private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException { try { return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() { @Override public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) { final String identity = claims.getSubject(); // Get the key based on the key id in the claims final String keyId = claims.get(KEY_ID_CLAIM, String.class); final Key key = keyService.getKey(keyId); // Ensure we were able to find a key that was previously issued by this key service for this user if (key == null || key.getKey() == null) { throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]"); } return key.getKey().getBytes(StandardCharsets.UTF_8); } }).parseClaimsJws(base64EncodedToken); } catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException e) { // TODO: Exercise all exceptions to ensure none leak key material to logs final String errorMessage = "Unable to validate the access token."; throw new JwtException(errorMessage, e); } }
private static Claims getBody(String jwt) { return Jwts.parser() .setSigningKeyResolver(new SigningKeyResolverAdapter() { @Override public Key resolveSigningKey(JwsHeader header, Claims claims) { String subject = claims.getSubject(); if (subject == null || subject.isEmpty()) throw new MissingClaimException(header, claims, "Subject is not provided in JWT."); if (!userToKeyMap.containsKey(subject)) throw new SignatureException("Signing key is not reqistred for the subject."); return userToKeyMap.get(subject); }}) .parseClaimsJws(jwt) .getBody(); }
/** * Gets the value of the <em>exp</em> claim of a JWT. * * @param token The token. * @return The expiration. * @throws NullPointerException if the token is {@code null}. * @throws IllegalArgumentException if the given token contains no <em>exp</em> claim. */ public static final Date getExpiration(final String token) { if (token == null) { throw new NullPointerException("token must not be null"); } final AtomicReference<Date> result = new AtomicReference<>(); try { Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() { @SuppressWarnings("rawtypes") @Override public Key resolveSigningKey(JwsHeader header, Claims claims) { Date exp = claims.getExpiration(); if (exp != null) { result.set(exp); } return DUMMY_KEY; } }).parse(token); } catch (JwtException e) { // expected since we do not know the signing key } if (result.get() == null) { throw new IllegalArgumentException("token contains no exp claim"); } else { return result.get(); } }