本文整理汇总了Java中org.jose4j.jwt.consumer.JwtConsumerBuilder.build方法的典型用法代码示例。如果您正苦于以下问题:Java JwtConsumerBuilder.build方法的具体用法?Java JwtConsumerBuilder.build怎么用?Java JwtConsumerBuilder.build使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.jose4j.jwt.consumer.JwtConsumerBuilder的用法示例。
在下文中一共展示了JwtConsumerBuilder.build方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: newJwsConsumer
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
private JwtConsumer newJwsConsumer(){
// If we don't have a JWK we can't create a consumer to verify anything.
// Why might we not have one? If the remote authentication service was down when Stroom started
// then we wouldn't. It might not be up now but we're going to try and fetch it.
if(jwk == null){
fetchNewPublicKeys();
}
final String expectedIssuer = stroomPropertyService.getPropertyOrThrow("stroom.stats.auth.expectedIssuer");
JwtConsumerBuilder builder = new JwtConsumerBuilder()
.setAllowedClockSkewInSeconds(30) // allow some leeway in validating time based claims to account for clock skew
.setRequireSubject() // the JWT must have a subject claim
.setVerificationKey(this.jwk.getPublicKey()) // verify the signature with the public key
.setRelaxVerificationKeyValidation() // relaxes key length requirement
.setJwsAlgorithmConstraints( // only allow the expected signature algorithm(s) in the given context
new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, // which is only RS256 here
AlgorithmIdentifiers.RSA_USING_SHA256))
.setExpectedIssuer(expectedIssuer);
return builder.build();
}
示例2: buildConsumer
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
public JwtConsumer buildConsumer(final HttpsJwks jwks,
final List<String> audience) {
final JwtConsumerBuilder builder = new JwtConsumerBuilder()
.setRequireJwtId();
if (jwks != null) {
builder
.setVerificationKeyResolver(new HttpsJwksVerificationKeyResolver(jwks));
} else {
builder.setSkipSignatureVerification();
}
if (audience != null) {
builder
.setExpectedAudience(audience.toArray(new String[audience.size()]));
} else {
builder.setSkipDefaultAudienceValidation();
}
return builder.build();
}
示例3: toClaimsSet
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
/**
* {@inheritDoc}
*/
@Override
public JwtClaims toClaimsSet(final String jwt,
final String audience,
final HttpsJwks httpsJwks) {
final JwtConsumerBuilder builder = new JwtConsumerBuilder()
.setVerificationKeyResolver(new HttpsJwksVerificationKeyResolver(httpsJwks));
if (audience == null) {
builder.setSkipDefaultAudienceValidation();
} else {
builder.setExpectedAudience(audience);
}
final JwtConsumer jwtConsumer = builder
.build();
try {
return jwtConsumer.processToClaims(jwt);
} catch (final InvalidJwtException e) {
throw new InternalServerErrorException(e);
}
}
示例4: validate
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
@Override
public JwtClaims validate(String signedToken) throws InvalidJwtException {
checkArgument(signedToken != null, "auth token cannot be null");
checkArgument(!signedToken.isEmpty(), "auth token cannot be empty");
JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder()
// verify the signature with the public key
.setVerificationKey(this.publicKeySupplier.get());
jwtConsumerBuilder.setExpectedIssuer(ElastisysClaims.ISSUER);
// set time of token expiry evaluation to now
jwtConsumerBuilder.setRequireExpirationTime();
NumericDate now = NumericDate.fromMilliseconds(UtcTime.now().getMillis());
jwtConsumerBuilder.setEvaluationTime(now);
JwtConsumer jwtConsumer = jwtConsumerBuilder.build();
// Deserialize and validate the JWT and process it to the Claims
return jwtConsumer.processToClaims(signedToken);
}
示例5: validate
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
@Override
public JwtClaims validate(String signedToken) throws InvalidJwtException {
JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder()
// verify the signature with the public key
.setVerificationKey(this.signatureKeyPair.getKey());
if (this.expectedIssuer != null) {
jwtConsumerBuilder.setExpectedIssuer(this.expectedIssuer);
}
jwtConsumerBuilder.setRequireExpirationTime();
// set evaluation time to present time
NumericDate now = NumericDate.fromMilliseconds(UtcTime.now().getMillis());
jwtConsumerBuilder.setEvaluationTime(now);
JwtConsumer jwtConsumer = jwtConsumerBuilder.build();
// Deserialize and validate the JWT and process it to the Claims
return jwtConsumer.processToClaims(signedToken);
}
示例6: validate
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
@Override
public JwtClaims validate(String signedToken) throws InvalidJwtException {
JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder()
// verify the signature with the public key
.setVerificationKey(this.signatureKeyPair.getKey());
if (this.expectedIssuer != null) {
jwtConsumerBuilder.setExpectedIssuer(this.expectedIssuer);
}
jwtConsumerBuilder.setRequireExpirationTime();
// evaluate expiration time against current time
NumericDate now = NumericDate.fromMilliseconds(UtcTime.now().getMillis());
jwtConsumerBuilder.setEvaluationTime(now);
JwtConsumer jwtConsumer = jwtConsumerBuilder.build();
// Deserialize and validate the JWT and process it to the Claims
return jwtConsumer.processToClaims(signedToken);
}
示例7: JWTVerifier
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
public JWTVerifier(final String secret, final String issuer, final String audience)
{
final JwtConsumerBuilder builder = new JwtConsumerBuilder();
if (StringUtils.isNotBlank(audience))
builder.setExpectedAudience(audience);
if (StringUtils.isNotBlank(issuer))
builder.setExpectedIssuer(issuer);
builder.setVerificationKey(new HmacKey(secret.getBytes(StandardCharsets.UTF_8)));
builder.setAllowedClockSkewInSeconds(60);
builder.setRelaxVerificationKeyValidation(); // Allow HMAC keys < 256 bits
consumer = builder.build();
}
示例8: init
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
private void init() {
final Response response = httpClient
.target(this.tokenConfig.getPublicKeyUrl())
.request()
.header("accept", MediaType.APPLICATION_JSON)
.header("Content-Type", MediaType.APPLICATION_JSON)
.get();
final String pkJson = response.readEntity(String.class);
PublicJsonWebKey jwk;
try {
jwk = RsaJsonWebKey.Factory.newPublicJwk(pkJson);
} catch (JoseException e) {
throw new RuntimeException("Could not decode public key: " + e.getLocalizedMessage());
}
final JwtConsumerBuilder builder = new JwtConsumerBuilder()
.setAllowedClockSkewInSeconds(30) // allow some leeway in validating time based claims to account for clock skew
.setRequireSubject() // the JWT must have a subject claim
.setVerificationKey(jwk.getPublicKey()) // verify the signature with the public key
.setJwsAlgorithmConstraints( // only allow the expected signature algorithm(s) in the given context
new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, // which is only RS256 here
tokenConfig.getAlgorithm()))
.setRelaxVerificationKeyValidation() // relaxes key length requirement
.setExpectedIssuer(this.tokenConfig.getJwsIssuer());
final JwtConsumer jwtConsumer = builder.build();
this.jwtAuthFilter = new JwtAuthFilter.Builder<ServiceUser>()
.setJwtConsumer(jwtConsumer)
.setRealm("realm")
.setPrefix("Bearer")
.setAuthenticator(new UserAuthenticator())
.buildAuthFilter();
}
示例9: verifyJWT
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
private String verifyJWT() throws Exception {
JwtConsumerBuilder builder = new JwtConsumerBuilder();
// Basics
builder.setRequireExpirationTime();
builder.setRequireSubject();
if (!isEmpty(this.issuer)) {
builder.setExpectedIssuer(this.issuer);
}
if (!isEmpty(this.audience)) {
builder.setExpectedAudience(this.audience);
}
if (this.jws) {
AlgorithmConstraints jwsAlgConstraints =
new AlgorithmConstraints(ConstraintType.WHITELIST,ALGORITHMS.get(jwsAlgo));
builder.setJwsAlgorithmConstraints(jwsAlgConstraints);
builder.setVerificationKey(getJWSKey(this.jwsKey, this.jwsAlgo));
}
if (this.jwe) {
if (!this.jws) {
builder.setDisableRequireSignature();
}
AlgorithmConstraints jweAlgConstraints =
new AlgorithmConstraints(ConstraintType.WHITELIST, ALGORITHMS.get(jweKeyAlgo));
builder.setJweAlgorithmConstraints(jweAlgConstraints);
AlgorithmConstraints jweEncConstraints =
new AlgorithmConstraints(ConstraintType.WHITELIST, ALGORITHMS.get(jweAlgo));
builder.setJweContentEncryptionAlgorithmConstraints(jweEncConstraints);
builder.setDecryptionKey(getJWEKey(this.jweKey, this.jweKeyAlgo, this.jweKeyPassword));
}
JwtConsumer jwtConsumer = builder.build();
JwtClaims claims = jwtConsumer.processToClaims(jwt);
return claims.toJson();
}
示例10: setRequirements
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
@Override
public void setRequirements(TokenRequirements requirements)
throws JoseException {
if (requirements == null) {
requirements = TokenRequirementsBuilder.createDefault();
}
this.requirements = requirements;
JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder();
if (requirements.validateSignature()) {
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(
requirements.getVerificationKeys());
VerificationKeyResolver jwksResolver = new JwksVerificationKeyResolver(
jsonWebKeySet.getJsonWebKeys());
jwtConsumerBuilder.setVerificationKeyResolver(jwksResolver);
}
if (requirements.validateExpiration()) {
jwtConsumerBuilder.setRequireExpirationTime()
.setAllowedClockSkewInSeconds(
(int) requirements.getAllowedClockDriftSecs())
.setRequireIssuedAt();
}
if (requirements.checkAudience()) {
jwtConsumerBuilder.setExpectedAudience(requirements.getAudience());
}
if (requirements.checkIssuer()) {
jwtConsumerBuilder.setExpectedIssuer(requirements.getIssuer());
}
if (requirements.checkSubject()) {
jwtConsumerBuilder.setExpectedSubject(requirements.getClientId());
}
this.jwtConsumer = jwtConsumerBuilder.build();
}
示例11: handleJwtAssertionGrant
import org.jose4j.jwt.consumer.JwtConsumerBuilder; //导入方法依赖的package包/类
/**
* Takes an assertion and converts it using an {@link InternalClaimsBuilder} to
* a JWT used internally
*
* @param assertion
* an external JWT assertion
* @param clientId
* client ID
* @return OAuth response
*/
private OAuthTokenResponse handleJwtAssertionGrant(final String assertion,
final String clientId,
final String audience) {
if (assertion == null) {
throw ErrorResponses.badRequest(ErrorCodes.INVALID_REQUEST, "Missing assertion");
}
if (clientId == null) {
throw ErrorResponses.badRequest(ErrorCodes.INVALID_REQUEST, "Missing client_id");
}
try {
final URI jwksUri = clientValidator.getJwksUri(clientId);
LOG.debug("jwksUri={}", jwksUri);
HttpsJwks httpsJwks = null;
if (jwksUri != null) {
httpsJwks = jwksMap.computeIfAbsent(jwksUri, uri -> new HttpsJwks(uri.toASCIIString()));
}
final JwtConsumerBuilder builder = new JwtConsumerBuilder();
if (httpsJwks == null) {
builder.setDisableRequireSignature()
.setSkipSignatureVerification();
} else {
builder.setVerificationKeyResolver(new HttpsJwksVerificationKeyResolver(httpsJwks));
}
if (audience == null) {
builder.setExpectedAudience(clientId);
} else {
builder.setExpectedAudience(clientId, audience);
}
final JwtConsumer jwtConsumer = builder
.build();
final JwtClaims internalClaims = internalClaimsBuilder.buildInternalJWTClaimsSet(jwtConsumer.processToClaims(assertion));
if (internalClaims.getSubject() == null) {
LOG.error("Subject is missing from {}", internalClaims);
throw ErrorResponses.internalServerError("Subject is missing from the resulting claims set.");
}
internalClaims.setGeneratedJwtId();
internalClaims.setIssuer(issuer.toASCIIString());
if (audience == null) {
internalClaims.setAudience(clientId);
} else {
internalClaims.setAudience(clientId, audience);
}
internalClaims.setIssuedAtToNow();
final Instant expirationTime = Instant.now().plus(jwtMaximumLifetimeInSeconds, ChronoUnit.SECONDS);
internalClaims.setExpirationTime(NumericDate.fromMilliseconds(expirationTime.toEpochMilli()));
return tokenCache.store(cryptoOps.sign(internalClaims), internalClaims.getAudience(), expirationTime);
} catch (final MalformedClaimException
| InvalidJwtException e) {
LOG.error("Unable to parse assertion", e);
throw ErrorResponses.badRequest(ErrorCodes.INVALID_REQUEST, "Unable to parse assertion");
}
}