Skip to content
Permalink
Browse files
GERONIMO-6697 ensure issuer validation can be optional
  • Loading branch information
rmannibucau committed Feb 20, 2019
1 parent 42de915 commit a5f0e7ff079ddd8cddf119284f745a88a48fe770
Showing 2 changed files with 5 additions and 4 deletions.
@@ -21,6 +21,7 @@
import java.io.ByteArrayInputStream;
import java.net.HttpURLConnection;
import java.util.Base64;
import java.util.Collection;

import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
@@ -90,7 +91,8 @@ public JsonWebToken parse(final String jwt) {

final String alg = getAttribute(header, "alg", defaultAlg);
final String kid = getAttribute(header, "kid", defaultKid);
if (kidMapper.loadIssuers(kid).noneMatch(it -> it.equals(payload.getString(Claims.iss.name())))) {
final Collection<String> issuers = kidMapper.loadIssuers(kid);
if (!issuers.isEmpty() && issuers.stream().noneMatch(it -> it.equals(payload.getString(Claims.iss.name())))) {
throw new JwtException("Invalid issuer", HttpURLConnection.HTTP_UNAUTHORIZED);
}
signatureValidator.verifySignature(alg, kidMapper.loadKey(kid), jwt.substring(0, secondDot), jwt.substring(secondDot + 1));
@@ -26,7 +26,6 @@
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -96,8 +95,8 @@ String loadKey(final String property) {
return value;
}

Stream<String> loadIssuers(final String property) {
return issuerMapping.getOrDefault(property, defaultIssuers).stream();
Collection<String> loadIssuers(final String property) {
return issuerMapping.getOrDefault(property, defaultIssuers);
}

private String tryLoad(final String value) {

0 comments on commit a5f0e7f

Please sign in to comment.