Examples with JWSVerifier com.nimbusds.jose.JWSVerifier used on opensource projects

Example 6 with JWSVerifier

use of com.nimbusds.jose.JWSVerifier in project zeppelin by apache.

the class KnoxJwtRealm method validateSignature.

protected boolean validateSignature(SignedJWT jwtToken) {
    boolean valid = false;
    if (JWSObject.State.SIGNED == jwtToken.getState()) {
        if (jwtToken.getSignature() != null) {
            try {
                RSAPublicKey publicKey = parseRSAPublicKey(publicKeyPath);
                JWSVerifier verifier = new RSASSAVerifier(publicKey);
                if (jwtToken.verify(verifier)) {
                    valid = true;
                }
            } catch (Exception e) {
                LOGGER.info("Exception in validateSignature", e);
            }
        }
    }
    return valid;
}

Example 7 with JWSVerifier

use of com.nimbusds.jose.JWSVerifier in project hadoop by apache.

the class JWTRedirectAuthenticationHandler method validateSignature.

/**
   * Verify the signature of the JWT token in this method. This method depends
   * on the public key that was established during init based upon the
   * provisioned public key. Override this method in subclasses in order to
   * customize the signature verification behavior.
   *
   * @param jwtToken the token that contains the signature to be validated
   * @return valid true if signature verifies successfully; false otherwise
   */
protected boolean validateSignature(SignedJWT jwtToken) {
    boolean valid = false;
    if (JWSObject.State.SIGNED == jwtToken.getState()) {
        LOG.debug("JWT token is in a SIGNED state");
        if (jwtToken.getSignature() != null) {
            LOG.debug("JWT token signature is not null");
            try {
                JWSVerifier verifier = new RSASSAVerifier(publicKey);
                if (jwtToken.verify(verifier)) {
                    valid = true;
                    LOG.debug("JWT token has been successfully verified");
                } else {
                    LOG.warn("JWT signature verification failed.");
                }
            } catch (JOSEException je) {
                LOG.warn("Error while validating signature", je);
            }
        }
    }
    return valid;
}

Example 8 with JWSVerifier

use of com.nimbusds.jose.JWSVerifier in project carbon-apimgt by wso2.

the class JWTWithRSASignatureImpl method verifyRSASignature.

/**
 * {@inheritDoc}
 */
@Override
public boolean verifyRSASignature(String token, RSAPublicKey rsaPublicKey) throws APIManagementException {
    if (token == null) {
        throw new IllegalArgumentException("The SignedJWT must not be null");
    }
    if (rsaPublicKey == null) {
        throw new IllegalArgumentException("The public key must not be null");
    }
    boolean isSignatureVerified;
    try {
        SignedJWT signedJWT = SignedJWT.parse(token);
        JWSVerifier verifier = new RSASSAVerifier(rsaPublicKey);
        isSignatureVerified = signedJWT.verify(verifier);
    } catch (ParseException e) {
        throw new APIManagementException("Error parsing signed JWT string ", e);
    } catch (JOSEException e) {
        throw new APIManagementException("Failed to verify signature ", e);
    }
    return isSignatureVerified;
}

Example 9 with JWSVerifier

use of com.nimbusds.jose.JWSVerifier in project ORCID-Source by ORCID.

the class OpenIDConnectTest method checkJWT.

private SignedJWT checkJWT(String id) throws ParseException, JOSEException, InvalidHashException {
    SignedJWT signedJWT = SignedJWT.parse(id);
    Assert.assertEquals("https://orcid.org", signedJWT.getJWTClaimsSet().getIssuer());
    Assert.assertEquals("https://orcid.org/9999-0000-0000-0004", signedJWT.getJWTClaimsSet().getSubject());
    Assert.assertEquals("9999-0000-0000-0004", signedJWT.getJWTClaimsSet().getClaim("id_path"));
    Assert.assertEquals("APP-9999999999999901", signedJWT.getJWTClaimsSet().getAudience().get(0));
    Assert.assertEquals("yesMate", signedJWT.getJWTClaimsSet().getClaim("nonce"));
    Assert.assertEquals("User One Credit name", signedJWT.getJWTClaimsSet().getClaim("name"));
    Assert.assertEquals("One", signedJWT.getJWTClaimsSet().getClaim("family_name"));
    Assert.assertEquals("User", signedJWT.getJWTClaimsSet().getClaim("given_name"));
    // get JWKS
    Client client = Client.create();
    WebResource webResource = client.resource(baseUri + "/oauth/jwks");
    ClientResponse jwksResponse = webResource.accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);
    String jwkString = jwksResponse.getEntity(String.class);
    RSAKey jwk = (RSAKey) JWKSet.parse(jwkString).getKeyByKeyId(signedJWT.getHeader().getKeyID());
    // check sig
    JWSVerifier verifier = new RSASSAVerifier(jwk);
    Assert.assertTrue(signedJWT.verify(verifier));
    return signedJWT;
}

Example 10 with JWSVerifier

use of com.nimbusds.jose.JWSVerifier in project ORCID-Source by ORCID.

the class OpenIDConnectKeyServiceTest method testKeyGenAndSigning.

@Test
public void testKeyGenAndSigning() throws JOSEException, NoSuchAlgorithmException, IOException, ParseException, URISyntaxException {
    OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig config = new OpenIDConnectKeyServiceConfig();
    config.keyName = "IntTestKey1";
    config.jsonKey = testKey;
    OpenIDConnectKeyService service = new OpenIDConnectKeyService(config);
    HashMap<String, Object> map = new HashMap<String, Object>();
    map.put("test", "abcd1234");
    JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer("me").build();
    SignedJWT signed = service.sign(claims);
    JWSVerifier verifier = new RSASSAVerifier(((RSAKey) service.getPublicJWK().getKeyByKeyId(signed.getHeader().getKeyID())));
    Assert.assertTrue(signed.verify(verifier));
}