diff --git a/docs-web-common/pom.xml b/docs-web-common/pom.xml index 7eb37698..2de08cee 100644 --- a/docs-web-common/pom.xml +++ b/docs-web-common/pom.xml @@ -69,11 +69,6 @@ jul-to-slf4j - - com.google.code.gson - gson - 2.10.1 - com.auth0 java-jwt diff --git a/docs-web-common/src/main/java/com/sismics/model/KeycloakCertKey.java b/docs-web-common/src/main/java/com/sismics/model/KeycloakCertKey.java deleted file mode 100644 index 0e6fed49..00000000 --- a/docs-web-common/src/main/java/com/sismics/model/KeycloakCertKey.java +++ /dev/null @@ -1,27 +0,0 @@ -package com.sismics.model; - -import java.util.List; - -public class KeycloakCertKey { - public String kid; - public List x5c; - - public KeycloakCertKey() { - } - - public List getX5c() { - return x5c; - } - - public void setX5c(List x5c) { - this.x5c = x5c; - } - - public String getKid() { - return kid; - } - - public void setKid(String kid) { - this.kid = kid; - } -} diff --git a/docs-web-common/src/main/java/com/sismics/model/KeycloakCertKeys.java b/docs-web-common/src/main/java/com/sismics/model/KeycloakCertKeys.java deleted file mode 100644 index f582cc4d..00000000 --- a/docs-web-common/src/main/java/com/sismics/model/KeycloakCertKeys.java +++ /dev/null @@ -1,18 +0,0 @@ -package com.sismics.model; - -import java.util.List; - -public class KeycloakCertKeys { - public List keys; - - public KeycloakCertKeys() { - } - - public List getKeys() { - return keys; - } - - public void setKeys(List keys) { - this.keys = keys; - } -} diff --git a/docs-web-common/src/main/java/com/sismics/util/filter/JwtBasedSecurityFilter.java b/docs-web-common/src/main/java/com/sismics/util/filter/JwtBasedSecurityFilter.java index 5e996d32..78f13eb1 100644 --- a/docs-web-common/src/main/java/com/sismics/util/filter/JwtBasedSecurityFilter.java +++ b/docs-web-common/src/main/java/com/sismics/util/filter/JwtBasedSecurityFilter.java @@ -10,11 +10,13 @@ import java.io.IOException; import java.io.Reader; import java.util.Base64; -import com.google.gson.Gson; import com.sismics.docs.core.constant.Constants; import com.sismics.docs.core.dao.UserDao; import com.sismics.docs.core.model.jpa.User; -import com.sismics.model.KeycloakCertKeys; +import jakarta.json.Json; +import jakarta.json.JsonArray; +import jakarta.json.JsonObject; +import jakarta.json.JsonReader; import jakarta.servlet.http.HttpServletRequest; import okhttp3.Request; import okhttp3.Response; @@ -115,17 +117,21 @@ public class JwtBasedSecurityFilter extends SecurityFilter { assert response.body() != null; if (response.isSuccessful()) { try (Reader reader = response.body().charStream()) { - Gson gson = new Gson(); - KeycloakCertKeys keys = gson.fromJson(reader, KeycloakCertKeys.class); - publicKey = keys.getKeys().stream().filter(k -> Objects.equals(k.getKid(), jwt.getKeyId())) - .findFirst() - .map(k -> k.getX5c().get(0)) - .orElse(""); - log.info("Decoded public key - " + publicKey); - var decode = Base64.getDecoder().decode(publicKey); - var certificate = CertificateFactory.getInstance("X.509") - .generateCertificate(new ByteArrayInputStream(decode)); - rsaPublicKey = (RSAPublicKey)certificate.getPublicKey(); + try (JsonReader jsonReader = Json.createReader(reader)) { + JsonObject jwks = jsonReader.readObject(); + JsonArray keys = jwks.getJsonArray("keys"); + publicKey = keys.stream().filter(key -> Objects.equals(key.asJsonObject().getString("kid"), + jwt.getKeyId())) + .findFirst() + .map(k -> k.asJsonObject().getJsonArray("x5c").getString(0)) + .orElse(""); + log.info("X5c is " + publicKey); + var decode = Base64.getDecoder().decode(publicKey); + log.info("Decoded public key - " + publicKey); + var certificate = CertificateFactory.getInstance("X.509") + .generateCertificate(new ByteArrayInputStream(decode)); + rsaPublicKey = (RSAPublicKey) certificate.getPublicKey(); + } } } } catch (IOException e) {