• Home
• org.keycloak
• keycloak-core
• 1.0-alpha-3
• source code
• RSATokenVerifier.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.keycloak.RSATokenVerifier Maven / Gradle / Ivy

package org.keycloak;

import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.representations.AccessToken;

import java.io.IOException;
import java.security.PublicKey;

/**
 * @author Bill Burke
 * @version $Revision: 1 $
 */
public class RSATokenVerifier {
    public static AccessToken verifyToken(String tokenString, PublicKey realmKey, String realm) throws VerificationException {
        return verifyToken(tokenString, realmKey, realm, true);
    }


    public static AccessToken verifyToken(String tokenString, PublicKey realmKey, String realm, boolean checkActive) throws VerificationException {
        JWSInput input = new JWSInput(tokenString);
        boolean verified = false;
        try {
            verified = RSAProvider.verify(input, realmKey);
        } catch (Exception ignore) {

        }
        if (!verified) throw new VerificationException("Token signature not validated");

        AccessToken token = null;
        try {
            token = input.readJsonContent(AccessToken.class);
        } catch (IOException e) {
            throw new VerificationException(e);
        }
        String user = token.getSubject();
        if (user == null) {
            throw new VerificationException("Token user was null");
        }
        if (!realm.equals(token.getAudience())) {
            throw new VerificationException("Token audience doesn't match domain");

        }
        if (checkActive && !token.isActive()) {
            throw new VerificationException("Token is not active.");
        }

        return token;
    }
}