use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class ErrorEndpoint method renderErrorPage.
private void renderErrorPage(RoutingContext routingContext, Client client) {
final HttpServerRequest request = routingContext.request();
final String error = request.getParam(ERROR_PARAM);
String errorDescription = request.getParam(ERROR_DESCRIPTION_PARAM);
if (errorDescription != null) {
try {
errorDescription = java.net.URLDecoder.decode(request.getParam(ERROR_DESCRIPTION_PARAM), StandardCharsets.UTF_8.name());
} catch (UnsupportedEncodingException e) {
// unable to decode UTF-8 encoded query parameter
}
}
final Map<String, String> errorParams = new HashMap<>();
errorParams.put(ERROR_PARAM, error);
errorParams.put(ERROR_DESCRIPTION_PARAM, errorDescription);
Single<Map<String, String>> singlePageRendering = Single.just(errorParams);
final String jarm = request.getParam(io.gravitee.am.common.oidc.Parameters.RESPONSE);
if (error == null && jarm != null) {
// extract error details from the JWT provided as response parameter
singlePageRendering = this.jwtService.decode(jarm).map(jwt -> {
Map<String, String> result = new HashMap<>();
result.put(ERROR_PARAM, (String) jwt.get(ERROR_PARAM));
result.put(ERROR_DESCRIPTION_PARAM, (String) jwt.get(ERROR_DESCRIPTION_PARAM));
return result;
});
}
singlePageRendering.subscribe(params -> render(routingContext, client, params), // single contains an error due to JWT decoding, return the default error page without error details
(exception) -> render(routingContext, client, errorParams));
}
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class CookieSession method value.
@Override
public String value() {
JWT jwt = new JWT(this.data());
jwt.setExp((System.currentTimeMillis() + this.timeout()) / 1000);
return this.jwtService.encode(jwt, certificateProvider).blockingGet();
}
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class IntrospectionTokenServiceTest method shouldIntrospect_validToken_offline_verification.
@Test
public void shouldIntrospect_validToken_offline_verification() {
final String token = "token";
final JWT jwt = new JWT();
jwt.setJti("jti");
jwt.setDomain("domain");
jwt.setAud("client");
final Client client = new Client();
client.setClientId("client-id");
when(jwtService.decode(token)).thenReturn(Single.just(jwt));
when(clientService.findByDomainAndClientId(jwt.getDomain(), jwt.getAud())).thenReturn(Maybe.just(client));
when(jwtService.decodeAndVerify(token, client)).thenReturn(Single.just(jwt));
TestObserver testObserver = introspectionTokenService.introspect(token, true).test();
testObserver.assertComplete();
testObserver.assertNoErrors();
verify(accessTokenRepository, never()).findByToken(jwt.getJti());
}
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class IntrospectionTokenServiceTest method shouldIntrospect_invalidValidToken_token_expired.
@Test
public void shouldIntrospect_invalidValidToken_token_expired() {
final String token = "token";
final JWT jwt = new JWT();
jwt.setJti("jti");
jwt.setDomain("domain");
jwt.setAud("client");
jwt.setIat(Instant.now().minus(1, ChronoUnit.DAYS).getEpochSecond());
final Client client = new Client();
client.setClientId("client-id");
final AccessToken accessToken = new AccessToken();
accessToken.setExpireAt(new Date(Instant.now().minus(1, ChronoUnit.DAYS).toEpochMilli()));
when(jwtService.decode(token)).thenReturn(Single.just(jwt));
when(clientService.findByDomainAndClientId(jwt.getDomain(), jwt.getAud())).thenReturn(Maybe.just(client));
when(jwtService.decodeAndVerify(token, client)).thenReturn(Single.just(jwt));
when(accessTokenRepository.findByToken(jwt.getJti())).thenReturn(Maybe.just(accessToken));
TestObserver testObserver = introspectionTokenService.introspect(token, false).test();
testObserver.assertError(InvalidTokenException.class);
verify(accessTokenRepository, times(1)).findByToken(jwt.getJti());
}
use of io.gravitee.am.common.jwt.JWT in project gravitee-access-management by gravitee-io.
the class IntrospectionTokenServiceTest method shouldIntrospect_invalidValidToken_jwt_exception.
@Test
public void shouldIntrospect_invalidValidToken_jwt_exception() {
final String token = "token";
final JWT jwt = new JWT();
jwt.setJti("jti");
jwt.setDomain("domain");
jwt.setAud("client");
jwt.setIat(Instant.now().getEpochSecond());
final Client client = new Client();
client.setClientId("client-id");
when(jwtService.decode(token)).thenReturn(Single.just(jwt));
when(clientService.findByDomainAndClientId(jwt.getDomain(), jwt.getAud())).thenReturn(Maybe.just(client));
when(jwtService.decodeAndVerify(token, client)).thenReturn(Single.error(new JWTException("invalid token")));
TestObserver testObserver = introspectionTokenService.introspect(token, false).test();
testObserver.assertError(InvalidTokenException.class);
verify(accessTokenRepository, never()).findByToken(jwt.getJti());
}
Aggregations