Search in sources :

Example 21 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project smallrye-jwt by smallrye.

the class DefaultJWTTokenParserTest method testParseMaxTimeToLiveNull.

@Test
public void testParseMaxTimeToLiveNull() throws Exception {
    assertNull(config.getMaxTimeToLiveSecs());
    JwtContext context = parser.parse(TokenUtils.signClaims("/Token1.json"), config);
    assertNotNull(context);
}
Also used : JwtContext(org.jose4j.jwt.consumer.JwtContext) Test(org.junit.Test)

Example 22 with JwtContext

use of org.jose4j.jwt.consumer.JwtContext in project wildfly-elytron by wildfly-security.

the class TokenValidator method parseAndVerifyToken.

/**
 * Parse and verify the given ID token.
 *
 * @param idToken the ID token
 * @return the {@code JwtContext} if the ID token was valid
 * @throws OidcException if the ID token is invalid
 */
public VerifiedTokens parseAndVerifyToken(final String idToken, final String accessToken) throws OidcException {
    try {
        // first pass to determine the kid, if present
        JwtConsumer firstPassJwtConsumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
        JwtContext idJwtContext = firstPassJwtConsumer.process(idToken);
        String kid = idJwtContext.getJoseObjects().get(HEADER_INDEX).getKeyIdHeaderValue();
        if (kid != null && clientConfiguration.getPublicKeyLocator() != null) {
            jwtConsumerBuilder.setVerificationKey(clientConfiguration.getPublicKeyLocator().getPublicKey(kid, clientConfiguration));
        } else {
            // secret key
            ClientSecretCredentialsProvider clientSecretCredentialsProvider = (ClientSecretCredentialsProvider) clientConfiguration.getClientAuthenticator();
            jwtConsumerBuilder.setVerificationKey(clientSecretCredentialsProvider.getClientSecret());
        }
        jwtConsumerBuilder.registerValidator(new AtHashValidator(accessToken, clientConfiguration.getTokenSignatureAlgorithm()));
        // second pass to validate
        jwtConsumerBuilder.build().processContext(idJwtContext);
        JwtClaims idJwtClaims = idJwtContext.getJwtClaims();
        if (idJwtClaims == null) {
            throw log.invalidIDTokenClaims();
        }
        JwtClaims jwtClaims = new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(accessToken);
        return new VerifiedTokens(new IDToken(idJwtClaims), new AccessToken(jwtClaims));
    } catch (InvalidJwtException e) {
        throw log.invalidIDToken(e);
    }
}
Also used : InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException) JwtClaims(org.jose4j.jwt.JwtClaims) JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder) JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer) JwtContext(org.jose4j.jwt.consumer.JwtContext)

Aggregations

JwtContext (org.jose4j.jwt.consumer.JwtContext)22 JwtClaims (org.jose4j.jwt.JwtClaims)14 JwtConsumer (org.jose4j.jwt.consumer.JwtConsumer)14 InvalidJwtException (org.jose4j.jwt.consumer.InvalidJwtException)13 JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)13 MalformedClaimException (org.jose4j.jwt.MalformedClaimException)9 Test (org.junit.Test)6 AlgorithmConstraints (org.jose4j.jwa.AlgorithmConstraints)5 NumericDate (org.jose4j.jwt.NumericDate)4 JoseException (org.jose4j.lang.JoseException)3 ServiceException (io.jenkins.blueocean.commons.ServiceException)2 JWTAuthConfiguration (org.apache.tomee.microprofile.jwt.config.JWTAuthConfiguration)2 JsonWebStructure (org.jose4j.jwx.JsonWebStructure)2 JwksVerificationKeyResolver (org.jose4j.keys.resolvers.JwksVerificationKeyResolver)2 UnresolvableKeyException (org.jose4j.lang.UnresolvableKeyException)2 DigilibServletRequest (digilib.conf.DigilibServletRequest)1 JwtAuthenticationStore (io.jenkins.blueocean.auth.jwt.JwtAuthenticationStore)1 JwtToken (io.jenkins.blueocean.auth.jwt.JwtToken)1 SigningPublicKey (io.jenkins.blueocean.auth.jwt.SigningPublicKey)1 IOException (java.io.IOException)1