use of oidc.exceptions.JWTAuthorizationGrantsException in project OpenConext-oidcng by OpenConext.
the class TokenEndpoint method verifySignature.
boolean verifySignature(JWTAuthentication jwtAuthentication, OpenIDClient openIDClient, String tokenEndpoint) throws JOSEException, java.text.ParseException, CertificateException, IOException, BadJOSEException {
Optional<JWTClaimsSet> jwtClaimsSetOptional = jwtClaimsSet(openIDClient, jwtAuthentication);
if (!jwtClaimsSetOptional.isPresent()) {
return false;
}
JWTClaimsSet claimsSet = jwtClaimsSetOptional.get();
// https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-10
if (!openIDClient.getClientId().equals(claimsSet.getIssuer())) {
throw new JWTAuthorizationGrantsException("Invalid issuer");
}
if (!openIDClient.getClientId().equals(claimsSet.getSubject())) {
throw new JWTAuthorizationGrantsException("Invalid subject");
}
if (!claimsSet.getAudience().contains(tokenEndpoint)) {
throw new JWTAuthorizationGrantsException("Invalid audience");
}
if (new Date().after(claimsSet.getExpirationTime())) {
throw new JWTAuthorizationGrantsException("Expired claims");
}
return true;
}
Aggregations