Search in sources :

Example 6 with ExpiredJwtException

use of io.jsonwebtoken.ExpiredJwtException in project sonarqube by SonarSource.

the class JwtSerializer method decode.

Optional<Claims> decode(String token) {
    checkIsStarted();
    Claims claims = null;
    try {
        claims = Jwts.parserBuilder().setSigningKey(secretKey).build().parseClaimsJws(token).getBody();
        requireNonNull(claims.getId(), "Token id hasn't been found");
        requireNonNull(claims.getSubject(), "Token subject hasn't been found");
        requireNonNull(claims.getExpiration(), "Token expiration date hasn't been found");
        requireNonNull(claims.getIssuedAt(), "Token creation date hasn't been found");
        return Optional.of(claims);
    } catch (UnsupportedJwtException | ExpiredJwtException | SignatureException e) {
        return Optional.empty();
    } catch (Exception e) {
        throw AuthenticationException.newBuilder().setSource(Source.jwt()).setLogin(claims == null ? null : claims.getSubject()).setMessage(e.getMessage()).build();
    }
}
Also used : Claims(io.jsonwebtoken.Claims) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) SignatureException(io.jsonwebtoken.security.SignatureException) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException) AuthenticationException(org.sonar.server.authentication.event.AuthenticationException) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) SignatureException(io.jsonwebtoken.security.SignatureException) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException)

Example 7 with ExpiredJwtException

use of io.jsonwebtoken.ExpiredJwtException in project pravega by pravega.

the class JwtParser method parseClaims.

@VisibleForTesting
static Claims parseClaims(String token, byte[] signingKey) throws TokenExpiredException, InvalidTokenException {
    if (Strings.isNullOrEmpty(token)) {
        throw new InvalidTokenException("Token is null or empty");
    }
    try {
        Jws<Claims> claimsJws = Jwts.parser().setSigningKey(signingKey).parseClaimsJws(token);
        log.debug("Successfully parsed JWT token.");
        return claimsJws.getBody();
    } catch (ExpiredJwtException e) {
        throw new TokenExpiredException(e);
    } catch (JwtException e) {
        throw new InvalidTokenException(e);
    }
}
Also used : InvalidTokenException(io.pravega.auth.InvalidTokenException) Claims(io.jsonwebtoken.Claims) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) TokenExpiredException(io.pravega.auth.TokenExpiredException) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) JwtException(io.jsonwebtoken.JwtException) VisibleForTesting(com.google.common.annotations.VisibleForTesting)

Example 8 with ExpiredJwtException

use of io.jsonwebtoken.ExpiredJwtException in project BaseProject by fly803.

the class JwtUtils method isJwtValid.

public boolean isJwtValid(String jwt) {
    try {
        // 解析JWT字符串中的数据,并进行最基础的验证
        Claims claims = Jwts.parser().setSigningKey(// SECRET_KEY是加密算法对应的密钥,jjwt可以自动判断机密算法
        generalKey()).parseClaimsJws(// jwt是JWT字符串
        jwt).getBody();
        // 获取自定义字段key
        String vaule = claims.get("key", String.class);
        // 判断自定义字段是否正确
        if ("vaule".equals(vaule)) {
            return true;
        } else {
            return false;
        }
    }// 在解析JWT字符串时,如果‘过期时间字段’已经早于当前时间,将会抛出ExpiredJwtException异常,说明本次请求已经失效
     catch (SignatureException | ExpiredJwtException e) {
        return false;
    }
}
Also used : Claims(io.jsonwebtoken.Claims) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) SignatureException(io.jsonwebtoken.SignatureException)

Example 9 with ExpiredJwtException

use of io.jsonwebtoken.ExpiredJwtException in project thingsboard by thingsboard.

the class OAuth2AppTokenFactory method validateTokenAndGetCallbackUrlScheme.

public String validateTokenAndGetCallbackUrlScheme(String appPackage, String appToken, String appSecret) {
    Jws<Claims> jwsClaims;
    try {
        jwsClaims = Jwts.parser().setSigningKey(appSecret).parseClaimsJws(appToken);
    } catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException | SignatureException ex) {
        throw new IllegalArgumentException("Invalid Application token: ", ex);
    } catch (ExpiredJwtException expiredEx) {
        throw new IllegalArgumentException("Application token expired", expiredEx);
    }
    Claims claims = jwsClaims.getBody();
    Date expiration = claims.getExpiration();
    if (expiration == null) {
        throw new IllegalArgumentException("Application token must have expiration date");
    }
    long timeDiff = expiration.getTime() - System.currentTimeMillis();
    if (timeDiff > MAX_EXPIRATION_TIME_DIFF_MS) {
        throw new IllegalArgumentException("Application token expiration time can't be longer than 5 minutes");
    }
    if (!claims.getIssuer().equals(appPackage)) {
        throw new IllegalArgumentException("Application token issuer doesn't match application package");
    }
    String callbackUrlScheme = claims.get(CALLBACK_URL_SCHEME, String.class);
    if (StringUtils.isEmpty(callbackUrlScheme)) {
        throw new IllegalArgumentException("Application token doesn't have callbackUrlScheme");
    }
    return callbackUrlScheme;
}
Also used : Claims(io.jsonwebtoken.Claims) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) SignatureException(io.jsonwebtoken.SignatureException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) Date(java.util.Date) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException)

Example 10 with ExpiredJwtException

use of io.jsonwebtoken.ExpiredJwtException in project nifi by apache.

the class JwtService method parseTokenFromBase64EncodedString.

private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
    try {
        return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {

            @Override
            public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
                final String identity = claims.getSubject();
                // Get the key based on the key id in the claims
                final Integer keyId = claims.get(KEY_ID_CLAIM, Integer.class);
                final Key key = keyService.getKey(keyId);
                // Ensure we were able to find a key that was previously issued by this key service for this user
                if (key == null || key.getKey() == null) {
                    throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
                }
                return key.getKey().getBytes(StandardCharsets.UTF_8);
            }
        }).parseClaimsJws(base64EncodedToken);
    } catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException | AdministrationException e) {
        // TODO: Exercise all exceptions to ensure none leak key material to logs
        final String errorMessage = "Unable to validate the access token.";
        throw new JwtException(errorMessage, e);
    }
}
Also used : Claims(io.jsonwebtoken.Claims) SigningKeyResolverAdapter(io.jsonwebtoken.SigningKeyResolverAdapter) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) JwsHeader(io.jsonwebtoken.JwsHeader) SignatureException(io.jsonwebtoken.SignatureException) AdministrationException(org.apache.nifi.admin.service.AdministrationException) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) JwtException(io.jsonwebtoken.JwtException) MalformedJwtException(io.jsonwebtoken.MalformedJwtException) Key(org.apache.nifi.key.Key) UnsupportedJwtException(io.jsonwebtoken.UnsupportedJwtException)

Aggregations

ExpiredJwtException (io.jsonwebtoken.ExpiredJwtException)19 Claims (io.jsonwebtoken.Claims)10 UnsupportedJwtException (io.jsonwebtoken.UnsupportedJwtException)9 MalformedJwtException (io.jsonwebtoken.MalformedJwtException)8 SignatureException (io.jsonwebtoken.SignatureException)8 Authentication (org.springframework.security.core.Authentication)6 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 JwsHeader (io.jsonwebtoken.JwsHeader)3 JwtException (io.jsonwebtoken.JwtException)3 Date (java.util.Date)3 ServiceException (com.zimbra.common.service.ServiceException)2 AccountServiceException (com.zimbra.cs.account.AccountServiceException)2 AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)2 SigningKeyResolverAdapter (io.jsonwebtoken.SigningKeyResolverAdapter)2 SignatureException (io.jsonwebtoken.security.SignatureException)2 Key (java.security.Key)2 SecretKeySpec (javax.crypto.spec.SecretKeySpec)2 Cookie (javax.servlet.http.Cookie)2 UserDetails (org.springframework.security.core.userdetails.UserDetails)2 User (com.aidanwhiteley.books.domain.User)1