From bde99444498664d14c72c19db5f996fc205e6840 Mon Sep 17 00:00:00 2001
From: Jeroen Rosenberg <jeroen.rosenberg@gmail.com>
Date: Fri, 16 May 2014 09:35:19 +0200
Subject: [PATCH] Improved exception handling. Don't swallow exception

---
 .../java/org/keycloak/RSATokenVerifier.java   | 23 ++++++++++---------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/core/src/main/java/org/keycloak/RSATokenVerifier.java b/core/src/main/java/org/keycloak/RSATokenVerifier.java
index b4cb1cf390..0a55fd1137 100755
--- a/core/src/main/java/org/keycloak/RSATokenVerifier.java
+++ b/core/src/main/java/org/keycloak/RSATokenVerifier.java
@@ -16,29 +16,22 @@ public class RSATokenVerifier {
         return verifyToken(tokenString, realmKey, realm, true);
     }
 
-
     public static AccessToken verifyToken(String tokenString, PublicKey realmKey, String realm, boolean checkActive) throws VerificationException {
         JWSInput input = new JWSInput(tokenString);
-        boolean verified = false;
-        try {
-            verified = RSAProvider.verify(input, realmKey);
-        } catch (Exception ignore) {
-
-        }
-        if (!verified) throw new VerificationException("Token signature not validated");
+        if (!isPublicKeyValid(input, realmKey)) throw new VerificationException("Invalid token signature.");
 
         AccessToken token;
         try {
             token = input.readJsonContent(AccessToken.class);
         } catch (IOException e) {
-            throw new VerificationException(e);
+            throw new VerificationException("Couldn't parse token signature", e);
         }
         String user = token.getSubject();
         if (user == null) {
-            throw new VerificationException("Token user was null");
+            throw new VerificationException("Token user was null.");
         }
         if (!realm.equals(token.getAudience())) {
-            throw new VerificationException("Token audience doesn't match domain");
+            throw new VerificationException("Token audience doesn't match domain.");
 
         }
         if (checkActive && !token.isActive()) {
@@ -47,4 +40,12 @@ public class RSATokenVerifier {
 
         return token;
     }
+
+    private static boolean isPublicKeyValid(JWSInput input, PublicKey realmKey) throws VerificationException {
+        try {
+            return RSAProvider.verify(input, realmKey);
+        } catch (Exception e) {
+            throw new VerificationException("Token signature not validated.", e);
+        }
+    }
 }