private EncryptedJWT getEncryptedJWT(String idToken) { try { return EncryptedJWT.parse(idToken); } catch (ParseException e) { if (log.isDebugEnabled()) { log.debug("Error while parsing the assertion. The assertion is not encrypted."); } return null; } }
return SignedJWT.parse(s); } else if (alg instanceof JWEAlgorithm) { return EncryptedJWT.parse(s); } else { throw new AssertionError("Unexpected algorithm type: " + alg);
encryptedJWT = EncryptedJWT.parse(requestObject); RSAPrivateKey rsaPrivateKey = getRSAPrivateKey(oAuth2Parameters); RSADecrypter decrypter = new RSADecrypter(rsaPrivateKey);
private boolean testDecryptNimbusJoseJwt(String jwe) { try { EncryptedJWT encryptedJwt = EncryptedJWT.parse(jwe); //EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithGluu()); //EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithNimbus()); JWK jwk = JWK.parse(recipientJwkJson); RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey(); JWEDecrypter decrypter = new RSADecrypter(rsaPrivateKey); decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); encryptedJwt.decrypt(decrypter); final String decryptedPayload = new String(Base64Util.base64urldecode(encryptedJwt.getPayload().toString())); System.out.println("Nimbusds decrypt succeed: " + decryptedPayload); if (decryptedPayload.equals(PAYLOAD)) { return true; } } catch (Exception e) { System.out.println("Nimbusds decrypt failed: " + e.getMessage()); e.printStackTrace(); } return false; }
@Override public Map<String, Object> getJsonPayload(String token, boolean encrypted) throws TokenException { if (StringUtils.isEmpty(token)) { throw new TokenException("null or empty token"); } if (encrypted) { EncryptedJWT jwt = null; try { jwt = EncryptedJWT.parse(token); RSADecrypter decrypter = new RSADecrypter(keyProvider.getPrivateKey().getKey()); jwt.decrypt(decrypter); } catch (JOSEException | ParseException e) { throw new TokenDecryptionException("Invalid token", e); } return getJSONObject(jwt, encrypted); } try { JWSObject jws = JWSObject.parse(token); JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) keyProvider.getDefaultPublicKey()); if (!jws.verify(verifier)) { throw new TokenException("ERROR: Fradulent token"); } return getJSONObject(jws, encrypted); } catch (TokenException | ParseException | JOSEException e) { throw new TokenException("Error: Fradulent token, unrecognized signature", e); } }