use of org.jose4j.lang.JoseException in project blueocean-plugin by jenkinsci.
the class JwtToken method sign.
/**
* Generates base64 representation of JWT token sign using "RS256" algorithm
*
* getHeader().toBase64UrlEncode() + "." + getClaim().toBase64UrlEncode() + "." + sign
*
* @return base64 representation of JWT token
*/
public String sign() {
for (JwtTokenDecorator decorator : JwtTokenDecorator.all()) {
decorator.decorate(this);
}
for (JwtSigningKeyProvider signer : JwtSigningKeyProvider.all()) {
SigningKey k = signer.select(this);
if (k != null) {
try {
JsonWebSignature jsonWebSignature = new JsonWebSignature();
jsonWebSignature.setPayload(claim.toString());
jsonWebSignature.setKey(k.getKey());
jsonWebSignature.setKeyIdHeaderValue(k.getKid());
jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
jsonWebSignature.setHeader(HeaderParameterNames.TYPE, "JWT");
return jsonWebSignature.getCompactSerialization();
} catch (JoseException e) {
String msg = "Failed to sign JWT token: " + e.getMessage();
LOGGER.log(Level.SEVERE, "Failed to sign JWT token", e);
throw new ServiceException.UnexpectedErrorException(msg, e);
}
}
}
throw new IllegalStateException("No key is available to sign a token");
}
use of org.jose4j.lang.JoseException in project java by kubernetes-client.
the class OpenIDConnectAuthenticator method isExpired.
@Override
public boolean isExpired(Map<String, Object> config) {
String idToken = (String) config.get(OIDC_ID_TOKEN);
if (idToken == null) {
return true;
} else {
JsonWebSignature jws = new JsonWebSignature();
try {
jws.setCompactSerialization(idToken);
// we don't care if its valid or not cryptographicly as the only way to verify is to
// query
// the remote identity provider's configuration url which is the same chanel as the
// token
// request. If there is a malicious proxy there's no way for the client to know.
// Also,
// the client doesn't need to trust the, token, only bear it to the server which
// will verify
// it.
String jwt = jws.getUnverifiedPayload();
JwtClaims claims = JwtClaims.parse(jwt);
// expired now is >= expiration AND exp is present
return claims.getExpirationTime() == null || NumericDate.now().isOnOrAfter(claims.getExpirationTime());
} catch (JoseException | InvalidJwtException | MalformedClaimException e) {
throw new RuntimeException(e);
}
}
}
Aggregations