下面列出了io.jsonwebtoken.security.SecurityException#io.jsonwebtoken.SigningKeyResolverAdapter 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
try {
return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
final String identity = claims.getSubject();
// Get the key based on the key id in the claims
final Integer keyId = claims.get(KEY_ID_CLAIM, Integer.class);
final Key key = keyService.getKey(keyId);
// Ensure we were able to find a key that was previously issued by this key service for this user
if (key == null || key.getKey() == null) {
throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
}
return key.getKey().getBytes(StandardCharsets.UTF_8);
}
}).parseClaimsJws(base64EncodedToken);
} catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException | AdministrationException e) {
// TODO: Exercise all exceptions to ensure none leak key material to logs
final String errorMessage = "Unable to validate the access token.";
throw new JwtException(errorMessage, e);
}
}
private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
try {
return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
final String identity = claims.getSubject();
// Get the key based on the key id in the claims
final String keyId = claims.get(KEY_ID_CLAIM, String.class);
final Key key = keyService.getKey(keyId);
// Ensure we were able to find a key that was previously issued by this key service for this user
if (key == null || key.getKey() == null) {
throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
}
return key.getKey().getBytes(StandardCharsets.UTF_8);
}
}).parseClaimsJws(base64EncodedToken);
} catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException e) {
// TODO: Exercise all exceptions to ensure none leak key material to logs
final String errorMessage = "Unable to validate the access token.";
throw new JwtException(errorMessage, e);
}
}
@Override
public Claims parse(final String credentials) {
// Parse the JWT claims
return Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
if (header.getKeyId() == null) {
throw new JwtException("Missing Key ID (kid) header field");
}
try {
if (keyIds.contains(header.getKeyId()) && keyStore.containsAlias(header.getKeyId())) {
return keyStore.getCertificate(header.getKeyId()).getPublicKey();
}
} catch (final KeyStoreException ex) {
throw new SecurityException("Error retrieving key from keystore", ex);
}
throw new SecurityException("Could not locate key in keystore: " + header.getKeyId());
}
}).build().parseClaimsJws(credentials).getBody();
}
@Override
public Claims parse(final String token) {
return Jwts.parserBuilder().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
final String keyid = header.getKeyId();
if (keyid == null) {
throw new JwtException("Missing Key ID (kid) header field");
}
if (keys.containsKey(keyid)) {
return keys.get(keyid);
}
throw new SecurityException("Could not locate key: " + keyid);
}
}).build().parseClaimsJws(token).getBody();
}
private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
try {
return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
final String identity = claims.getSubject();
// Get the key based on the key id in the claims
final Integer keyId = claims.get(KEY_ID_CLAIM, Integer.class);
final Key key = keyService.getKey(keyId);
// Ensure we were able to find a key that was previously issued by this key service for this user
if (key == null || key.getKey() == null) {
throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
}
return key.getKey().getBytes(StandardCharsets.UTF_8);
}
}).parseClaimsJws(base64EncodedToken);
} catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException | AdministrationException e) {
// TODO: Exercise all exceptions to ensure none leak key material to logs
final String errorMessage = "Unable to validate the access token.";
throw new JwtException(errorMessage, e);
}
}
/**
* Gets the value of the <em>exp</em> claim of a JWT.
*
* @param token The token.
* @return The expiration.
* @throws NullPointerException if the token is {@code null}.
* @throws IllegalArgumentException if the given token contains no <em>exp</em> claim.
*/
public static final Date getExpiration(final String token) {
if (token == null) {
throw new NullPointerException("token must not be null");
}
final AtomicReference<Date> result = new AtomicReference<>();
try {
Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public Key resolveSigningKey(final JwsHeader header, final Claims claims) {
final Date exp = claims.getExpiration();
if (exp != null) {
result.set(exp);
}
return DUMMY_KEY;
}
}).parse(token);
} catch (final JwtException e) {
// expected since we do not know the signing key
}
if (result.get() == null) {
throw new IllegalArgumentException("token contains no exp claim");
} else {
return result.get();
}
}