public JsonWebTokenVerificationBuilder withVerificationKey(JsonKey key) { if (key instanceof JsonKeyPair) { builder.setVerificationKey(((JsonKeyPair) key).getPrivateKey()); } else { builder.setVerificationKey(key.getKey()); } return this; }
builder.setVerificationKey(authContextInfo.getSignerKey()); } else if (authContextInfo.isFollowMpJwt11Rules()) { builder.setVerificationKeyResolver(new KeyLocationResolver(authContextInfo.getJwksUri()));
/** * The jwtConsumer class which will be used to verify and parse the JWT token from ping federate. * * @param jwtPublicKey The public key used to verify the signature on the JWT token. * @param pingFederateValidator The validator to add to the validation chain specifically for Ping Federate * @return The consumer to use */ @Bean public JwtConsumer jwtConsumer( @Qualifier("jwtPublicKey") final PublicKey jwtPublicKey, final PingFederateValidator pingFederateValidator ) { return new JwtConsumerBuilder() .setVerificationKey(jwtPublicKey) .setRequireExpirationTime() .registerValidator(pingFederateValidator) .build(); }
public JWTVerifier(final String secret, final String issuer, final String audience) { final JwtConsumerBuilder builder = new JwtConsumerBuilder(); if (StringUtils.isNotBlank(audience)) builder.setExpectedAudience(audience); if (StringUtils.isNotBlank(issuer)) builder.setExpectedIssuer(issuer); builder.setVerificationKey(new HmacKey(secret.getBytes(StandardCharsets.UTF_8))); builder.setAllowedClockSkewInSeconds(60); builder.setRelaxVerificationKeyValidation(); // Allow HMAC keys < 256 bits consumer = builder.build(); }
.setRequireSubject() .setExpectedIssuer(oidcConfig.getIssuer()) .setVerificationKey(((RsaJsonWebKey)oidcConfig.getSigningKey()).getKey()) .setExpectedAudience(System.getenv("OIDC_AUDIENCE") != null ? System.getenv("OIDC_AUDIENCE") : System.getProperty("OIDC_AUDIENCE", "hobson-webconsole")) .build();
.setExpectedAudience(audience != null ? audience : config.getAudience()) .setEvaluationTime(org.jose4j.jwt.NumericDate.now()) .setVerificationKey(publicKey) .build(); JwtClaims jwtClaims = jwtConsumer.processToClaims(token.getKey());
.setExpectedAudience(audience != null ? audience : config.getAudience()) .setEvaluationTime(org.jose4j.jwt.NumericDate.now()) .setVerificationKey(publicKey) .build(); JwtClaims jwtClaims = jwtConsumer.processToClaims(token.getKey());
.setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key
public static boolean validateToken(String token) { JwtConsumer jwtConsumer = new JwtConsumerBuilder() .setRequireExpirationTime() // the JWT must have an expiration time .setAllowedClockSkewInSeconds(30) // allow some leeway in validating time based claims to account for clock skew .setRequireSubject() // the JWT must have a subject claim .setExpectedIssuer(ISSUER) // whom the JWT needs to have been issued by .setExpectedAudience(AUDIENCE) // to whom the JWT is intended for .setVerificationKey(rsaJsonWebKey.getKey()) // verify the signature with the public key .build(); // create the JwtConsumer instance try { // Validate the JWT and process it to the Claims JwtClaims jwtClaims = jwtConsumer.processToClaims(token); //过期时间 //用户名和ID return true; } catch (InvalidJwtException e) { // InvalidJwtException will be thrown, if the JWT failed processing or validation in anyway. // Hopefully with meaningful explanations(s) about what went wrong. System.out.println("Invalid JWT! " + e); return false; } catch (Exception ex) { ex.printStackTrace(); return false; } }
.setVerificationKey(CertificateUtils.stringToCertificate(certificate.getCertificate()).getPublicKey()) // Set public key
.setVerificationKey(CertificateUtils.stringToCertificate(certificate.getCertificate()).getPublicKey()) // Set public key
.setSkipDefaultAudienceValidation() .setExpectedIssuer(authContextInfo.getIssuedBy()) .setVerificationKey(authContextInfo.getSignerKey()) .setJwsAlgorithmConstraints( new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST,
.setRequireExpirationTime() .setRequireSubject() .setVerificationKey(new HmacKey(VERIFICATION_KEY)) .setRelaxVerificationKeyValidation() .build();