Refine search
private boolean verifyJwt(String jwtToken, String expectedAudience) throws Exception { SignedJWT signedJwt = SignedJWT.parse(jwtToken); JWSHeader jwsHeader = signedJwt.getHeader(); Preconditions.checkNotNull(jwsHeader.getAlgorithm()); Preconditions.checkNotNull(jwsHeader.getKeyID()); JWTClaimsSet claims = signedJwt.getJWTClaimsSet(); ECPublicKey publicKey = getKey(jwsHeader.getKeyID(), jwsHeader.getAlgorithm().getName());
/** * {@inheritDoc} */ @Override public String rsaSignAndSerialize(RSAPrivateKey rsaPrivateKey, JWTClaimsSet claimsSet) throws APIManagementException { if (rsaPrivateKey == null) { throw new IllegalArgumentException("The private key must not be null"); } if (claimsSet == null) { throw new IllegalArgumentException("The JWTClaimsSet must not be null"); } JWSSigner signer = new RSASSASigner(rsaPrivateKey); SignedJWT jwt = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet); try { jwt.sign(signer); } catch (JOSEException e) { throw new APIManagementException("Error signing JWT ", e); } return jwt.serialize(); }
@Override public SignedJWT sign(final JWTClaimsSet claims) { init(); try { final JWSSigner signer = new MACSigner(this.secret); final SignedJWT signedJWT = new SignedJWT(new JWSHeader(algorithm), claims); signedJWT.sign(signer); return signedJWT; } catch (final JOSEException e) { throw new TechnicalException(e); } }
JWSHeader header = new JWSHeader((JWSAlgorithm) signatureAlgorithm); header.setKeyID(kid); header.setX509CertThumbprint(new Base64URL(getThumbPrint(tenantDomain, tenantId))); SignedJWT signedJWT = new SignedJWT(header, jwtClaimsSet); signedJWT.sign(signer); return signedJWT.serialize(); } catch (JOSEException e) { throw new IdentityOAuth2Exception("Error occurred while signing JWT", e);
private void validateToken(String token, RSAPublicKey publicKey, int expGracePeriodSecs) throws Exception { SignedJWT signedJWT = SignedJWT.parse(token); signedJWT.verify(verifier); if(header.getAlgorithm() != JWSAlgorithm.RS256) { throw new KeySourceException("RS256 algorithm not specified"); jwtProcessor.process(signedJWT, null); JWTClaimsSet claimsSet = signedJWT.getJWTClaimsSet(); System.out.printf("Validated JWT, claimsSet: %s\n", claimsSet);
String receivedSigAlg = jwtToken.getHeader().getAlgorithm().getName(); if (JWSObject.State.SIGNED == jwtToken.getState()) { LOG.debug("SSO token is in a SIGNED state"); if (jwtToken.getSignature() != null) { LOG.debug("SSO token signature is not null"); try {
JWSHeader header = signedJWT.getHeader(); if (x509Certificate == null) { return logAndReturnFalse("Unable to locate certificate for JWT " + header.toString()); String alg = signedJWT.getHeader().getAlgorithm().getName(); if (log.isDebugEnabled()) { log.debug("Signature Algorithm found in the JWT Header: " + alg); return signedJWT.verify(verifier); } catch (JOSEException e) { return logAndReturnFalse("Unable to verify the signature of the request object: " + signedJWT.serialize());
request.setClientId(signedJwt.getJWTClaimsSet().getStringClaim(CLIENT_ID)); JWSAlgorithm alg = signedJwt.getHeader().getAlgorithm();
jwt = SignedJWT.parse(token); } catch (ParseException e) { logger.warning(Oauth2Codes.JWT_UNABLE_PARSE, String.format("Unable to parse token: %s", token)); final String cty = jwt.getHeader().getContentType(); if (cty == null || cty.trim().isEmpty()) { // old tokens for migration if (checkWrapped) { return SignedJWT.parse(jwt.getPayload().toBase64URL().decodeToString());
/** * Builds a new JWS header. * * @return The JWS header. */ public JWSHeader build() { return new JWSHeader( alg, typ, cty, crit, jku, jwk, x5u, x5t, x5t256, x5c, kid, customParams, parsedBase64URL); } }
JWSHeader header = new JWSHeader(JWSAlgorithm.RS256); header.setX509CertThumbprint(new Base64URL(getThumbPrint(tenantDomain, tenantID))); jwt = new SignedJWT(header, claimsSet); jwt = signJWT((SignedJWT)jwt, tenantDomain, tenantID); } else {
/** * Ensures the specified JWS signer supports the algorithm of this JWS * object. * * @throws JOSEException If the JWS algorithm is not supported. */ private void ensureJWSSignerSupport(final JWSSigner signer) throws JOSEException { if (! signer.supportedJWSAlgorithms().contains(getHeader().getAlgorithm())) { throw new JOSEException("The \"" + getHeader().getAlgorithm() + "\" algorithm is not allowed or supported by the JWS signer: Supported algorithms: " + signer.supportedJWSAlgorithms()); } }
JWSHeader header = signedJWT.getHeader(); X509Certificate x509Certificate = resolveSignerCertificate(header, idp); if (x509Certificate == null) { String alg = signedJWT.getHeader().getAlgorithm().getName(); if (StringUtils.isEmpty(alg)) { throw new IdentityOAuth2Exception("Algorithm must not be null."); boolean isValid = signedJWT.verify(verifier); if (log.isDebugEnabled()) { log.debug("Signature verified: " + isValid);
/** * Creates a new JWS header builder with the parameters from * the specified header. * * @param jwsHeader The JWS header to use. Must not not be * {@code null}. */ public Builder(final JWSHeader jwsHeader) { this(jwsHeader.getAlgorithm()); typ = jwsHeader.getType(); cty = jwsHeader.getContentType(); crit = jwsHeader.getCriticalParams(); jku = jwsHeader.getJWKURL(); jwk = jwsHeader.getJWK(); x5u = jwsHeader.getX509CertURL(); x5t = jwsHeader.getX509CertThumbprint(); x5t256 = jwsHeader.getX509CertSHA256Thumbprint(); x5c = jwsHeader.getX509CertChain(); kid = jwsHeader.getKeyID(); customParams = jwsHeader.getCustomParams(); }
JWSAlgorithm alg = jws.getHeader().getAlgorithm();
private void validateRequiredHeaders(JWSObject jwsObject) throws MissingRequiredHeaderException { if (jwsObject.getHeader().getAlgorithm() == null || jwsObject.getHeader().getAlgorithm() == Algorithm.NONE) { throw new MissingRequiredHeaderException(Header.ALGORITHM); } if (jwsObject.getHeader().getKeyID() == null) { throw new MissingRequiredHeaderException(Header.KEY_ID); } }
private Maybe<Client> validateSignature(JWT jwt) { try { String clientId = jwt.getJWTClaimsSet().getSubject(); SignedJWT signedJWT = (SignedJWT) jwt; return this.clientSyncService.findByClientId(clientId) .switchIfEmpty(Maybe.error(new InvalidClientException("Missing or invalid client"))) .flatMap(client -> this.getClientJwkSet(client) .switchIfEmpty(Maybe.error(new InvalidClientException("No jwk keys available on client"))) .flatMap(jwkSet -> jwkService.getKey(jwkSet,signedJWT.getHeader().getKeyID())) .switchIfEmpty(Maybe.error(new InvalidClientException("Unable to validate client, no matching key."))) .flatMap(jwk -> { if (jwsService.isValidSignature(signedJWT, jwk)) { return Maybe.just(client); } return Maybe.error(new InvalidClientException("Unable to validate client, assertion signature is not valid.")); }) ); } catch (ClassCastException | ParseException ex) { LOGGER.error(ex.getMessage(),ex); return Maybe.error(NOT_VALID); } catch (InvalidClientException ex) { return Maybe.error(ex); } }
JWSAlgorithm algorithm = jwsHeader.getAlgorithm(); if (JWSAlgorithm.Family.RSA.contains(algorithm) || JWSAlgorithm.Family.EC.contains(algorithm)) { .keyID(jwsHeader.getKeyID()) .keyUses(KeyUse.SIGNATURE, null) .algorithms(algorithm, null) .x509CertSHA256Thumbprint(jwsHeader.getX509CertSHA256Thumbprint()) .build(); } else if (JWSAlgorithm.Family.HMAC_SHA.contains(algorithm)) { .keyID(jwsHeader.getKeyID()) .privateOnly(true) .algorithms(algorithm, null)