From bd0291cb37468120b90bb361ef584ce2313a662c Mon Sep 17 00:00:00 2001 From: bstewartlg <114590619+bstewartlg@users.noreply.github.com> Date: Fri, 3 May 2024 11:28:29 -0400 Subject: [PATCH] Force key retrieval --- .../starter/security/IdentityMatchingAuthInterceptor.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/security/IdentityMatchingAuthInterceptor.java b/src/main/java/ca/uhn/fhir/jpa/starter/security/IdentityMatchingAuthInterceptor.java index bed3ff90..ead5a9d9 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/security/IdentityMatchingAuthInterceptor.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/security/IdentityMatchingAuthInterceptor.java @@ -170,10 +170,12 @@ private boolean validateToken(String authHeader) throws NoSuchAlgorithmException throw new JWTVerificationException("Invalid issuer: Expected \"" + issuer + "\" but received \"" + decodedJWT.getIssuer() + "\""); } + // TODO: implement caching // check if we already have the public key - if (rsaPublicKey == null) { + // if (rsaPublicKey == null) { // check if the public key was supplied in the configuration and attempt to use it + // _logger.info("!StringUtils.isEmpty(publicKey): " + !StringUtils.isEmpty(publicKey)); if (!StringUtils.isEmpty(publicKey)) { byte[] publicBytes = Base64.decodeBase64(publicKey); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicBytes); @@ -191,6 +193,7 @@ private boolean validateToken(String authHeader) throws NoSuchAlgorithmException String jwksUri = new ObjectMapper().readTree(response.body()).get("jwks_uri").asText(); JwkProvider provider = new UrlJwkProvider(new URL(jwksUri)); + // _logger.info("decodedJWT.getKeyId(): " + decodedJWT.getKeyId()); Jwk jwk = provider.get(decodedJWT.getKeyId()); rsaPublicKey = (RSAPublicKey) jwk.getPublicKey(); @@ -201,7 +204,7 @@ private boolean validateToken(String authHeader) throws NoSuchAlgorithmException throw new JWTVerificationException("Could not determine public key"); } - } + // } Algorithm algorithm = Algorithm.RSA256(rsaPublicKey, null);