use of com.nimbusds.jose.crypto.Ed25519Verifier in project gravitee-access-management by gravitee-io.
the class JWSServiceImpl method from.
private JWSVerifier from(OKPKey okpKey) {
try {
Curve curve = Curve.parse(okpKey.getCrv());
if (curve.getStdName() == null) {
throw new IllegalArgumentException("Unknown OKP Curve: " + okpKey.getCrv());
}
OctetKeyPair jwk = new OctetKeyPair.Builder(curve, new Base64URL(okpKey.getX())).build();
return new Ed25519Verifier(jwk);
} catch (JOSEException ex) {
LOGGER.error("Unable to build Verifier from Message Authentication Code (MAC) key", ex);
throw new IllegalArgumentException("Signature is using and unknown/not managed key");
}
}
use of com.nimbusds.jose.crypto.Ed25519Verifier in project VulnerableApp by SasanLabs.
the class JWTValidator method jwkKeyHeaderPublicKeyTrustingVulnerableValidator.
@Override
public boolean jwkKeyHeaderPublicKeyTrustingVulnerableValidator(String token) throws ServiceApplicationException {
try {
String[] jwtParts = token.split(JWTUtils.JWT_TOKEN_PERIOD_CHARACTER_REGEX, -1);
JSONObject header = new JSONObject(JWTUtils.getString(Base64.getUrlDecoder().decode(jwtParts[0].getBytes(StandardCharsets.UTF_8))));
if (header.has(JWTUtils.JWT_ALGORITHM_KEY_HEADER)) {
String alg = header.getString(JWTUtils.JWT_ALGORITHM_KEY_HEADER);
if (!alg.startsWith(JWTUtils.JWT_HMAC_ALGORITHM_IDENTIFIER)) {
JWSVerifier verifier = null;
if (header.has(JWTUtils.JSON_WEB_KEY_HEADER)) {
if (alg.startsWith(JWTUtils.JWT_RSA_ALGORITHM_IDENTIFIER) || alg.startsWith(JWTUtils.JWT_RSA_PSS_ALGORITHM_IDENTIFIER)) {
RSAKey rsaKey = RSAKey.parse(header.getJSONObject(JWTUtils.JSON_WEB_KEY_HEADER).toString());
verifier = new RSASSAVerifier(rsaKey.toRSAPublicKey());
} else if (alg.startsWith(JWTUtils.JWT_EC_ALGORITHM_IDENTIFIER)) {
ECKey ecKey = ECKey.parse(header.getJSONObject(JWTUtils.JSON_WEB_KEY_HEADER).toString());
verifier = new ECDSAVerifier(ecKey.toECPublicKey());
} else if (alg.startsWith(JWTUtils.JWT_OCTET_ALGORITHM_IDENTIFIER)) {
verifier = new Ed25519Verifier(OctetKeyPair.parse(header.getString(JWTUtils.JSON_WEB_KEY_HEADER)));
}
SignedJWT signedJWT = SignedJWT.parse(token);
return signedJWT.verify(verifier);
}
}
}
} catch (UnsupportedEncodingException | ParseException | JOSEException ex) {
throw new ServiceApplicationException("Following exception occurred: ", ex, ExceptionStatusCodeEnum.SYSTEM_ERROR);
}
return false;
}
Aggregations