Search in sources :

Example 1 with SignatureException

use of io.gravitee.am.common.exception.jwt.SignatureException in project gravitee-access-management by gravitee-io.

the class DefaultJWTBuilder method sign.

@Override
public String sign(JWT payload) {
    try {
        JSONObject jsonObject = new JSONObject(payload);
        if (issuer != null && !jsonObject.containsKey(Claims.iss)) {
            jsonObject.put(Claims.iss, issuer);
        }
        SignedJWT signedJWT = new SignedJWT(header, JWTClaimsSet.parse(jsonObject));
        signedJWT.sign(signer);
        return signedJWT.serialize();
    } catch (ParseException ex) {
        logger.debug("Signing JWT token: {} has failed", payload);
        throw new MalformedJWTException("Signing JWT token has failed", ex);
    } catch (JOSEException ex) {
        logger.debug("Signing JWT token: {} has failed", payload);
        throw new SignatureException("Signing JWT token has failed", ex);
    } catch (Exception ex) {
        logger.error("An error occurs while signing JWT token : {}", payload, ex);
        throw ex;
    }
}
Also used : JSONObject(net.minidev.json.JSONObject) MalformedJWTException(io.gravitee.am.common.exception.jwt.MalformedJWTException) SignedJWT(com.nimbusds.jwt.SignedJWT) ParseException(java.text.ParseException) SignatureException(io.gravitee.am.common.exception.jwt.SignatureException) MalformedJWTException(io.gravitee.am.common.exception.jwt.MalformedJWTException) InvalidKeyException(java.security.InvalidKeyException) SignatureException(io.gravitee.am.common.exception.jwt.SignatureException) ParseException(java.text.ParseException)

Example 2 with SignatureException

use of io.gravitee.am.common.exception.jwt.SignatureException in project gravitee-access-management by gravitee-io.

the class DefaultJWTParser method parse.

@Override
public JWT parse(String payload) {
    try {
        // verify format
        SignedJWT signedJWT = SignedJWT.parse(payload);
        // verify signature
        boolean verified = signedJWT.verify(verifier);
        if (!verified) {
            throw new JOSEException("The signature was not verified");
        }
        Map<String, Object> claims = signedJWT.getPayload().toJSONObject().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
        JWT jwt = new JWT(claims);
        // verify exp and nbf values
        // https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30#section-4.1.4
        // token MUST NOT be accepted on or after any specified exp time
        Instant now = Instant.now();
        evaluateExp(jwt.getExp(), now, this.allowedClockSkewMillis);
        // https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-30#section-4.1.5
        // token MUST NOT be accepted before any specified nbf time
        evaluateNbf(jwt.getNbf(), now, this.allowedClockSkewMillis);
        return jwt;
    } catch (ParseException ex) {
        logger.debug("The following JWT token : {} is malformed", payload);
        throw new MalformedJWTException("Token is malformed", ex);
    } catch (ExpiredJWTException ex) {
        logger.debug("The following JWT token : {} is expired", payload);
        throw new ExpiredJWTException("Token is expired", ex);
    } catch (PrematureJWTException ex) {
        logger.debug("The following JWT token : {} must not be accepted (nbf)", payload);
        throw new PrematureJWTException("Token must not be accepted (nbf)", ex);
    } catch (JOSEException ex) {
        logger.debug("Verifying JWT token signature : {} has failed", payload);
        throw new SignatureException("Token's signature is invalid", ex);
    } catch (Exception ex) {
        logger.error("An error occurs while parsing JWT token : {}", payload, ex);
        throw ex;
    }
}
Also used : JWT(io.gravitee.am.common.jwt.JWT) SignedJWT(com.nimbusds.jwt.SignedJWT) Instant(java.time.Instant) PrematureJWTException(io.gravitee.am.common.exception.jwt.PrematureJWTException) ExpiredJWTException(io.gravitee.am.common.exception.jwt.ExpiredJWTException) SignedJWT(com.nimbusds.jwt.SignedJWT) SignatureException(io.gravitee.am.common.exception.jwt.SignatureException) JOSEException(com.nimbusds.jose.JOSEException) MalformedJWTException(io.gravitee.am.common.exception.jwt.MalformedJWTException) ExpiredJWTException(io.gravitee.am.common.exception.jwt.ExpiredJWTException) PrematureJWTException(io.gravitee.am.common.exception.jwt.PrematureJWTException) InvalidKeyException(java.security.InvalidKeyException) SignatureException(io.gravitee.am.common.exception.jwt.SignatureException) ParseException(java.text.ParseException) MalformedJWTException(io.gravitee.am.common.exception.jwt.MalformedJWTException) ParseException(java.text.ParseException) JOSEException(com.nimbusds.jose.JOSEException) Map(java.util.Map)

Aggregations

SignedJWT (com.nimbusds.jwt.SignedJWT)2 MalformedJWTException (io.gravitee.am.common.exception.jwt.MalformedJWTException)2 SignatureException (io.gravitee.am.common.exception.jwt.SignatureException)2 InvalidKeyException (java.security.InvalidKeyException)2 ParseException (java.text.ParseException)2 JOSEException (com.nimbusds.jose.JOSEException)1 ExpiredJWTException (io.gravitee.am.common.exception.jwt.ExpiredJWTException)1 PrematureJWTException (io.gravitee.am.common.exception.jwt.PrematureJWTException)1 JWT (io.gravitee.am.common.jwt.JWT)1 Instant (java.time.Instant)1 Map (java.util.Map)1 JSONObject (net.minidev.json.JSONObject)1