Examples with UnsupportedJwtException io.jsonwebtoken.UnsupportedJwtException used on opensource projects

Example 1 with UnsupportedJwtException

use of io.jsonwebtoken.UnsupportedJwtException in project ma-core-public by infiniteautomation.

the class MangoTokenAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (!(authentication instanceof BearerAuthenticationToken)) {
        return null;
    }
    String bearerToken = (String) authentication.getCredentials();
    User user;
    Jws<Claims> jws;
    try {
        jws = tokenAuthenticationService.parse(bearerToken);
        user = tokenAuthenticationService.verify(jws);
    } catch (ExpiredJwtException e) {
        throw new CredentialsExpiredException(e.getMessage(), e);
    } catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e) {
        // assume that this is not a JWT, allow the next AuthenticationProvider to process it
        return null;
    } catch (SignatureException | MissingClaimException | IncorrectClaimException e) {
        throw new BadCredentialsException(e.getMessage(), e);
    } catch (NotFoundException e) {
        throw new BadCredentialsException("Invalid username", e);
    } catch (Exception e) {
        throw new InternalAuthenticationServiceException(e.getMessage(), e);
    }
    userDetailsChecker.check(user);
    if (log.isDebugEnabled()) {
        log.debug("Successfully authenticated user using JWT token, header: " + jws.getHeader() + ", body: " + jws.getBody());
    }
    return new PreAuthenticatedAuthenticationToken(user, bearerToken, user.getAuthorities());
}

Example 2 with UnsupportedJwtException

use of io.jsonwebtoken.UnsupportedJwtException in project zm-mailbox by Zimbra.

the class JWTUtil method validateJWT.

/**
 * validate the jwt and return claims if jwt is valid.
 * @param jwt
 * @param salts
 * @return
 * @throws ServiceException
 */
public static Claims validateJWT(String jwt, String salts) throws ServiceException {
    if (StringUtil.isNullOrEmpty(jwt) || StringUtil.isNullOrEmpty(salts)) {
        ZimbraLog.account.debug("Invalid JWT or no salt value");
        throw AuthFailedServiceException.AUTH_FAILED("Invalid JWT or no salt value");
    }
    String jti = getJTI(jwt);
    String salt = getJWTSalt(jwt, jti, salts);
    if (salt == null) {
        ZimbraLog.account.debug("jwt specific salt not found");
        throw AuthFailedServiceException.AUTH_FAILED("no salt value");
    }
    byte[] finalKey = Bytes.concat(getOriginalKey(jwt), salt.getBytes());
    Key key = new SecretKeySpec(finalKey, SignatureAlgorithm.HS512.getJcaName());
    Claims claims = null;
    try {
        claims = Jwts.parser().setSigningKey(key).parseClaimsJws(jwt).getBody();
        Account acct = Provisioning.getInstance().get(AccountBy.id, claims.getSubject());
        if (acct == null) {
            throw AccountServiceException.NO_SUCH_ACCOUNT(claims.getSubject());
        }
        if (acct.hasInvalidJWTokens(jti)) {
            ZimbraLog.security.debug("jwt: %s is no longer valid, has been invalidated on logout", jti);
            throw AuthFailedServiceException.AUTH_FAILED("Token has been invalidated");
        }
    } catch (ExpiredJwtException eje) {
        ZimbraLog.account.debug("jwt expired", eje);
        throw ServiceException.AUTH_EXPIRED(eje.getMessage());
    } catch (SignatureException se) {
        ZimbraLog.account.debug("jwt signature exception", se);
        throw AuthFailedServiceException.AUTH_FAILED("Signature verification failed", se);
    } catch (UnsupportedJwtException uje) {
        ZimbraLog.account.debug("unsupported jwt exception", uje);
        throw AuthFailedServiceException.AUTH_FAILED("Unsupported JWT received", uje);
    } catch (MalformedJwtException mje) {
        ZimbraLog.account.debug("malformed jwt exception", mje);
        throw AuthFailedServiceException.AUTH_FAILED("Malformed JWT received", mje);
    } catch (Exception e) {
        ZimbraLog.account.debug("exception during jwt validation", e);
        throw AuthFailedServiceException.AUTH_FAILED("Exception thrown while validating JWT", e);
    }
    return claims;
}

Example 3 with UnsupportedJwtException

use of io.jsonwebtoken.UnsupportedJwtException in project sonarqube by SonarSource.

the class JwtSerializer method decode.

Optional<Claims> decode(String token) {
    checkIsStarted();
    Claims claims = null;
    try {
        claims = Jwts.parserBuilder().setSigningKey(secretKey).build().parseClaimsJws(token).getBody();
        requireNonNull(claims.getId(), "Token id hasn't been found");
        requireNonNull(claims.getSubject(), "Token subject hasn't been found");
        requireNonNull(claims.getExpiration(), "Token expiration date hasn't been found");
        requireNonNull(claims.getIssuedAt(), "Token creation date hasn't been found");
        return Optional.of(claims);
    } catch (UnsupportedJwtException | ExpiredJwtException | SignatureException e) {
        return Optional.empty();
    } catch (Exception e) {
        throw AuthenticationException.newBuilder().setSource(Source.jwt()).setLogin(claims == null ? null : claims.getSubject()).setMessage(e.getMessage()).build();
    }
}

Example 4 with UnsupportedJwtException

use of io.jsonwebtoken.UnsupportedJwtException in project nifi by apache.

the class JwtService method parseTokenFromBase64EncodedString.

private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
    try {
        return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {

            @Override
            public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
                final String identity = claims.getSubject();
                // Get the key based on the key id in the claims
                final Integer keyId = claims.get(KEY_ID_CLAIM, Integer.class);
                final Key key = keyService.getKey(keyId);
                // Ensure we were able to find a key that was previously issued by this key service for this user
                if (key == null || key.getKey() == null) {
                    throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
                }
                return key.getKey().getBytes(StandardCharsets.UTF_8);
            }
        }).parseClaimsJws(base64EncodedToken);
    } catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException | AdministrationException e) {
        // TODO: Exercise all exceptions to ensure none leak key material to logs
        final String errorMessage = "Unable to validate the access token.";
        throw new JwtException(errorMessage, e);
    }
}

Example 5 with UnsupportedJwtException

use of io.jsonwebtoken.UnsupportedJwtException in project spring-security-jwt-csrf by alexatiks.

the class JWTAuthenticationFilter method doFilterInternal.

@Override
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain) throws ServletException, IOException {
    try {
        Authentication authentication = TokenAuthenticationHelper.getAuthentication(request);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(request, response);
    } catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | SignatureException | IllegalArgumentException e) {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Token expired");
    }
}