View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.oauth2.jwt;
35  
36  import java.security.Key;
37  
38  import fr.paris.lutece.portal.service.util.AppException;
39  import fr.paris.lutece.util.httpaccess.HttpAccess;
40  import fr.paris.lutece.util.httpaccess.HttpAccessException;
41  import io.jsonwebtoken.JwsHeader;
42  import io.jsonwebtoken.LocatorAdapter;
43  import io.jsonwebtoken.security.JwkSet;
44  import io.jsonwebtoken.security.Jwks;
45  
46  /**
47   * Key locator which fetches keys from a JWKS endpoint
48   */
49  public class KeyLocator extends LocatorAdapter<Key>
50  {
51      private final String _strJwksEndpointUri;
52      private final HttpAccess _httpAccess;
53  
54      /**
55       * Constructs a Key Locator
56       * 
57       * @param strJwksEndpointUri
58       *            the URI of the JKWS resource
59       * @param httpAccess
60       *            the httpAccess for fetching the file
61       */
62      public KeyLocator( String strJwksEndpointUri, HttpAccess httpAccess )
63      {
64          _strJwksEndpointUri = strJwksEndpointUri;
65          _httpAccess = httpAccess;
66      }
67  
68      @Override
69      protected Key locate( JwsHeader header )
70      {
71          try
72          {
73              return getKey( header.getKeyId( ) );
74          }
75          catch( HttpAccessException e )
76          {
77              throw new AppException( e.getMessage( ), e );
78          }
79      }
80  
81      private Key getKey( String keyId ) throws HttpAccessException
82      {
83          String jwks = _httpAccess.doGet( _strJwksEndpointUri );
84          JwkSet jwkSet = Jwks.setParser( ).build( ).parse( jwks );
85          return jwkSet.getKeys( ).stream( ).filter( k -> k.getId( ).equals( keyId ) ).map( k -> k.toKey( ) ).findFirst( ).orElse( null );
86      }
87  
88  }