下面列出了io.jsonwebtoken.JwsHeader#getKeyId ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private Key resolveSigningKey(final JwsHeader header) {
final LineApiResponse<JWKSet> response = apiClient.getJWKSet();
if (!response.isSuccess()) {
Log.e(TAG, "failed to get LINE JSON Web Key Set [JWK] document.");
return null;
}
final JWKSet jwkSet = response.getResponseData();
final String keyId = header.getKeyId();
final JWK jwk = jwkSet.getJWK(keyId);
if (jwk == null) {
Log.e(TAG, "failed to find Key by Id: " + keyId);
return null;
}
final String algorithm = header.getAlgorithm();
final SignatureAlgorithm alg = SignatureAlgorithm.forName(algorithm);
if (alg.isEllipticCurve()) {
return generateECPublicKey(jwk);
}
throw new SecurityException("Unsupported signature algorithm '" + algorithm + '\'');
}
private static String getKeyId(JwsHeader<?> header)
{
String keyId = header.getKeyId();
if (keyId == null) {
// allow for migration from system not using kid
return DEFAULT_KEY;
}
keyId = INVALID_KID_CHARS.replaceFrom(keyId, '_');
return keyId;
}
private synchronized PublicKey getJwtPublicKey(JwsHeader<?> header) {
String kid = header.getKeyId();
if (header.getKeyId() == null) {
LOG.warn(
"'kid' is missing in the JWT token header. This is not possible to validate the token with OIDC provider keys");
throw new JwtException("'kid' is missing in the JWT token header.");
}
try {
return jwkProvider.get(kid).getPublicKey();
} catch (JwkException e) {
throw new JwtException(
"Error during the retrieval of the public key during JWT token validation", e);
}
}
@Override
@SuppressWarnings("rawtypes")
public Key resolveSigningKey(JwsHeader header, Claims claims) {
String keyId = header.getKeyId();
if (keyId == null || keyId.isEmpty()) {
if (LOG.isDebugEnabled()) {
LOG.debug("KeyStoreJwkKeyResolver:resolveSigningKey: invalid key ID " + keyId);
}
return null;
}
// 1. find in key store
String issuer = claims.getIssuer();
if (this.keyStore != null && issuer != null && !issuer.isEmpty()) {
String[] ds = AthenzUtils.splitPrincipalName(issuer);
if (ds == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("KeyStoreJwkKeyResolver:resolveSigningKey: skip using KeyStore, invalid issuer " + issuer);
}
} else {
String domain = ds[0];
String service = ds[1];
if (!SYS_AUTH_DOMAIN.equals(domain)) {
LOG.debug("KeyStoreJwkKeyResolver:resolveSigningKey: skip using KeyStore, invalid domain " + domain);
} else {
String publicKey = this.keyStore.getPublicKey(domain, service, keyId);
if (publicKey != null && !publicKey.isEmpty()) {
try {
if (LOG.isDebugEnabled()) {
LOG.debug("KeyStoreJwkKeyResolver:resolveSigningKey: will use public key from key store: ({}, {}, {})", domain, service, keyId);
}
return Crypto.loadPublicKey(publicKey);
} catch (Throwable t) {
LOG.warn("KeyStoreJwkKeyResolver:resolveSigningKey: invalid public key format", t);
}
}
}
}
}
// 2. find in JWKS
if (LOG.isDebugEnabled()) {
LOG.debug("KeyStoreJwkKeyResolver:resolveSigningKey: will use public key from JWKS: ({})", keyId);
}
return this.jwksResolver.resolveSigningKey(header, claims);
}