/** * Build the configured {@link JWTProcessor}. *mzRC * @return the configured {@link JWTProcessor} */ public JWTProcessor<SecurityContext> build() { if (!JWSAlgorithm.Family.RSA.contains(this.jwsAlgorithm)) { throw new IllegalStateException("The provided key is of type RSA; " + "however the signature algorithm is of some other type: " + this.jwsAlgorithm + ". Please indicate one of RS256, RS384, or RS512."); } JWKSet jwkSet = new JWKSet(this.key); JWKSource<SecurityContext> jwkSource = new ImmutableJWKSet<>(jwkSet); JWSKeySelector<SecurityContext> jwsKeySelector = new JWSVerificationKeySelector<>(this.jwsAlgorithm, jwkSource); DefaultJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>(); jwtProcessor.setJWSKeySelector(jwsKeySelector); // Spring Security validates the claim set independent from Nimbus jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> { }); return jwtProcessor; } }
public NimbusReactiveJwtDecoder(RSAPublicKey publicKey) { JWSAlgorithm algorithm = JWSAlgorithm.parse(JwsAlgorithms.RS256); RSAKey rsaKey = rsaKey(publicKey); JWKSet jwkSet = new JWKSet(rsaKey); JWKSource jwkSource = new ImmutableJWKSet<>(jwkSet); JWSKeySelector<JWKContext> jwsKeySelector = new JWSVerificationKeySelector<>(algorithm, jwkSource); DefaultJWTProcessor jwtProcessor = new DefaultJWTProcessor<>(); jwtProcessor.setJWSKeySelector(jwsKeySelector); jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {}); this.jwtProcessor = jwtProcessor; this.reactiveJwkSource = new ReactiveJWKSourceAdapter(jwkSource); this.jwkSelectorFactory = new JWKSelectorFactory(algorithm); }
private JWKSource<SecurityContext> lookupJWKSource() throws IOException, ParseException { if(jwtConfiguration.getJwkResource() != null && !"".equals(jwtConfiguration.getJwkResource())) { URL resource = DefaultValidatingJWTProcessor.class.getResource(jwtConfiguration.getJwkResource()); try(InputStream stream = resource.openStream()) { String key = com.nimbusds.jose.util.IOUtils.readInputStreamToString(stream, Charset.defaultCharset()); return new ImmutableJWKSet<>(JWKSet.parse(key)); } } else if(jwtConfiguration.getJwkSourceUrl() != null && !"".equals(jwtConfiguration.getJwkSourceUrl())) { return new RemoteJWKSet<>(new URL(jwtConfiguration.getJwkSourceUrl())); } else { JWKSet jwkSet = JWKSet.load(new File(jwtConfiguration.getJwkSourceFile())); return new ImmutableJWKSet<>(jwkSet); } } }
public NimbusReactiveJwtDecoder(RSAPublicKey publicKey) { JWSAlgorithm algorithm = JWSAlgorithm.parse(JwsAlgorithms.RS256); RSAKey rsaKey = rsaKey(publicKey); JWKSet jwkSet = new JWKSet(rsaKey); JWKSource jwkSource = new ImmutableJWKSet<>(jwkSet); JWSKeySelector<JWKContext> jwsKeySelector = new JWSVerificationKeySelector<>(algorithm, jwkSource); DefaultJWTProcessor jwtProcessor = new DefaultJWTProcessor<>(); jwtProcessor.setJWSKeySelector(jwsKeySelector); jwtProcessor.setJWTClaimsSetVerifier((claims, context) -> {}); this.jwtProcessor = jwtProcessor; this.reactiveJwkSource = new ReactiveJWKSourceAdapter(jwkSource); this.jwkSelectorFactory = new JWKSelectorFactory(algorithm); }