use of org.sdase.commons.server.auth.key.LoadedPublicKey in project sda-dropwizard-commons by SDA-SE.
the class AuthRSA256Service method auth.
@Override
public Map<String, Claim> auth(String authorizationToken) {
try {
String keyId = JWT.decode(authorizationToken).getKeyId();
if (keyId == null) {
// check all keys without id
List<LoadedPublicKey> keysWithoutId = rsaPublicKeyLoader.getKeysWithoutId();
if (keysWithoutId.size() > 1) {
LOG.warn("Verifying token without kid trying {} public keys", keysWithoutId.size());
}
Collections.reverse(keysWithoutId);
return keysWithoutId.stream().map(k -> verifyJwtSignature(authorizationToken, k)).filter(Optional::isPresent).map(Optional::get).findFirst().orElseThrow(() -> new JwtAuthException("Could not verify JWT without kid.")).getClaims();
} else {
LoadedPublicKey loadedPublicKey = rsaPublicKeyLoader.getLoadedPublicKey(keyId);
if (loadedPublicKey == null) {
LOG.error("No key found for verification, matching the requested kid {}", keyId);
throw new JwtAuthException("Could not verify JWT with the requested kid.");
}
DecodedJWT jwt = verifyJwtSignature(authorizationToken, loadedPublicKey).orElseThrow(() -> new JwtAuthException("Verifying token failed"));
return jwt.getClaims();
}
} catch (JWTVerificationException e) {
throw new JwtAuthException(e);
}
}
Aggregations