private JWTClaimsSet createClaimsSet(JWT parsedToken, List<JWK> jwkList) { try { return this.jwtProcessor.process(parsedToken, new JWKContext(jwkList)); } catch (BadJOSEException | JOSEException e) { throw new JwtException("Failed to validate the token", e); } }
private Jwt createJwt(String token, JWT parsedJwt) { Jwt jwt; try { // Verify the signature JWTClaimsSet jwtClaimsSet = this.jwtProcessor.process(parsedJwt, null); Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims()); Instant expiresAt = (Instant) claims.get(JwtClaimNames.EXP); Instant issuedAt = (Instant) claims.get(JwtClaimNames.IAT); jwt = new Jwt(token, issuedAt, expiresAt, headers, claims); } catch (RemoteKeySourceException ex) { if (ex.getCause() instanceof ParseException) { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed Jwk set")); } else { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex); } } catch (Exception ex) { if (ex.getCause() instanceof ParseException) { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed payload")); } else { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex); } } return jwt; }
@Test public void processWhenSignedThenOk() throws Exception { RestOperations restOperations = mockJwkSetResponse(JWK_SET); JWTProcessor<SecurityContext> processor = withJwkSetUri(JWK_SET_URI).restOperations(restOperations).build(); assertThat(processor.process(RS256_SIGNED_JWT, null)) .extracting(JWTClaimsSet::getExpirationTime) .isNotNull(); verify(restOperations).exchange(any(RequestEntity.class), eq(String.class)); }
@Test public void processWhenUsingPublicKeyThenSuccessfullyDecodes() throws Exception { JWTProcessor<SecurityContext> processor = JwtProcessors.withPublicKey(key()).build(); assertThat(processor.process(RS256_SIGNED_JWT, null)) .extracting(JWTClaimsSet::getSubject) .isEqualTo("test-subject"); }
@Test public void processWhenUsingPublicKeyWithRs512ThenSuccessfullyDecodes() throws Exception { JWTProcessor<SecurityContext> processor = JwtProcessors .withPublicKey(key()).jwsAlgorithm(JwsAlgorithms.RS512).build(); assertThat(processor.process(RS512_SIGNED_JWT, null)) .extracting(JWTClaimsSet::getSubject) .isEqualTo("test-subject"); }
@Test public void processWhenSignatureMismatchesAlgorithmThenThrowsException() throws Exception { JWTProcessor<SecurityContext> processor = JwtProcessors .withPublicKey(key()).jwsAlgorithm(JwsAlgorithms.RS512).build(); assertThatCode(() -> processor.process(RS256_SIGNED_JWT, null)) .isInstanceOf(BadJOSEException.class); }
private JWTClaimsSet createClaimsSet(JWT parsedToken, List<JWK> jwkList) { try { return this.jwtProcessor.process(parsedToken, new JWKContext(jwkList)); } catch (BadJOSEException | JOSEException e) { throw new JwtException("Failed to validate the token", e); } }