-
Notifications
You must be signed in to change notification settings - Fork 215
/
DefaultJwtValidator.java
88 lines (71 loc) · 3.28 KB
/
DefaultJwtValidator.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
/*
* Copyright (c) 2019 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.gateway.service.security.authentication.jwt;
import java.text.MessageFormat;
import java.util.concurrent.CompletableFuture;
import javax.annotation.concurrent.ThreadSafe;
import org.eclipse.ditto.base.model.common.BinaryValidationResult;
import org.eclipse.ditto.gateway.api.GatewayAuthenticationFailedException;
import org.eclipse.ditto.jwt.model.JsonWebToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import io.jsonwebtoken.JwtParser;
/**
* Default implementation of {@link JwtValidator}.
*/
@ThreadSafe
public final class DefaultJwtValidator implements JwtValidator {
private static final Logger LOGGER = LoggerFactory.getLogger(DefaultJwtValidator.class);
private final PublicKeyProvider publicKeyProvider;
private DefaultJwtValidator(final PublicKeyProvider publicKeyProvider) {
this.publicKeyProvider = publicKeyProvider;
}
/**
* Creates a new {@code JwtValidator} instance.
*
* @param publicKeyProvider provider for public keys of jwt issuers.
* @return the instance.
*/
public static JwtValidator of(final PublicKeyProvider publicKeyProvider) {
return new DefaultJwtValidator(publicKeyProvider);
}
@Override
public CompletableFuture<BinaryValidationResult> validate(final JsonWebToken jsonWebToken) {
final var issuer = jsonWebToken.getIssuer();
final var keyId = jsonWebToken.getKeyId();
return publicKeyProvider.getPublicKeyWithParser(issuer, keyId)
.thenApply(publicKeyWithParserOpt -> publicKeyWithParserOpt
.map(publicKeyWithParser -> tryToValidateWithJwtParser(jsonWebToken,
publicKeyWithParser.getJwtParser()))
.orElseGet(() -> {
final var msgPattern = "Public Key of issuer <{0}> with key ID <{1}> not found!";
final var msg = MessageFormat.format(msgPattern, issuer, keyId);
final Exception exception = GatewayAuthenticationFailedException.newBuilder(msg).build();
return BinaryValidationResult.invalid(exception);
}));
}
private BinaryValidationResult tryToValidateWithJwtParser(final JsonWebToken jsonWebToken,
final JwtParser jwtParser) {
try {
return validateWithJwtParser(jsonWebToken, jwtParser);
} catch (final Exception e) {
LOGGER.info("Failed to parse/validate JWT due to <{}> with message: <{}>", e.getClass().getSimpleName(),
e.getMessage());
return BinaryValidationResult.invalid(e);
}
}
private BinaryValidationResult validateWithJwtParser(final JsonWebToken jsonWebToken, final JwtParser jwtParser) {
jwtParser.parseClaimsJws(jsonWebToken.getToken());
return BinaryValidationResult.valid();
}
}