); } else if (bytes != null) { return byteArrayToString(bytes); } else if (base64URL != null) { return base64URL.decodeToString(); } else { return null; // should never happen } }
public static boolean verify(JWSObject jwsObject) throws JOSEException { JWSVerifier verifier = new MACVerifier(JWT.SHARED_SECRET); return jwsObject.verify(verifier); }