@Override public JWTClaimsSet process(SignedJWT signedJWT, SecurityContext context) throws BadJOSEException, JOSEException { try { return signedJWT.getJWTClaimsSet(); } catch (ParseException e) { // Payload not a JSON object throw new BadJWTException(e.getMessage(), e); } } }
@Override public void verify(JWTClaimsSet claimsSet, SecurityContext ctx) throws BadJWTException { super.verify(claimsSet, ctx); final String issuer = claimsSet.getIssuer(); if (issuer == null || !issuer.contains("https://sts.windows.net/") && !issuer.contains("https://sts.chinacloudapi.cn/")) { throw new BadJWTException("Invalid token issuer"); } } });
@Override public void verify(JWTClaimsSet claimsSet, SecurityContext ctx) throws BadJWTException { super.verify(claimsSet, ctx); final String issuer = claimsSet.getIssuer(); if (issuer == null || !issuer.contains("https://sts.windows.net/") && !issuer.contains("https://sts.chinacloudapi.cn/")) { throw new BadJWTException("Invalid token issuer"); } } });
@Override public void verify(JWTClaimsSet claimsSet, SecurityContext context) throws BadJWTException { super.verify(claimsSet, context); String audience = claimsSet.getAudience().get(0); if (!requiredAudience.equals(audience)) { String message = String.format("Expected audience \"%s\" to be \"%s\".", audience, requiredAudience); throw new BadJWTException(message); } String issuer = claimsSet.getIssuer(); if (!requiredIssuer.equals(issuer)) { String message = String.format("Expected issuer \"%s\" to be \"%s\".", issuer, requiredIssuer); throw new BadJWTException(message); } } });
@Override public IDTokenClaimsSet validate(final JWT idToken, final Nonce expectedNonce) throws BadJOSEException, JOSEException { try { if (originalIssuer.contains("%7Btenantid%7D")) { Object tid = idToken.getJWTClaimsSet().getClaim("tid"); if (tid == null) { throw new BadJWTException("ID token does not contain the 'tid' claim"); } base = new IDTokenValidator(new Issuer(originalIssuer.replace("%7Btenantid%7D", tid.toString())), base.getClientID(), base.getJWSKeySelector(), base.getJWEKeySelector()); base.setMaxClockSkew(getMaxClockSkew()); } } catch (ParseException e) { throw new BadJWTException(e.getMessage(), e); } return base.validate(idToken, expectedNonce); } }
/** * Verifies the claims of the specified JWT. * * @param jwt The JWT. Must be in a state which allows the claims * to be extracted. * @param context Optional context, {@code null} if not required. * * @return The JWT claims set. * * @throws BadJWTException If the JWT claims are invalid or rejected. */ private JWTClaimsSet verifyAndReturnClaims(final JWT jwt, final C context) throws BadJWTException { JWTClaimsSet claimsSet; try { claimsSet = jwt.getJWTClaimsSet(); } catch (ParseException e) { // Payload not a JSON object throw new BadJWTException(e.getMessage(), e); } if (getJWTClaimsSetVerifier() != null) { getJWTClaimsSetVerifier().verify(claimsSet, context); } else if (getJWTClaimsVerifier() != null) { // Fall back to deprecated claims verifier getJWTClaimsVerifier().verify(claimsSet); } return claimsSet; }
if (issuer == null || ! issuer.equals(TCKConstants.TEST_ISSUER)) { System.err.printf("issuer(%s) != %s\n", issuer, TCKConstants.TEST_ISSUER); throw new BadJWTException("Invalid token issuer"); System.err.printf("Failed to get exp claim\n"); e.printStackTrace(); throw new BadJWTException("Failed to get exp claim", e); throw new BadJWTException("Token is expired");