Example 1 with JWSVerifier
use of com.nimbusds.jose.JWSVerifier in project ratauth by alfa-laboratory.
the class HS256TokenProcessor method extractInfo.
@Override
@SneakyThrows
public Map<String, Object> extractInfo(String jwt, String secret) {
SignedJWT signedJWT = SignedJWT.parse(jwt);
final JWSVerifier verifier = new MACVerifier(Base64.getDecoder().decode(secret));
if (!signedJWT.verify(verifier))
throw new JWTVerificationException("User info extraction error");
return signedJWT.getJWTClaimsSet().getClaims();
}
Also used :
MACVerifier(com.nimbusds.jose.crypto.MACVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
SignedJWT(com.nimbusds.jwt.SignedJWT)
SneakyThrows(lombok.SneakyThrows)
Example 2 with JWSVerifier
use of com.nimbusds.jose.JWSVerifier in project knox by apache.
the class JWTTokenTest method testTokenSignatureRS512.
@Test
public void testTokenSignatureRS512() throws Exception {
String[] claims = new String[4];
claims[0] = "KNOXSSO";
claims[1] = "john.doe@example.com";
claims[2] = "https://login.example.com";
claims[3] = Long.toString((System.currentTimeMillis() / 1000) + 300);
JWT token = new JWTToken(JWSAlgorithm.RS512.getName(), claims);
assertEquals("KNOXSSO", token.getIssuer());
assertEquals("john.doe@example.com", token.getSubject());
assertEquals("https://login.example.com", token.getAudience());
assertTrue(token.getHeader().contains(JWSAlgorithm.RS512.getName()));
// Sign the token
JWSSigner signer = new RSASSASigner(privateKey);
token.sign(signer);
assertTrue(token.getSignaturePayload().length > 0);
// Verify the signature
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
assertTrue(token.verify(verifier));
}
Also used :
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
JWSSigner(com.nimbusds.jose.JWSSigner)
Test(org.junit.Test)
Example 3 with JWSVerifier
use of com.nimbusds.jose.JWSVerifier in project knox by apache.
the class DefaultTokenAuthorityService method verifyToken.
@Override
public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException {
boolean rc = false;
PublicKey key;
try {
if (publicKey == null) {
key = ks.getSigningKeystore().getCertificate(getSigningKeyAlias()).getPublicKey();
} else {
key = publicKey;
}
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) key);
// TODO: interrogate the token for issuer claim in order to determine the public key to use for verification
// consider jwk for specifying the key too
rc = token.verify(verifier);
} catch (KeyStoreException e) {
throw new TokenServiceException("Cannot verify token.", e);
} catch (KeystoreServiceException e) {
throw new TokenServiceException("Cannot verify token.", e);
}
return rc;
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
KeyStoreException(java.security.KeyStoreException)
KeystoreServiceException(org.apache.knox.gateway.services.security.KeystoreServiceException)
TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException)
Example 4 with JWSVerifier
use of com.nimbusds.jose.JWSVerifier in project fitpay-android-sdk by fitpay.
the class StringUtils method getDecryptedString.
/**
* Get decrypted string
*
* @param type key type
* @param encryptedString encrypted string
* @return decrypted string
*/
public static String getDecryptedString(@KeysManager.KeyType int type, String encryptedString) {
KeysManager keysManager = KeysManager.getInstance();
JWEObject jweObject;
try {
jweObject = JWEObject.parse(encryptedString);
JWEHeader jweHeader = jweObject.getHeader();
if (jweHeader.getKeyID() == null || jweHeader.getKeyID().equals(keysManager.getKeyId(type))) {
jweObject.decrypt(new AESDecrypter(keysManager.getSecretKey(type)));
if ("JWT".equals(jweObject.getHeader().getContentType())) {
SignedJWT signedJwt = jweObject.getPayload().toSignedJWT();
ECCKeyPair keyPair = keysManager.getPairForType(type);
ECPublicKey key = null;
if ("https://fit-pay.com".equals(signedJwt.getJWTClaimsSet().getIssuer())) {
key = (ECPublicKey) keysManager.getPublicKey("EC", Hex.hexStringToBytes(keyPair.getServerPublicKey()));
} else {
key = (ECPublicKey) keysManager.getPublicKey("EC", Hex.hexStringToBytes(keyPair.getPublicKey()));
}
JWSVerifier verifier = new ECDSAVerifier(key);
if (!signedJwt.verify(verifier)) {
throw new IllegalArgumentException("jwt did not pass signature validation");
}
return signedJwt.getJWTClaimsSet().getStringClaim("data");
} else {
return jweObject.getPayload().toString();
}
}
} catch (Exception e) {
FPLog.e(e);
}
return null;
}
Also used :
ECDSAVerifier(com.nimbusds.jose.crypto.ECDSAVerifier)
JWEHeader(com.nimbusds.jose.JWEHeader)
ECPublicKey(java.security.interfaces.ECPublicKey)
JWEObject(com.nimbusds.jose.JWEObject)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
AESDecrypter(com.nimbusds.jose.crypto.AESDecrypter)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ECCKeyPair(com.fitpay.android.api.models.security.ECCKeyPair)
JOSEException(com.nimbusds.jose.JOSEException)
Example 5 with JWSVerifier
use of com.nimbusds.jose.JWSVerifier in project registry by hortonworks.
the class JWTAuthenticationHandler method validateSignature.
/**
* Verify the signature of the JWT token in this method. This method depends
* on the public key that was established during init based upon the
* provisioned public key. Override this method in subclasses in order to
* customize the signature verification behavior.
*
* @param jwtToken the token that contains the signature to be validated
* @return valid true if signature verifies successfully; false otherwise
*/
protected boolean validateSignature(SignedJWT jwtToken) {
boolean valid = false;
if (JWSObject.State.SIGNED == jwtToken.getState()) {
LOG.debug("JWT token is in a SIGNED state");
if (jwtToken.getSignature() != null) {
LOG.debug("JWT token signature is not null");
try {
JWSVerifier verifier = new RSASSAVerifier(publicKey);
if (jwtToken.verify(verifier)) {
valid = true;
LOG.debug("JWT token has been successfully verified");
} else {
LOG.warn("JWT signature verification failed.");
}
} catch (JOSEException je) {
LOG.warn("Error while validating signature", je);
}
}
}
return valid;
}
Also used :
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
JOSEException(com.nimbusds.jose.JOSEException)
Aggregations
JWSVerifier (com.nimbusds.jose.JWSVerifier)18
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)13
SignedJWT (com.nimbusds.jwt.SignedJWT)9
JOSEException (com.nimbusds.jose.JOSEException)5
JWSObject (com.nimbusds.jose.JWSObject)3
ECDSAVerifier (com.nimbusds.jose.crypto.ECDSAVerifier)3
RSAKey (com.nimbusds.jose.jwk.RSAKey)3
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)3
ECPublicKey (java.security.interfaces.ECPublicKey)3
ParseException (java.text.ParseException)3
Test (org.junit.Test)3
JWSSigner (com.nimbusds.jose.JWSSigner)2
MACVerifier (com.nimbusds.jose.crypto.MACVerifier)2
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)2
RSAPublicKey (java.security.interfaces.RSAPublicKey)2
Date (java.util.Date)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Response (javax.ws.rs.core.Response)2
ECCKeyPair (com.fitpay.android.api.models.security.ECCKeyPair)1
JWEHeader (com.nimbusds.jose.JWEHeader)1
