public static IDToken extractIdToken(String idToken) { if (idToken == null) return null; try { JWSInput input = new JWSInput(idToken); return input.readJsonContent(IDToken.class); } catch (JWSInputException e) { throw new RuntimeException(e); } }
@POST @Consumes(MediaType.TEXT_PLAIN) @Path("/admin/k_logout") public void adminLogout(String data) throws JWSInputException { adminLogoutActions.add(new JWSInput(data).readJsonContent(LogoutAction.class)); }
@POST @Consumes(MediaType.TEXT_PLAIN) @Path("/admin/k_push_not_before") public void adminPushNotBefore(String data) throws JWSInputException { adminPushNotBeforeActions.add(new JWSInput(data).readJsonContent(PushNotBeforeAction.class)); }
@POST @Consumes(MediaType.TEXT_PLAIN) @Path("/admin/k_test_available") public void testAvailable(String data) throws JWSInputException { adminTestAvailabilityAction.add(new JWSInput(data).readJsonContent(TestAvailabilityAction.class)); }
private void logToken(String name, String token) { try { JWSInput jwsInput = new JWSInput(token); String wireString = jwsInput.getWireString(); log.tracef("\t%s: %s", name, wireString.substring(0, wireString.lastIndexOf(".")) + ".signature"); } catch (JWSInputException e) { log.errorf(e, "Failed to parse %s: %s", name, token); } } }
public static RefreshToken getRefreshToken(String refreshToken) throws JWSInputException { byte[] encodedContent = new JWSInput(refreshToken).getContent(); return getRefreshToken(encodedContent); }
JWSInput token = null; try { token = new JWSInput(input); } catch (JWSInputException e) { logger.warn("Failed to verify logout request");
public TokenVerifier<T> parse() throws VerificationException { if (jws == null) { if (tokenString == null) { throw new VerificationException("Token not set"); } try { jws = new JWSInput(tokenString); } catch (JWSInputException e) { throw new VerificationException("Failed to parse JWT", e); } try { token = jws.readJsonContent(clazz); } catch (JWSInputException e) { throw new VerificationException("Failed to read access token from JWT", e); } } return this; }
public static boolean validPasswordToken(RealmModel realm, UserModel user, String encodedPasswordToken) { try { JWSInput jws = new JWSInput(encodedPasswordToken); if (!RSAProvider.verify(jws, realm.getPublicKey())) { return false; } PasswordToken passwordToken = jws.readJsonContent(PasswordToken.class); if (!passwordToken.getRealm().equals(realm.getName())) { return false; } if (!passwordToken.getUser().equals(user.getId())) { return false; } if (Time.currentTime() - passwordToken.getTimestamp() > realm.getAccessCodeLifespanUserAction()) { return false; } return true; } catch (JWSInputException e) { return false; } }
if (idTokenString != null && idTokenString.length() > 0) { try { JWSInput input = new JWSInput(idTokenString); idToken = input.readJsonContent(IDToken.class); } catch (JWSInputException e) {
if (log.isTraceEnabled()) { try { JWSInput jwsInput = new JWSInput(tokenString); String wireString = jwsInput.getWireString(); log.tracef("\taccess_token: %s", wireString.substring(0, wireString.lastIndexOf(".")) + ".signature");
private void parseAccessToken(AccessTokenResponse tokenResponse) throws VerificationException { tokenString = tokenResponse.getToken(); refreshToken = tokenResponse.getRefreshToken(); idTokenString = tokenResponse.getIdToken(); token = RSATokenVerifier.verifyToken(tokenString, deployment.getRealmKey(), deployment.getRealm()); if (idTokenString != null) { JWSInput input = new JWSInput(idTokenString); try { idToken = input.readJsonContent(IDToken.class); } catch (IOException e) { throw new VerificationException(); } } }
JWSInput input = new JWSInput(tokenString); token = input.readJsonContent(AccessToken.class); } catch (JWSInputException e) {
public static void verify(String privateKeyPem, String publicKeyPem) throws VerificationException { PrivateKey privateKey; try { privateKey = PemUtils.decodePrivateKey(privateKeyPem); } catch (Exception e) { throw new VerificationException("Failed to decode private key"); } PublicKey publicKey; try { publicKey = PemUtils.decodePublicKey(publicKeyPem); } catch (Exception e) { throw new VerificationException("Failed to decode public key"); } try { String jws = new JWSBuilder().content("content".getBytes()).rsa256(privateKey); if (!RSAProvider.verify(new JWSInput(jws), publicKey)) { throw new VerificationException("Keys don't match"); } } catch (Exception e) { throw new VerificationException("Keys don't match"); } }
protected JWSInput verifyAdminRequest() throws Exception { if (!facade.getRequest().isSecure() && deployment.getSslRequired().isRequired(facade.getRequest().getRemoteAddr())) { log.warn("SSL is required for adapter admin action"); facade.getResponse().sendError(403, "ssl required"); return null; } String token = StreamUtil.readString(facade.getRequest().getInputStream()); if (token == null) { log.warn("admin request failed, no token"); facade.getResponse().sendError(403, "no token"); return null; } try { // Check just signature. Other things checked in validateAction TokenVerifier tokenVerifier = AdapterTokenVerifier.createVerifier(token, deployment, false, JsonWebToken.class); tokenVerifier.verify(); return new JWSInput(token); } catch (VerificationException ignore) { log.warn("admin request failed, unable to verify token: " + ignore.getMessage()); if (log.isDebugEnabled()) { log.debug(ignore.getMessage(), ignore); } facade.getResponse().sendError(403, "token failed verification"); return null; } }
String refreshTokenValue = clientToken.getRefreshToken(); try { RefreshToken refreshToken = JsonSerialization.readValue(new JWSInput(refreshTokenValue).getContent(), RefreshToken.class); if (!refreshToken.isActive() || !isTokenTimeToLiveSufficient(refreshToken)) { log.debug("Refresh token is expired."); AccessToken accessToken = JsonSerialization.readValue(new JWSInput(token).getContent(), AccessToken.class);
JWSInput jws = new JWSInput(encodedToken); if (!verify(jws, key)) { throw new IdentityBrokerException("token signature validation failed");
private AccessToken parseToken(String tokenString) throws VerificationException { JWSInput input = new JWSInput(tokenString); AccessToken token; try { token = input.readJsonContent(AccessToken.class); } catch (IOException e) { throw new VerificationException(e); } PublicKey publicKey; try { publicKey = config.getPublicKey(token.getAudience()); } catch (Exception e) { throw new VerificationException("Failed to get public key", e); } boolean verified = false; try { verified = RSAProvider.verify(input, publicKey); } catch (Exception ignore) { } if (!verified) throw new VerificationException("Token signature not validated"); if (token.getSubject() == null) { throw new VerificationException("Token user was null"); } if (!token.isActive()) { throw new VerificationException("Token is not active."); } return token; }