boolean valid = false; final JWTClaimsSet claimsSet = jwtToken.getJWTClaimsSet(); if (claimsSet == null) { logger.error("Claims set is missing from Knox JWT.");
final JWTClaimsSet claimsSet = jwtToken.getJWTClaimsSet(); if (claimsSet == null) { logger.error("Claims set is missing from Knox JWT.");
@Override public JWTClaimsSet process(SignedJWT signedJWT, SecurityContext context) throws BadJOSEException, JOSEException { try { return signedJWT.getJWTClaimsSet(); } catch (ParseException e) { // Payload not a JSON object throw new BadJWTException(e.getMessage(), e); } } }
/** * Extracts the authentication from the token and verify it. * * @param jwt signed jwt string * @return the user authentication * @throws ParseException if the payload of the jwt doesn't represent a valid json object and a jwt claims set * @throws JOSEException if the JWS object couldn't be verified */ public String getAuthenticationFromToken(final String jwt) throws ParseException, JOSEException { if (!configuration.isKnoxEnabled()) { throw new IllegalStateException("Apache Knox SSO is not enabled."); } // attempt to parse the signed jwt final SignedJWT signedJwt = SignedJWT.parse(jwt); // validate the token if (validateToken(signedJwt)) { final JWTClaimsSet claimsSet = signedJwt.getJWTClaimsSet(); if (claimsSet == null) { logger.info("Claims set is missing from Knox JWT."); throw new InvalidAuthenticationException("The Knox JWT token is not valid."); } // extract the user identity from the token return claimsSet.getSubject(); } else { throw new InvalidAuthenticationException("The Knox JWT token is not valid."); } }
request.setClientId(signedJwt.getJWTClaimsSet().getStringClaim(CLIENT_ID));
/** * Validates a Knox token with expiration and begin times and verifies the token with a public Knox key. * @param jwtToken Knox token * @param userName User name associated with the token * @return Whether a token is valid or not * @throws ParseException JWT Token could not be parsed. */ protected boolean isValid(SignedJWT jwtToken, String userName) throws ParseException { // Verify the user name is present if (userName == null || userName.isEmpty()) { LOG.info("Could not find user name in SSO token"); return false; } Date now = new Date(); // Verify the token has not expired Date expirationTime = jwtToken.getJWTClaimsSet().getExpirationTime(); if (expirationTime != null && now.after(expirationTime)) { LOG.info("SSO token expired: {} ", userName); return false; } // Verify the token is not before time Date notBeforeTime = jwtToken.getJWTClaimsSet().getNotBeforeTime(); if (notBeforeTime != null && now.before(notBeforeTime)) { LOG.info("SSO token not yet valid: {} ", userName); return false; } return validateSignature(jwtToken); }
try { jwtToken = SignedJWT.parse(serializedJWT); String userName = jwtToken.getJWTClaimsSet().getSubject(); LOG.info("SSO login user : {} ", userName); if (isValid(jwtToken, userName)) {
Preconditions.checkNotNull(jwsHeader.getKeyID()); JWTClaimsSet claims = signedJwt.getJWTClaimsSet();
/** * Package-private visibility for testing. * @param token used as auth token for communicating with DC/OS * @throws java.text.ParseException if the given token does not parse into a valid token for JWT signing */ public DCOSAuthToken(final String token) throws java.text.ParseException { this.token = token; jWTClaimsSet = SignedJWT.parse(token).getJWTClaimsSet(); }
private Date getExpirationDate(SignedJWT token) { try { return token.getJWTClaimsSet() .getExpirationTime(); } catch (ParseException e) { e.printStackTrace(); return null; } } }
@Override public String[] getAudienceClaims() { String[] claims = null; try { claims = jwt.getJWTClaimsSet().getStringArrayClaim(JWT.AUDIENCE); } catch (ParseException e) { log.unableToParseToken(e); } return claims; }
@Override public Date getNotBeforeDate() { Date date = null; try { date = jwt.getJWTClaimsSet().getNotBeforeTime(); } catch (ParseException e) { log.unableToParseToken(e); } return date; }
@Override public String getClaim(String claimName) { String claim = null; try { claim = jwt.getJWTClaimsSet().getStringClaim(claimName); } catch (ParseException e) { log.unableToParseToken(e); } return claim; }
@Override public Date getExpiresDate() { Date date = null; try { date = jwt.getJWTClaimsSet().getExpirationTime(); } catch (ParseException e) { log.unableToParseToken(e); } return date; }
@Override public Date getExpiresDate() { Date date = null; try { date = jwt.getJWTClaimsSet().getExpirationTime(); } catch (ParseException e) { log.unableToParseToken(e); } return date; }
@Override public Date getNotBeforeDate() { Date date = null; try { date = jwt.getJWTClaimsSet().getNotBeforeTime(); } catch (ParseException e) { log.unableToParseToken(e); } return date; }
public static IETFTokenExchangeResponse idToken(String idToken) throws ParseException { IETFTokenExchangeResponse token = new IETFTokenExchangeResponse(); token.additionalInformation.put("issued_token_type", OrcidOauth2Constants.IETF_EXCHANGE_ID_TOKEN ); token.value = idToken; token.tokenType = "N_A"; SignedJWT claims = SignedJWT.parse(idToken); token.expiration = claims.getJWTClaimsSet().getExpirationTime(); return token; }
@Override public String getClaims() { String c = null; JWTClaimsSet claims = null; try { claims = jwt.getJWTClaimsSet(); c = claims.toJSONObject().toJSONString(); } catch (ParseException e) { log.unableToParseToken(e); } return c; }
@Override public String getClaims() { String c = null; JWTClaimsSet claims; try { claims = jwt.getJWTClaimsSet(); c = claims.toJSONObject().toJSONString(); } catch (ParseException e) { log.unableToParseToken(e); } return c; }
default boolean validateToken(String token) { try { SignedJWT signed = SignedJWT.parse(token); JWSVerifier verifier = new MACVerifierExtended(getSharedKey(), signed.getJWTClaimsSet()); return signed.verify(verifier); } catch (ParseException ex) { return false; } catch (JOSEException ex) { return false; } } }