From 83c1126935baaee5bab82c63a56b81f3d8bc289c Mon Sep 17 00:00:00 2001 From: DenBond7 Date: Tue, 25 Aug 2020 13:39:51 +0300 Subject: [PATCH] Improved JWT validation.| #716 --- .../viewmodel/OAuth2AuthCredentialsViewModel.kt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/FlowCrypt/src/main/java/com/flowcrypt/email/jetpack/viewmodel/OAuth2AuthCredentialsViewModel.kt b/FlowCrypt/src/main/java/com/flowcrypt/email/jetpack/viewmodel/OAuth2AuthCredentialsViewModel.kt index 9c4a7ecc20..2ab1aeb028 100644 --- a/FlowCrypt/src/main/java/com/flowcrypt/email/jetpack/viewmodel/OAuth2AuthCredentialsViewModel.kt +++ b/FlowCrypt/src/main/java/com/flowcrypt/email/jetpack/viewmodel/OAuth2AuthCredentialsViewModel.kt @@ -26,6 +26,7 @@ import net.openid.appauth.AuthorizationServiceConfiguration import net.openid.appauth.AuthorizationServiceDiscovery import org.jose4j.jwk.HttpsJwks import org.jose4j.jwt.JwtClaims +import org.jose4j.jwt.consumer.InvalidJwtException import org.jose4j.jwt.consumer.JwtConsumerBuilder import org.jose4j.keys.resolvers.HttpsJwksVerificationKeyResolver import org.json.JSONException @@ -131,7 +132,11 @@ class OAuth2AuthCredentialsViewModel(application: Application) : BaseAndroidView microsoftOAuth2TokenLiveData.postValue(Result.success(recommendAuthCredentials)) } catch (e: Exception) { - microsoftOAuth2TokenLiveData.postValue(Result.exception(e)) + if (e is InvalidJwtException) { + microsoftOAuth2TokenLiveData.postValue(Result.exception(InvalidJwtException("JWT validation was failed!\n\n", e.errorDetails, e.jwtContext))) + } else { + microsoftOAuth2TokenLiveData.postValue(Result.exception(e)) + } } } } @@ -144,6 +149,9 @@ class OAuth2AuthCredentialsViewModel(application: Application) : BaseAndroidView val jwtConsumer = JwtConsumerBuilder() .setVerificationKeyResolver(verificationKeyResolver) .setExpectedAudience(clientId) + .setRequireIssuedAt() + .setRequireNotBefore() + .setRequireExpirationTime() .build() return@withContext jwtConsumer.processToClaims(idToken) }