in fractions/microprofile/microprofile-jwt/src/main/java/org/wildfly/swarm/microprofile/jwtauth/deployment/auth/JWTAuthMechanismFactory.java [64:141]
public AuthenticationMechanism create(String mechanismName, FormParserFactory formParserFactory, Map<String, String> properties) {
JWTAuthContextInfo contextInfo;
Optional<JWTAuthContextInfo> optContextInfo = Optional.empty();
try {
Instance<JWTAuthContextInfo> contextInfoInstance = CDI.current().select(JWTAuthContextInfo.class);
contextInfo = contextInfoInstance.get();
optContextInfo = Optional.of(contextInfo);
} catch (Exception e) {
log.debugf(e, "Unable to select JWTAuthContextInfo provider");
}
if (!optContextInfo.isPresent()) {
// Try building the JWTAuthContextInfo from the properties and/or the deployment resources
contextInfo = new JWTAuthContextInfo();
String issuedBy = getResource(properties, "issuedBy", "MP-JWT-ISSUER");
if (issuedBy != null) {
contextInfo.setIssuedBy(issuedBy);
}
String publicKeyPemEnc = getResource(properties, "signerPubKey", "MP-JWT-SIGNER");
if (publicKeyPemEnc == null) { // MP-JWT-Signer was empty, now trying for the key location.
String publicKeyLocation = getResource(properties, "signerPubKeyLocation", "MP-JWT-SIGNER-KEY-LOCATION");
if (publicKeyLocation == null) {
publicKeyLocation = getResource(properties, "jwksUri", "MP-JWT-SIGNER-KEY-LOCATION");
}
if (publicKeyLocation != null) {
contextInfo.setPublicKeyLocation(publicKeyLocation);
if (publicKeyLocation.startsWith("https:")) {
String jwksRefreshInterval = getResource(properties, "jwksRefreshInterval", "MP-JWT-JWKS-REFRESH");
if (jwksRefreshInterval != null) {
contextInfo.setJwksRefreshInterval(Integer.valueOf(jwksRefreshInterval));
}
}
} else {
log.debug("Neither a key content nor a key location was set.");
}
} else { // PEM key was provided, now parse and set it.
// Workaround the double decode issue; https://issues.jboss.org/browse/WFLY-9135
String publicKeyPem = publicKeyPemEnc.replace(' ', '+');
try {
RSAPublicKey pk = (RSAPublicKey) KeyUtils.decodePublicKey(publicKeyPem);
contextInfo.setSignerKey(pk);
} catch (Exception e) {
throw new IllegalStateException(e);
}
}
String expGracePeriod = getResource(properties, "expGracePeriod", "MP-JWT-EXP-GRACE");
if (expGracePeriod != null) {
contextInfo.setExpGracePeriodSecs(Integer.parseInt(expGracePeriod));
}
String tokenHeader = getResource(properties, "tokenHeader", "MP-JWT-TOKEN-HEADER");
if (tokenHeader != null) {
contextInfo.setTokenHeader(tokenHeader);
}
String tokenCookie = getResource(properties, "tokenCookie", "MP-JWT-TOKEN-COOKIE");
if (tokenCookie != null) {
if (!"Cookie".equals(tokenHeader)) {
log.warn("Token header is not 'Cookie', the cookie name value will be ignored");
} else {
contextInfo.setTokenCookie(tokenCookie);
}
}
String defaultGroupsClaim = getResource(properties, "defaultGroupsClaim", "MP-JWT-DEFAULT-GROUPS-CLAIM");
if (defaultGroupsClaim != null) {
contextInfo.setDefaultGroupsClaim(defaultGroupsClaim);
}
String groupsPath = getResource(properties, "groupsPath", "MP-JWT-GROUPS-PATH");
if (groupsPath != null) {
contextInfo.setGroupsPath(groupsPath);
}
} else {
contextInfo = optContextInfo.get();
}
return new JWTAuthMechanism(contextInfo);
}