Search in sources :

Example 6 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project light-4j by networknt.

the class Http2ClientIT method isTokenExpired.

private static boolean isTokenExpired(String authorization) {
    boolean expired = false;
    String jwt = getJwtFromAuthorization(authorization);
    if (jwt != null) {
        try {
            JwtConsumer consumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
            JwtContext jwtContext = consumer.process(jwt);
            JwtClaims jwtClaims = jwtContext.getJwtClaims();
            try {
                if ((NumericDate.now().getValue() - 60) >= jwtClaims.getExpirationTime().getValue()) {
                    expired = true;
                }
            } catch (MalformedClaimException e) {
                logger.error("MalformedClaimException:", e);
            }
        } catch (InvalidJwtException e) {
            e.printStackTrace();
        }
    }
    return expired;
}
Also used : InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException) MalformedClaimException(org.jose4j.jwt.MalformedClaimException) JwtClaims(org.jose4j.jwt.JwtClaims) JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder) JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer) JwtContext(org.jose4j.jwt.consumer.JwtContext)

Example 7 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project digilib by robcast.

the class OpenIdAuthnOps method getUserRoles.

/* (non-Javadoc)
     * @see digilib.auth.AuthnOps#getUserRoles(digilib.conf.DigilibRequest)
     */
@Override
public List<String> getUserRoles(DigilibRequest request) throws AuthOpException {
    /*
         * try token parameter first
         */
    String id_token = request.getAsString("id_token");
    if (id_token == null || id_token.isEmpty()) {
        /*
             * try token cookie next
             */
        HttpServletRequest srvReq = ((DigilibServletRequest) request).getServletRequest();
        Cookie[] cookies = srvReq.getCookies();
        if (cookies != null) {
            for (Cookie c : cookies) {
                if (c.getName().equals(tokenCookieName)) {
                    id_token = c.getValue();
                    break;
                }
            }
        }
        if (id_token == null || id_token.isEmpty()) {
            logger.error("Missing id token!");
            return null;
        }
    }
    // the first JwtConsumer is just used to parse the JWT into a JwtContext object.
    try {
        JwtContext jwtContext = firstPassJwtConsumer.process(id_token);
        // extract issuer
        String issuer = jwtContext.getJwtClaims().getIssuer();
        // get validating consumer for this issuer
        JwtConsumer secondPassJwtConsumer = idpJwtConsumers.get(issuer);
        if (secondPassJwtConsumer == null) {
            logger.error("Unknown id token issuer: " + issuer);
            return null;
        }
        // validate token
        secondPassJwtConsumer.processContext(jwtContext);
        JwtClaims claims = jwtContext.getJwtClaims();
        String sub = claims.getSubject();
        // get roles
        List<String> provided = idpRoles.get(issuer);
        logger.debug("Roles provided by id_token (sub='" + sub + "'): " + provided);
        return provided;
    } catch (InvalidJwtException | MalformedClaimException e) {
        logger.error("Error validating id token: " + e.getMessage());
        return null;
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException) MalformedClaimException(org.jose4j.jwt.MalformedClaimException) DigilibServletRequest(digilib.conf.DigilibServletRequest) JwtClaims(org.jose4j.jwt.JwtClaims) JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer) JwtContext(org.jose4j.jwt.consumer.JwtContext)

Example 8 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project smallrye-jwt by smallrye.

the class DefaultJWTCallerPrincipalFactory method parse.

@Override
public JWTCallerPrincipal parse(final String token, final JWTAuthContextInfo authContextInfo) throws ParseException {
    JwtContext jwtContext = parser.parse(token, authContextInfo);
    String type = jwtContext.getJoseObjects().get(0).getHeader("typ");
    return new DefaultJWTCallerPrincipal(type, jwtContext.getJwtClaims());
}
Also used : JwtContext(org.jose4j.jwt.consumer.JwtContext)

Example 9 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project smallrye-jwt by smallrye.

the class DefaultJWTTokenParser method verifyRequiredClaims.

private void verifyRequiredClaims(JWTAuthContextInfo authContextInfo, JwtContext jwtContext) throws InvalidJwtException {
    final Set<String> requiredClaims = authContextInfo.getRequiredClaims();
    if (requiredClaims != null) {
        if (!jwtContext.getJwtClaims().getClaimsMap().keySet().containsAll(requiredClaims)) {
            if (PrincipalLogging.log.isDebugEnabled()) {
                final String missingClaims = requiredClaims.stream().filter(claim -> !jwtContext.getJwtClaims().getClaimsMap().containsKey(claim)).collect(Collectors.joining(","));
                PrincipalLogging.log.missingClaims(missingClaims);
            }
            throw PrincipalMessages.msg.missingClaims(s -> new InvalidJwtException(s, emptyList(), jwtContext));
        }
    }
}
Also used : InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException) AlgorithmConstraints(org.jose4j.jwa.AlgorithmConstraints) VerificationKeyResolver(org.jose4j.keys.resolvers.VerificationKeyResolver) Collections.emptyList(java.util.Collections.emptyList) JwtContext(org.jose4j.jwt.consumer.JwtContext) Set(java.util.Set) JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder) JoseException(org.jose4j.lang.JoseException) Collectors(java.util.stream.Collectors) JsonWebEncryption(org.jose4j.jwe.JsonWebEncryption) JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer) NumericDate(org.jose4j.jwt.NumericDate) UnresolvableKeyException(org.jose4j.lang.UnresolvableKeyException) JwtClaims(org.jose4j.jwt.JwtClaims) DecryptionKeyResolver(org.jose4j.keys.resolvers.DecryptionKeyResolver) Claims(org.eclipse.microprofile.jwt.Claims) InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException)

Example 10 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project smallrye-jwt by smallrye.

the class DefaultJWTTokenParserTest method testParseMultipleExpectedAudienceValues.

@Test
public void testParseMultipleExpectedAudienceValues() throws Exception {
    config.setExpectedAudience(new HashSet<>(Arrays.asList("MISSING", TCK_TOKEN1_AUD)));
    JwtContext context = parser.parse(TokenUtils.signClaims("/Token1.json"), config);
    assertNotNull(context);
    assertEquals(TCK_TOKEN1_AUD, context.getJwtClaims().getAudience().get(0));
}
Also used : JwtContext(org.jose4j.jwt.consumer.JwtContext) Test(org.junit.Test)

Aggregations

JwtContext (org.jose4j.jwt.consumer.JwtContext)22 JwtClaims (org.jose4j.jwt.JwtClaims)14 JwtConsumer (org.jose4j.jwt.consumer.JwtConsumer)14 InvalidJwtException (org.jose4j.jwt.consumer.InvalidJwtException)13 JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)13 MalformedClaimException (org.jose4j.jwt.MalformedClaimException)9 Test (org.junit.Test)6 AlgorithmConstraints (org.jose4j.jwa.AlgorithmConstraints)5 NumericDate (org.jose4j.jwt.NumericDate)4 JoseException (org.jose4j.lang.JoseException)3 ServiceException (io.jenkins.blueocean.commons.ServiceException)2 JWTAuthConfiguration (org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration)2 JsonWebStructure (org.jose4j.jwx.JsonWebStructure)2 JwksVerificationKeyResolver (org.jose4j.keys.resolvers.JwksVerificationKeyResolver)2 UnresolvableKeyException (org.jose4j.lang.UnresolvableKeyException)2 DigilibServletRequest (digilib.conf.DigilibServletRequest)1 JwtAuthenticationStore (io.jenkins.blueocean.auth.jwt.JwtAuthenticationStore)1 JwtToken (io.jenkins.blueocean.auth.jwt.JwtToken)1 SigningPublicKey (io.jenkins.blueocean.auth.jwt.SigningPublicKey)1 IOException (java.io.IOException)1