@Override
public boolean verifyToken(JWTToken token) throws TokenServiceException {
boolean rc = false;
PublicKey key;
try {
key = ks.getKeystoreForGateway().getCertificate("gateway-identity").getPublicKey();
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) key);
// TODO: interrogate the token for issuer claim in order to determine the public key to use
// for verification
// consider jwk for specifying the key too
rc = token.verify(verifier);
} catch (KeyStoreException e) {
throw new TokenServiceException("Cannot verify token.", e);
} catch (KeystoreServiceException e) {
throw new TokenServiceException("Cannot verify token.", e);
}
return rc;
}
