in kerby-provider/token-provider/src/main/java/org/apache/kerby/kerberos/provider/token/JwtTokenDecoder.java [74:139]
public AuthToken decodeFromString(String content) throws IOException {
JWT jwt = null;
try {
jwt = JWTParser.parse(content);
} catch (ParseException e) {
// Invalid JWT encoding
throw new IOException("Failed to parse JWT token string", e);
}
// Check the JWT type
if (jwt instanceof PlainJWT) {
PlainJWT plainObject = (PlainJWT) jwt;
try {
if (verifyToken(jwt)) {
return new JwtAuthToken(plainObject.getJWTClaimsSet());
} else {
return null;
}
} catch (ParseException e) {
throw new IOException("Failed to get JWT claims set", e);
}
} else if (jwt instanceof EncryptedJWT) {
EncryptedJWT encryptedJWT = (EncryptedJWT) jwt;
decryptEncryptedJWT(encryptedJWT);
SignedJWT signedJWT = encryptedJWT.getPayload().toSignedJWT();
if (signedJWT != null) {
boolean success = verifySignedJWT(signedJWT) && verifyToken(signedJWT);
if (success) {
try {
signed = true;
return new JwtAuthToken(signedJWT.getJWTClaimsSet());
} catch (ParseException e) {
throw new IOException("Failed to get JWT claims set", e);
}
} else {
return null;
}
} else {
try {
if (verifyToken(encryptedJWT)) {
return new JwtAuthToken(encryptedJWT.getJWTClaimsSet());
} else {
return null;
}
} catch (ParseException e) {
throw new IOException("Failed to get JWT claims set", e);
}
}
} else if (jwt instanceof SignedJWT) {
SignedJWT signedJWT = (SignedJWT) jwt;
boolean success = verifySignedJWT(signedJWT) && verifyToken(signedJWT);
if (success) {
try {
signed = true;
return new JwtAuthToken(signedJWT.getJWTClaimsSet());
} catch (ParseException e) {
throw new IOException("Failed to get JWT claims set", e);
}
} else {
return null;
}
} else {
throw new IOException("Unexpected JWT type: " + jwt);
}
}