throw new InvalidJwtException("MalformedClaimException", new ErrorCodeValidator.Error(ErrorCodes.MALFORMED_CLAIM, "Invalid ExpirationTime Format"), e, jwtContext);
return new Error(ErrorCodes.AUDIENCE_INVALID, sb.toString());
public InvalidJwtSignatureException(JsonWebSignature jws, JwtContext jwtContext) { super("JWT rejected due to invalid signature.", Collections.singletonList(new ErrorCodeValidator.Error(ErrorCodes.SIGNATURE_INVALID, "Invalid JWS Signature: " + jws)), jwtContext); } }
if (key != null && !key.equals(jwe.getKey())) List<ErrorCodeValidator.Error> errors = Collections.singletonList(new ErrorCodeValidator.Error(MISCELLANEOUS, "Key resolution problem.")); throw new InvalidJwtException("The resolved decryption key is different than the one originally used to decrypt the JWE.", errors, jwtContext); ErrorCodeValidator.Error error = new ErrorCodeValidator.Error(ErrorCodes.MISCELLANEOUS, sb.toString()); throw new InvalidJwtException("JWT processing failed." , error, e, jwtContext); ErrorCodeValidator.Error error = new ErrorCodeValidator.Error(ErrorCodes.MISCELLANEOUS, sb.toString()); throw new InvalidJwtException("JWT processing failed." , error, e, jwtContext); List<ErrorCodeValidator.Error> errors = Collections.singletonList(new ErrorCodeValidator.Error(SIGNATURE_MISSING, "Missing signature.")); throw new InvalidJwtException("The JWT has no signature but the JWT Consumer is configured to require one: " + jwtContext.getJwt(), errors, jwtContext); List<ErrorCodeValidator.Error> errors = Collections.singletonList(new ErrorCodeValidator.Error(ENCRYPTION_MISSING, "No encryption.")); throw new InvalidJwtException("The JWT has no encryption but the JWT Consumer is configured to require it: " + jwtContext.getJwt(), errors, jwtContext); List<ErrorCodeValidator.Error> errors = Collections.singletonList(new ErrorCodeValidator.Error(ErrorCodes.INTEGRITY_MISSING, "Missing Integrity Protection")); throw new InvalidJwtException("The JWT has no integrity protection (signature/MAC or symmetric AEAD encryption) " + "but the JWT Consumer is configured to require it: " + jwtContext.getJwt(), errors, jwtContext);
ErrorCodeValidator.Error error = new ErrorCodeValidator.Error(ErrorCodes.MISCELLANEOUS, sb.toString()); throw new InvalidJwtException("JWT processing failed.", error, e, jwtContext); ErrorCodeValidator.Error error = new ErrorCodeValidator.Error(ErrorCodes.MISCELLANEOUS, sb.toString()); throw new InvalidJwtException("JWT processing failed.", error, e, jwtContext);
throw new InvalidJwtException("MalformedClaimException", new ErrorCodeValidator.Error(ErrorCodes.MALFORMED_CLAIM, "Invalid ExpirationTime Format"), e, jwtContext);
return new Error(ErrorCodes.EXPIRED, msg); return new Error(ErrorCodes.MISCELLANEOUS, "The Expiration Time (exp="+expirationTime+") claim value cannot be before the Issued At (iat="+issuedAt+") claim value."); return new Error(ErrorCodes.MISCELLANEOUS, "The Expiration Time (exp="+expirationTime+") claim value cannot be before the Not Before (nbf="+notBefore+") claim value."); return new Error(ErrorCodes.EXPIRATION_TOO_FAR_IN_FUTURE, msg); return new Error(ErrorCodes.NOT_YET_VALID, msg);
void validate(JwtContext jwtCtx) throws InvalidJwtException { List<ErrorCodeValidator.Error> issues = new ArrayList<>(); for (ErrorCodeValidator validator : validators) { ErrorCodeValidator.Error error; try { error = validator.validate(jwtCtx); } catch (MalformedClaimException e) { error = new ErrorCodeValidator.Error(MALFORMED_CLAIM, e.getMessage()); } catch (Exception e) { String msg = "Unexpected exception thrown from validator " + validator.getClass().getName() + ": " + ExceptionHelp.toStringWithCausesAndAbbreviatedStack(e, this.getClass()); error = new ErrorCodeValidator.Error(MISCELLANEOUS, msg); } if (error != null) { issues.add(error); } } if (!issues.isEmpty()) { String msg = "JWT (claims->" + jwtCtx.getJwtClaims().getRawJson() + ") rejected due to invalid claims."; throw new InvalidJwtException(msg, issues, jwtCtx); } }
private JwtClaims(String jsonClaims, JwtContext jwtContext) throws InvalidJwtException { rawJson = jsonClaims; try { Map<String, Object> parsed = JsonUtil.parseJson(jsonClaims); claimsMap = new LinkedHashMap<>(parsed); } catch (JoseException e) { String msg = "Unable to parse what was expected to be the JWT Claim Set JSON: \"" + jsonClaims + "\""; ErrorCodeValidator.Error error = new ErrorCodeValidator.Error(ErrorCodes.JSON_INVALID, "Invalid JSON."); throw new InvalidJwtException(msg, error, e, jwtContext); } }
@Override public Error validate(JwtContext jwtContext) throws MalformedClaimException { JwtClaims jwtClaims = jwtContext.getJwtClaims(); String subject = jwtClaims.getSubject(); if (subject == null && requireSubject) { return MISSING_SUB; } else if (expectedSubject != null && !expectedSubject.equals(subject)) { String msg = "Subject (sub) claim value (" + subject + ") doesn't match expected value of " + expectedSubject; return new Error(ErrorCodes.SUBJECT_INVALID, msg); } return null; } }
@Override public Error validate(JwtContext jwtContext) throws MalformedClaimException { String issuer = jwtContext.getJwtClaims().getIssuer(); if (issuer == null) { return requireIssuer ? new Error(ErrorCodes.ISSUER_MISSING, "No Issuer (iss) claim present but was expecting " + expectedValue()) : null; } if (expectedIssuers != null && !expectedIssuers.contains(issuer)) { return new Error(ErrorCodes.ISSUER_INVALID, "Issuer (iss) claim value (" + issuer + ") doesn't match expected value of " + expectedValue()); } return null; }
@Override public Error validate(JwtContext jwtContext) throws MalformedClaimException { String result = validator.validate(jwtContext); return (result == null) ? null : new Error(ErrorCodes.MISCELLANEOUS, result); } }