diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/jwt/JWTValidatorImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/jwt/JWTValidatorImpl.java index 818be9a0d910..ef61631d419d 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/jwt/JWTValidatorImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/jwt/JWTValidatorImpl.java @@ -167,9 +167,18 @@ protected boolean validateSignature(SignedJWT signedJWT) throws APIManagementExc } } return JWTUtil.verifyTokenSignature(signedJWT, certificateAlias); - } catch (ParseException | JOSEException | IOException e) { - log.error("Error while parsing JWT", e); + } catch (ParseException e) { + log.error("Error while parsing JWKS information", e); throw new APIManagementException("Error while parsing JWT", e); + } catch (JOSEException e) { + log.error("Error while verifying token signature", e); + throw new APIManagementException("Error while parsing JWT", e); + } catch (IOException e) { + log.error("Error while connecting to JWKS endpoint", e); + throw new APIManagementException("Error while parsing JWT", e); + } catch (APIManagementException e) { + log.error("Error while retrieving JWKS information", e); + throw new APIManagementException(e.getMessage(), e); } } @@ -220,11 +229,15 @@ private void createJWTValidationInfoFromJWT(JWTValidationInfo jwtValidationInfo, jwtValidationInfo.setJti(jwtClaimsSet.getJWTID()); } - private JWKSet retrieveJWKSet() throws IOException, ParseException { + private JWKSet retrieveJWKSet() throws IOException, ParseException, APIManagementException { String jwksInfo = JWTUtil .retrieveJWKSConfiguration(tokenIssuer.getJwksConfigurationDTO().getUrl()); - jwkSet = JWKSet.parse(jwksInfo); + if (jwksInfo != null) { + jwkSet = JWKSet.parse(jwksInfo); + } else { + throw new APIManagementException("Invalid JWKS endpoint."); + } return jwkSet; } }