ECDSAVerifier verifier = new ECDSAVerifier((ECKey) jwk); verifiers.put(id, verifier);
JWSVerifier jwsVerifier = new ECDSAVerifier(publicKey); return signedJwt.verify(jwsVerifier);
private JWSVerifier getVerifier() throws JOSEException, KrbException { if (verifyKey instanceof RSAPublicKey) { return new RSASSAVerifier((RSAPublicKey) verifyKey); } else if (verifyKey instanceof ECPublicKey) { ECPublicKey ecPublicKey = (ECPublicKey) verifyKey; return new ECDSAVerifier(ecPublicKey); } else if (verifyKey instanceof byte[]) { return new MACVerifier((byte[]) verifyKey); } throw new KrbException("An unknown verify key was specified"); }
@Override public boolean verify(final SignedJWT jwt) throws JOSEException { init(); CommonHelper.assertNotNull("publicKey", publicKey); final JWSVerifier verifier = new ECDSAVerifier(this.publicKey); return jwt.verify(verifier); }
private JWSVerifier getVerifier() throws JOSEException, KrbException { if (verifyKey instanceof RSAPublicKey) { return new RSASSAVerifier((RSAPublicKey) verifyKey); } else if (verifyKey instanceof ECPublicKey) { ECPublicKey ecPublicKey = (ECPublicKey) verifyKey; return new ECDSAVerifier(ecPublicKey); } else if (verifyKey instanceof byte[]) { return new MACVerifier((byte[]) verifyKey); } throw new KrbException("An unknown verify key was specified"); }
private JWSVerifier resolveVerifier(JWSAlgorithm algorithm, String mdsTocRootCertsFolder, List<String> certificateChain) { Path path = FileSystems.getDefault().getPath(mdsTocRootCertsFolder); List<X509Certificate> x509CertificateChain = cryptoUtils.getCertificates(certificateChain); List<X509Certificate> x509TrustedCertificates = new ArrayList<>(); try { x509TrustedCertificates.add(cryptoUtils.getCertificate(Files.newInputStream(path))); } catch (IOException e) { throw new Fido2RPRuntimeException("Unable to read the root cert " + path, e); } X509Certificate verifiedCert = certificateValidator.verifyAttestationCertificates(x509CertificateChain, x509TrustedCertificates); if (JWSAlgorithm.ES256.equals(algorithm)) { JWSVerifier verifier; try { verifier = new ECDSAVerifier((ECPublicKey) verifiedCert.getPublicKey()); return verifier; } catch (JOSEException e) { throw new Fido2RPRuntimeException("Unable to create verifier for algorithm " + algorithm, e); } } else { throw new Fido2RPRuntimeException("Don't know what to do with " + algorithm); } }
private JWSVerifier from(ECKey ecKey) { try { Optional<Curve> curve = Curve.getByName(ecKey.getCrv()); if(!curve.isPresent()) { throw new InvalidClientException("Unknown EC Curve: "+ecKey.getCrv()); } AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC"); parameters.init(new ECGenParameterSpec(curve.get().getStdName())); ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class); byte[] x = Base64.getUrlDecoder().decode(ecKey.getX()); byte[] y = Base64.getUrlDecoder().decode(ecKey.getY()); ECPoint ecPoint = new ECPoint(new BigInteger(1,x), new BigInteger(1,y)); ECPublicKeySpec ecPublicKeySpec = new ECPublicKeySpec(ecPoint, ecParameters); ECPublicKey ecPublicKey = (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(ecPublicKeySpec); return new ECDSAVerifier(ecPublicKey); } catch (NoSuchAlgorithmException | InvalidParameterSpecException | InvalidKeySpecException | JOSEException ex) { LOGGER.error(ex.getMessage(),ex); throw new InvalidClientException("Assertion is using and unknown/not managed key"); } } }
private JWSVerifier from(ECKey ecKey) { try { Optional<Curve> curve = Curve.getByName(ecKey.getCrv()); if(!curve.isPresent()) { throw new InvalidClientException("Unknown EC Curve: "+ecKey.getCrv()); } AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC"); parameters.init(new ECGenParameterSpec(curve.get().getStdName())); ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class); byte[] x = Base64.getUrlDecoder().decode(ecKey.getX()); byte[] y = Base64.getUrlDecoder().decode(ecKey.getY()); ECPoint ecPoint = new ECPoint(new BigInteger(1,x), new BigInteger(1,y)); ECPublicKeySpec ecPublicKeySpec = new ECPublicKeySpec(ecPoint, ecParameters); ECPublicKey ecPublicKey = (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(ecPublicKeySpec); return new ECDSAVerifier(ecPublicKey); } catch (NoSuchAlgorithmException | InvalidParameterSpecException | InvalidKeySpecException | JOSEException ex) { LOGGER.error(ex.getMessage(),ex); throw new InvalidClientException("Assertion is using and unknown/not managed key"); } } }
private static JWSVerifier verifierFor(SigningAlgorithm algorithm, PublicKey publicKey) throws UnsupportedAlgorithmException { if ((algorithm.type() == AlgorithmType.RSA || algorithm.type() == AlgorithmType.RSASSA_PSS) && publicKey instanceof RSAPublicKey) { return new RSASSAVerifier((RSAPublicKey) publicKey); } else if (algorithm.type() == AlgorithmType.ECDSA && publicKey instanceof ECPublicKey) { ECPublicKey ecPublicKey = (ECPublicKey) publicKey; return new ECDSAVerifier(ecPublicKey.getW().getAffineX(), ecPublicKey.getW().getAffineY()); } else { // log at debug level since this can be caused by invalid input logger.debug("Unsupported signing algorithm {} or public key algorithm {}", algorithm, publicKey.getAlgorithm()); throw new UnsupportedAlgorithmException(algorithm.name()); } }
verifier = new ECDSAVerifier(ecPublicKey);