We have a requirement to validate a JSON Web token (JWT) from within the Oracle database (19c)
As I couldn't find any direct ways in PL/SQL which could do JWT validation, a Java program was created which does this job.
This Java program and referenced jar files were then successfully uploaded to the DB using the "loadjava" utility.
A PL/SQL function was then built which internally will call the Java program.
But for some reason the Java program, when invoked via the PL/SQL function returns the error "Cannot obtain jwks from url
https://dev-uk.apis.allianz/azuk/ds/uam/identity/oauthv2/v1/.well-known/jwks.json" I had the same error when the same Java program was executed from my Windows machine.
This was rectified by copying relevant certificate file to "\jre\lib\security" and then importing it using the "keytool" utility.
Questions
---------
1) Does Oracle use its own JVM or the one installed in the Database server, when a stored Java program is invoked from PL/SQL?
2) Similar to what I did in Windows, if we import the certificate to enable connection to the required URL under the "\jre\lib\security" path in the DB server, will it impact any other apps using this JVM?
3) Is there any "PL/SQL - only" ways to do JSON Token validation?
Code snippets for your reference
--------------------------------
1) Java Program
public static String isValidToken(String domain, String encryptedToken) {
DecodedJWT jwt = null;
try {
try {
jwt = JWT.decode(encryptedToken);
} catch (JWTDecodeException e) {
return e.getMessage();
}
JwkProvider provider = new UrlJwkProvider(domain);
Jwk jwk = null;
try {
jwk = provider.get(jwt.getKeyId());
} catch (JwkException e) {
return e.getMessage();
}
Algorithm algorithm = null;
try {
algorithm = Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey(), null);
} catch (IllegalArgumentException | InvalidPublicKeyException e) {
return e.getMessage();
}
algorithm.verify(jwt);
return "VALID";
} catch (Exception e) {
return e.getMessage();
}
}
2) PL/SQL Function
CREATE OR REPLACE FUNCTION is_valid_token (
domain IN VARCHAR2,
token IN VARCHAR2
) RETURN VARCHAR2 AS LANGUAGE JAVA NAME 'jwt.checks.JsonWebTokenChecks.isValidToken(java.lang.String, java.lang.String) return java.lang.String'
;
3) Calling PL/SQL function (and thereby Java function)
declare
result varchar2(2000);
url varchar2(1000):= '
https://dev-uk.apis.allianz/azuk/ds/uam/identity/oauthv2/v1'; begin
result := is_valid_token(url,'the-token-the-token');
dbms_output.put_line(result);
end;
4) Result
Cannot obtain jwks from url
https://dev-uk.apis.allianz/azuk/ds/uam/identity/oauthv2/v1/.well-known/jwks.json