You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2022/09/15 10:20:56 UTC
[james-project] branch master updated: [REFACTORING] Cleanup OidcJwtTokenVerifier (#1186)
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new 75bd56c246 [REFACTORING] Cleanup OidcJwtTokenVerifier (#1186)
75bd56c246 is described below
commit 75bd56c2466835e997b68cadf09c08febd7dd0b3
Author: Benoit TELLIER <bt...@linagora.com>
AuthorDate: Thu Sep 15 12:20:50 2022 +0200
[REFACTORING] Cleanup OidcJwtTokenVerifier (#1186)
- Avoid deprecated methods
- Remove needless method parameter, type inference is enough
---
.../src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java b/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java
index 5c153b4d25..ca247ac684 100644
--- a/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java
+++ b/server/protocols/jwt/src/main/java/org/apache/james/jwt/OidcJwtTokenVerifier.java
@@ -40,20 +40,21 @@ public class OidcJwtTokenVerifier {
public static final IntrospectionClient INTROSPECTION_CLIENT = new DefaultIntrospectionClient();
public static Optional<String> verifySignatureAndExtractClaim(String jwtToken, URL jwksURL, String claimName) {
- PublicKeyProvider jwksPublicKeyProvider = getClaimWithoutSignatureVerification(jwtToken, "kid", String.class)
+ Optional<String> unverifiedClaim = getClaimWithoutSignatureVerification(jwtToken, "kid");
+ PublicKeyProvider jwksPublicKeyProvider = unverifiedClaim
.map(kidValue -> JwksPublicKeyProvider.of(jwksURL, kidValue))
.orElse(JwksPublicKeyProvider.of(jwksURL));
return new JwtTokenVerifier(jwksPublicKeyProvider).verifyAndExtractClaim(jwtToken, claimName, String.class);
}
- public static <T> Optional<T> getClaimWithoutSignatureVerification(String token, String claimName, Class<T> returnType) {
+ public static <T> Optional<T> getClaimWithoutSignatureVerification(String token, String claimName) {
int signatureIndex = token.lastIndexOf('.');
if (signatureIndex <= 0) {
return Optional.empty();
}
String nonSignedToken = token.substring(0, signatureIndex + 1);
try {
- Jwt<Header, Claims> headerClaims = Jwts.parser().parseClaimsJwt(nonSignedToken);
+ Jwt<Header, Claims> headerClaims = Jwts.parserBuilder().build().parseClaimsJwt(nonSignedToken);
T claim = (T) headerClaims.getHeader().get(claimName);
if (claim == null) {
throw new MalformedJwtException("'" + claimName + "' field in token is mandatory");
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org