GERONIMO-6697 ensure issuer validation can be optional
diff --git a/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jwt/JwtParser.java b/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jwt/JwtParser.java
index 66cd1c7..3b922df 100644
--- a/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jwt/JwtParser.java
+++ b/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jwt/JwtParser.java
@@ -21,6 +21,7 @@
import java.io.ByteArrayInputStream;
import java.net.HttpURLConnection;
import java.util.Base64;
+import java.util.Collection;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
@@ -90,7 +91,8 @@
final String alg = getAttribute(header, "alg", defaultAlg);
final String kid = getAttribute(header, "kid", defaultKid);
- if (kidMapper.loadIssuers(kid).noneMatch(it -> it.equals(payload.getString(Claims.iss.name())))) {
+ final Collection<String> issuers = kidMapper.loadIssuers(kid);
+ if (!issuers.isEmpty() && issuers.stream().noneMatch(it -> it.equals(payload.getString(Claims.iss.name())))) {
throw new JwtException("Invalid issuer", HttpURLConnection.HTTP_UNAUTHORIZED);
}
signatureValidator.verifySignature(alg, kidMapper.loadKey(kid), jwt.substring(0, secondDot), jwt.substring(secondDot + 1));
diff --git a/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jwt/KidMapper.java b/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jwt/KidMapper.java
index 9a378df..8b36265 100644
--- a/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jwt/KidMapper.java
+++ b/src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jwt/KidMapper.java
@@ -26,7 +26,6 @@
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.util.Collection;
-import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -96,8 +95,8 @@
return value;
}
- Stream<String> loadIssuers(final String property) {
- return issuerMapping.getOrDefault(property, defaultIssuers).stream();
+ Collection<String> loadIssuers(final String property) {
+ return issuerMapping.getOrDefault(property, defaultIssuers);
}
private String tryLoad(final String value) {