JWT Header

[SanthaNarayana]

I have JWT and i need to verify whether Header has valid Cert Chain and the public cert is registered at our end. if any issue then i need to raise exception. If everything good then only verify signature
I am using RSA, asymmetric keys

• Currently is there any way i will get my JWT header with out parsing. so i will do above check and these all satisfy then i will go for verifying signature
  or
  is there any way i can throw exception from resolveSigningKey method in SigningKeyResolver.
  I am seeing the issue added support for throwing custom exceptions in SigningKeyResolver #191. This said added support but i did not found where it is so.

Currently i am having this code to parse. in resolveSigningKey method, i am doing these checks before sending public cert . But need the better way to throw exceptions when header does not have proper cert chain.
Claims claims = Jwts.parser() .setSigningKeyResolver(signingKeyResolver) .parseClaimsJws(token) .getBody();``

Your help is appreciated.

[SanthaNarayana]

Hi All,

May i know the update? is it right way to post the message as issue... Please let us know. Thank you

[SanthaNarayana]

For the alternate approach i am getting header
int i = jws.lastIndexOf('.') String withoutSignature = jws.substring(0, i+1); Jwt<Header,Claims> untrusted = Jwts.parser().parseClaimsJwt(withoutSignature);
mentioned in #67

[lhazlewood]

@SanthaNarayana using the SigningKeyResolver is definitely the correct way to do this - you got it! :) Don't use the approach in #67 - it's not nearly as secure as using the SigningKeyResolver.

As an aside, please ask further usability questions using StackOverflow with the jjwt tag. Thanks!