Examples with JWTVerifier - com.auth0.jwt.JWTVerifier

Example 96 with JWTVerifier

use of com.auth0.jwt.JWTVerifier in project conWasteJiNing by Yingjie-tian.

the class JwtUtils method verifyToken.

/**
 * 解密jwt
 * @param token
 * @return
 * @throws RuntimeException
 */
public static Map<String, String> verifyToken(String token) throws RuntimeException {
    Algorithm algorithm = null;
    try {
        // 使用HMAC256进行加密
        algorithm = Algorithm.HMAC256(SECRET);
    } catch (IllegalArgumentException | UnsupportedEncodingException e) {
        throw new RuntimeException(e);
    }
    // 解密
    JWTVerifier verifier = JWT.require(algorithm).withIssuer(ISSUER).build();
    DecodedJWT jwt = verifier.verify(token);
    Map<String, Claim> map = jwt.getClaims();
    Map<String, String> resultMap = new HashMap<>();
    map.forEach((k, v) -> resultMap.put(k, v.asString()));
    return resultMap;
}

Also used : HashMap(java.util.HashMap) UnsupportedEncodingException(java.io.UnsupportedEncodingException) Algorithm(com.auth0.jwt.algorithms.Algorithm) JWTVerifier(com.auth0.jwt.JWTVerifier) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) Claim(com.auth0.jwt.interfaces.Claim)

Example 97 with JWTVerifier

use of com.auth0.jwt.JWTVerifier in project fizz-gateway-community by wehotel.

the class JwtAuthPluginFilter method verify.

/**
 * Verify JWT
 *
 * @param token
 * @param secretKey key for HS256/HS384/HS512
 * @param publicKey pub key for RSA or ECDSA
 * @return
 * @throws Exception
 */
public DecodedJWT verify(String token, String secretKey, String publicKey) {
    try {
        DecodedJWT jwt = JWT.decode(token);
        String alg = jwt.getAlgorithm();
        Algorithm algorithm = null;
        switch(alg) {
            case "HS256":
                algorithm = Algorithm.HMAC256(secretKey);
                break;
            case "HS384":
                algorithm = Algorithm.HMAC384(secretKey);
                break;
            case "HS512":
                algorithm = Algorithm.HMAC512(secretKey);
                break;
            case "RS256":
                algorithm = Algorithm.RSA256((RSAPublicKey) PemUtils.readPublicKeyFromString(publicKey, RSA), null);
                break;
            case "RS384":
                algorithm = Algorithm.RSA384((RSAPublicKey) PemUtils.readPublicKeyFromString(publicKey, RSA), null);
                break;
            case "RS512":
                algorithm = Algorithm.RSA512((RSAPublicKey) PemUtils.readPublicKeyFromString(publicKey, RSA), null);
                break;
            case "ES256":
                algorithm = Algorithm.ECDSA256((ECPublicKey) PemUtils.readPublicKeyFromString(publicKey, EC), null);
                break;
            case "ES256K":
                algorithm = Algorithm.ECDSA256K((ECPublicKey) PemUtils.readPublicKeyFromString(publicKey, EC), null);
                break;
            case "ES384":
                algorithm = Algorithm.ECDSA384((ECPublicKey) PemUtils.readPublicKeyFromString(publicKey, EC), null);
                break;
            case "ES512":
                algorithm = Algorithm.ECDSA512((ECPublicKey) PemUtils.readPublicKeyFromString(publicKey, EC), null);
                break;
        }
        if (algorithm == null) {
            // Algorithm NOT Supported
            log.warn("{} Algorithm NOT Supported", alg);
        } else {
            JWTVerifier verifier = JWT.require(algorithm).build();
            try {
                return verifier.verify(token);
            } catch (JWTVerificationException e) {
                // Verification failed
                log.warn("JWT verification failed: {}", e.getMessage());
            }
        }
    } catch (Exception e) {
        log.warn("JWT verification exception", e);
    }
    return null;
}

Also used : JWTVerificationException(com.auth0.jwt.exceptions.JWTVerificationException) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) Algorithm(com.auth0.jwt.algorithms.Algorithm) JWTVerifier(com.auth0.jwt.interfaces.JWTVerifier) JWTVerificationException(com.auth0.jwt.exceptions.JWTVerificationException)

Example 98 with JWTVerifier

use of com.auth0.jwt.JWTVerifier in project structr by structr.

the class JWTHelper method validateTokenWithSecret.

private static Map<String, Claim> validateTokenWithSecret(String token, String secret) {
    try {
        Algorithm alg = Algorithm.HMAC256(secret.getBytes(StandardCharsets.UTF_8));
        JWTVerifier verifier = JWT.require(alg).build();
        DecodedJWT decodedJWT = verifier.verify(token);
        return decodedJWT.getClaims();
    } catch (JWTVerificationException e) {
        logger.debug("Invalid token", e);
    }
    return null;
}

Also used : JWTVerificationException(com.auth0.jwt.exceptions.JWTVerificationException) Algorithm(com.auth0.jwt.algorithms.Algorithm) JWTVerifier(com.auth0.jwt.JWTVerifier) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)

Example 99 with JWTVerifier

use of com.auth0.jwt.JWTVerifier in project structr by structr.

the class JWTHelper method validateTokenWithKeystore.

private static Map<String, Claim> validateTokenWithKeystore(String token, Algorithm alg) {
    try {
        JWTVerifier verifier = JWT.require(alg).build();
        DecodedJWT decodedJWT = verifier.verify(token);
        return decodedJWT.getClaims();
    } catch (JWTVerificationException e) {
        logger.debug("Invalid token", e);
    }
    return null;
}

Also used : JWTVerificationException(com.auth0.jwt.exceptions.JWTVerificationException) JWTVerifier(com.auth0.jwt.JWTVerifier) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)

Example 100 with JWTVerifier

use of com.auth0.jwt.JWTVerifier in project structr by structr.

the class JWTHelper method getPrincipalForAccessToken.

public static Principal getPrincipalForAccessToken(final String token, final PropertyKey<String> eMailKey) throws FrameworkException {
    final String jwtSecretType = Settings.JWTSecretType.getValue();
    Principal user = null;
    switch(jwtSecretType) {
        default:
        case "secret":
            user = getUserForAccessTokenWithSecret(token, eMailKey);
            break;
        case "keypair":
            user = getPrincipalForAccessTokenWithKeystore(token, eMailKey);
            break;
        case "jwks":
            final String provider = Settings.JWTSProvider.getValue();
            final String issuer = Settings.JWTIssuer.getValue();
            if (provider != null) {
                try {
                    DecodedJWT jwt = JWT.decode(token);
                    final String kid = jwt.getKeyId();
                    if (kid != null) {
                        // if no issuer is specified, we can assume that issuer url = provider url.
                        JwkProvider jwkProvider;
                        if (!StringUtils.isEmpty(issuer) && !StringUtils.equals("structr", issuer)) {
                            jwkProvider = new UrlJwkProvider(new URL(provider));
                        } else {
                            // loads jwks from .well-known resource of provider
                            jwkProvider = new UrlJwkProvider(provider);
                        }
                        Jwk jwk = jwkProvider.get(kid);
                        Algorithm algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null);
                        JWTVerifier verifier = JWT.require(algorithm).withIssuer(issuer).build();
                        jwt = verifier.verify(jwt);
                        user = getPrincipalForTokenClaims(jwt.getClaims(), eMailKey);
                    }
                } catch (JWTVerificationException ex) {
                    throw new FrameworkException(422, ex.getMessage());
                } catch (Exception ex) {
                    logger.warn("Error while trying to process JWKS.\n {}", ex.getMessage());
                    throw new FrameworkException(422, "Error while trying to process JWKS.");
                }
            }
            break;
    }
    return user;
}

Also used : JWTVerificationException(com.auth0.jwt.exceptions.JWTVerificationException) FrameworkException(org.structr.common.error.FrameworkException) UrlJwkProvider(com.auth0.jwk.UrlJwkProvider) JwkProvider(com.auth0.jwk.JwkProvider) UrlJwkProvider(com.auth0.jwk.UrlJwkProvider) DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT) Algorithm(com.auth0.jwt.algorithms.Algorithm) JWTVerifier(com.auth0.jwt.JWTVerifier) Principal(org.structr.core.entity.Principal) URL(java.net.URL) FrameworkException(org.structr.common.error.FrameworkException) JWTVerificationException(com.auth0.jwt.exceptions.JWTVerificationException) JwkException(com.auth0.jwk.JwkException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) JWTCreationException(com.auth0.jwt.exceptions.JWTCreationException) Jwk(com.auth0.jwk.Jwk)

Aggregations

JWTVerifier (com.auth0.jwt.JWTVerifier)115 Algorithm (com.auth0.jwt.algorithms.Algorithm)104 DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)100 Test (org.junit.Test)42 JWTVerificationException (com.auth0.jwt.exceptions.JWTVerificationException)30 IOException (java.io.IOException)23 JWTVerifier (com.auth0.jwt.interfaces.JWTVerifier)18 RSAPublicKey (java.security.interfaces.RSAPublicKey)15 JWTDecodeException (com.auth0.jwt.exceptions.JWTDecodeException)14 Claim (com.auth0.jwt.interfaces.Claim)10 Date (java.util.Date)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8 HashMap (java.util.HashMap)8 ECKey (java.security.interfaces.ECKey)7 ServletException (javax.servlet.ServletException)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 TokenExpiredException (com.auth0.jwt.exceptions.TokenExpiredException)5 RSAKeyProvider (com.auth0.jwt.interfaces.RSAKeyProvider)5 URL (java.net.URL)5 KeyFactory (java.security.KeyFactory)5