Example 1 with ClientSignatureVerifierProvider
use of org.keycloak.crypto.ClientSignatureVerifierProvider in project keycloak by keycloak.
the class DefaultTokenManager method verifyJWS.
private <T> T verifyJWS(ClientModel client, Class<T> clazz, JWSInput jws) {
try {
String signatureAlgorithm = jws.getHeader().getAlgorithm().name();
ClientSignatureVerifierProvider signatureProvider = session.getProvider(ClientSignatureVerifierProvider.class, signatureAlgorithm);
if (signatureProvider == null) {
if (jws.getHeader().getAlgorithm().equals(org.keycloak.jose.jws.Algorithm.none)) {
return jws.readJsonContent(clazz);
}
return null;
}
boolean valid = signatureProvider.verifier(client, jws).verify(jws.getEncodedSignatureInput().getBytes("UTF-8"), jws.getSignature());
return valid ? jws.readJsonContent(clazz) : null;
} catch (Exception e) {
logger.debug("Failed to decode token", e);
return null;
}
}
Also used :
ClientSignatureVerifierProvider(org.keycloak.crypto.ClientSignatureVerifierProvider)
JWEException(org.keycloak.jose.jwe.JWEException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Aggregations
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
ClientSignatureVerifierProvider (org.keycloak.crypto.ClientSignatureVerifierProvider)1
JWEException (org.keycloak.jose.jwe.JWEException)1
