private Jwt createJwt(JWT parsedJwt, JWTClaimsSet jwtClaimsSet) { Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims()); Instant expiresAt = (Instant) claims.get(JwtClaimNames.EXP); Instant issuedAt = (Instant) claims.get(JwtClaimNames.IAT); return new Jwt(parsedJwt.getParsedString(), issuedAt, expiresAt, headers, claims); }
private Jwt createJwt(String token, JWT parsedJwt) { Jwt jwt; try { // Verify the signature JWTClaimsSet jwtClaimsSet = this.jwtProcessor.process(parsedJwt, null); Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims()); Instant expiresAt = (Instant) claims.get(JwtClaimNames.EXP); Instant issuedAt = (Instant) claims.get(JwtClaimNames.IAT); jwt = new Jwt(token, issuedAt, expiresAt, headers, claims); } catch (RemoteKeySourceException ex) { if (ex.getCause() instanceof ParseException) { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed Jwk set")); } else { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex); } } catch (Exception ex) { if (ex.getCause() instanceof ParseException) { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed payload")); } else { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex); } } return jwt; }
for (String claim : claimSet.getClaims().keySet()) { switch (claim) { case SOFTWARE_STATEMENT:
for (String claim : claimSet.getClaims().keySet()) { switch (claim) { case SOFTWARE_STATEMENT:
public Map<String, Object> getClaims() { return jwtClaimsSet == null ? null : jwtClaimsSet.getClaims(); }
public Map<String, Object> getClaims() { return jwtClaimsSet == null ? null : jwtClaimsSet.getClaims(); }
public JwtAuthToken(JWTClaimsSet jwtClaims) { if (jwtClaims != null) { claims.putAll(jwtClaims.getClaims()); } }
public JwtAuthToken(JWTClaimsSet jwtClaims) { if (jwtClaims != null) { claims.putAll(jwtClaims.getClaims()); } }
public Authentication getAuthentication(HttpServletRequest request) throws Exception { String idToken = request.getHeader(jwtConfiguration.getHttpHeader()); if (idToken != null) { JWTClaimsSet claimsSet = null; claimsSet = configurableJWTProcessor.process(stripBearerToken(idToken), null); if (!isIssuedCorrectly(claimsSet)) { throw new Exception(String.format("Issuer %s in JWT token doesn't match cognito idp %s", claimsSet.getIssuer(), jwtConfiguration.getCognitoIdentityPoolUrl())); } if (!isIdToken(claimsSet)) { throw new Exception("JWT Token doesn't seem to be an ID Token"); } String username = claimsSet.getClaims().get(jwtConfiguration.getUserNameField()).toString(); if (username != null) { List<String> groups = (List<String>) claimsSet.getClaims().get(jwtConfiguration.getGroupsField()); List<GrantedAuthority> grantedAuthorities = convertList(groups, group -> new SimpleGrantedAuthority(ROLE_PREFIX + group.toUpperCase())); User user = new User(username, EMPTY_PWD, grantedAuthorities); jwtIdTokenCredentialsHolder.setIdToken(stripBearerToken(idToken)); return new JwtAuthentication(user, claimsSet, grantedAuthorities); } } logger.trace("No idToken found in HTTP Header"); return null; }
final Map<String, Object> attributes = new HashMap<>(claimSet.getClaims()); attributes.remove(JwtClaims.SUBJECT);
public AuthenticationResult validate(String token) { try { JWTClaimsSet claimsSet = processor.process(token, null); return AuthenticationResult.valid(claimsSet.getClaims()); } catch(RemoteKeySourceException ex) { return AuthenticationResult.failed(ex.getMessage()); } catch (ParseException | JOSEException | BadJOSEException ex) { return AuthenticationResult.invalid(ex.getMessage()); } } }
private Jwt createJwt(String token, JWT parsedJwt) { Jwt jwt; try { // Verify the signature JWTClaimsSet jwtClaimsSet = this.jwtProcessor.process(parsedJwt, null); Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); Map<String, Object> claims = this.claimSetConverter.convert(jwtClaimsSet.getClaims()); Instant expiresAt = (Instant) claims.get(JwtClaimNames.EXP); Instant issuedAt = (Instant) claims.get(JwtClaimNames.IAT); jwt = new Jwt(token, issuedAt, expiresAt, headers, claims); } catch (RemoteKeySourceException ex) { if (ex.getCause() instanceof ParseException) { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed Jwk set")); } else { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex); } } catch (Exception ex) { if (ex.getCause() instanceof ParseException) { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, "Malformed payload")); } else { throw new JwtException(String.format(DECODING_ERROR_MESSAGE_TEMPLATE, ex.getMessage()), ex); } } return jwt; }
private Jwt createJwt(JWT parsedJwt, JWTClaimsSet jwtClaimsSet) { Instant expiresAt = null; if (jwtClaimsSet.getExpirationTime() != null) { expiresAt = jwtClaimsSet.getExpirationTime().toInstant(); } Instant issuedAt = null; if (jwtClaimsSet.getIssueTime() != null) { issuedAt = jwtClaimsSet.getIssueTime().toInstant(); } else if (expiresAt != null) { // Default to expiresAt - 1 second issuedAt = Instant.from(expiresAt).minusSeconds(1); } Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); return new Jwt(parsedJwt.getParsedString(), issuedAt, expiresAt, headers, jwtClaimsSet.getClaims()); }
@Override public Jwt decode(String token) throws JwtException { Jwt jwt; try { JWT parsedJwt = JWTParser.parse(token); // Verify the signature JWTClaimsSet jwtClaimsSet = this.jwtProcessor.process(parsedJwt, null); Instant expiresAt = jwtClaimsSet.getExpirationTime().toInstant(); Instant issuedAt; if (jwtClaimsSet.getIssueTime() != null) { issuedAt = jwtClaimsSet.getIssueTime().toInstant(); } else { // issuedAt is required in SecurityToken so let's default to expiresAt - 1 second issuedAt = Instant.from(expiresAt).minusSeconds(1); } Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); jwt = new Jwt(token, issuedAt, expiresAt, headers, jwtClaimsSet.getClaims()); } catch (Exception ex) { throw new JwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex); } return jwt; } }
/** * Encrypt id token. * * @param client the client * @param idClaims the id claims */ private JWT encryptIdToken(final ClientDetailsEntity client, final JWTClaimsSet.Builder idClaims) { log.debug("Locating encrypter service for client {}", client.getClientId()); final JWTEncryptionAndDecryptionService encrypter = encrypters.getEncrypter(client); if (encrypter == null) { log.error("Couldn't find encrypter for client: {} ", client.getClientId()); return null; } log.debug("Found encrypter service for client {}.", client.getClientId()); final JWTClaimsSet claims = idClaims.build(); final EncryptedJWT idToken = new EncryptedJWT(new JWEHeader(client.getIdTokenEncryptedResponseAlg(), client.getIdTokenEncryptedResponseEnc()), claims); log.debug("Encrypting idToken with response alg {} and response encoding {} and claims {}", client.getIdTokenEncryptedResponseAlg(), client.getIdTokenEncryptedResponseEnc(), claims.getClaims().keySet()); encrypter.encryptJwt(idToken); return idToken; }
static UserInfo createFromIdTokenClaims(final JWTClaimsSet claims) throws java.text.ParseException { if (claims == null || claims.getClaims().size() == 0) { return null;
static UserInfo createFromIdTokenClaims(final JWTClaimsSet claims) throws java.text.ParseException { if (claims == null || claims.getClaims().size() == 0) { return null;
userInfoClaimsSet = userInfoSuccessResponse.getUserInfoJWT().getJWTClaimsSet(); getProfileDefinition().convertAndAdd(profile, userInfoClaimsSet.getClaims(), null); for (final Map.Entry<String, Object> entry : idToken.getJWTClaimsSet().getClaims().entrySet()) { final String key = entry.getKey(); final Object value = entry.getValue();
for (String claim : claimSet.getClaims().keySet()) { switch (claim) { case SOFTWARE_STATEMENT:
for (String claim : claimSet.getClaims().keySet()) { switch (claim) { case SOFTWARE_STATEMENT: