public static JWTClaimsSet deserialize(String serializedToken, byte[] key) { try { JWEObject jweObject = JWEObject.parse(serializedToken); jweObject.decrypt(new DirectDecrypter(key)); SignedJWT signedJWT = jweObject.getPayload().toSignedJWT(); signedJWT.verify(new MACVerifier(key)); JWTClaimsSet jwtClaimsSet = signedJWT.getJWTClaimsSet(); return jwtClaimsSet; } catch (ParseException e) { throw new IllegalStateException(e); } catch (JOSEException e) { throw new IllegalStateException(e); } } }
public IdentityReference deserialize(String token) throws Exception { String sToken = new String(Base64.getDecoder().decode(token)); // Parse the JWE string JWEObject jweObject = JWEObject.parse(sToken); // Decrypt with shared key jweObject.decrypt(new DirectDecrypter(secretKey.getEncoded())); // Extract payload SignedJWT signedJWT = jweObject.getPayload().toSignedJWT(); // Check the HMAC signedJWT.verify(new MACVerifier(secretKey.getEncoded())); // Retrieve the JWT claims return new IdentityReference(signedJWT.getJWTClaimsSet().getIssuer(), signedJWT.getJWTClaimsSet().getSubject()); } }
public IdentityReference deserialize(String token) throws Exception { String sToken = new String(Base64.getDecoder().decode(token)); // Parse the JWE string JWEObject jweObject = JWEObject.parse(sToken); // Decrypt with shared key jweObject.decrypt(new DirectDecrypter(secretKey.getEncoded())); // Extract payload SignedJWT signedJWT = jweObject.getPayload().toSignedJWT(); // Check the HMAC signedJWT.verify(new MACVerifier(secretKey.getEncoded())); // Retrieve the JWT claims return new IdentityReference(signedJWT.getJWTClaimsSet().getIssuer(), signedJWT.getJWTClaimsSet().getSubject()); } }
SignedJWT signedJWTPayload = encryptedJWT.getPayload().toSignedJWT();
EncryptedJWT encryptedJWT = (EncryptedJWT) jwt; decryptEncryptedJWT(encryptedJWT); SignedJWT signedJWT = encryptedJWT.getPayload().toSignedJWT(); if (signedJWT != null) { boolean success = verifySignedJWT(signedJWT) && verifyToken(signedJWT);
try { config.decrypt(encryptedJWT); signedJWT = encryptedJWT.getPayload().toSignedJWT(); if (signedJWT != null) { jwt = signedJWT;
EncryptedJWT encryptedJWT = (EncryptedJWT) jwt; decryptEncryptedJWT(encryptedJWT); SignedJWT signedJWT = encryptedJWT.getPayload().toSignedJWT(); if (signedJWT != null) { boolean success = verifySignedJWT(signedJWT) && verifyToken(signedJWT);