The JWTVerifier class holds the verify method to assert that a given Token has not only a proper JWT format, but also its signature matches. This class is thread-safe. @see com.auth0.jwt.interfaces.JWTVerifier
| 24 | * @see com.auth0.jwt.interfaces.JWTVerifier |
| 25 | */ |
| 26 | public final class JWTVerifier implements com.auth0.jwt.interfaces.JWTVerifier { |
| 27 | private final Algorithm algorithm; |
| 28 | final List<ExpectedCheckHolder> expectedChecks; |
| 29 | private final JWTParser parser; |
| 30 | |
| 31 | JWTVerifier(Algorithm algorithm, List<ExpectedCheckHolder> expectedChecks) { |
| 32 | this.algorithm = algorithm; |
| 33 | this.expectedChecks = Collections.unmodifiableList(expectedChecks); |
| 34 | this.parser = new JWTParser(); |
| 35 | } |
| 36 | |
| 37 | /** |
| 38 | * Initialize a {@link Verification} instance using the given Algorithm. |
| 39 | * |
| 40 | * @param algorithm the Algorithm to use on the JWT verification. |
| 41 | * @return a {@link Verification} instance to configure. |
| 42 | * @throws IllegalArgumentException if the provided algorithm is null. |
| 43 | */ |
| 44 | static Verification init(Algorithm algorithm) throws IllegalArgumentException { |
| 45 | return new BaseVerification(algorithm); |
| 46 | } |
| 47 | |
| 48 | /** |
| 49 | * {@link Verification} implementation that accepts all the expected Claim values for verification, and |
| 50 | * builds a {@link com.auth0.jwt.interfaces.JWTVerifier} used to verify a JWT's signature and expected claims. |
| 51 | * |
| 52 | * Note that this class is <strong>not</strong> thread-safe. Calling {@link #build()} returns an instance of |
| 53 | * {@link com.auth0.jwt.interfaces.JWTVerifier} which can be reused. |
| 54 | */ |
| 55 | public static class BaseVerification implements Verification { |
| 56 | private final Algorithm algorithm; |
| 57 | private final List<ExpectedCheckHolder> expectedChecks; |
| 58 | private long defaultLeeway; |
| 59 | private final Map<String, Long> customLeeways; |
| 60 | private boolean ignoreIssuedAt; |
| 61 | private Clock clock; |
| 62 | |
| 63 | BaseVerification(Algorithm algorithm) throws IllegalArgumentException { |
| 64 | if (algorithm == null) { |
| 65 | throw new IllegalArgumentException("The Algorithm cannot be null."); |
| 66 | } |
| 67 | |
| 68 | this.algorithm = algorithm; |
| 69 | this.expectedChecks = new ArrayList<>(); |
| 70 | this.customLeeways = new HashMap<>(); |
| 71 | this.defaultLeeway = 0; |
| 72 | } |
| 73 | |
| 74 | @Override |
| 75 | public Verification withIssuer(String... issuer) { |
| 76 | List<String> value = isNullOrEmpty(issuer) ? null : Arrays.asList(issuer); |
| 77 | addCheck(RegisteredClaims.ISSUER, ((claim, decodedJWT) -> { |
| 78 | if (verifyNull(claim, value)) { |
| 79 | return true; |
| 80 | } |
| 81 | if (value == null || !value.contains(claim.asString())) { |
| 82 | throw new IncorrectClaimException( |
| 83 | "The Claim 'iss' value doesn't match the required issuer.", RegisteredClaims.ISSUER, claim); |
nothing calls this directly
no outgoing calls
no test coverage detected
searching dependent graphs…