/** * Creates a new KnoxService. * * @param configuration knox configuration */ public KnoxService(final KnoxConfiguration configuration) { this.configuration = configuration; // if knox sso support is enabled, validate the configuration if (configuration.isKnoxEnabled()) { // ensure the url is provided knoxUrl = configuration.getKnoxUrl(); if (StringUtils.isBlank(knoxUrl)) { throw new RuntimeException("Knox URL is required when Apache Knox SSO support is enabled."); } // ensure the cookie name is set if (StringUtils.isBlank(configuration.getKnoxCookieName())) { throw new RuntimeException("Knox Cookie Name is required when Apache Knox SSO support is enabled."); } // create the verifier verifier = new RSASSAVerifier(configuration.getKnoxPublicKey()); // get the audience audiences = configuration.getAudiences(); } }
RSASSAVerifier verifier = new RSASSAVerifier((RSAKey) jwk); verifiers.put(id, verifier);
LOG.debug("SSO token signature is not null"); try { JWSVerifier verifier = new RSASSAVerifier(SecurityUtils.parseRSAPublicKey(getKnoxKey())); if (jwtToken.verify(verifier)) { LOG.debug("SSO token has been successfully verified");
public NimbusRsJwtReader(String issuer, RSAPublicKey publicKey, Clock clock) { super(issuer, new RSASSAVerifier(publicKey), clock); } }
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
boolean verifiedSignature = false; try { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey); verifiedSignature = signedJWT.verify(verifier); } catch (JOSEException e) { System.err.println("Couldn't verify signature: " + e.getMessage()); }
public static boolean isSignatureValid(String token) { // Parse the JWS and verify its RSA signature SignedJWT signedJWT; try { signedJWT = SignedJWT.parse(token); JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey); return signedJWT.verify(verifier); } catch (ParseException | JOSEException e) { return false; } }
/** verify an id_token was signed by us * * @param signed * @return */ public boolean verify(SignedJWT signed) { try { JWSVerifier verifier = new RSASSAVerifier(publicJWK); return signed.verify(verifier); } catch (JOSEException e) { throw new RuntimeException(e); } }
private JWSVerifier from(RSAKey rsaKey) { try { byte[] modulus = Base64.getUrlDecoder().decode(rsaKey.getN()); byte[] exponent = Base64.getUrlDecoder().decode(rsaKey.getE()); RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(1,modulus), new BigInteger(1,exponent)); KeyFactory factory = KeyFactory.getInstance("RSA"); return new RSASSAVerifier((RSAPublicKey) factory.generatePublic(spec)); } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) { LOGGER.error(ex.getMessage(),ex); throw new InvalidClientException("Assertion is using and unknown/not managed key"); } }
private JWSVerifier from(RSAKey rsaKey) { try { byte[] modulus = Base64.getUrlDecoder().decode(rsaKey.getN()); byte[] exponent = Base64.getUrlDecoder().decode(rsaKey.getE()); RSAPublicKeySpec spec = new RSAPublicKeySpec(new BigInteger(1,modulus), new BigInteger(1,exponent)); KeyFactory factory = KeyFactory.getInstance("RSA"); return new RSASSAVerifier((RSAPublicKey) factory.generatePublic(spec)); } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) { LOGGER.error(ex.getMessage(),ex); throw new InvalidClientException("Assertion is using and unknown/not managed key"); } }
private boolean verifySignature(String jwt) { try { SignedJWT signedJWT = SignedJWT.parse(jwt); if (new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS)); return signedJWT.verify(verifier); } else { log.info("Token has expired"); } } catch (ParseException | IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | JOSEException e) { log.error("Error occurred while JWT signature verification. JWT=" + jwt, e); } return false; }
private boolean verifySignature(String jwt) { try { SignedJWT signedJWT = SignedJWT.parse(jwt); if (new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS)); return signedJWT.verify(verifier); } else { log.info("Token has expired"); } } catch (ParseException | IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | JOSEException e) { log.error("Error occurred while JWT signature verification", e); } return false; }
private boolean verifySignature(String jwt) { try { SignedJWT signedJWT = SignedJWT.parse(jwt); if (new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) { JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS)); return signedJWT.verify(verifier); } else { log.info("Token has expired"); } } catch (ParseException | IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | JOSEException e) { log.error("Error occurred while JWT signature verification. JWT=" + jwt, e); } return false; }
@Override public boolean verify(final SignedJWT jwt) throws JOSEException { init(); CommonHelper.assertNotNull("publicKey", publicKey); final JWSVerifier verifier = new RSASSAVerifier(this.publicKey); return jwt.verify(verifier); }
private JWSVerifier getVerifier() throws JOSEException, KrbException { if (verifyKey instanceof RSAPublicKey) { return new RSASSAVerifier((RSAPublicKey) verifyKey); } else if (verifyKey instanceof ECPublicKey) { ECPublicKey ecPublicKey = (ECPublicKey) verifyKey; return new ECDSAVerifier(ecPublicKey); } else if (verifyKey instanceof byte[]) { return new MACVerifier((byte[]) verifyKey); } throw new KrbException("An unknown verify key was specified"); }
private JWSVerifier getVerifier() throws JOSEException, KrbException { if (verifyKey instanceof RSAPublicKey) { return new RSASSAVerifier((RSAPublicKey) verifyKey); } else if (verifyKey instanceof ECPublicKey) { ECPublicKey ecPublicKey = (ECPublicKey) verifyKey; return new ECDSAVerifier(ecPublicKey); } else if (verifyKey instanceof byte[]) { return new MACVerifier((byte[]) verifyKey); } throw new KrbException("An unknown verify key was specified"); }
@Override public boolean verifyToken(JWT token, RSAPublicKey publicKey) throws TokenServiceException { boolean rc; PublicKey key; try { if (publicKey == null) { key = ks.getSigningKeystore().getCertificate(getSigningKeyAlias(signingKeyAlias)).getPublicKey(); } else { key = publicKey; } JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) key); // TODO: interrogate the token for issuer claim in order to determine the public key to use for verification // consider jwk for specifying the key too rc = token.verify(verifier); } catch (KeyStoreException | KeystoreServiceException e) { throw new TokenServiceException("Cannot verify token.", e); } return rc; }
private void setJwtProperties() { if (jwtProperties != null) { authenticationProviderUrl = jwtProperties.getAuthenticationProviderUrl(); publicKey = jwtProperties.getPublicKey(); cookieName = jwtProperties.getCookieName(); originalUrlQueryParam = jwtProperties.getOriginalUrlQueryParam(); if (publicKey != null) { verifier = new RSASSAVerifier(publicKey); } } }
private static JWSVerifier verifierFor(SigningAlgorithm algorithm, PublicKey publicKey) throws UnsupportedAlgorithmException { if ((algorithm.type() == AlgorithmType.RSA || algorithm.type() == AlgorithmType.RSASSA_PSS) && publicKey instanceof RSAPublicKey) { return new RSASSAVerifier((RSAPublicKey) publicKey); } else if (algorithm.type() == AlgorithmType.ECDSA && publicKey instanceof ECPublicKey) { ECPublicKey ecPublicKey = (ECPublicKey) publicKey; return new ECDSAVerifier(ecPublicKey.getW().getAffineX(), ecPublicKey.getW().getAffineY()); } else { // log at debug level since this can be caused by invalid input logger.debug("Unsupported signing algorithm {} or public key algorithm {}", algorithm, publicKey.getAlgorithm()); throw new UnsupportedAlgorithmException(algorithm.name()); } }
@Override public Map<String, Object> getJsonPayload(String token, boolean encrypted) throws TokenException { if (StringUtils.isEmpty(token)) { throw new TokenException("null or empty token"); } if (encrypted) { EncryptedJWT jwt = null; try { jwt = EncryptedJWT.parse(token); RSADecrypter decrypter = new RSADecrypter(keyProvider.getPrivateKey().getKey()); jwt.decrypt(decrypter); } catch (JOSEException | ParseException e) { throw new TokenDecryptionException("Invalid token", e); } return getJSONObject(jwt, encrypted); } try { JWSObject jws = JWSObject.parse(token); JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) keyProvider.getDefaultPublicKey()); if (!jws.verify(verifier)) { throw new TokenException("ERROR: Fradulent token"); } return getJSONObject(jws, encrypted); } catch (TokenException | ParseException | JOSEException e) { throw new TokenException("Error: Fradulent token, unrecognized signature", e); } }