Package com.networknt.security

Class JwtHelper

  • @Deprecated
public class JwtHelper
extends Object
    Deprecated.
    JWT token helper utility that use by different framework to verify JWT tokens.
    Author:
    Steve Hu

    • Constructor Detail

      • JwtHelper

        public JwtHelper()
        Deprecated.

    • Method Detail

      • readCertificate

        public static X509Certificate readCertificate​(String filename)
                                       throws Exception
        Deprecated.
        Read certificate from a file and convert it into X509Certificate object
        Parameters:
        filename - certificate file name
        Returns:
        X509Certificate object
        Throws:
        Exception - Exception while reading certificate

      • getJwtFromAuthorization

        public static String getJwtFromAuthorization​(String authorization)
        Deprecated.
        Parse the jwt token from Authorization header.
        Parameters:
        authorization - authorization header.
        Returns:
        JWT token

      • verifyJwt

        @Deprecated
public static org.jose4j.jwt.JwtClaims verifyJwt​(String jwt,
                                                 boolean ignoreExpiry)
                                          throws org.jose4j.jwt.consumer.InvalidJwtException,
                                                 ExpiredTokenException
        Deprecated.
        Use verifyToken instead.
        Verify JWT token format and signature. If ignoreExpiry is true, skip expiry verification, otherwise verify the expiry before signature verification. In most cases, we need to verify the expiry of the jwt token. The only time we need to ignore expiry verification is in SPA middleware handlers which need to verify csrf token in jwt against the csrf token in the request header to renew the expired token.
        Parameters:
        jwt - String of Json web token
        ignoreExpiry - If true, don't verify if the token is expired.
        Returns:
        JwtClaims object
        Throws:
        org.jose4j.jwt.consumer.InvalidJwtException - InvalidJwtException
        ExpiredTokenException - ExpiredTokenException

      • verifyJwt

        public static org.jose4j.jwt.JwtClaims verifyJwt​(String jwt,
                                                 boolean ignoreExpiry,
                                                 boolean isToken)
                                          throws org.jose4j.jwt.consumer.InvalidJwtException,
                                                 ExpiredTokenException
        Deprecated.
        This method is to keep backward compatible for those call without VerificationKeyResolver.
        Parameters:
        jwt - JWT token
        ignoreExpiry - indicate if the expiry will be ignored
        isToken - indicate if the JWT is a token
        Returns:
        JwtClaims
        Throws:
        org.jose4j.jwt.consumer.InvalidJwtException - throw when the token is invalid
        ExpiredTokenException - throw when the token is expired

      • verifyJwt

        public static org.jose4j.jwt.JwtClaims verifyJwt​(String jwt,
                                                 boolean ignoreExpiry,
                                                 boolean isToken,
                                                 BiFunction<String,​Boolean,​org.jose4j.keys.resolvers.VerificationKeyResolver> getKeyResolver)
                                          throws org.jose4j.jwt.consumer.InvalidJwtException,
                                                 ExpiredTokenException
        Deprecated.
        Verify JWT token format and signature. If ignoreExpiry is true, skip expiry verification, otherwise verify the expiry before signature verification. In most cases, we need to verify the expiry of the jwt token. The only time we need to ignore expiry verification is in SPA middleware handlers which need to verify csrf token in jwt against the csrf token in the request header to renew the expired token.
        Parameters:
        jwt - String of Json web token
        ignoreExpiry - If true, don't verify if the token is expired.
        isToken - True if the jwt is an OAuth 2.0 access token
        getKeyResolver - How to get VerificationKeyResolver
        Returns:
        JwtClaims object
        Throws:
        org.jose4j.jwt.consumer.InvalidJwtException - InvalidJwtException
        ExpiredTokenException - ExpiredTokenException

      • getFingerPrints

        public static List getFingerPrints()
        Deprecated.
        Get a list of certificate fingerprints for server info endpoint so that certification process in light-portal can detect if your service still use the default public key certificates provided by the light-4j framework. The default public key certificates are for dev only and should be replaced on any other environment or set bootstrapFromKeyService: true if you are using light-oauth2 so that key can be dynamically loaded.
        Returns:
        List of certificate fingerprints