下面列出了怎么用io.jsonwebtoken.security.SecurityException的API类实例代码及写法,或者点击链接到github查看源代码。
private Key resolveSigningKey(final JwsHeader header) {
final LineApiResponse<JWKSet> response = apiClient.getJWKSet();
if (!response.isSuccess()) {
Log.e(TAG, "failed to get LINE JSON Web Key Set [JWK] document.");
return null;
}
final JWKSet jwkSet = response.getResponseData();
final String keyId = header.getKeyId();
final JWK jwk = jwkSet.getJWK(keyId);
if (jwk == null) {
Log.e(TAG, "failed to find Key by Id: " + keyId);
return null;
}
final String algorithm = header.getAlgorithm();
final SignatureAlgorithm alg = SignatureAlgorithm.forName(algorithm);
if (alg.isEllipticCurve()) {
return generateECPublicKey(jwk);
}
throw new SecurityException("Unsupported signature algorithm '" + algorithm + '\'');
}
@Override
public Claims parse(final String credentials) {
// Parse the JWT claims
return Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
if (header.getKeyId() == null) {
throw new JwtException("Missing Key ID (kid) header field");
}
try {
if (keyIds.contains(header.getKeyId()) && keyStore.containsAlias(header.getKeyId())) {
return keyStore.getCertificate(header.getKeyId()).getPublicKey();
}
} catch (final KeyStoreException ex) {
throw new SecurityException("Error retrieving key from keystore", ex);
}
throw new SecurityException("Could not locate key in keystore: " + header.getKeyId());
}
}).build().parseClaimsJws(credentials).getBody();
}
@Override
public Claims parse(final String token) {
return Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
final String keyid = header.getKeyId();
if (keyid == null) {
throw new JwtException("Missing Key ID (kid) header field");
}
if (keys.containsKey(keyid)) {
return keys.get(keyid);
}
throw new SecurityException("Could not locate key: " + keyid);
}
}).build().parseClaimsJws(token).getBody();
}
@Test
void testKeyStoreException() throws Exception {
final KeyStore mockKeyStore = mock(KeyStore.class, inv -> {
throw new KeyStoreException("Expected");
});
final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(getClass().getResourceAsStream("/keystore.jks"), passphrase);
final String token = buildEcToken(ks.getKey("trellis-ec", passphrase), "trellis-ec");
final Authenticator authenticator = new FederatedJwtAuthenticator(mockKeyStore,
singletonList("trellis-ec"));
assertThrows(SecurityException.class, () -> authenticator.authenticate(token),
"Unexpectedly functional keystore!");
}
@Test
void testAuthenticateKeystoreNoMatch() throws Exception {
final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(getClass().getResourceAsStream("/keystore.jks"), passphrase);
final String token = buildEcToken(ks.getKey("trellis-ec", passphrase), "trellis-ec");
final Authenticator authenticator = new FederatedJwtAuthenticator(ks,
asList("trellis", "foo"));
assertThrows(SecurityException.class, () -> authenticator.authenticate(token), "Unexpected keystore entry!");
}
@Test
void testAuthenticateKeystoreAnotherNoMatch() throws Exception {
final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(getClass().getResourceAsStream("/keystore.jks"), passphrase);
final String token = buildEcToken(ks.getKey("trellis-ec", passphrase), "foo");
final Authenticator authenticator = new FederatedJwtAuthenticator(ks,
singletonList("foo"));
assertThrows(SecurityException.class, () -> authenticator.authenticate(token), "Unexpected keystore entry!");
}
@Test
void testAuthenticationTokenWebidBadKey() {
final String key = "2YuUlb+t36yVzrTkYLl8xBlBJSC41CE7uNF3somMDxdYDfcACv9JYIU54z17s4Ah313uKu/4Ll+vDNKpxx6v4Q==";
final String token = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ3ZWJpZCI6Imh0dHBzOi8vcGVvcGxlLmFwYWNoZS5vcmcvfm" +
"Fjb2J1cm4vI2kiLCJzdWIiOiJhY29idXJuIiwibmFtZSI6IkFhcm9uIENvYnVybiIsImlzcyI6Imh0dHA6Ly9leGFtcGxlLm9yZy8ifQ" +
".kIHJDSzaisxfIF5fQou2e9rBInsDsl0vZ4QQ60zlZlSufm9nnmC7eL-875WPsVGzPAfptF6MrImrpFeNxdW9ZQ";
final Authenticator authenticator = new JwtAuthenticator(hmacShaKeyFor(Base64.getDecoder().decode(key)));
assertThrows(SecurityException.class, () -> authenticator.authenticate(token), "Parsed bad JWT!");
}
@Test
void testAuthenticateJwksWrongKeyid() throws Exception {
final String webid = "https://people.apache.org/~acoburn/#i";
final Key key = KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(modulus, exponent));
final String token = Jwts.builder().setHeaderParam(JwsHeader.KEY_ID, "non-existent")
.setSubject(webid).signWith(key).compact();
final Authenticator authenticator = new JwksAuthenticator(url);
assertThrows(SecurityException.class, () -> authenticator.authenticate(token), "Unexpected principal!");
}
@Test
void testAuthenticateJwksInvalidKeyLocation() throws Exception {
final String webid = "https://people.apache.org/~acoburn/#i";
final Key key = KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(modulus, exponent));
final String token = Jwts.builder().setHeaderParam(JwsHeader.KEY_ID, keyid).setSubject(webid)
.signWith(key).compact();
final Authenticator authenticator = new JwksAuthenticator("https://www.trellisldp.org/tests/non-existent");
assertThrows(SecurityException.class, () -> authenticator.authenticate(token), "Unexpected principal!");
}