Search in sources :

Example 1 with JOSEException

use of com.nimbusds.jose.JOSEException in project hadoop by apache.

the class JWTRedirectAuthenticationHandler method validateSignature.

/**
   * Verify the signature of the JWT token in this method. This method depends
   * on the public key that was established during init based upon the
   * provisioned public key. Override this method in subclasses in order to
   * customize the signature verification behavior.
   *
   * @param jwtToken the token that contains the signature to be validated
   * @return valid true if signature verifies successfully; false otherwise
   */
protected boolean validateSignature(SignedJWT jwtToken) {
    boolean valid = false;
    if (JWSObject.State.SIGNED == jwtToken.getState()) {
        LOG.debug("JWT token is in a SIGNED state");
        if (jwtToken.getSignature() != null) {
            LOG.debug("JWT token signature is not null");
            try {
                JWSVerifier verifier = new RSASSAVerifier(publicKey);
                if (jwtToken.verify(verifier)) {
                    valid = true;
                    LOG.debug("JWT token has been successfully verified");
                } else {
                    LOG.warn("JWT signature verification failed.");
                }
            } catch (JOSEException je) {
                LOG.warn("Error while validating signature", je);
            }
        }
    }
    return valid;
}
Also used : RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) JWSVerifier(com.nimbusds.jose.JWSVerifier) JOSEException(com.nimbusds.jose.JOSEException)

Example 2 with JOSEException

use of com.nimbusds.jose.JOSEException in project ORCID-Source by ORCID.

the class OpenIDConnectTokenEnhancer method enhance.

@Override
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
    //We have the code at this point, but it has already been consumed and removed.
    //So instead we check for a nonce and max_age which are added back into request by OrcidClientCredentialEndPointDelegatorImpl
    Map<String, String> params = authentication.getOAuth2Request().getRequestParameters();
    //only add if we're using openid scope.
    String scopes = params.get(OrcidOauth2Constants.SCOPE_PARAM);
    if (PojoUtil.isEmpty(scopes) || !ScopePathType.getScopesFromSpaceSeparatedString(scopes).contains(ScopePathType.OPENID)) {
        return accessToken;
    }
    //this means we do not have to support using them for authentication purposes. Some APIs support it, but it is not part of the spec.          
    try {
        //shared secret for signing. Use HMAC as we can do it with existing keys and not certs
        Builder claims = new JWTClaimsSet.Builder();
        claims.audience(params.get(OrcidOauth2Constants.CLIENT_ID_PARAM));
        claims.subject(accessToken.getAdditionalInformation().get("orcid").toString());
        claims.issuer("https://orcid.org");
        Date now = new Date();
        claims.expirationTime(new Date(now.getTime() + 600000));
        claims.issueTime(now);
        claims.jwtID(UUID.randomUUID().toString());
        if (params.get(OrcidOauth2Constants.NONCE) != null)
            claims.claim(OrcidOauth2Constants.NONCE, params.get(OrcidOauth2Constants.NONCE));
        claims.claim(OrcidOauth2Constants.AUTH_TIME, profileEntityManager.getLastLogin(accessToken.getAdditionalInformation().get("orcid").toString()));
        SignedJWT signedJWT = keyManager.sign(claims.build());
        String idTok = signedJWT.serialize();
        accessToken.getAdditionalInformation().put(OrcidOauth2Constants.ID_TOKEN, idTok);
    } catch (JOSEException e) {
        e.printStackTrace();
    } catch (Exception e) {
        e.printStackTrace();
    }
    return accessToken;
}
Also used : Builder(com.nimbusds.jwt.JWTClaimsSet.Builder) SignedJWT(com.nimbusds.jwt.SignedJWT) JOSEException(com.nimbusds.jose.JOSEException) Date(java.util.Date) JOSEException(com.nimbusds.jose.JOSEException)

Aggregations

JOSEException (com.nimbusds.jose.JOSEException)2 JWSVerifier (com.nimbusds.jose.JWSVerifier)1 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)1 Builder (com.nimbusds.jwt.JWTClaimsSet.Builder)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 Date (java.util.Date)1