/** * Creates a new KnoxService. * * @param configuration knox configuration */ public KnoxService(final KnoxConfiguration configuration) { this.configuration = configuration; // if knox sso support is enabled, validate the configuration if (configuration.isKnoxEnabled()) { // ensure the url is provided knoxUrl = configuration.getKnoxUrl(); if (StringUtils.isBlank(knoxUrl)) { throw new RuntimeException("Knox URL is required when Apache Knox SSO support is enabled."); } // ensure the cookie name is set if (StringUtils.isBlank(configuration.getKnoxCookieName())) { throw new RuntimeException("Knox Cookie Name is required when Apache Knox SSO support is enabled."); } // create the verifier verifier = new RSASSAVerifier(configuration.getKnoxPublicKey()); // get the audience audiences = configuration.getAudiences(); } }
@Override public boolean verify(final JWSHeader header, final byte[] signedContent, final Base64URL signature) throws JOSEException { if (! critPolicy.headerPasses(header)) { return false; } final Signature verifier = RSASSA.getSignerAndVerifier(header.getAlgorithm(), getJCAContext().getProvider()); try { verifier.initVerify(publicKey); } catch (InvalidKeyException e) { throw new JOSEException("Invalid public RSA key: " + e.getMessage(), e); } try { verifier.update(signedContent); return verifier.verify(signature.decode()); } catch (SignatureException e) { return false; } } }
RSASSAVerifier verifier = new RSASSAVerifier((RSAKey) jwk); verifiers.put(id, verifier);
LOG.debug("SSO token signature is not null"); try { JWSVerifier verifier = new RSASSAVerifier(SecurityUtils.parseRSAPublicKey(getKnoxKey())); if (jwtToken.verify(verifier)) { LOG.debug("SSO token has been successfully verified");
public NimbusRsJwtReader(String issuer, RSAPublicKey publicKey, Clock clock) { super(issuer, new RSASSAVerifier(publicKey), clock); } }
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
boolean verifiedSignature = false; try { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey); verifiedSignature = signedJWT.verify(verifier); } catch (JOSEException e) { System.err.println("Couldn't verify signature: " + e.getMessage()); }
public static boolean isSignatureValid(String token) { // Parse the JWS and verify its RSA signature SignedJWT signedJWT; try { signedJWT = SignedJWT.parse(token); JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey); return signedJWT.verify(verifier); } catch (ParseException | JOSEException e) { return false; } }
/** verify an id_token was signed by us * * @param signed * @return */ public boolean verify(SignedJWT signed) { try { JWSVerifier verifier = new RSASSAVerifier(publicJWK); return signed.verify(verifier); } catch (JOSEException e) { throw new RuntimeException(e); } }
private JWSVerifier from(RSAKey rsaKey) { try { byte[] modulus = Base64.getUrlDecoder().decode(rsaKey.getN()); byte[] exponent = Base64.getUrlDecoder().decode(rsaKey.getE()); RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(1,modulus), new BigInteger(1,exponent)); KeyFactory factory = KeyFactory.getInstance("RSA"); return new RSASSAVerifier((RSAPublicKey) factory.generatePublic(spec)); } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) { LOGGER.error(ex.getMessage(),ex); throw new InvalidClientException("Assertion is using and unknown/not managed key"); } }
private JWSVerifier from(RSAKey rsaKey) { try { byte[] modulus = Base64.getUrlDecoder().decode(rsaKey.getN()); byte[] exponent = Base64.getUrlDecoder().decode(rsaKey.getE()); RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(1,modulus), new BigInteger(1,exponent)); KeyFactory factory = KeyFactory.getInstance("RSA"); return new RSASSAVerifier((RSAPublicKey) factory.generatePublic(spec)); } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) { LOGGER.error(ex.getMessage(),ex); throw new InvalidClientException("Assertion is using and unknown/not managed key"); } }
/** * Verify the signature of the JWT token in this method. This method depends * on the public key that was established during init based upon the * provisioned public key. Override this method in subclasses in order to * customize the signature verification behavior. * * @param jwtToken the token that contains the signature to be validated * @return valid true if signature verifies successfully; false otherwise */ protected boolean validateSignature(SignedJWT jwtToken) { boolean valid = false; if (JWSObject.State.SIGNED == jwtToken.getState()) { LOG.debug("JWT token is in a SIGNED state"); if (jwtToken.getSignature() != null) { LOG.debug("JWT token signature is not null"); try { JWSVerifier verifier = new RSASSAVerifier(publicKey); if (jwtToken.verify(verifier)) { valid = true; LOG.debug("JWT token has been successfully verified"); } else { LOG.warn("JWT signature verification failed."); } } catch (JOSEException je) { LOG.warn("Error while validating signature", je); } } } return valid; }
/** * Verify the signature of the JWT token in this method. This method depends * on the public key that was established during init based upon the * provisioned public key. Override this method in subclasses in order to * customize the signature verification behavior. * * @param jwtToken the token that contains the signature to be validated * @return valid true if signature verifies successfully; false otherwise */ protected boolean validateSignature(SignedJWT jwtToken) { boolean valid = false; if (JWSObject.State.SIGNED == jwtToken.getState()) { LOG.debug("JWT token is in a SIGNED state"); if (jwtToken.getSignature() != null) { LOG.debug("JWT token signature is not null"); try { JWSVerifier verifier = new RSASSAVerifier(publicKey); if (jwtToken.verify(verifier)) { valid = true; LOG.debug("JWT token has been successfully verified"); } else { LOG.warn("JWT signature verification failed."); } } catch (JOSEException je) { LOG.warn("Error while validating signature", je); } } } return valid; }
/** * Verify the signature of the JWT token in this method. This method depends * on the public key that was established during init based upon the * provisioned public key. Override this method in subclasses in order to * customize the signature verification behavior. * * @param jwtToken the token that contains the signature to be validated * @return valid true if signature verifies successfully; false otherwise */ protected boolean validateSignature(SignedJWT jwtToken) { boolean valid = false; if (JWSObject.State.SIGNED == jwtToken.getState()) { LOG.debug("JWT token is in a SIGNED state"); if (jwtToken.getSignature() != null) { LOG.debug("JWT token signature is not null"); try { JWSVerifier verifier = new RSASSAVerifier(publicKey); if (jwtToken.verify(verifier)) { valid = true; LOG.debug("JWT token has been successfully verified"); } else { LOG.warn("JWT signature verification failed."); } } catch (JOSEException je) { LOG.warn("Error while validating signature", je); } } } return valid; }
private boolean verifySignature(String jwt) { try { SignedJWT signedJWT = SignedJWT.parse(jwt); if (new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS)); return signedJWT.verify(verifier); } else { log.info("Token has expired"); } } catch (ParseException | IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | JOSEException e) { log.error("Error occurred while JWT signature verification. JWT=" + jwt, e); } return false; }
private boolean verifySignature(String jwt) { try { SignedJWT signedJWT = SignedJWT.parse(jwt); if (new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS)); return signedJWT.verify(verifier); } else { log.info("Token has expired"); } } catch (ParseException | IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | JOSEException e) { log.error("Error occurred while JWT signature verification", e); } return false; }
/** * Verify the signature of the JWT token in this method. This method depends * on the public key that was established during init based upon the * provisioned public key. Override this method in subclasses in order to * customize the signature verification behavior. * * @param jwtToken the token that contains the signature to be validated * @return valid true if signature verifies successfully; false otherwise */ protected boolean validateSignature(SignedJWT jwtToken) { boolean valid = false; if (JWSObject.State.SIGNED == jwtToken.getState()) { LOG.debug("JWT token is in a SIGNED state"); if (jwtToken.getSignature() != null) { LOG.debug("JWT token signature is not null"); try { JWSVerifier verifier = new RSASSAVerifier(publicKey); if (jwtToken.verify(verifier)) { valid = true; LOG.debug("JWT token has been successfully verified"); } else { LOG.warn("JWT signature verification failed."); } } catch (JOSEException je) { LOG.warn("Error while validating signature", je); } } } return valid; }
/** * Verify the signature of the JWT token in this method. This method depends * on the public key that was established during init based upon the * provisioned public key. Override this method in subclasses in order to * customize the signature verification behavior. * * @param jwtToken the token that contains the signature to be validated * @return valid true if signature verifies successfully; false otherwise */ protected boolean validateSignature(SignedJWT jwtToken) { boolean valid = false; if (JWSObject.State.SIGNED == jwtToken.getState()) { LOG.debug("JWT token is in a SIGNED state"); if (jwtToken.getSignature() != null) { LOG.debug("JWT token signature is not null"); try { JWSVerifier verifier = new RSASSAVerifier(publicKey); if (jwtToken.verify(verifier)) { valid = true; LOG.debug("JWT token has been successfully verified"); } else { LOG.warn("JWT signature verification failed."); } } catch (JOSEException je) { LOG.warn("Error while validating signature", je); } } } return valid; }
private boolean verifySignature(String jwt) { try { SignedJWT signedJWT = SignedJWT.parse(jwt); if (new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS)); return signedJWT.verify(verifier); } else { log.info("Token has expired"); } } catch (ParseException | IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | JOSEException e) { log.error("Error occurred while JWT signature verification. JWT=" + jwt, e); } return false; }
@Override public boolean verify(final SignedJWT jwt) throws JOSEException { init(); CommonHelper.assertNotNull("publicKey", publicKey); final JWSVerifier verifier = new RSASSAVerifier(this.publicKey); return jwt.verify(verifier); }