/** * Verify signature. * * @param value the value * @return the value associated with the signature, which may have to * be decoded, or null. */ protected byte[] verifySignature(final byte[] value) { if (this.signingKey == null) { return value; } return EncodingUtils.verifyJwsSignature(this.signingKey, value); }
/** * Verify jws signature byte [ ]. * * @param value the value * @param signingKey the signing key * @return the byte [ ] */ @SneakyThrows public static byte[] verifyJwsSignature(final Key signingKey, final byte[] value) { val asString = new String(value, StandardCharsets.UTF_8); return verifyJwsSignature(signingKey, asString); }
@Override @SneakyThrows public JwtClaims validate(final String token) { val jsonWebKey = getSigningKey(); if (jsonWebKey.getPublicKey() == null) { throw new IllegalArgumentException("JSON web key used to validate the id token signature has no associated public key"); } val jwt = EncodingUtils.verifyJwsSignature(jsonWebKey.getPublicKey(), token); val result = new String(jwt, StandardCharsets.UTF_8); val claims = JwtClaims.parse(result); LOGGER.debug("Validated claims as [{}]", claims); if (StringUtils.isBlank(claims.getIssuer())) { throw new IllegalArgumentException("Claims do not container an issuer"); } if (claims.getIssuer().equalsIgnoreCase(this.issuer)) { throw new IllegalArgumentException("Issuer assigned to claims does not match " + this.issuer); } if (StringUtils.isBlank(claims.getStringClaimValue(OAuth20Constants.CLIENT_ID))) { throw new IllegalArgumentException("Claims do not contain a client id claim"); } return claims; }