public String getKid() { return jwsObject == null ? null : jwsObject.getHeader().getKeyID(); }
public String getKid() { return jwsObject == null ? null : jwsObject.getHeader().getKeyID(); }
private void validateRequiredHeaders(JWSObject jwsObject) throws MissingRequiredHeaderException { if (jwsObject.getHeader().getAlgorithm() == null || jwsObject.getHeader().getAlgorithm() == Algorithm.NONE) { throw new MissingRequiredHeaderException(Header.ALGORITHM); } if (jwsObject.getHeader().getKeyID() == null) { throw new MissingRequiredHeaderException(Header.KEY_ID); } }
kid = ((JWSObject) joseObject).getHeader().getKeyID(); } else if (joseObject instanceof JWEObject) { kid = ((JWEObject) joseObject).getHeader().getKeyID();
final String keyID = header.getKeyID();
/** * Creates a new JWS header builder with the parameters from * the specified header. * * @param jwsHeader The JWS header to use. Must not not be * {@code null}. */ public Builder(final JWSHeader jwsHeader) { this(jwsHeader.getAlgorithm()); typ = jwsHeader.getType(); cty = jwsHeader.getContentType(); crit = jwsHeader.getCriticalParams(); jku = jwsHeader.getJWKURL(); jwk = jwsHeader.getJWK(); x5u = jwsHeader.getX509CertURL(); x5t = jwsHeader.getX509CertThumbprint(); x5t256 = jwsHeader.getX509CertSHA256Thumbprint(); x5c = jwsHeader.getX509CertChain(); kid = jwsHeader.getKeyID(); customParams = jwsHeader.getCustomParams(); }
JWSObject jwsObject = JWSObject.parse(validator.getToken()); payload.put("algorithm", jwsObject.getHeader().getAlgorithm().getName()); payload.put("keyid", jwsObject.getHeader().getKeyID()); } catch (final ParseException e) {
/** * Deep copy constructor. * * @param jwsHeader The JWS header to copy. Must not be {@code null}. */ public JWSHeader(final JWSHeader jwsHeader) { this( jwsHeader.getAlgorithm(), jwsHeader.getType(), jwsHeader.getContentType(), jwsHeader.getCriticalParams(), jwsHeader.getJWKURL(), jwsHeader.getJWK(), jwsHeader.getX509CertURL(), jwsHeader.getX509CertThumbprint(), jwsHeader.getX509CertSHA256Thumbprint(), jwsHeader.getX509CertChain(), jwsHeader.getKeyID(), jwsHeader.getCustomParams(), jwsHeader.getParsedBase64URL() ); }
private Maybe<Client> validateSignature(JWT jwt) { try { String clientId = jwt.getJWTClaimsSet().getSubject(); SignedJWT signedJWT = (SignedJWT) jwt; return this.clientSyncService.findByClientId(clientId) .switchIfEmpty(Maybe.error(new InvalidClientException("Missing or invalid client"))) .flatMap(client -> this.getClientJwkSet(client) .switchIfEmpty(Maybe.error(new InvalidClientException("No jwk keys available on client"))) .flatMap(jwkSet -> jwkService.getKey(jwkSet,signedJWT.getHeader().getKeyID())) .switchIfEmpty(Maybe.error(new InvalidClientException("Unable to validate client, no matching key."))) .flatMap(jwk -> { if (jwsService.isValidSignature(signedJWT, jwk)) { return Maybe.just(client); } return Maybe.error(new InvalidClientException("Unable to validate client, assertion signature is not valid.")); }) ); } catch (ClassCastException | ParseException ex) { LOGGER.error(ex.getMessage(),ex); return Maybe.error(NOT_VALID); } catch (InvalidClientException ex) { return Maybe.error(ex); } }
/** * Factory method to create a signature verifiable jwt. * * @param jwsObject a json web signature object * @param claims jwt claims set * @return a signature verifiable jwt * @throws UnsupportedAlgorithmException if the signing algorithm is not supported */ public static VerifiableJwt buildVerifiableJwt(JWSObject jwsObject, JWTClaimsSet claims) throws UnsupportedAlgorithmException { Jwt unverifiedJwt = JwtBuilder.newJwt() .algorithm(getSigningAlgorithm(jwsObject.getHeader().getAlgorithm().getName())) .keyId(jwsObject.getHeader().getKeyID()) .issuer(claims.getIssuer()) .subject(option(claims.getSubject())) .audience(claims.getAudience()) .expirationTime(DATE_TO_DATETIME.apply(claims.getExpirationTime())) .issuedAt(DATE_TO_DATETIME.apply(claims.getIssueTime())) .notBefore(option(claims.getNotBeforeTime()).map(DATE_TO_DATETIME)) .build(); return new NimbusVerifiableJwt(unverifiedJwt, jwsObject); }
private Maybe<Client> validateSignature(JWT jwt) { try { String clientId = jwt.getJWTClaimsSet().getSubject(); SignedJWT signedJWT = (SignedJWT) jwt; return this.clientSyncService.findByClientId(clientId) .switchIfEmpty(Maybe.error(new InvalidClientException("Missing or invalid client"))) .flatMap(client -> this.getClientJwkSet(client) .switchIfEmpty(Maybe.error(new InvalidClientException("No jwk keys available on client"))) .flatMap(jwkSet -> jwkService.getKey(jwkSet,signedJWT.getHeader().getKeyID())) .switchIfEmpty(Maybe.error(new InvalidClientException("Unable to validate client, no matching key."))) .flatMap(jwk -> { if (jwsService.isValidSignature(signedJWT, jwk)) { return Maybe.just(client); } return Maybe.error(new InvalidClientException("Unable to validate client, assertion signature is not valid.")); }) ); } catch (ClassCastException | ParseException ex) { LOGGER.error(ex.getMessage(),ex); return Maybe.error(NOT_VALID); } catch (InvalidClientException ex) { return Maybe.error(ex); } }