Example 6 with RSADecrypter
use of com.nimbusds.jose.crypto.RSADecrypter in project mycore by MyCoRe-Org.
the class MCRJSONWebTokenUtil method retrievePublicKeyFromLoginToken.
/**
* retrieves the client public key from Login Token
*
* @param token - the serialized JSON Web Token from login
* @return the public key as JWK object
*/
public static JWK retrievePublicKeyFromLoginToken(String token) {
JWK result = null;
JWEObject jweObject;
try {
jweObject = JWEObject.parse(token);
// Decrypt with shared key
jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
// Extract payload
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
result = signedJWT.getHeader().getJWK();
RSAKey publicKey = RSAKey.parse(result.toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(publicKey))) {
return result;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
JWEObject(com.nimbusds.jose.JWEObject)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ParseException(java.text.ParseException)
JOSEException(com.nimbusds.jose.JOSEException)
JWK(com.nimbusds.jose.jwk.JWK)
RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)
Example 7 with RSADecrypter
use of com.nimbusds.jose.crypto.RSADecrypter in project mycore by MyCoRe-Org.
the class MCRJSONWebTokenUtil method retrieveUsernamePasswordFromLoginToken.
/**
* retrieves username and password from JSON web tocken
*
* @param token - the serialized JSON web token from login
* @return username and password (combined by ":")
*/
public static String retrieveUsernamePasswordFromLoginToken(String token) {
JWEObject jweObject;
try {
jweObject = JWEObject.parse(token);
// Decrypt with shared key
jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
// Extract payload
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
RSAKey serverPublicKey = RSAKey.parse(signedJWT.getHeader().getJWK().toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(serverPublicKey))) {
// Token is valid
String username = signedJWT.getJWTClaimsSet().getSubject();
String password = signedJWT.getJWTClaimsSet().getStringClaim("password");
return username + ":" + password;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
JWEObject(com.nimbusds.jose.JWEObject)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ParseException(java.text.ParseException)
JOSEException(com.nimbusds.jose.JOSEException)
RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)
Aggregations
RSADecrypter (com.nimbusds.jose.crypto.RSADecrypter)7
JOSEException (com.nimbusds.jose.JOSEException)4
RSAKey (com.nimbusds.jose.jwk.RSAKey)4
ParseException (java.text.ParseException)4
JWEObject (com.nimbusds.jose.JWEObject)3
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)3
JWK (com.nimbusds.jose.jwk.JWK)3
SignedJWT (com.nimbusds.jwt.SignedJWT)3
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)3
EncryptedJWT (com.nimbusds.jwt.EncryptedJWT)2
IOException (java.io.IOException)2
JWTProcessingException (fish.payara.microprofile.jwtauth.eesecurity.JWTProcessingException)1
KeyFactory (java.security.KeyFactory)1
PrivateKey (java.security.PrivateKey)1
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1
JsonString (javax.json.JsonString)1
InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)1
InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)1
JSONException (org.json.JSONException)1
