libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Improved exception handling. Don't swallow exception

Browse source
This commit is contained in:
Jeroen Rosenberg 2014-05-16 09:35:19 +02:00
parent 07a31d3f35
commit bde9944449
1 changed files with 12 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
core/src/main/java/org/keycloak/RSATokenVerifier.java
View file

@ -16,29 +16,22 @@ public class RSATokenVerifier {
return verifyToken(tokenString, realmKey, realm, true);
}
public static AccessToken verifyToken(String tokenString, PublicKey realmKey, String realm, boolean checkActive) throws VerificationException {
JWSInput input = new JWSInput(tokenString);
boolean verified = false;
try {
verified = RSAProvider.verify(input, realmKey);
} catch (Exception ignore) {
}
if (!verified) throw new VerificationException("Token signature not validated");
if (!isPublicKeyValid(input, realmKey)) throw new VerificationException("Invalid token signature.");
AccessToken token;
try {
token = input.readJsonContent(AccessToken.class);
} catch (IOException e) {
throw new VerificationException(e);
throw new VerificationException("Couldn't parse token signature", e);
}
String user = token.getSubject();
if (user == null) {
throw new VerificationException("Token user was null");
throw new VerificationException("Token user was null.");
}
if (!realm.equals(token.getAudience())) {
throw new VerificationException("Token audience doesn't match domain");
throw new VerificationException("Token audience doesn't match domain.");
}
if (checkActive && !token.isActive()) {
@ -47,4 +40,12 @@ public class RSATokenVerifier {
return token;
}
private static boolean isPublicKeyValid(JWSInput input, PublicKey realmKey) throws VerificationException {
try {
return RSAProvider.verify(input, realmKey);
} catch (Exception e) {
throw new VerificationException("Token signature not validated.", e);
}
}
}