Examples with JWTVerifier com.auth0.jwt.JWTVerifier used on opensource projects

Example 26 with JWTVerifier

use of com.auth0.jwt.JWTVerifier in project simple-jwt by vorbote.

the class AccessKeyUtil method Info.

/**
 * Decode the token, and you can easily get some info from
 * this token.
 *
 * @param token The token.
 * @return The decoded jwt token.
 * @throws com.auth0.jwt.exceptions.AlgorithmMismatchException     If the algorithm stated in the token's
 *                                                                 header it's not equal to the one
 *                                                                 defined in the JWTVerifier.
 * @throws com.auth0.jwt.exceptions.SignatureVerificationException If the signature is invalid.
 * @throws com.auth0.jwt.exceptions.TokenExpiredException          If the token has expired.
 * @throws com.auth0.jwt.exceptions.InvalidClaimException          If a claim contained a different value
 *                                                                 than the expected one.
 * @throws com.auth0.jwt.exceptions.JWTVerificationException       If any of the verification steps fail
 * @see JWTVerifier#verify(String)
 */
public DecodedJWT Info(String token) {
    JWTVerifier verifier;
    switch(algorithm) {
        case HS256:
            verifier = JWT.require(Algorithm.HMAC256(secret)).build();
            break;
        case HS384:
            verifier = JWT.require(Algorithm.HMAC384(secret)).build();
            break;
        case HS512:
            verifier = JWT.require(Algorithm.HMAC512(secret)).build();
            break;
        default:
            // 这里理论上应该抛出异常的，但是实在是懒得做了，就先这样吧。
            // 至于其他的算法，后续再考虑加上。
            verifier = JWT.require(Algorithm.HMAC256(secret)).build();
            log.error("This algorithm is not supported yet, will use HMAC256 by default.");
    }
    return verifier.verify(token);
}

Example 27 with JWTVerifier

use of com.auth0.jwt.JWTVerifier in project bank-of-anthos by GoogleCloudPlatform.

the class JWTVerifierGenerator method generateJWTVerifier.

@Bean(name = "verifier")
public JWTVerifier generateJWTVerifier(@Value("${PUB_KEY_PATH}") final String publicKeyPath) {
    // load public key from file
    try {
        LOGGER.debug("Generating JWT token verifier");
        String keyStr = new String(Files.readAllBytes(Paths.get(publicKeyPath)));
        keyStr = keyStr.replaceFirst("-----BEGIN PUBLIC KEY-----", "").replaceFirst("-----END PUBLIC KEY-----", "").replaceAll("\\s", "");
        byte[] keyBytes = Base64.getDecoder().decode(keyStr);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(keyBytes);
        RSAPublicKey publicKey = (RSAPublicKey) kf.generatePublic(keySpecX509);
        // Initialize JWT verifier.
        Algorithm algorithm = Algorithm.RSA256(publicKey, null);
        return JWT.require(algorithm).build();
    } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
        LOGGER.error(String.format("Failed initializing JWT verifier: %s", e.toString()));
        throw new GenerateKeyException("Cannot generate key: ", e);
    }
}

Example 28 with JWTVerifier

use of com.auth0.jwt.JWTVerifier in project bank-of-anthos by GoogleCloudPlatform.

the class JWTVerifierGenerator method generateJWTVerifier.

@Bean(name = "verifier")
public JWTVerifier generateJWTVerifier(@Value("${PUB_KEY_PATH}") final String publicKeyPath) {
    // load public key from file
    try {
        LOGGER.debug("Generating JWT token verifier");
        String keyStr = new String(Files.readAllBytes(Paths.get(publicKeyPath)));
        keyStr = keyStr.replaceFirst("-----BEGIN PUBLIC KEY-----", "").replaceFirst("-----END PUBLIC KEY-----", "").replaceAll("\\s", "");
        byte[] keyBytes = Base64.getDecoder().decode(keyStr);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(keyBytes);
        RSAPublicKey publicKey = (RSAPublicKey) kf.generatePublic(keySpecX509);
        // Initialize JWT verifier.
        Algorithm algorithm = Algorithm.RSA256(publicKey, null);
        return JWT.require(algorithm).build();
    } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
        LOGGER.error(String.format("Failed initializing JWT verifier: %s", e.toString()));
        throw new GenerateKeyException("Cannot generate key: ", e);
    }
}

Example 29 with JWTVerifier

use of com.auth0.jwt.JWTVerifier in project alibaba-rsocket-broker by alibaba.

the class JwtAuthenticationServiceImpl method auth.

@Override
@Nullable
public NamedPrincipal auth(String jwtToken) {
    int tokenHashCode = jwtToken.hashCode();
    NamedPrincipal principal = jwtVerifyCache.getIfPresent(tokenHashCode);
    if (principal == null) {
        for (JWTVerifier verifier : verifiers) {
            try {
                DecodedJWT decodedJWT = verifier.verify(jwtToken);
                principal = new NamedPrincipal(decodedJWT.getSubject());
                jwtVerifyCache.put(tokenHashCode, principal);
                break;
            } catch (JWTVerificationException ignore) {
            }
        }
    }
    return principal;
}

Example 30 with JWTVerifier

use of com.auth0.jwt.JWTVerifier in project alibaba-rsocket-broker by alibaba.

the class AuthenticationServiceJwtImpl method auth.

@Override
@Nullable
public RSocketAppPrincipal auth(String type, String credentials) {
    int tokenHashCode = credentials.hashCode();
    RSocketAppPrincipal principal = jwtVerifyCache.getIfPresent(tokenHashCode);
    for (JWTVerifier verifier : verifiers) {
        try {
            principal = new JwtPrincipal(verifier.verify(credentials), credentials);
            jwtVerifyCache.put(tokenHashCode, principal);
            break;
        } catch (JWTVerificationException ignore) {
        }
    }
    return principal;
}