mirror of
https://github.com/keycloak/keycloak.git
synced 2026-01-25 16:42:34 +00:00
Improved exception handling. Don't swallow exception
This commit is contained in:
@@ -16,29 +16,22 @@ public class RSATokenVerifier {
|
||||
return verifyToken(tokenString, realmKey, realm, true);
|
||||
}
|
||||
|
||||
|
||||
public static AccessToken verifyToken(String tokenString, PublicKey realmKey, String realm, boolean checkActive) throws VerificationException {
|
||||
JWSInput input = new JWSInput(tokenString);
|
||||
boolean verified = false;
|
||||
try {
|
||||
verified = RSAProvider.verify(input, realmKey);
|
||||
} catch (Exception ignore) {
|
||||
|
||||
}
|
||||
if (!verified) throw new VerificationException("Token signature not validated");
|
||||
if (!isPublicKeyValid(input, realmKey)) throw new VerificationException("Invalid token signature.");
|
||||
|
||||
AccessToken token;
|
||||
try {
|
||||
token = input.readJsonContent(AccessToken.class);
|
||||
} catch (IOException e) {
|
||||
throw new VerificationException(e);
|
||||
throw new VerificationException("Couldn't parse token signature", e);
|
||||
}
|
||||
String user = token.getSubject();
|
||||
if (user == null) {
|
||||
throw new VerificationException("Token user was null");
|
||||
throw new VerificationException("Token user was null.");
|
||||
}
|
||||
if (!realm.equals(token.getAudience())) {
|
||||
throw new VerificationException("Token audience doesn't match domain");
|
||||
throw new VerificationException("Token audience doesn't match domain.");
|
||||
|
||||
}
|
||||
if (checkActive && !token.isActive()) {
|
||||
@@ -47,4 +40,12 @@ public class RSATokenVerifier {
|
||||
|
||||
return token;
|
||||
}
|
||||
|
||||
private static boolean isPublicKeyValid(JWSInput input, PublicKey realmKey) throws VerificationException {
|
||||
try {
|
||||
return RSAProvider.verify(input, realmKey);
|
||||
} catch (Exception e) {
|
||||
throw new VerificationException("Token signature not validated.", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user