@Override public Map<String, Object> verify(String token) throws TokenVerifyException { Args.notEmpty(token, "token"); String[] parts = Strings.split(token, '.'); if (parts.length < 2 || parts.length > 3) { throw new TokenVerifyException(ErrorCode.INVALID_TOKEN, "Invalid jwt token, wrong number of parts: " + parts.length); } String content; String payload; String signature; if (parts.length == 2) { content = parts[0]; payload = parts[0]; signature = parts[1]; } else { content = parts[0] + "." + parts[1]; payload = parts[1]; signature = parts[2]; } if (payload.isEmpty() || signature.isEmpty()) { throw new TokenVerifyException(ErrorCode.INVALID_TOKEN, "Invalid jwt token, both payload and signature parts must not be empty"); } return verify(content, payload, signature); }
protected Map<String, Object> verify(String content, String payload, String signature) { if (!verifySignature(content, signature)) { throw new TokenVerifyException(ErrorCode.INVALID_SIGNATURE, "Signature verification failed"); } JsonValue json; try { json = JSON.parse(JWT.base64UrlDeocodeToString(payload)); } catch (Exception e) { throw new TokenVerifyException(ErrorCode.INVALID_PAYLOAD, "Parse payload as json object failed, " + e.getMessage()); } if (!json.isMap()) { throw new TokenVerifyException(ErrorCode.INVALID_PAYLOAD, "The payload must be json object '{..}'"); } //get claims Map<String, Object> claims = json.asMap(); //verify expiration verifyExpiration(claims); return claims; }
JwtVerifier verifier = rsc.getJwtVerifier(); if(verifier == null){ throw new TokenVerifyException(TokenVerifyException.ErrorCode.VERIFY_FAILED, "the jwt verifier must be specified!");