Search in sources :

Example 1 with JWTAuthorizationGrantsException

use of oidc.exceptions.JWTAuthorizationGrantsException in project OpenConext-oidcng by OpenConext.

the class TokenEndpoint method verifySignature.

boolean verifySignature(JWTAuthentication jwtAuthentication, OpenIDClient openIDClient, String tokenEndpoint) throws JOSEException, java.text.ParseException, CertificateException, IOException, BadJOSEException {
    Optional<JWTClaimsSet> jwtClaimsSetOptional = jwtClaimsSet(openIDClient, jwtAuthentication);
    if (!jwtClaimsSetOptional.isPresent()) {
        return false;
    }
    JWTClaimsSet claimsSet = jwtClaimsSetOptional.get();
    // https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-10
    if (!openIDClient.getClientId().equals(claimsSet.getIssuer())) {
        throw new JWTAuthorizationGrantsException("Invalid issuer");
    }
    if (!openIDClient.getClientId().equals(claimsSet.getSubject())) {
        throw new JWTAuthorizationGrantsException("Invalid subject");
    }
    if (!claimsSet.getAudience().contains(tokenEndpoint)) {
        throw new JWTAuthorizationGrantsException("Invalid audience");
    }
    if (new Date().after(claimsSet.getExpirationTime())) {
        throw new JWTAuthorizationGrantsException("Expired claims");
    }
    return true;
}
Also used : JWTAuthorizationGrantsException(oidc.exceptions.JWTAuthorizationGrantsException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) Date(java.util.Date)

Aggregations

JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 Date (java.util.Date)1 JWTAuthorizationGrantsException (oidc.exceptions.JWTAuthorizationGrantsException)1