@Override public boolean verifyToken(JWTToken token) throws TokenServiceException { boolean rc = false; PublicKey key; try { key = ks.getKeystoreForGateway().getCertificate("gateway-identity").getPublicKey(); JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) key); // TODO: interrogate the token for issuer claim in order to determine the public key to use // for verification // consider jwk for specifying the key too rc = token.verify(verifier); } catch (KeyStoreException e) { throw new TokenServiceException("Cannot verify token.", e); } catch (KeystoreServiceException e) { throw new TokenServiceException("Cannot verify token.", e); } return rc; }