private Mono<Jwt> decode(SignedJWT parsedToken) { try { JWKSelector selector = this.jwkSelectorFactory .createSelector(parsedToken.getHeader()); return this.reactiveJwkSource.get(selector) .onErrorMap(e -> new IllegalStateException("Could not obtain the keys", e)) .map(jwkList -> createClaimsSet(parsedToken, jwkList)) .map(set -> createJwt(parsedToken, set)) .map(this::validateJwt) .onErrorMap(e -> !(e instanceof IllegalStateException) && !(e instanceof JwtException), e -> new JwtException("An error occurred while attempting to decode the Jwt: ", e)); } catch (RuntimeException ex) { throw new JwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex); } }
JWSAlgorithm alg = signedJwt.getHeader().getAlgorithm();
JWSAlgorithm alg = jws.getHeader().getAlgorithm();
JWSHeader jwsHeader = signedJwt.getHeader();
String receivedSigAlg = jwtToken.getHeader().getAlgorithm().getName();
@Override public String getHeader() { JWSHeader header = jwt.getHeader(); return header.toString(); }
@Override public String getHeader() { JWSHeader header = jwt.getHeader(); return header.toString(); }
private Mono<Jwt> decode(SignedJWT parsedToken) { try { JWKSelector selector = this.jwkSelectorFactory .createSelector(parsedToken.getHeader()); return this.reactiveJwkSource.get(selector) .onErrorMap(e -> new IllegalStateException("Could not obtain the keys", e)) .map(jwkList -> createClaimsSet(parsedToken, jwkList)) .map(set -> createJwt(parsedToken, set)) .map(this::validateJwt) .onErrorMap(e -> !(e instanceof IllegalStateException) && !(e instanceof JwtException), e -> new JwtException("An error occurred while attempting to decode the Jwt: ", e)); } catch (RuntimeException ex) { throw new JwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex); } }
JWSHeader header = signedJWT.getHeader(); X509Certificate x509Certificate = resolveSignerCertificate(header, idp); if (x509Certificate == null) { String alg = signedJWT.getHeader().getAlgorithm().getName(); if (StringUtils.isEmpty(alg)) { throw new IdentityOAuth2Exception("Algorithm must not be null.");
JWSHeader header = signedJWT.getHeader(); if (x509Certificate == null) { return logAndReturnFalse("Unable to locate certificate for JWT " + header.toString()); String alg = signedJWT.getHeader().getAlgorithm().getName(); if (log.isDebugEnabled()) { log.debug("Signature Algorithm found in the JWT Header: " + alg);
final String cty = jwt.getHeader().getContentType(); if (cty == null || cty.trim().isEmpty()) { // old tokens for migration if (checkWrapped) {
final JWSAlgorithm algorithm = signedJWT.getHeader().getAlgorithm(); for (final SignatureConfiguration config : signatureConfigurations) { if (config.supports(algorithm)) {
JWSAlgorithm alg = signedJwt.getHeader().getAlgorithm();
private Maybe<Client> validateSignature(JWT jwt) { try { String clientId = jwt.getJWTClaimsSet().getSubject(); SignedJWT signedJWT = (SignedJWT) jwt; return this.clientSyncService.findByClientId(clientId) .switchIfEmpty(Maybe.error(new InvalidClientException("Missing or invalid client"))) .flatMap(client -> this.getClientJwkSet(client) .switchIfEmpty(Maybe.error(new InvalidClientException("No jwk keys available on client"))) .flatMap(jwkSet -> jwkService.getKey(jwkSet,signedJWT.getHeader().getKeyID())) .switchIfEmpty(Maybe.error(new InvalidClientException("Unable to validate client, no matching key."))) .flatMap(jwk -> { if (jwsService.isValidSignature(signedJWT, jwk)) { return Maybe.just(client); } return Maybe.error(new InvalidClientException("Unable to validate client, assertion signature is not valid.")); }) ); } catch (ClassCastException | ParseException ex) { LOGGER.error(ex.getMessage(),ex); return Maybe.error(NOT_VALID); } catch (InvalidClientException ex) { return Maybe.error(ex); } }
private Maybe<Client> validateSignature(JWT jwt) { try { String clientId = jwt.getJWTClaimsSet().getSubject(); SignedJWT signedJWT = (SignedJWT) jwt; return this.clientSyncService.findByClientId(clientId) .switchIfEmpty(Maybe.error(new InvalidClientException("Missing or invalid client"))) .flatMap(client -> this.getClientJwkSet(client) .switchIfEmpty(Maybe.error(new InvalidClientException("No jwk keys available on client"))) .flatMap(jwkSet -> jwkService.getKey(jwkSet,signedJWT.getHeader().getKeyID())) .switchIfEmpty(Maybe.error(new InvalidClientException("Unable to validate client, no matching key."))) .flatMap(jwk -> { if (jwsService.isValidSignature(signedJWT, jwk)) { return Maybe.just(client); } return Maybe.error(new InvalidClientException("Unable to validate client, assertion signature is not valid.")); }) ); } catch (ClassCastException | ParseException ex) { LOGGER.error(ex.getMessage(),ex); return Maybe.error(NOT_VALID); } catch (InvalidClientException ex) { return Maybe.error(ex); } }
JWSAlgorithm alg = jws.getHeader().getAlgorithm();