Java源码示例:org.jose4j.keys.resolvers.X509VerificationKeyResolver
示例1
@Test
public void x5tStuff() throws Exception
{
String jwt = "eyJ4NXQiOiJaYjFIVDdyeUNSQUFqMndjUThoV2J6YXFYMXMiLCJhbGciOiJSUzI1NiJ9." +
"eyJpc3MiOiJtZSIsImF1ZCI6InlvdSIsImV4cCI6MTQyMDI5NjI1Nywic3ViIjoiYWJvdXQifQ." +
"RidDM9z0OJkfV2mwxABtEh2Gr_BCFbTuetOTV_dmnFofarBK7VDPPdsdAhtIs3u7WQq9guoo6H3AUGfj4mTFKX3axi2TsaYRKM9wSoRjx" +
"FO7ednGcRGx8bnSerqqrbBuM9ZUUt93sIXuneJHYRKlh0Tt9mCXISv1H4OMEueXOJhck-JPgLPfLDqIPa8t93SULKTQtLvs8KEby2uJOL" +
"8vIy-a-lFp9irCWwTnd0QRidpuLAPLr428LPNPycEVqD2TpY7y_xaQJh49oqoq_AmQCmIn3CpZLDLqD1wpEPxLQyd1vbvgQ583y2XJ95_" +
"QufjbRd2Oshv3Z3JxpIm9Yie6yQ";
JwtConsumer firstPassConsumer = new JwtConsumerBuilder()
.setSkipAllValidators()
.setDisableRequireSignature()
.setSkipSignatureVerification()
.build();
JwtContext jwtContext = firstPassConsumer.process(jwt);
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setVerificationKeyResolver(new X509VerificationKeyResolver(CERT_LIST))
.setEvaluationTime(NumericDate.fromSeconds(1420296253))
.setExpectedAudience("you")
.build();
JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);
Assert.assertThat("about", CoreMatchers.equalTo(jwtClaims.getSubject()));
jwtConsumer.processContext(jwtContext);
Assert.assertThat("about", CoreMatchers.equalTo(jwtContext.getJwtClaims().getSubject()));
jwtConsumer = new JwtConsumerBuilder()
.setVerificationKeyResolver(new X509VerificationKeyResolver(CERT_LIST.get(0), CERT_LIST.get(2), CERT_LIST.get(3), CERT_LIST.get(4)))
.setEvaluationTime(NumericDate.fromSeconds(1420296253))
.setExpectedAudience("you")
.build();
SimpleJwtConsumerTestHelp.expectProcessingFailure(jwt, jwtContext, jwtConsumer);
}
示例2
@Test
public void x5tS256Stuff() throws Exception
{
String jwt = "eyJ4NXQjUzI1NiI6IkZTcU90QjV2UHFaNGtqWXAwOUZqQnBrbVhIMFZxRURtLXdFY1Rjb3g2RUUiLCJhbGciOiJFUzI1NiJ9." +
"eyJpc3MiOiJtZSIsImF1ZCI6InlvdSIsImV4cCI6MTQyMDI5OTUzOSwic3ViIjoiYWJvdXQifQ." +
"9Nj3UG8N9u7Eyu0wupR-eVS4Mf0ItwwHBZzwLcY2KUCJeWoPRPT7zC4MqMbHfLj6PzFi09iC3q3PniSJwmWJTA";
JwtConsumer firstPassConsumer = new JwtConsumerBuilder()
.setSkipAllValidators()
.setDisableRequireSignature()
.setSkipSignatureVerification()
.build();
JwtContext jwtContext = firstPassConsumer.process(jwt);
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setVerificationKeyResolver(new X509VerificationKeyResolver(CERT_LIST))
.setEvaluationTime(NumericDate.fromSeconds(1420299538))
.setExpectedAudience("you")
.build();
JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);
Assert.assertThat("about", CoreMatchers.equalTo(jwtClaims.getSubject()));
jwtConsumer.processContext(jwtContext);
Assert.assertThat("about", CoreMatchers.equalTo(jwtContext.getJwtClaims().getSubject()));
jwtConsumer = new JwtConsumerBuilder()
.setVerificationKeyResolver(new X509VerificationKeyResolver(CERT_LIST.get(0),CERT_LIST.get(1), CERT_LIST.get(2), CERT_LIST.get(3)))
.setEvaluationTime(NumericDate.fromSeconds(1420299538))
.setExpectedAudience("you")
.build();
SimpleJwtConsumerTestHelp.expectProcessingFailure(jwt, jwtContext, jwtConsumer);
}
示例3
@Test
public void bothX5headersStuff() throws Exception
{
String jwt = "eyJ4NXQjUzI1NiI6InFTX2JYTlNfSklYQ3JuUmdha2I2b3RFS3Utd0xlb3R6N0tBWjN4UVVPcUUiLCJ4NXQiOiJpSFFLdVNHZVdVR1laQ2c0X1JHSlNJQzBORFEiLCJhbGciOiJFUzI1NiJ9." +
"eyJpc3MiOiJtZSIsImF1ZCI6InlvdSIsImV4cCI6MTQyMDI5OTc2MSwic3ViIjoiYWJvdXQifQ." +
"04qPYooLJN2G0q0LYVepaydszTuhY7jKjqi5IGkNBAWZ-IBlW_pWzkurR1MkO48SbJQK2swmy7Ogfihi1ClAlA";
JwtConsumer firstPassConsumer = new JwtConsumerBuilder()
.setSkipAllValidators()
.setDisableRequireSignature()
.setSkipSignatureVerification()
.build();
JwtContext jwtContext = firstPassConsumer.process(jwt);
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setVerificationKeyResolver(new X509VerificationKeyResolver(CERT_LIST))
.setEvaluationTime(NumericDate.fromSeconds(1420299760))
.setExpectedAudience("you")
.build();
JwtClaims jwtClaims = jwtConsumer.processToClaims(jwt);
Assert.assertThat("about", CoreMatchers.equalTo(jwtClaims.getSubject()));
jwtConsumer.processContext(jwtContext);
Assert.assertThat("about", CoreMatchers.equalTo(jwtContext.getJwtClaims().getSubject()));
jwtConsumer = new JwtConsumerBuilder()
.setVerificationKeyResolver(new X509VerificationKeyResolver(CERT_LIST.get(0),CERT_LIST.get(1), CERT_LIST.get(2), CERT_LIST.get(4)))
.setEvaluationTime(NumericDate.fromSeconds(1420299760))
.setExpectedAudience("you")
.build();
SimpleJwtConsumerTestHelp.expectProcessingFailure(jwt, jwtContext, jwtConsumer);
}
示例4
public static Map<String, Object> verifyJwt(String jwt) throws InvalidJwtException, MalformedClaimException {
Map<String, Object> user = null;
X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(certificate);
x509VerificationKeyResolver.setTryAllOnNoThumbHeader(true);
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setRequireExpirationTime() // the JWT must have an expiration time
.setAllowedClockSkewInSeconds((Integer) config.get(CLOCK_SKEW_IN_MINUTE)*60) // allow some leeway in validating time based claims to account for clock skew
.setRequireSubject() // the JWT must have a subject claim
.setExpectedIssuer(issuer)
.setExpectedAudience(audience)
.setVerificationKeyResolver(x509VerificationKeyResolver) // verify the signature with the certificates
.build(); // create the JwtConsumer instance
// Validate the JWT and process it to the Claims
JwtClaims claims = jwtConsumer.processToClaims(jwt);
if(claims != null) {
user = new HashMap<String, Object>();
user.put("userId", claims.getClaimValue("userId"));
user.put("clientId", claims.getClaimValue("clientId"));
List roles = claims.getStringListClaimValue("roles");
user.put("roles", roles);
Object host = claims.getClaimValue("host");
if(host != null) user.put("host", host);
}
return user;
}
