From 4324d7b03e4ae3082cca33ea3cf4ea83567bda61 Mon Sep 17 00:00:00 2001
From: Sonia Zaldana <szaldana@redhat.com>
Date: Thu, 25 Feb 2021 10:05:06 -0500
Subject: [PATCH] Issue#427 DefaultJWTTokenParser#parseClaims Exception
 Handling

---
 .../jwt/auth/principal/DefaultJWTTokenParser.java        | 9 +++++++--
 .../jwt/auth/principal/DefaultJWTParserTest.java         | 6 +++---
 .../jwt/auth/principal/KeyLocationResolverTest.java      | 8 ++++----
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/DefaultJWTTokenParser.java b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/DefaultJWTTokenParser.java
index f2bcab9b..6ddbcf4c 100644
--- a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/DefaultJWTTokenParser.java
+++ b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/DefaultJWTTokenParser.java
@@ -152,8 +152,13 @@ private JwtContext parseClaims(String token, JWTAuthContextInfo authContextInfo,
 
             return jwtContext;
         } catch (InvalidJwtException e) {
-            PrincipalLogging.log.tokenInvalid();
-            throw PrincipalMessages.msg.failedToVerifyToken(e);
+            if (e.getCause() instanceof UnresolvableKeyException) {
+                PrincipalLogging.log.verificationKeyUnresolvable();
+                throw PrincipalMessages.msg.failedToVerifyToken(e.getCause());
+            } else {
+                PrincipalLogging.log.tokenInvalid();
+                throw PrincipalMessages.msg.failedToVerifyToken(e);
+            }
         } catch (UnresolvableKeyException e) {
             PrincipalLogging.log.verificationKeyUnresolvable();
             throw PrincipalMessages.msg.failedToVerifyToken(e);
diff --git a/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/DefaultJWTParserTest.java b/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/DefaultJWTParserTest.java
index ea9c935a..1c4b88de 100644
--- a/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/DefaultJWTParserTest.java
+++ b/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/DefaultJWTParserTest.java
@@ -11,7 +11,7 @@
 import org.eclipse.microprofile.jwt.JsonWebToken;
 import org.jose4j.jwk.JsonWebKey;
 import org.jose4j.jwk.PublicJsonWebKey;
-import org.jose4j.jwt.consumer.InvalidJwtException;
+import org.jose4j.lang.UnresolvableKeyException;
 import org.junit.Test;
 
 import io.smallrye.jwt.algorithm.KeyEncryptionAlgorithm;
@@ -75,9 +75,9 @@ public void testParseWithConfiguredCertAndThumbprintMissing() throws Exception {
         JWTAuthContextInfo config = new JWTAuthContextInfo("/certificate.pem", "https://server.example.com");
         config.setVerifyCertificateThumbprint(true);
         JWTParser parser = new DefaultJWTParser(config);
-        ParseException thrown = assertThrows("InvalidJwtException is expected",
+        ParseException thrown = assertThrows("UnresolvableKeyException is expected",
                 ParseException.class, () -> parser.parse(jwtString));
-        assertTrue(thrown.getCause() instanceof InvalidJwtException);
+        assertTrue(thrown.getCause() instanceof UnresolvableKeyException);
     }
 
     @Test
diff --git a/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/KeyLocationResolverTest.java b/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/KeyLocationResolverTest.java
index f0823dd9..6b0c03b2 100644
--- a/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/KeyLocationResolverTest.java
+++ b/testsuite/basic/src/test/java/io/smallrye/jwt/auth/principal/KeyLocationResolverTest.java
@@ -46,7 +46,7 @@ public void testVerifyWithJwkKeyWithNonMatchingKid() throws Exception {
             verifyToken("key2", null, "publicKey.jwk");
             Assert.fail("ParseException is expected");
         } catch (ParseException ex) {
-            Assert.assertTrue(ex.getCause().getCause() instanceof UnresolvableKeyException);
+            Assert.assertTrue(ex.getCause() instanceof UnresolvableKeyException);
         }
     }
 
@@ -71,7 +71,7 @@ public void testVerifyWithJwkFromSetWithWrongKidAndRequiredKid() throws Exceptio
             verifyToken("key2", "key1", "publicKeySet.jwk");
             Assert.fail("ParseException is expected");
         } catch (ParseException ex) {
-            Assert.assertTrue(ex.getCause().getCause() instanceof UnresolvableKeyException);
+            Assert.assertTrue(ex.getCause() instanceof UnresolvableKeyException);
         }
     }
 
@@ -81,7 +81,7 @@ public void testVerifyWithJwkKeyWithNonMatchingKidFromSet() throws Exception {
             verifyToken("key3", null, "publicKeySet.jwk");
             Assert.fail("ParseException is expected");
         } catch (ParseException ex) {
-            Assert.assertTrue(ex.getCause().getCause() instanceof UnresolvableKeyException);
+            Assert.assertTrue(ex.getCause() instanceof UnresolvableKeyException);
         }
     }
 
@@ -156,7 +156,7 @@ public void testVerifyEcSignedTokenWithWrongKey() throws Exception {
             new DefaultJWTTokenParser().parse(jwt, contextInfo);
             Assert.fail("ParseException is expected due to the wrong key type");
         } catch (ParseException ex) {
-            Assert.assertTrue(ex.getCause().getCause() instanceof UnresolvableKeyException);
+            Assert.assertTrue(ex.getCause() instanceof UnresolvableKeyException);
         }
     }