public boolean verify(String key) { if (header.getAlgorithm().getProvider() == null) { throw new RuntimeException("signing algorithm not supported"); } return header.getAlgorithm().getProvider().verify(this, key); }
/** * Creates verifier, initializes it from the KeycloakDeployment and adds the publicKey and some default basic checks (activeness and tokenType). Useful if caller wants to add/remove/update * some checks * * @param tokenString * @param deployment * @param withDefaultChecks * @param tokenClass * @param <T> * @return tokenVerifier * @throws VerificationException */ public static <T extends JsonWebToken> TokenVerifier<T> createVerifier(String tokenString, KeycloakDeployment deployment, boolean withDefaultChecks, Class<T> tokenClass) throws VerificationException { TokenVerifier<T> tokenVerifier = TokenVerifier.create(tokenString, tokenClass); if (withDefaultChecks) { tokenVerifier .withDefaultChecks() .realmUrl(deployment.getRealmInfoUrl()); } String kid = tokenVerifier.getHeader().getKeyId(); PublicKey publicKey = getPublicKey(kid, deployment); tokenVerifier.publicKey(publicKey); return tokenVerifier; }
private AccessToken verifyRSAToken(RealmModel realm, String tokenString, URI baseUri, KeycloakSession keycloakSession) throws VerificationException { AccessToken token; RSATokenVerifier verifier = RSATokenVerifier.create(tokenString) .realmUrl(Urls.realmIssuer(baseUri, realm.getName())); String kid = verifier.getHeader().getKeyId(); verifier.publicKey(keycloakSession.keys().getRsaPublicKey(realm, kid)); token = verifier.verify().getToken(); return token; } }
public static boolean verify(JWSInput input, PublicKey publicKey) { try { Signature verifier = getSignature(input.getHeader().getAlgorithm()); verifier.initVerify(publicKey); verifier.update(input.getEncodedSignatureInput().getBytes("UTF-8")); return verifier.verify(input.getSignature()); } catch (Exception e) { return false; } }
public static boolean verify(JWSInput input, byte[] sharedSecret) { try { byte[] signature = sign(input.getEncodedSignatureInput().getBytes("UTF-8"), input.getHeader().getAlgorithm(), sharedSecret); return MessageDigest.isEqual(signature, Base64Url.decode(input.getEncodedSignature())); } catch (Exception e) { throw new RuntimeException(e); } }
public static boolean verify(JWSInput input, SecretKey key) { try { byte[] signature = sign(input.getEncodedSignatureInput().getBytes("UTF-8"), input.getHeader().getAlgorithm(), key); return MessageDigest.isEqual(signature, Base64Url.decode(input.getEncodedSignature())); } catch (Exception e) { throw new RuntimeException(e); } }
AlgorithmType algorithmType = getHeader().getAlgorithm().getType();