replaced auth0-java-jwt with jjwt

uio-bmi · Nov 13, 2023 · 5645581 · 5645581
1 parent a776bf1
commit 5645581
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 11 deletions.
diff --git a/pom.xml b/pom.xml
@@ -75,9 +75,24 @@
             <version>1.2.1</version>
         </dependency>
         <dependency>
-            <groupId>com.auth0</groupId>
-            <artifactId>java-jwt</artifactId>
-            <version>4.2.1</version>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.12.3</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.12.3</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.12.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15to18</artifactId>
+            <version>1.73</version>
         </dependency>
         <dependency>
             <groupId>no.uio.ifi</groupId>

diff --git a/src/main/java/no/uio/ifi/ltp/aspects/AAIAspect.java b/src/main/java/no/uio/ifi/ltp/aspects/AAIAspect.java
@@ -1,7 +1,7 @@
 package no.uio.ifi.ltp.aspects;
 
-import com.auth0.jwt.JWT;
-import com.auth0.jwt.interfaces.DecodedJWT;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
 import lombok.extern.slf4j.Slf4j;
 import no.uio.ifi.clearinghouse.Clearinghouse;
 import no.uio.ifi.clearinghouse.model.Visa;
@@ -15,6 +15,10 @@
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.reflect.MethodSignature;
+import org.bouncycastle.asn1.pkcs.RSAPublicKey;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.annotation.Order;
@@ -26,11 +30,15 @@
 import org.springframework.util.ObjectUtils;
 
 import jakarta.servlet.http.HttpServletRequest;
+
+import java.io.File;
+import java.io.FileReader;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.security.PublicKey;
 import java.util.*;
 import java.util.stream.Collectors;
 
@@ -77,17 +85,28 @@ public Object authenticateElixirAAI(ProceedingJoinPoint joinPoint) throws Throwa
         }
         String jwtToken = optionalBearerAuth.get().replace("Bearer ", "");
         try {
-            DecodedJWT decodedJWT = JWT.decode(jwtToken);
-            List<Visa> controlledAccessGrantsVisas = getVisas(jwtToken, decodedJWT);
-            log.info("Elixir user {} authenticated and provided following valid GA4GH Visas: {}", decodedJWT.getSubject(), controlledAccessGrantsVisas);
-            request.setAttribute(ELIXIR_ID, decodedJWT.getSubject());
+            //DecodedJWT decodedJWT = JWT.decode(jwtToken);
+            var key = readX509PublicKey(new File(visaPublicKeyPath));
+            Claims claims = (Claims) Jwts.parser().verifyWith((PublicKey) key).build().parseSignedClaims(jwtToken);
+            List<Visa> controlledAccessGrantsVisas = getVisas(jwtToken, claims);
+            log.info("Elixir user {} authenticated and provided following valid GA4GH Visas: {}", claims.getSubject(), controlledAccessGrantsVisas);
+            request.setAttribute(ELIXIR_ID, claims.getSubject());
             return joinPoint.proceed();
         } catch (Exception e) {
             log.info(e.getMessage(), e);
             return ResponseEntity.status(HttpStatus.FORBIDDEN).body(e.getMessage());
         }
     }
 
+    private RSAPublicKey readX509PublicKey(File file) throws IOException {
+        try (FileReader keyReader = new FileReader(file)) {
+            PEMParser pemParser = new PEMParser(keyReader);
+            JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
+            SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(pemParser.readObject());
+            return (RSAPublicKey) converter.getPublicKey(publicKeyInfo);
+        }
+    }
+
     /**
      * Checks CEGA credentials. Decides on whether to allow the request or not.
      *
@@ -130,8 +149,8 @@ protected boolean cegaAuth(String username, String password) throws MalformedURL
                 : ObjectUtils.nullSafeEquals(hash, Crypt.crypt(password, hash));
     }
 
-    protected List<Visa> getVisas(String jwtToken, DecodedJWT decodedJWT) {
-        boolean isVisa = decodedJWT.getClaims().containsKey("ga4gh_visa_v1");
+    protected List<Visa> getVisas(String jwtToken,  Claims claims) {
+        boolean isVisa = claims.containsKey("ga4gh_visa_v1");
         Collection<Visa> visas = new ArrayList<>();
         if (isVisa) {
             getVisa(jwtToken).ifPresent(visas::add);