Example 1 with Ed25519Verifier
use of com.nimbusds.jose.crypto.Ed25519Verifier in project gravitee-access-management by gravitee-io.
the class JWSServiceImpl method from.
private JWSVerifier from(OKPKey okpKey) {
try {
Curve curve = Curve.parse(okpKey.getCrv());
if (curve.getStdName() == null) {
throw new IllegalArgumentException("Unknown OKP Curve: " + okpKey.getCrv());
}
OctetKeyPair jwk = new OctetKeyPair.Builder(curve, new Base64URL(okpKey.getX())).build();
return new Ed25519Verifier(jwk);
} catch (JOSEException ex) {
LOGGER.error("Unable to build Verifier from Message Authentication Code (MAC) key", ex);
throw new IllegalArgumentException("Signature is using and unknown/not managed key");
}
}
Also used :
Ed25519Verifier(com.nimbusds.jose.crypto.Ed25519Verifier)
OctetKeyPair(com.nimbusds.jose.jwk.OctetKeyPair)
Curve(com.nimbusds.jose.jwk.Curve)
JOSEException(com.nimbusds.jose.JOSEException)
Base64URL(com.nimbusds.jose.util.Base64URL)
Example 2 with Ed25519Verifier
use of com.nimbusds.jose.crypto.Ed25519Verifier in project VulnerableApp by SasanLabs.
the class JWTValidator method jwkKeyHeaderPublicKeyTrustingVulnerableValidator.
@Override
public boolean jwkKeyHeaderPublicKeyTrustingVulnerableValidator(String token) throws ServiceApplicationException {
try {
String[] jwtParts = token.split(JWTUtils.JWT_TOKEN_PERIOD_CHARACTER_REGEX, -1);
JSONObject header = new JSONObject(JWTUtils.getString(Base64.getUrlDecoder().decode(jwtParts[0].getBytes(StandardCharsets.UTF_8))));
if (header.has(JWTUtils.JWT_ALGORITHM_KEY_HEADER)) {
String alg = header.getString(JWTUtils.JWT_ALGORITHM_KEY_HEADER);
if (!alg.startsWith(JWTUtils.JWT_HMAC_ALGORITHM_IDENTIFIER)) {
JWSVerifier verifier = null;
if (header.has(JWTUtils.JSON_WEB_KEY_HEADER)) {
if (alg.startsWith(JWTUtils.JWT_RSA_ALGORITHM_IDENTIFIER) || alg.startsWith(JWTUtils.JWT_RSA_PSS_ALGORITHM_IDENTIFIER)) {
RSAKey rsaKey = RSAKey.parse(header.getJSONObject(JWTUtils.JSON_WEB_KEY_HEADER).toString());
verifier = new RSASSAVerifier(rsaKey.toRSAPublicKey());
} else if (alg.startsWith(JWTUtils.JWT_EC_ALGORITHM_IDENTIFIER)) {
ECKey ecKey = ECKey.parse(header.getJSONObject(JWTUtils.JSON_WEB_KEY_HEADER).toString());
verifier = new ECDSAVerifier(ecKey.toECPublicKey());
} else if (alg.startsWith(JWTUtils.JWT_OCTET_ALGORITHM_IDENTIFIER)) {
verifier = new Ed25519Verifier(OctetKeyPair.parse(header.getString(JWTUtils.JSON_WEB_KEY_HEADER)));
}
SignedJWT signedJWT = SignedJWT.parse(token);
return signedJWT.verify(verifier);
}
}
}
} catch (UnsupportedEncodingException | ParseException | JOSEException ex) {
throw new ServiceApplicationException("Following exception occurred: ", ex, ExceptionStatusCodeEnum.SYSTEM_ERROR);
}
return false;
}
Also used :
ServiceApplicationException(org.sasanlabs.service.exception.ServiceApplicationException)
RSAKey(com.nimbusds.jose.jwk.RSAKey)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ECKey(com.nimbusds.jose.jwk.ECKey)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ECDSAVerifier(com.nimbusds.jose.crypto.ECDSAVerifier)
Ed25519Verifier(com.nimbusds.jose.crypto.Ed25519Verifier)
JSONObject(org.json.JSONObject)
ParseException(java.text.ParseException)
JOSEException(com.nimbusds.jose.JOSEException)
Aggregations
JOSEException (com.nimbusds.jose.JOSEException)2
Ed25519Verifier (com.nimbusds.jose.crypto.Ed25519Verifier)2
JWSVerifier (com.nimbusds.jose.JWSVerifier)1
ECDSAVerifier (com.nimbusds.jose.crypto.ECDSAVerifier)1
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)1
Curve (com.nimbusds.jose.jwk.Curve)1
ECKey (com.nimbusds.jose.jwk.ECKey)1
OctetKeyPair (com.nimbusds.jose.jwk.OctetKeyPair)1
RSAKey (com.nimbusds.jose.jwk.RSAKey)1
Base64URL (com.nimbusds.jose.util.Base64URL)1
SignedJWT (com.nimbusds.jwt.SignedJWT)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
ParseException (java.text.ParseException)1
JSONObject (org.json.JSONObject)1
ServiceApplicationException (org.sasanlabs.service.exception.ServiceApplicationException)1
