Examples with JwtClaims org.jose4j.jwt.JwtClaims used on opensource projects

Example 91 with JwtClaims

use of org.jose4j.jwt.JwtClaims in project light-4j by networknt.

the class Http2ClientIT method getJwt.

private static String getJwt(int expiredInSeconds) throws Exception {
    JwtClaims claims = getTestClaims();
    claims.setExpirationTime(NumericDate.fromMilliseconds(System.currentTimeMillis() + expiredInSeconds * 1000));
    return getJwt(claims);
}

Example 92 with JwtClaims

use of org.jose4j.jwt.JwtClaims in project light-4j by networknt.

the class JwtVerifier method verifyJwt.

/**
 * Verify JWT token format and signature. If ignoreExpiry is true, skip expiry verification, otherwise
 * verify the expiry before signature verification.
 *
 * In most cases, we need to verify the expiry of the jwt token. The only time we need to ignore expiry
 * verification is in SPA middleware handlers which need to verify csrf token in jwt against the csrf
 * token in the request header to renew the expired token.
 *
 * @param jwt String of Json web token
 * @param ignoreExpiry If true, don't verify if the token is expired.
 * @param isToken True if the jwt is an OAuth 2.0 access token
 * @param getKeyResolver How to get VerificationKeyResolver
 * @return JwtClaims object
 * @throws InvalidJwtException InvalidJwtException
 * @throws ExpiredTokenException ExpiredTokenException
 */
public JwtClaims verifyJwt(String jwt, boolean ignoreExpiry, boolean isToken, BiFunction<String, Boolean, VerificationKeyResolver> getKeyResolver) throws InvalidJwtException, ExpiredTokenException {
    JwtClaims claims;
    if (Boolean.TRUE.equals(enableJwtCache)) {
        claims = cache.getIfPresent(jwt);
        if (claims != null) {
            if (!ignoreExpiry) {
                try {
                    // and it will never expired here. However, we need to handle other clients.
                    if ((NumericDate.now().getValue() - secondsOfAllowedClockSkew) >= claims.getExpirationTime().getValue()) {
                        logger.info("Cached jwt token is expired!");
                        throw new ExpiredTokenException("Token is expired");
                    }
                } catch (MalformedClaimException e) {
                    // This is cached token and it is impossible to have this exception
                    logger.error("MalformedClaimException:", e);
                }
            }
            // this claims object is signature verified already
            return claims;
        }
    }
    JwtConsumer consumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
    JwtContext jwtContext = consumer.process(jwt);
    claims = jwtContext.getJwtClaims();
    JsonWebStructure structure = jwtContext.getJoseObjects().get(0);
    // need this kid to load public key certificate for signature verification
    String kid = structure.getKeyIdHeaderValue();
    // if ignoreExpiry is false, verify expiration of the token
    if (!ignoreExpiry) {
        try {
            if ((NumericDate.now().getValue() - secondsOfAllowedClockSkew) >= claims.getExpirationTime().getValue()) {
                logger.info("jwt token is expired!");
                throw new ExpiredTokenException("Token is expired");
            }
        } catch (MalformedClaimException e) {
            logger.error("MalformedClaimException:", e);
            throw new InvalidJwtException("MalformedClaimException", new ErrorCodeValidator.Error(ErrorCodes.MALFORMED_CLAIM, "Invalid ExpirationTime Format"), e, jwtContext);
        }
    }
    consumer = new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(// use seconds of 10 years to skip expiration validation as we need skip it in some cases.
    315360000).setSkipDefaultAudienceValidation().setVerificationKeyResolver(getKeyResolver.apply(kid, isToken)).build();
    // Validate the JWT and process it to the Claims
    jwtContext = consumer.process(jwt);
    claims = jwtContext.getJwtClaims();
    if (Boolean.TRUE.equals(enableJwtCache)) {
        cache.put(jwt, claims);
    }
    return claims;
}

Example 93 with JwtClaims

use of org.jose4j.jwt.JwtClaims in project light-4j by networknt.

the class JwtHelper method verifyJwt.

/**
 * Verify JWT token format and signature. If ignoreExpiry is true, skip expiry verification, otherwise
 * verify the expiry before signature verification.
 *
 * In most cases, we need to verify the expiry of the jwt token. The only time we need to ignore expiry
 * verification is in SPA middleware handlers which need to verify csrf token in jwt against the csrf
 * token in the request header to renew the expired token.
 *
 * @param jwt String of Json web token
 * @param ignoreExpiry If true, don't verify if the token is expired.
 * @param isToken True if the jwt is an OAuth 2.0 access token
 * @param getKeyResolver How to get VerificationKeyResolver
 * @return JwtClaims object
 * @throws InvalidJwtException InvalidJwtException
 * @throws ExpiredTokenException ExpiredTokenException
 */
public static JwtClaims verifyJwt(String jwt, boolean ignoreExpiry, boolean isToken, BiFunction<String, Boolean, VerificationKeyResolver> getKeyResolver) throws InvalidJwtException, ExpiredTokenException {
    JwtClaims claims;
    if (Boolean.TRUE.equals(enableJwtCache)) {
        claims = cache.getIfPresent(jwt);
        if (claims != null) {
            if (!ignoreExpiry) {
                try {
                    // and it will never expired here. However, we need to handle other clients.
                    if ((NumericDate.now().getValue() - secondsOfAllowedClockSkew) >= claims.getExpirationTime().getValue()) {
                        logger.info("Cached jwt token is expired!");
                        throw new ExpiredTokenException("Token is expired");
                    }
                } catch (MalformedClaimException e) {
                    // This is cached token and it is impossible to have this exception
                    logger.error("MalformedClaimException:", e);
                }
            }
            // this claims object is signature verified already
            return claims;
        }
    }
    JwtConsumer consumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
    JwtContext jwtContext = consumer.process(jwt);
    claims = jwtContext.getJwtClaims();
    JsonWebStructure structure = jwtContext.getJoseObjects().get(0);
    // need this kid to load public key certificate for signature verification
    String kid = structure.getKeyIdHeaderValue();
    // if ignoreExpiry is false, verify expiration of the token
    if (!ignoreExpiry) {
        try {
            if ((NumericDate.now().getValue() - secondsOfAllowedClockSkew) >= claims.getExpirationTime().getValue()) {
                logger.info("jwt token is expired!");
                throw new ExpiredTokenException("Token is expired");
            }
        } catch (MalformedClaimException e) {
            logger.error("MalformedClaimException:", e);
            throw new InvalidJwtException("MalformedClaimException", new ErrorCodeValidator.Error(ErrorCodes.MALFORMED_CLAIM, "Invalid ExpirationTime Format"), e, jwtContext);
        }
    }
    consumer = new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(// use seconds of 10 years to skip expiration validation as we need skip it in some cases.
    315360000).setSkipDefaultAudienceValidation().setVerificationKeyResolver(getKeyResolver.apply(kid, isToken)).build();
    // Validate the JWT and process it to the Claims
    jwtContext = consumer.process(jwt);
    claims = jwtContext.getJwtClaims();
    if (Boolean.TRUE.equals(enableJwtCache)) {
        cache.put(jwt, claims);
    }
    return claims;
}

Example 94 with JwtClaims

use of org.jose4j.jwt.JwtClaims in project light-4j by networknt.

the class JwtMockHandler method mockClaims.

public JwtClaims mockClaims() {
    JwtClaims claims = JwtIssuer.getDefaultJwtClaims();
    claims.setClaim("user_id", "steve");
    claims.setClaim("user_type", "EMPLOYEE");
    claims.setClaim("client_id", "aaaaaaaa-1234-1234-1234-bbbbbbbb");
    List<String> scope = Arrays.asList("api.r", "api.w");
    // multi-valued claims work too and will end up as a JSON array
    claims.setStringListClaim("scope", scope);
    return claims;
}

Example 95 with JwtClaims

use of org.jose4j.jwt.JwtClaims in project light-4j by networknt.

the class GroupRoleTransformAction method performAction.

public void performAction(Map<String, Object> objMap, Map<String, Object> resultMap, Collection<RuleActionValue> actionValues) {
    // need to make sure that the result is true.
    boolean result = (Boolean) resultMap.get(RuleConstants.RESULT);
    if (result) {
        String roles = null;
        for (Map.Entry<String, Object> entry : resultMap.entrySet()) {
            if (logger.isDebugEnabled())
                logger.debug("key = " + entry.getKey() + " value = " + entry.getValue());
            if ((Boolean) entry.getValue() && !entry.getKey().equals(RuleConstants.RESULT)) {
                if (roles == null) {
                    roles = entry.getKey();
                } else {
                    roles = roles + " " + entry.getKey();
                }
            }
        }
        // put this into the input map for the next rule to work with roles instead of groups.
        Map auditInfo = (Map) objMap.get("auditInfo");
        JwtClaims claims = (JwtClaims) auditInfo.get("subject_claims");
        claims.setClaim("roles", roles);
    }
}