Example 16 with JoseException
use of org.jose4j.lang.JoseException in project blueocean-plugin by jenkinsci.
the class JwtToken method sign.
/**
* Generates base64 representation of JWT token sign using "RS256" algorithm
*
* getHeader().toBase64UrlEncode() + "." + getClaim().toBase64UrlEncode() + "." + sign
*
* @return base64 representation of JWT token
*/
public String sign() {
for (JwtTokenDecorator decorator : JwtTokenDecorator.all()) {
decorator.decorate(this);
}
for (JwtSigningKeyProvider signer : JwtSigningKeyProvider.all()) {
SigningKey k = signer.select(this);
if (k != null) {
try {
JsonWebSignature jsonWebSignature = new JsonWebSignature();
jsonWebSignature.setPayload(claim.toString());
jsonWebSignature.setKey(k.getKey());
jsonWebSignature.setKeyIdHeaderValue(k.getKid());
jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
jsonWebSignature.setHeader(HeaderParameterNames.TYPE, "JWT");
return jsonWebSignature.getCompactSerialization();
} catch (JoseException e) {
String msg = "Failed to sign JWT token: " + e.getMessage();
LOGGER.log(Level.SEVERE, "Failed to sign JWT token", e);
throw new ServiceException.UnexpectedErrorException(msg, e);
}
}
}
throw new IllegalStateException("No key is available to sign a token");
}
Also used :
JsonWebSignature(org.jose4j.jws.JsonWebSignature)
ServiceException(io.jenkins.blueocean.commons.ServiceException)
JoseException(org.jose4j.lang.JoseException)
Example 17 with JoseException
use of org.jose4j.lang.JoseException in project java by kubernetes-client.
the class OpenIDConnectAuthenticator method isExpired.
@Override
public boolean isExpired(Map<String, Object> config) {
String idToken = (String) config.get(OIDC_ID_TOKEN);
if (idToken == null) {
return true;
} else {
JsonWebSignature jws = new JsonWebSignature();
try {
jws.setCompactSerialization(idToken);
// we don't care if its valid or not cryptographicly as the only way to verify is to
// query
// the remote identity provider's configuration url which is the same chanel as the
// token
// request. If there is a malicious proxy there's no way for the client to know.
// Also,
// the client doesn't need to trust the, token, only bear it to the server which
// will verify
// it.
String jwt = jws.getUnverifiedPayload();
JwtClaims claims = JwtClaims.parse(jwt);
// expired now is >= expiration AND exp is present
return claims.getExpirationTime() == null || NumericDate.now().isOnOrAfter(claims.getExpirationTime());
} catch (JoseException | InvalidJwtException | MalformedClaimException e) {
throw new RuntimeException(e);
}
}
}
Also used :
InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException)
MalformedClaimException(org.jose4j.jwt.MalformedClaimException)
JsonWebSignature(org.jose4j.jws.JsonWebSignature)
JwtClaims(org.jose4j.jwt.JwtClaims)
JoseException(org.jose4j.lang.JoseException)
Aggregations
JoseException (org.jose4j.lang.JoseException)17
JwtClaims (org.jose4j.jwt.JwtClaims)7
IOException (java.io.IOException)6
JsonWebKey (org.jose4j.jwk.JsonWebKey)6
MalformedClaimException (org.jose4j.jwt.MalformedClaimException)5
InvalidJwtException (org.jose4j.jwt.consumer.InvalidJwtException)5
JsonWebSignature (org.jose4j.jws.JsonWebSignature)4
JwtConsumer (org.jose4j.jwt.consumer.JwtConsumer)4
JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)4
ServiceException (io.jenkins.blueocean.commons.ServiceException)3
NumericDate (org.jose4j.jwt.NumericDate)3
StringReader (java.io.StringReader)2
Map (java.util.Map)2
DeploymentException (javax.enterprise.inject.spi.DeploymentException)2
JsonObject (javax.json.JsonObject)2
JsonParsingException (javax.json.stream.JsonParsingException)2
JsonWebKeySet (org.jose4j.jwk.JsonWebKeySet)2
JwtContext (org.jose4j.jwt.consumer.JwtContext)2
JsonWebStructure (org.jose4j.jwx.JsonWebStructure)2
TemplateCall (com.peterphi.std.guice.web.rest.templating.TemplateCall)1
