Examples with JwtException io.helidon.security.jwt.JwtException used on opensource projects

Example 6 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwkPki method doVerify.

@Override
public boolean doVerify(byte[] signedBytes, byte[] signatureToVerify) {
    String alg = signatureAlgorithm();
    if (ALG_NONE.equals(alg)) {
        return verifyNoneAlg(signatureToVerify);
    }
    Signature signature = JwtUtil.getSignature(alg);
    try {
        signature.initVerify(publicKey);
        signature.update(signedBytes);
        return signature.verify(signatureToVerify);
    } catch (Exception e) {
        throw new JwtException("Failed to verify signature. It may still be valid, but an exception was thrown", e);
    }
}

Example 7 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class OidcProvider method buildPrincipal.

private Principal buildPrincipal(Jwt jwt) {
    String subject = jwt.subject().orElseThrow(() -> new JwtException("JWT does not contain subject claim, cannot create principal."));
    String name = jwt.preferredUsername().orElse(subject);
    Principal.Builder builder = Principal.builder();
    builder.name(name).id(subject);
    jwt.payloadClaims().forEach((key, jsonValue) -> builder.addAttribute(key, JwtUtil.toObject(jsonValue)));
    jwt.email().ifPresent(value -> builder.addAttribute("email", value));
    jwt.emailVerified().ifPresent(value -> builder.addAttribute("email_verified", value));
    jwt.locale().ifPresent(value -> builder.addAttribute("locale", value));
    jwt.familyName().ifPresent(value -> builder.addAttribute("family_name", value));
    jwt.givenName().ifPresent(value -> builder.addAttribute("given_name", value));
    jwt.fullName().ifPresent(value -> builder.addAttribute("full_name", value));
    return builder.build();
}

Example 8 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwtProvider method buildPrincipal.

Principal buildPrincipal(Jwt jwt) {
    String subject = jwt.subject().orElseThrow(() -> new JwtException("JWT does not contain subject claim, cannot create principal."));
    String name = jwt.preferredUsername().orElse(subject);
    Principal.Builder builder = Principal.builder();
    builder.name(name).id(subject);
    jwt.payloadClaims().forEach((key, jsonValue) -> builder.addAttribute(key, JwtUtil.toObject(jsonValue)));
    jwt.email().ifPresent(value -> builder.addAttribute("email", value));
    jwt.emailVerified().ifPresent(value -> builder.addAttribute("email_verified", value));
    jwt.locale().ifPresent(value -> builder.addAttribute("locale", value));
    jwt.familyName().ifPresent(value -> builder.addAttribute("family_name", value));
    jwt.givenName().ifPresent(value -> builder.addAttribute("given_name", value));
    jwt.fullName().ifPresent(value -> builder.addAttribute("full_name", value));
    return builder.build();
}

Example 9 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwtProvider method propagate.

private OutboundSecurityResponse propagate(JwtOutboundTarget ot, Subject subject) {
    Map<String, List<String>> headers = new HashMap<>();
    Jwk jwk = signKeys.forKeyId(ot.jwkKid).orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined."));
    Principal principal = subject.principal();
    Jwt.Builder builder = Jwt.builder();
    principal.abacAttributeNames().forEach(name -> {
        principal.abacAttribute(name).ifPresent(val -> builder.addPayloadClaim(name, val));
    });
    principal.abacAttribute("full_name").ifPresentOrElse(name -> builder.addPayloadClaim("name", name), () -> builder.removePayloadClaim("name"));
    builder.subject(principal.id()).preferredUsername(principal.getName()).issuer(issuer).algorithm(jwk.algorithm());
    ot.update(builder);
    Jwt jwt = builder.build();
    SignedJwt signed = SignedJwt.sign(jwt, jwk);
    ot.outboundHandler.header(headers, signed.tokenContent());
    return OutboundSecurityResponse.withHeaders(headers);
}

Example 10 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwtAuthProvider method propagate.

private OutboundSecurityResponse propagate(JwtOutboundTarget ot, Subject subject) {
    Map<String, List<String>> headers = new HashMap<>();
    Jwk jwk = signKeys.forKeyId(ot.jwkKid).orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined."));
    Principal principal = subject.principal();
    Jwt.Builder builder = Jwt.builder();
    principal.abacAttributeNames().forEach(name -> {
        principal.abacAttribute(name).ifPresent(val -> builder.addPayloadClaim(name, val));
    });
    principal.abacAttribute("full_name").ifPresentOrElse(name -> builder.addPayloadClaim("name", name), () -> builder.removePayloadClaim("name"));
    builder.subject(principal.id()).preferredUsername(principal.getName()).issuer(issuer).algorithm(jwk.algorithm());
    ot.update(builder);
    // MP specific
    if (!principal.abacAttribute("upn").isPresent()) {
        builder.userPrincipal(principal.getName());
    }
    Security.getRoles(subject).forEach(builder::addUserGroup);
    Jwt jwt = builder.build();
    SignedJwt signed = SignedJwt.sign(jwt, jwk);
    ot.outboundHandler.header(headers, signed.tokenContent());
    return OutboundSecurityResponse.withHeaders(headers);
}