Example 1 with RsaSigner
use of org.springframework.security.jwt.crypto.sign.RsaSigner in project spring-security-oauth by spring-projects.
the class JwtTests method rsaVerificationIsInverseOfSigning.
@Test
public void rsaVerificationIsInverseOfSigning() {
Jwt jwt = JwtHelper.encode(JOE_CLAIM_SEGMENT, new RsaSigner(N, E));
jwt.verifySignature(new RsaVerifier(N, D));
}
Also used :
RsaVerifier(org.springframework.security.jwt.crypto.sign.RsaVerifier)
RsaSigner(org.springframework.security.jwt.crypto.sign.RsaSigner)
Test(org.junit.Test)
Example 2 with RsaSigner
use of org.springframework.security.jwt.crypto.sign.RsaSigner in project spring-security-oauth by spring-projects.
the class JwtAccessTokenConverter method setSigningKey.
/**
* Sets the JWT signing key. It can be either a simple MAC key or an RSA key. RSA keys
* should be in OpenSSH format, as produced by <tt>ssh-keygen</tt>.
*
* @param key the key to be used for signing JWTs.
*/
public void setSigningKey(String key) {
Assert.hasText(key);
key = key.trim();
this.signingKey = key;
if (isPublic(key)) {
signer = new RsaSigner(key);
logger.info("Configured with RSA signing key");
} else {
// Assume it's a MAC key
this.verifierKey = key;
signer = new MacSigner(key);
}
}Example 3 with RsaSigner
use of org.springframework.security.jwt.crypto.sign.RsaSigner in project spring-security-oauth by spring-projects.
the class JwtAccessTokenConverter method afterPropertiesSet.
public void afterPropertiesSet() throws Exception {
if (verifier != null) {
// Assume signer also set independently if needed
return;
}
SignatureVerifier verifier = new MacSigner(verifierKey);
try {
verifier = new RsaVerifier(verifierKey);
} catch (Exception e) {
logger.warn("Unable to create an RSA verifier from verifierKey (ignoreable if using MAC)");
}
// Check the signing and verification keys match
if (signer instanceof RsaSigner) {
byte[] test = "test".getBytes();
try {
verifier.verify(test, signer.sign(test));
logger.info("Signing and verification RSA keys match");
} catch (InvalidSignatureException e) {
logger.error("Signing and verification RSA keys do not match");
}
} else if (verifier instanceof MacSigner) {
// Avoid a race condition where setters are called in the wrong order. Use of
// == is intentional.
Assert.state(this.signingKey == this.verifierKey, "For MAC signing you do not need to specify the verifier key separately, and if you do it must match the signing key");
}
this.verifier = verifier;
}
Also used :
RsaVerifier(org.springframework.security.jwt.crypto.sign.RsaVerifier)
InvalidSignatureException(org.springframework.security.jwt.crypto.sign.InvalidSignatureException)
MacSigner(org.springframework.security.jwt.crypto.sign.MacSigner)
RsaSigner(org.springframework.security.jwt.crypto.sign.RsaSigner)
SignatureVerifier(org.springframework.security.jwt.crypto.sign.SignatureVerifier)
InvalidSignatureException(org.springframework.security.jwt.crypto.sign.InvalidSignatureException)
InvalidTokenException(org.springframework.security.oauth2.common.exceptions.InvalidTokenException)
Aggregations
RsaSigner (org.springframework.security.jwt.crypto.sign.RsaSigner)3
MacSigner (org.springframework.security.jwt.crypto.sign.MacSigner)2
RsaVerifier (org.springframework.security.jwt.crypto.sign.RsaVerifier)2
Test (org.junit.Test)1
InvalidSignatureException (org.springframework.security.jwt.crypto.sign.InvalidSignatureException)1
SignatureVerifier (org.springframework.security.jwt.crypto.sign.SignatureVerifier)1
InvalidTokenException (org.springframework.security.oauth2.common.exceptions.InvalidTokenException)1
