package com.auth0.jwt;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.AlgorithmMismatchException;
import com.auth0.jwt.exceptions.InvalidClaimException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.impl.PublicClaims;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.Clock;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.Verification;
import org.apache.commons.codec.binary.Base64;
import java.nio.charset.Charset;
import java.util.*;
/**
* The JWTVerifier class holds the verify method to assert that a given Token has not only a proper JWT format, but also it's signature matches.
*/
@SuppressWarnings("WeakerAccess")
public final class JWTVerifier {
private final Algorithm algorithm;
final Map<String, Object> claims;
private final Clock clock;
JWTVerifier(Algorithm algorithm, Map<String, Object> claims, Clock clock) {
this.algorithm = algorithm;
this.claims = Collections.unmodifiableMap(claims);
this.clock = clock;
}
/**
* Initialize a JWTVerifier instance using the given Algorithm.
*
* @param algorithm the Algorithm to use on the JWT verification.
* @return a JWTVerifier.Verification instance to configure.
* @throws IllegalArgumentException if the provided algorithm is null.
*/
static Verification init(Algorithm algorithm) throws IllegalArgumentException {
return new BaseVerification(algorithm);
}
/**
* The Verification class holds the Claims required by a JWT to be valid.
*/
public static class BaseVerification implements Verification {
private final Algorithm algorithm;
private final Map<String, Object> claims;
private long defaultLeeway;
BaseVerification(Algorithm algorithm) throws IllegalArgumentException {
if (algorithm == null) {
throw new IllegalArgumentException("The Algorithm cannot be null.");
}
this.algorithm = algorithm;
this.claims = new HashMap();
this.defaultLeeway = 0;
}
/**
* Require a specific Issuer ("iss") claim.
*
* @param issuer the required Issuer value
* @return this same Verification instance.
*/
@Override
public Verification withIssuer(String issuer) {
requireClaim(PublicClaims.ISSUER, issuer);
return this;
}
/**
* Require a specific Subject ("sub") claim.
*
* @param subject the required Subject value
* @return this same Verification instance.
*/
@Override
public Verification withSubject(String subject) {
requireClaim(PublicClaims.SUBJECT, subject);
return this;
}
/**
* Require a specific Audience ("aud") claim.
*
* @param audience the required Audience value
* @return this same Verification instance.
*/
@Override
public Verification withAudience(String... audience) {
requireClaim(PublicClaims.AUDIENCE, Arrays.asList(audience));
return this;
}
/**
* Define the default window in milliseconds in which the Not Before, Issued At and Expires At Claims will still be valid.
* Setting a specific leeway value on a given Claim will override this value for that Claim.
*
* @param leeway the window in seconds in which the Not Before, Issued At and Expires At Claims will still be valid.
* @return this same Verification instance.
* @throws IllegalArgumentException if leeway is negative.
*/
@Override
public Verification acceptLeeway(long leeway) throws IllegalArgumentException {
assertPositive(leeway);
this.defaultLeeway = leeway;
return this;
}
/**
* Set a specific leeway window in seconds in which the Expires At ("exp") Claim will still be valid.
* Expiration Date is always verified when the value is present. This method overrides the value set with acceptLeeway
*
* @param leeway the window in seconds in which the Expires At Claim will still be valid.
* @return this same Verification instance.
* @throws IllegalArgumentException if leeway is negative.
*/
@Override
public Verification acceptExpiresAt(long leeway) throws IllegalArgumentException {
assertPositive(leeway);
requireClaim(PublicClaims.EXPIRES_AT, leeway);
return this;
}
/**
* Set a specific leeway window in seconds in which the Not Before ("nbf") Claim will still be valid.
* Not Before Date is always verified when the value is present. This method overrides the value set with acceptLeeway
*
* @param leeway the window in seconds in which the Not Before Claim will still be valid.
* @return this same Verification instance.
* @throws IllegalArgumentException if leeway is negative.
*/
@Override
public Verification acceptNotBefore(long leeway) throws IllegalArgumentException {
assertPositive(leeway);
requireClaim(PublicClaims.NOT_BEFORE, leeway);
return this;
}
/**
* Set a specific leeway window in seconds in which the Issued At ("iat") Claim will still be valid.
* Issued At Date is always verified when the value is present. This method overrides the value set with acceptLeeway
*
* @param leeway the window in seconds in which the Issued At Claim will still be valid.
* @return this same Verification instance.
* @throws IllegalArgumentException if leeway is negative.
*/
@Override
public Verification acceptIssuedAt(long leeway) throws IllegalArgumentException {
assertPositive(leeway);
requireClaim(PublicClaims.ISSUED_AT, leeway);
return this;
}
/**
* Require a specific JWT Id ("jti") claim.
*
* @param jwtId the required Id value
* @return this same Verification instance.
*/
@Override
public Verification withJWTId(String jwtId) {
requireClaim(PublicClaims.JWT_ID, jwtId);
return this;
}
/**
* Require a specific Claim value.
*
* @param name the Claim's name.
* @param value the Claim's value.
* @return this same Verification instance.
* @throws IllegalArgumentException if the name is null.
*/
@Override
public Verification withClaim(String name, Boolean value) throws IllegalArgumentException {
assertNonNull(name);
requireClaim(name, value);
return this;
}
/**
* Require a specific Claim value.
*
* @param name the Claim's name.
* @param value the Claim's value.
* @return this same Verification instance.
* @throws IllegalArgumentException if the name is null.
*/
@Override
public Verification withClaim(String name, Integer value) throws IllegalArgumentException {
assertNonNull(name);
requireClaim(name, value);
return this;
}
/**
* Require a specific Claim value.
*
* @param name the Claim's name.
* @param value the Claim's value.
* @return this same Verification instance.
* @throws IllegalArgumentException if the name is null.
*/
@Override
public Verification withClaim(String name, Double value) throws IllegalArgumentException {
java-jdk1.8兼容版源码
需积分: 0 111 浏览量
2023-09-09
21:14:21
上传
评论
收藏 29KB ZIP 举报
jwt-jdk1.8改造版.zip (39个子文件) 
jwt algorithms 
Algorithm.java 8KB CryptoHelper.java 1KB HMACAlgorithm.java 2KB NoneAlgorithm.java 634B ECDSAAlgorithm.java 5KB RSAAlgorithm.java 2KB exceptions AlgorithmMismatchException.java 198B SignatureVerificationException.java 463B JWTDecodeException.java 290B InvalidClaimException.java 189B JWTCreationException.java 202B JWTVerificationException.java 300B SignatureGenerationException.java 356B JWTCreator.java 10KB TokenUtils.java 894B interfaces Claim.java 2KB Payload.java 2KB DecodedJWT.java 350B Clock.java 301B Header.java 1KB JWTPartsParser.java 903B Signature.java 341B Verification.java 1KB com auth0 jwt ClockImpl.java 233B JWTDecoder.java 3KB test JwtToken.java 3KB com file read JwtTest.java 1KB impl NullClaim.java 1KB PublicClaims.java 412B ClaimsHolder.java 461B JWTParser.java 2KB PayloadDeserializer.java 3KB HeaderDeserializer.java 2KB PayloadSerializer.java 2KB JsonNodeClaim.java 4KB BasicHeader.java 1KB PayloadImpl.java 2KB JWTVerifier.java 17KB JWT.java 1KB资源评论
