/** * Extracts the authentication from the token and verify it. * * @param jwt signed jwt string * @return the user authentication * @throws ParseException if the payload of the jwt doesn't represent a valid json object and a jwt claims set * @throws JOSEException if the JWS object couldn't be verified */ public String getAuthenticationFromToken(final String jwt) throws ParseException, JOSEException { if (!configuration.isKnoxEnabled()) { throw new IllegalStateException("Apache Knox SSO is not enabled."); } // attempt to parse the signed jwt final SignedJWT signedJwt = SignedJWT.parse(jwt); // validate the token if (validateToken(signedJwt)) { final JWTClaimsSet claimsSet = signedJwt.getJWTClaimsSet(); if (claimsSet == null) { logger.info("Claims set is missing from Knox JWT."); throw new InvalidAuthenticationException("The Knox JWT token is not valid."); } // extract the user identity from the token return claimsSet.getSubject(); } else { throw new InvalidAuthenticationException("The Knox JWT token is not valid."); } }
SignedJWT jwtToken; try { jwtToken = SignedJWT.parse(serializedJWT); String userName = jwtToken.getJWTClaimsSet().getSubject(); LOG.info("SSO login user : {} ", userName);
private boolean verifyJwt(String jwtToken, String expectedAudience) throws Exception { SignedJWT signedJwt = SignedJWT.parse(jwtToken); JWSHeader jwsHeader = signedJwt.getHeader();
private SignedJWT getSignedJWT(String tokenIdentifier) throws ParseException { return SignedJWT.parse(tokenIdentifier); } }
private SignedJWT createJWS(String token) { try { return SignedJWT.parse(token); } catch (ParseException e) { e.printStackTrace(); return null; } }
public JWTToken(String serializedJWT) throws ParseException { try { jwt = SignedJWT.parse(serializedJWT); } catch (ParseException e) { log.unableToParseToken(e); throw e; } }
public JWTToken(String serializedJWT) throws ParseException { try { jwt = SignedJWT.parse(serializedJWT); } catch (ParseException e) { log.unableToParseToken(e); throw e; } }
/** * Package-private visibility for testing. * @param token used as auth token for communicating with DC/OS * @throws java.text.ParseException if the given token does not parse into a valid token for JWT signing */ public DCOSAuthToken(final String token) throws java.text.ParseException { this.token = token; jWTClaimsSet = SignedJWT.parse(token).getJWTClaimsSet(); }
/** * Package-private visibility for testing. * * @param token token * @throws java.text.ParseException if JWT parsing has issues */ public DCOSAuthToken(final String token) throws java.text.ParseException { this.token = token; jWTClaimsSet = SignedJWT.parse(token).getJWTClaimsSet(); }
private SignedJWT getSignedJWT(String idToken) throws IdentityOAuth2Exception { try { return SignedJWT.parse(idToken); } catch (ParseException e) { String errorMessage = "Error while parsing the JWT."; throw new IdentityOAuth2Exception(errorMessage, e); } }
/** * Returns a signed JSON Web Token (JWT) representation of this * payload. Intended for signed then encrypted JWTs. * * @return The signed JWT representation, {@code null} if the payload * couldn't be converted to a signed JWT. */ public SignedJWT toSignedJWT() { if (signedJWT != null) { return signedJWT; } try { return SignedJWT.parse(toString()); } catch (ParseException e) { return null; } }
private JWTClaimsSet parse(String token) { try { SignedJWT signedJWT = SignedJWT.parse(token); if (signedJWT.getSignature().toString().isEmpty()) { throw new IllegalArgumentException("The token doesn't have a signature"); } // check if payload is a valid JSON object and throws ParseException when it's not return signedJWT.getJWTClaimsSet(); } catch (ParseException e) { throw new IllegalArgumentException( "The token does not conform to signed JWT format. " + e.getMessage()); } }
public static IETFTokenExchangeResponse idToken(String idToken) throws ParseException { IETFTokenExchangeResponse token = new IETFTokenExchangeResponse(); token.additionalInformation.put("issued_token_type", OrcidOauth2Constants.IETF_EXCHANGE_ID_TOKEN ); token.value = idToken; token.tokenType = "N_A"; SignedJWT claims = SignedJWT.parse(idToken); token.expiration = claims.getJWTClaimsSet().getExpirationTime(); return token; }
private boolean verifySignature(String jwt) { try { SignedJWT signedJWT = SignedJWT.parse(jwt); if (new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS)); return signedJWT.verify(verifier); } else { log.info("Token has expired"); } } catch (ParseException | IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | JOSEException e) { log.error("Error occurred while JWT signature verification. JWT=" + jwt, e); } return false; }
private boolean verifySignature(String jwt) { try { SignedJWT signedJWT = SignedJWT.parse(jwt); if (new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS)); return signedJWT.verify(verifier); } else { log.info("Token has expired"); } } catch (ParseException | IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | JOSEException e) { log.error("Error occurred while JWT signature verification", e); } return false; }
private boolean verifySignature(String jwt) { try { SignedJWT signedJWT = SignedJWT.parse(jwt); if (new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS)); return signedJWT.verify(verifier); } else { log.info("Token has expired"); } } catch (ParseException | IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | JOSEException e) { log.error("Error occurred while JWT signature verification. JWT=" + jwt, e); } return false; }
private SignedJWT getSignedJWT(OAuth2TokenValidationMessageContext validationReqDTO) throws ParseException { return SignedJWT.parse(validationReqDTO.getRequestDTO().getAccessToken().getIdentifier()); }
private Future<AuthenticationResult> acquireTokenOnBehalfOf(final String resource, final UserAssertion userAssertion, final ClientAuthentication clientAuthentication, final AuthenticationCallback callback) { Map<String, String> params = new HashMap<String, String>(); params.put("resource", resource); params.put("requested_token_use", "on_behalf_of"); try { AdalOAuthAuthorizationGrant grant = new AdalOAuthAuthorizationGrant( new JWTBearerGrant(SignedJWT.parse(userAssertion.getAssertion())), params); return this.acquireToken(grant, clientAuthentication, callback); } catch (final Exception e) { throw new AuthenticationException(e); } }
private Future<AuthenticationResult> acquireTokenOnBehalfOf(final String resource, final UserAssertion userAssertion, final ClientAuthentication clientAuthentication, final AuthenticationCallback callback) { Map<String, String> params = new HashMap<String, String>(); params.put("resource", resource); params.put("requested_token_use", "on_behalf_of"); try { AdalOAuthAuthorizationGrant grant = new AdalOAuthAuthorizationGrant( new JWTBearerGrant(SignedJWT.parse(userAssertion.getAssertion())), params); return this.acquireToken(grant, clientAuthentication, callback); } catch (final Exception e) { throw new AuthenticationException(e); } }
default boolean validateToken(String token) { try { SignedJWT signed = SignedJWT.parse(token); JWSVerifier verifier = new MACVerifierExtended(getSharedKey(), signed.getJWTClaimsSet()); return signed.verify(verifier); } catch (ParseException ex) { return false; } catch (JOSEException ex) { return false; } } }