use of com.nimbusds.jwt.JWTClaimsSet in project perry by ca-cwds.
the class JwtService method generate.
public String generate(String id, String subject, Map<String, String> customJwtClaimsMap) {
try {
JWTClaimsSet claimsSet = prepareClaims(id, subject, customJwtClaimsMap);
SignedJWT signedJWT = sign(claimsSet);
String token;
if (configuration.isEncryptionEnabled()) {
JWEObject jweObject = encrypt(signedJWT);
token = jweObject.serialize();
} else {
token = signedJWT.serialize();
}
return removeHeader(token);
} catch (Exception e) {
throw new JwtException(e);
}
}
use of com.nimbusds.jwt.JWTClaimsSet in project perry by ca-cwds.
the class JwtService method validate.
public String validate(String token) throws JwtException {
try {
String tokenWithHeader = addHeader(token);
SignedJWT signedJWT;
if (configuration.isEncryptionEnabled()) {
signedJWT = decrypt(tokenWithHeader);
} else {
signedJWT = SignedJWT.parse(tokenWithHeader);
}
validateSignature(signedJWT);
JWTClaimsSet claimsSet = signedJWT.getJWTClaimsSet();
validateClaims(claimsSet);
return claimsSet.getStringClaim(IDENTITY_CLAIM);
} catch (Exception e) {
throw new JwtException(e);
}
}
use of com.nimbusds.jwt.JWTClaimsSet in project nifi by apache.
the class KnoxService method validateAudience.
/**
* Validate the jwt audience.
*
* @param jwtToken knox jwt
* @return whether this jwt audience is valid
* @throws ParseException if the payload of the jwt doesn't represent a valid json object and a jwt claims set
*/
private boolean validateAudience(final SignedJWT jwtToken) throws ParseException {
if (audiences == null) {
return true;
}
final JWTClaimsSet claimsSet = jwtToken.getJWTClaimsSet();
if (claimsSet == null) {
logger.error("Claims set is missing from Knox JWT.");
return false;
}
final List<String> tokenAudiences = claimsSet.getAudience();
if (tokenAudiences == null) {
logger.error("Audience is missing from the Knox JWT.");
return false;
}
boolean valid = false;
for (final String tokenAudience : tokenAudiences) {
// ensure one of the audiences is matched
if (audiences.contains(tokenAudience)) {
valid = true;
break;
}
}
if (!valid) {
logger.error(String.format("The Knox JWT does not have the required audience(s). Required one of [%s]. Present in JWT [%s].", StringUtils.join(audiences, ", "), StringUtils.join(tokenAudiences, ", ")));
}
return valid;
}
use of com.nimbusds.jwt.JWTClaimsSet in project nifi by apache.
the class StandardOidcIdentityProvider method lookupEmail.
private String lookupEmail(final BearerAccessToken bearerAccessToken) throws IOException {
try {
// build the user request
final UserInfoRequest request = new UserInfoRequest(oidcProviderMetadata.getUserInfoEndpointURI(), bearerAccessToken);
final HTTPRequest tokenHttpRequest = request.toHTTPRequest();
tokenHttpRequest.setConnectTimeout(oidcConnectTimeout);
tokenHttpRequest.setReadTimeout(oidcReadTimeout);
// send the user request
final UserInfoResponse response = UserInfoResponse.parse(request.toHTTPRequest().send());
// interpret the details
if (response.indicatesSuccess()) {
final UserInfoSuccessResponse successResponse = (UserInfoSuccessResponse) response;
final JWTClaimsSet claimsSet;
if (successResponse.getUserInfo() != null) {
claimsSet = successResponse.getUserInfo().toJWTClaimsSet();
} else {
claimsSet = successResponse.getUserInfoJWT().getJWTClaimsSet();
}
final String email = claimsSet.getStringClaim(EMAIL_CLAIM_NAME);
// ensure we were able to get the user email
if (StringUtils.isBlank(email)) {
throw new IllegalStateException("Unable to extract email from the UserInfo token.");
} else {
return email;
}
} else {
final UserInfoErrorResponse errorResponse = (UserInfoErrorResponse) response;
throw new RuntimeException("An error occurred while invoking the UserInfo endpoint: " + errorResponse.getErrorObject().getDescription());
}
} catch (final ParseException | java.text.ParseException e) {
throw new RuntimeException("Unable to parse the response from the UserInfo token request: " + e.getMessage());
}
}
use of com.nimbusds.jwt.JWTClaimsSet in project cas by apereo.
the class JWTTokenTicketBuilderTests method verifyJwtForServiceTicket.
@Test
public void verifyJwtForServiceTicket() throws Exception {
final String jwt = tokenTicketBuilder.build("ST-123455", CoreAuthenticationTestUtils.getService());
assertNotNull(jwt);
final Object result = tokenCipherExecutor.decode(jwt);
final JWTClaimsSet claims = JWTClaimsSet.parse(result.toString());
assertEquals("casuser", claims.getSubject());
}
Aggregations