Java Code Examples for org.jose4j.jwt.consumer.JwtConsumer#processToClaims()

The following examples show how to use org.jose4j.jwt.consumer.JwtConsumer#processToClaims() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: OauthHelperTest.java    From light-4j with Apache License 2.0 6 votes vote down vote up
private static boolean isTokenExpired(String authorization) {
    boolean expired = false;
    String jwt = getJwtFromAuthorization(authorization);
    if(jwt != null) {
        JwtConsumer consumer = new JwtConsumerBuilder()
                .setDisableRequireSignature()
                .setSkipSignatureVerification()
                .build();

        try {
            consumer.processToClaims(jwt);
        } catch (InvalidJwtException e) {
            if(e.hasExpired()) expired = true;
        }
    }
    return expired;
}
 
Example 2
Source File: JWTokenFactory.java    From eplmp with Eclipse Public License 1.0 6 votes vote down vote up
public static String validateSharedResourceToken(Key key, String jwt) {

        JwtConsumer jwtConsumer = new JwtConsumerBuilder()
                .setVerificationKey(key)
                .setRelaxVerificationKeyValidation()
                .build();

        try {
            JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);
            String subject = jwtClaims.getSubject();
            try (JsonReader reader = Json.createReader(new StringReader(subject))) {
                JsonObject subjectObject = reader.readObject(); // JsonParsingException
                return subjectObject.getString(SHARED_ENTITY_UUID); // Npe
            }
        } catch (InvalidJwtException | MalformedClaimException | JsonParsingException | NullPointerException e) {
            LOGGER.log(Level.FINE, "Cannot validate jwt token", e);
        }

        return null;

    }
 
Example 3
Source File: JWTokenFactory.java    From eplmp with Eclipse Public License 1.0 6 votes vote down vote up
public static String validateEntityToken(Key key, String jwt) {

        JwtConsumer jwtConsumer = new JwtConsumerBuilder()
                .setVerificationKey(key)
                .setRelaxVerificationKeyValidation()
                .build();

        try {
            JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);
            String subject = jwtClaims.getSubject();
            try (JsonReader reader = Json.createReader(new StringReader(subject))) {
                JsonObject subjectObject = reader.readObject(); // JsonParsingException
                return subjectObject.getString(ENTITY_KEY); // Npe
            }
        } catch (InvalidJwtException | MalformedClaimException | JsonParsingException | NullPointerException e) {
            LOGGER.log(Level.FINE, "Cannot validate jwt token", e);
        }

        return null;

    }
 
Example 4
Source File: JwtHelper.java    From openhab-core with Eclipse Public License 2.0 6 votes vote down vote up
/**
 * Performs verifications on a JWT token, then parses it into a {@link AuthenticationException} instance
 *
 * @param jwt the base64-encoded JWT token from the request
 * @return the {@link Authentication} derived from the information in the token
 * @throws AuthenticationException
 */
public Authentication verifyAndParseJwtAccessToken(String jwt) throws AuthenticationException {
    JwtConsumer jwtConsumer = new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(30)
            .setRequireSubject().setExpectedIssuer(ISSUER_NAME).setExpectedAudience(AUDIENCE)
            .setVerificationKey(jwtWebKey.getKey())
            .setJwsAlgorithmConstraints(ConstraintType.WHITELIST, AlgorithmIdentifiers.RSA_USING_SHA256).build();

    try {
        JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);
        String username = jwtClaims.getSubject();
        List<String> roles = jwtClaims.getStringListClaimValue("role");
        Authentication auth = new Authentication(username, roles.toArray(new String[roles.size()]));
        return auth;
    } catch (Exception e) {
        logger.error("Error while processing JWT token", e);
        throw new AuthenticationException(e.getMessage());
    }
}
 
Example 5
Source File: BoxDeveloperEditionAPIConnectionTest.java    From box-java-sdk with Apache License 2.0 6 votes vote down vote up
private JwtClaims getClaimsFromRequest(Request request) throws Exception {

        // Get the JWT out of the request body
        String body = request.getBodyAsString();
        String[] tokens = body.split("&");
        String jwt = null;
        for (String s : tokens) {
            String[] parts = s.split("=");
            if (parts[0] != null && parts[0].equals("assertion") && parts[1] != null) {
                jwt = parts[1];
            }
        }
        if (jwt == null) {
            throw new Exception("No jwt assertion found in request body");
        }

        // Parse out the JWT to verify the claims
        JwtConsumer jwtConsumer = new JwtConsumerBuilder()
                .setSkipSignatureVerification()
                .setSkipAllValidators()
                .build();
        return jwtConsumer.processToClaims(jwt);
    }
 
Example 6
Source File: Token.java    From server_face_recognition with GNU General Public License v3.0 5 votes vote down vote up
public static Token decypherToken(String token) {
    JwtConsumer jwtConsumer = new JwtConsumerBuilder()
            .setRequireExpirationTime()
            .setAllowedClockSkewInSeconds(30)
            .setRequireSubject()
            .setExpectedIssuer("Sanstorik")
            .setExpectedAudience("User")
            .setVerificationKey(key.getKey())
            .setJwsAlgorithmConstraints(
                    new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST,
                            AlgorithmIdentifiers.RSA_USING_SHA256))
            .build();

    Token decypheredToken = null;
    try
    {
        JwtClaims jwtClaims = jwtConsumer.processToClaims(token);
        decypheredToken = new Token(token,
             jwtClaims.getClaimValue(USERNAME_KEY).toString(),
             jwtClaims.getClaimValue(PASSWORD_KEY).toString(),
             Integer.valueOf(jwtClaims.getClaimValue(USERID_KEY).toString())
        );
    } catch (InvalidJwtException e) {
        e.printStackTrace();
    }

    return decypheredToken;
}
 
Example 7
Source File: JWTokenFactory.java    From eplmp with Eclipse Public License 1.0 5 votes vote down vote up
public static JWTokenUserGroupMapping validateAuthToken(Key key, String jwt) {

        JwtConsumer jwtConsumer = new JwtConsumerBuilder()
                .setVerificationKey(key)
                .setRelaxVerificationKeyValidation()
                .build();

        try {
            JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);
            String subject = jwtClaims.getSubject();

            try (JsonReader reader = Json.createReader(new StringReader(subject))) {
                JsonObject subjectObject = reader.readObject(); // JsonParsingException
                String login = subjectObject.getString(SUBJECT_LOGIN); // Npe
                String groupName = subjectObject.getString(SUBJECT_GROUP_NAME); // Npe

                if (login != null && !login.isEmpty() && groupName != null && !groupName.isEmpty()) {
                    return new JWTokenUserGroupMapping(jwtClaims, new UserGroupMapping(login, groupName));
                }
            }


        } catch (InvalidJwtException | MalformedClaimException | JsonParsingException | NullPointerException e) {
            LOGGER.log(Level.FINE, "Cannot validate jwt token", e);
        }

        return null;

    }
 
Example 8
Source File: JwtUtil.java    From light with Apache License 2.0 5 votes vote down vote up
public static Map<String, Object> verifyJwt(String jwt) throws InvalidJwtException, MalformedClaimException {
    Map<String, Object> user = null;
    X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(certificate);
    x509VerificationKeyResolver.setTryAllOnNoThumbHeader(true);

    JwtConsumer jwtConsumer = new JwtConsumerBuilder()
            .setRequireExpirationTime() // the JWT must have an expiration time
            .setAllowedClockSkewInSeconds((Integer) config.get(CLOCK_SKEW_IN_MINUTE)*60) // allow some leeway in validating time based claims to account for clock skew
            .setRequireSubject() // the JWT must have a subject claim
            .setExpectedIssuer(issuer)
            .setExpectedAudience(audience)
            .setVerificationKeyResolver(x509VerificationKeyResolver) // verify the signature with the certificates
            .build(); // create the JwtConsumer instance

    //  Validate the JWT and process it to the Claims
    JwtClaims claims = jwtConsumer.processToClaims(jwt);
    if(claims != null) {
        user = new HashMap<String, Object>();
        user.put("userId", claims.getClaimValue("userId"));
        user.put("clientId", claims.getClaimValue("clientId"));
        List roles = claims.getStringListClaimValue("roles");
        user.put("roles", roles);
        Object host = claims.getClaimValue("host");
        if(host != null) user.put("host", host);
    }
    return user;
}
 
Example 9
Source File: JwtAuthenticationServiceImplTest.java    From blueocean-plugin with MIT License 4 votes vote down vote up
@Test
    public void anonymousUserToken() throws Exception{
        j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
        JenkinsRule.WebClient webClient = j.createWebClient();
        String token = getToken(webClient);
        Assert.assertNotNull(token);


        JsonWebStructure jsonWebStructure = JsonWebStructure.fromCompactSerialization(token);

        Assert.assertTrue(jsonWebStructure instanceof JsonWebSignature);

        JsonWebSignature jsw = (JsonWebSignature) jsonWebStructure;


        String kid = jsw.getHeader("kid");

        Assert.assertNotNull(kid);

        Page page = webClient.goTo("jwt-auth/jwks/"+kid+"/", "application/json");

//        for(NameValuePair valuePair: page.getWebResponse().getResponseHeaders()){
//            System.out.println(valuePair);
//        }

        JSONObject jsonObject = JSONObject.fromObject(page.getWebResponse().getContentAsString());
        RsaJsonWebKey rsaJsonWebKey = new RsaJsonWebKey(jsonObject,null);

        JwtConsumer jwtConsumer = new JwtConsumerBuilder()
            .setRequireExpirationTime() // the JWT must have an expiration time
            .setAllowedClockSkewInSeconds(30) // allow some leeway in validating time based claims to account for clock skew
            .setRequireSubject() // the JWT must have a subject claim
            .setVerificationKey(rsaJsonWebKey.getKey()) // verify the sign with the public key
            .build(); // create the JwtConsumer instance

        JwtClaims claims = jwtConsumer.processToClaims(token);
        Assert.assertEquals("anonymous",claims.getSubject());

        Map<String,Object> claimMap = claims.getClaimsMap();

        Map<String,Object> context = (Map<String, Object>) claimMap.get("context");
        Map<String,String> userContext = (Map<String, String>) context.get("user");
        Assert.assertEquals("anonymous", userContext.get("id"));
    }
 
Example 10
Source File: JWT_Encrypted_Validator_Callout.java    From iloveapis2015-jwt-jwe-jws with Apache License 2.0 4 votes vote down vote up
public ExecutionResult execute (MessageContext msgCtxt,
        ExecutionContext exeCtxt) {
    String varName;

    try {
        String encryptedJwt = getJwt(msgCtxt); // dot-separated JWT
        // diagnostic purposes
        varName = getVarname("jwt");
        msgCtxt.setVariable(varName, encryptedJwt);

        RSAPrivateKey privateKey = (RSAPrivateKey) getPrivateKey(msgCtxt);
        BASE64Encoder b64 = new BASE64Encoder();
        varName = getVarname("PrivateKey");
        msgCtxt.setVariable(varName, b64.encode(privateKey.getEncoded()));

        /***************************RECEIVER'S END ***********************************/

        JwtConsumer consumer = new JwtConsumerBuilder()
            //.setExpectedAudience("Admins")
            //.setExpectedIssuer("CA")
            //.setRequireSubject()
            //.setRequireExpirationTime()
            .setDecryptionKey(privateKey)
            .setDisableRequireSignature()
            .build();
        JwtClaims receivedClaims = consumer.processToClaims(encryptedJwt);
        //System.out.println("SUCESS :: JWT Validation :: " + receivedClaims);
        String receivedClaimsJSON = receivedClaims.getRawJson();

        varName = getVarname("receivedClaims");
        msgCtxt.setVariable(varName, receivedClaimsJSON);
    }
    catch (Exception e) {
        //e.printStackTrace();
        varName = getVarname("error");
        msgCtxt.setVariable(varName, "Exception (A): " + e.toString());
        varName = getVarname("stacktrace");
        msgCtxt.setVariable(varName, "Stack (A): " + ExceptionUtils.getStackTrace(e));
    }
    return ExecutionResult.SUCCESS;

}
 
Example 11
Source File: JwtAuthenticationServiceImplTest.java    From blueocean-plugin with MIT License 2 votes vote down vote up
@Test
    public void getToken() throws Exception {
        j.jenkins.setSecurityRealm(j.createDummySecurityRealm());

        User user = User.get("alice");
        user.setFullName("Alice Cooper");
        user.addProperty(new Mailer.UserProperty("[email protected]"));

        JenkinsRule.WebClient webClient = j.createWebClient();

        webClient.login("alice");

        String token = getToken(webClient);

        Assert.assertNotNull(token);

        JsonWebStructure jsonWebStructure = JsonWebStructure.fromCompactSerialization(token);

        Assert.assertTrue(jsonWebStructure instanceof JsonWebSignature);

        JsonWebSignature jsw = (JsonWebSignature) jsonWebStructure;

        System.out.println(token);
        System.out.println(jsw.toString());


        String kid = jsw.getHeader("kid");

        Assert.assertNotNull(kid);

        Page page = webClient.goTo("jwt-auth/jwks/"+kid+"/", "application/json");

//        for(NameValuePair valuePair: page.getWebResponse().getResponseHeaders()){
//            System.out.println(valuePair);
//        }

        JSONObject jsonObject = JSONObject.fromObject(page.getWebResponse().getContentAsString());
        System.out.println(jsonObject.toString());
        RsaJsonWebKey rsaJsonWebKey = new RsaJsonWebKey(jsonObject,null);

        JwtConsumer jwtConsumer = new JwtConsumerBuilder()
            .setRequireExpirationTime() // the JWT must have an expiration time
            .setAllowedClockSkewInSeconds(30) // allow some leeway in validating time based claims to account for clock skew
            .setRequireSubject() // the JWT must have a subject claim
            .setVerificationKey(rsaJsonWebKey.getKey()) // verify the sign with the public key
            .build(); // create the JwtConsumer instance

        JwtClaims claims = jwtConsumer.processToClaims(token);
        Assert.assertEquals("alice",claims.getSubject());

        Map<String,Object> claimMap = claims.getClaimsMap();

        Map<String,Object> context = (Map<String, Object>) claimMap.get("context");
        Map<String,String> userContext = (Map<String, String>) context.get("user");
        Assert.assertEquals("alice", userContext.get("id"));
        Assert.assertEquals("Alice Cooper", userContext.get("fullName"));
        Assert.assertEquals("[email protected]", userContext.get("email"));
    }