Examples with BadJWTException - com.nimbusds.jwt.proc.BadJWTException

Example 1 with BadJWTException

use of com.nimbusds.jwt.proc.BadJWTException in project iaf by ibissource.

the class JwtValidator method init.

public void init(String jwksUrl, String requiredIssuer) throws ParseException, MalformedURLException, IOException {
    JWKSource<C> keySource = getKeySource(new URL(jwksUrl));
    // The expected JWS algorithm of the access tokens (agreed out-of-band)
    JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
    // Configure the JWT processor with a key selector to feed matching public
    // RSA keys sourced from the JWK set URL
    JWSKeySelector<C> keySelector = new JWSVerificationKeySelector<C>(expectedJWSAlg, keySource);
    // and validity time window (bounded by the "iat", "nbf" and "exp" claims)
    if (StringUtils.isNotEmpty(requiredIssuer)) {
        DefaultJWTClaimsVerifier<C> verifier = new DefaultJWTClaimsVerifier<C>() {

            @Override
            public void verify(JWTClaimsSet claimsSet, C context) throws BadJWTException {
                super.verify(claimsSet, context);
                String issuer = claimsSet.getIssuer();
                if (!requiredIssuer.equals(issuer)) {
                    throw new BadJWTException("illegal issuer [" + issuer + "], must be [" + requiredIssuer + "]");
                }
            }
        };
        getJwtProcessor().setJWTClaimsSetVerifier(verifier);
    }
    getJwtProcessor().setJWSKeySelector(keySelector);
}

Also used : DefaultJWTClaimsVerifier(com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) BadJWTException(com.nimbusds.jwt.proc.BadJWTException) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) URL(java.net.URL) JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector)

Example 2 with BadJWTException

use of com.nimbusds.jwt.proc.BadJWTException in project pac4j by pac4j.

the class AzureAdIdTokenValidator method validate.

@Override
public IDTokenClaimsSet validate(final JWT idToken, final Nonce expectedNonce) throws BadJOSEException, JOSEException {
    try {
        if (originalIssuer.contains("%7Btenantid%7D")) {
            Object tid = idToken.getJWTClaimsSet().getClaim("tid");
            if (tid == null) {
                throw new BadJWTException("ID token does not contain the 'tid' claim");
            }
            base = new IDTokenValidator(new Issuer(originalIssuer.replace("%7Btenantid%7D", tid.toString())), base.getClientID(), base.getJWSKeySelector(), base.getJWEKeySelector());
            base.setMaxClockSkew(getMaxClockSkew());
        }
    } catch (ParseException e) {
        throw new BadJWTException(e.getMessage(), e);
    }
    return base.validate(idToken, expectedNonce);
}

Also used : Issuer(com.nimbusds.oauth2.sdk.id.Issuer) BadJWTException(com.nimbusds.jwt.proc.BadJWTException) ParseException(java.text.ParseException) IDTokenValidator(com.nimbusds.openid.connect.sdk.validators.IDTokenValidator)

Example 3 with BadJWTException

use of com.nimbusds.jwt.proc.BadJWTException in project carbon-apimgt by wso2.

the class GatewayUtils method isJwtTokenExpired.

/**
 * Check whether the jwt token is expired or not.
 *
 * @param payload The payload of the JWT token
 * @return returns true if the JWT token is expired
 */
public static boolean isJwtTokenExpired(JWTClaimsSet payload) {
    int timestampSkew = (int) OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds();
    DefaultJWTClaimsVerifier jwtClaimsSetVerifier = new DefaultJWTClaimsVerifier();
    jwtClaimsSetVerifier.setMaxClockSkew(timestampSkew);
    try {
        jwtClaimsSetVerifier.verify(payload);
        if (log.isDebugEnabled()) {
            log.debug("Token is not expired. User: " + payload.getSubject());
        }
    } catch (BadJWTException e) {
        if ("Expired JWT".equals(e.getMessage())) {
            return true;
        }
    }
    if (log.isDebugEnabled()) {
        log.debug("Token is not expired. User: " + payload.getSubject());
    }
    return false;
}

Also used : DefaultJWTClaimsVerifier(com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier) BadJWTException(com.nimbusds.jwt.proc.BadJWTException)

Example 4 with BadJWTException

use of com.nimbusds.jwt.proc.BadJWTException in project carbon-apimgt by wso2.

the class ApiKeyAuthenticator method isJwtTokenExpired.

/**
 * Check whether the jwt token is expired or not.
 *
 * @param payload The payload of the JWT token
 * @return returns true if the JWT token is expired
 */
private static boolean isJwtTokenExpired(JWTClaimsSet payload) {
    int timestampSkew = (int) OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds();
    DefaultJWTClaimsVerifier jwtClaimsSetVerifier = new DefaultJWTClaimsVerifier();
    jwtClaimsSetVerifier.setMaxClockSkew(timestampSkew);
    try {
        jwtClaimsSetVerifier.verify(payload);
        if (log.isDebugEnabled()) {
            log.debug("Token is not expired. User: " + payload.getSubject());
        }
    } catch (BadJWTException e) {
        if ("Expired JWT".equals(e.getMessage())) {
            return true;
        }
    }
    if (log.isDebugEnabled()) {
        log.debug("Token is not expired. User: " + payload.getSubject());
    }
    return false;
}

Also used : DefaultJWTClaimsVerifier(com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier) BadJWTException(com.nimbusds.jwt.proc.BadJWTException)

Aggregations

BadJWTException (com.nimbusds.jwt.proc.BadJWTException)4 DefaultJWTClaimsVerifier (com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier)3 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1 JWSVerificationKeySelector (com.nimbusds.jose.proc.JWSVerificationKeySelector)1 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 Issuer (com.nimbusds.oauth2.sdk.id.Issuer)1 IDTokenValidator (com.nimbusds.openid.connect.sdk.validators.IDTokenValidator)1 URL (java.net.URL)1 ParseException (java.text.ParseException)1