Examples with SignedJWT com.nimbusds.jwt.SignedJWT used on opensource projects

Example 76 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project fitpay-android-sdk by fitpay.

the class StringUtils method getDecryptedString.

/**
 * Get decrypted string
 *
 * @param type            key type
 * @param encryptedString encrypted string
 * @return decrypted string
 */
public static String getDecryptedString(@KeysManager.KeyType int type, String encryptedString) {
    KeysManager keysManager = KeysManager.getInstance();
    JWEObject jweObject;
    try {
        jweObject = JWEObject.parse(encryptedString);
        JWEHeader jweHeader = jweObject.getHeader();
        if (jweHeader.getKeyID() == null || jweHeader.getKeyID().equals(keysManager.getKeyId(type))) {
            jweObject.decrypt(new AESDecrypter(keysManager.getSecretKey(type)));
            if ("JWT".equals(jweObject.getHeader().getContentType())) {
                SignedJWT signedJwt = jweObject.getPayload().toSignedJWT();
                ECCKeyPair keyPair = keysManager.getPairForType(type);
                ECPublicKey key = null;
                if ("https://fit-pay.com".equals(signedJwt.getJWTClaimsSet().getIssuer())) {
                    key = (ECPublicKey) keysManager.getPublicKey("EC", Hex.hexStringToBytes(keyPair.getServerPublicKey()));
                } else {
                    key = (ECPublicKey) keysManager.getPublicKey("EC", Hex.hexStringToBytes(keyPair.getPublicKey()));
                }
                JWSVerifier verifier = new ECDSAVerifier(key);
                if (!signedJwt.verify(verifier)) {
                    throw new IllegalArgumentException("jwt did not pass signature validation");
                }
                return signedJwt.getJWTClaimsSet().getStringClaim("data");
            } else {
                return jweObject.getPayload().toString();
            }
        }
    } catch (Exception e) {
        FPLog.e(e);
    }
    return null;
}

Example 77 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method decodeWhenUsingSecertKeyWithKidThenStillUsesKey.

// gh-7056
@Test
public void decodeWhenUsingSecertKeyWithKidThenStillUsesKey() throws Exception {
    SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
    // @formatter:off
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    // @formatter:on
    SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
    // @formatter:off
    NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256).build();
    assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
// @formatter:on
}

Example 78 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method decodeWhenUsingPublicKeyWithKidThenStillUsesKey.

// gh-7049
@Test
public void decodeWhenUsingPublicKeyWithKidThenStillUsesKey() throws Exception {
    RSAPublicKey publicKey = TestKeys.DEFAULT_PUBLIC_KEY;
    RSAPrivateKey privateKey = TestKeys.DEFAULT_PRIVATE_KEY;
    // @formatter:off
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    // @formatter:on
    SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
    // @formatter:off
    NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey).signatureAlgorithm(SignatureAlgorithm.RS256).build();
    assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
// @formatter:on
}

Example 79 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.

the class NimbusJwtDecoderTests method signedJwt.

private SignedJWT signedJwt(JWSSigner signer, JWSHeader header, JWTClaimsSet claimsSet) throws Exception {
    SignedJWT signedJWT = new SignedJWT(header, claimsSet);
    signedJWT.sign(signer);
    return signedJWT;
}

Example 80 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project spring-security by spring-projects.

the class NimbusReactiveJwtDecoderTests method decodeWhenSecretKeyAndAlgorithmMismatchThenThrowsJwtException.

@Test
public void decodeWhenSecretKeyAndAlgorithmMismatchThenThrowsJwtException() throws Exception {
    SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
    MacAlgorithm macAlgorithm = MacAlgorithm.HS256;
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
    SignedJWT signedJWT = signedJwt(secretKey, macAlgorithm, claimsSet);
    // @formatter:off
    this.decoder = NimbusReactiveJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS512).build();
    assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> this.decoder.decode(signedJWT.serialize()).block());
// @formatter:on
}