in library/src/main/java/org/apache/fineract/cn/anubis/security/SystemAuthenticator.java [63:103]
public AnubisAuthentication authenticate(
final String user,
final String token,
final String keyTimestamp) {
if (!user.equals(ApiConstants.SYSTEM_SU))
throw AmitAuthenticationException.invalidHeader();
try {
final JwtParser jwtParser = Jwts.parser()
.setSigningKey(systemRsaKeyProvider.getPublicKey(keyTimestamp))
.requireIssuer(TokenType.SYSTEM.getIssuer())
.require(TokenConstants.JWT_SIGNATURE_TIMESTAMP_CLAIM, keyTimestamp);
TenantContextHolder.identifier().ifPresent(jwtParser::requireSubject);
//noinspection unchecked
final Jwt<Header, Claims> result = jwtParser.parse(token);
if (result.getBody() == null ||
result.getBody().getAudience() == null) {
logger.info("System token for user {}, with key timestamp {} failed to authenticate. Audience was not set.", user, keyTimestamp);
throw AmitAuthenticationException.invalidToken();
}
logger.info("System token for user {}, with key timestamp {} authenticated successfully.", user, keyTimestamp);
return new AnubisAuthentication(
TokenConstants.PREFIX + token,
user,
result.getBody().getAudience(),
TokenType.SYSTEM.getIssuer(),
permissions);
}
catch (final JwtException e) {
logger.debug("token = {}", token);
logger.info("System token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e.getMessage());
throw AmitAuthenticationException.invalidToken();
} catch (final InvalidKeyTimestampException e) {
logger.info("System token for user {}, with key timestamp {} failed to authenticate. Exception was {}", user, keyTimestamp, e.getMessage());
throw AmitAuthenticationException.invalidTokenKeyTimestamp("system", keyTimestamp);
}
}