com.auth0.jwt.exceptions.SignatureVerificationException Java Examples

The following examples show how to use com.auth0.jwt.exceptions.SignatureVerificationException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JwtAuthenticationProviderTest.java    From auth0-spring-security-api with MIT License 6 votes vote down vote up
@Test
public void shouldFailToAuthenticateUsingInvalidSecret() throws Exception {
    JwtAuthenticationProvider provider = new JwtAuthenticationProvider("secret".getBytes(), "test-issuer", "test-audience");
    String token = JWT.create()
            .withIssuer("test-issuer")
            .withAudience("test-audience")
            .sign(Algorithm.HMAC256("not-real-secret"));
    Authentication authentication = PreAuthenticatedAuthenticationJsonWebToken.usingToken(token);

    exception.expect(BadCredentialsException.class);
    exception.expectMessage("Not a valid token");
    exception.expectCause(Matchers.<Throwable>instanceOf(SignatureVerificationException.class));
    provider.authenticate(authentication);
}
 
Example #2
Source File: JwtAuthenticationProviderTest.java    From auth0-spring-security-api with MIT License 6 votes vote down vote up
@Test
public void shouldFailToAuthenticateUsingInvalidJWK() throws Exception {
    Jwk jwk = mock(Jwk.class);
    JwkProvider jwkProvider = mock(JwkProvider.class);

    KeyPair keyPair1 = RSAKeyPair();
    KeyPair keyPair2 = RSAKeyPair();
    when(jwkProvider.get(eq("key-id"))).thenReturn(jwk);
    when(jwk.getPublicKey()).thenReturn(keyPair1.getPublic());
    JwtAuthenticationProvider provider = new JwtAuthenticationProvider(jwkProvider, "test-issuer", "test-audience");
    Map<String, Object> keyIdHeader = Collections.singletonMap("kid", (Object) "key-id");
    String token = JWT.create()
            .withAudience("test-audience")
            .withIssuer("test-issuer")
            .withHeader(keyIdHeader)
            .sign(Algorithm.RSA256(null, (RSAPrivateKey) keyPair2.getPrivate()));

    Authentication authentication = PreAuthenticatedAuthenticationJsonWebToken.usingToken(token);

    exception.expect(BadCredentialsException.class);
    exception.expectMessage("Not a valid token");
    exception.expectCause(Matchers.<Throwable>instanceOf(SignatureVerificationException.class));
    provider.authenticate(authentication);
}
 
Example #3
Source File: ECDSAAlgorithmTest.java    From java-jwt with MIT License 6 votes vote down vote up
@Test
public void shouldThrowOnVerifyWhenTheSignatureIsNotPrepared() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: some-alg");
    exception.expectCause(isA(SignatureException.class));

    CryptoHelper crypto = mock(CryptoHelper.class);
    when(crypto.verifySignatureFor(anyString(), any(PublicKey.class), any(String.class), any(String.class), any(byte[].class)))
            .thenThrow(SignatureException.class);

    ECPublicKey publicKey = mock(ECPublicKey.class);
    ECPrivateKey privateKey = mock(ECPrivateKey.class);
    ECDSAKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey);
    Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider);
    String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g";
    algorithm.verify(JWT.decode(jwt));
}
 
Example #4
Source File: SignatureVerifier.java    From auth0-java with MIT License 6 votes vote down vote up
/**
 * Verifies a token's signature.
 *
 * @param token the token for which to verify its signature.
 * @return a {@linkplain DecodedJWT} that represents the token.
 * @throws IdTokenValidationException if the signature verification failed.
 */
DecodedJWT verifySignature(String token) throws IdTokenValidationException {
    DecodedJWT decoded = decodeToken(token);

    try {
        this.verifier.verify(decoded);
    } catch (AlgorithmMismatchException algorithmMismatchException) {
        String message = String.format("Signature algorithm of \"%s\" is not supported. Expected the ID token to be signed with \"%s\"",
                decoded.getAlgorithm(), this.algorithm.getName());
        throw new IdTokenValidationException(message, algorithmMismatchException);
    } catch (SignatureVerificationException signatureVerificationException) {
        throw new IdTokenValidationException("Invalid ID token signature", signatureVerificationException);
    } catch (JWTVerificationException ignored) {
        // no-op. Would only occur for expired tokens, which will be handle during claims validation
    }

    return decoded;
}
 
Example #5
Source File: ECDSAAlgorithmTest.java    From java-jwt with MIT License 6 votes vote down vote up
@Test
public void shouldThrowOnVerifyWhenSignatureAlgorithmDoesNotExists() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: some-alg");
    exception.expectCause(isA(NoSuchAlgorithmException.class));

    CryptoHelper crypto = mock(CryptoHelper.class);
    when(crypto.verifySignatureFor(anyString(), any(PublicKey.class), any(String.class), any(String.class), any(byte[].class)))
            .thenThrow(NoSuchAlgorithmException.class);

    ECPublicKey publicKey = mock(ECPublicKey.class);
    ECPrivateKey privateKey = mock(ECPrivateKey.class);
    ECDSAKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey);
    Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider);
    String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g";
    algorithm.verify(JWT.decode(jwt));
}
 
Example #6
Source File: ECDSABouncyCastleProviderTests.java    From java-jwt with MIT License 6 votes vote down vote up
@Test
public void shouldThrowOnVerifyWhenSignatureAlgorithmDoesNotExists() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: some-alg");
    exception.expectCause(isA(NoSuchAlgorithmException.class));

    CryptoHelper crypto = mock(CryptoHelper.class);
    when(crypto.verifySignatureFor(anyString(), any(PublicKey.class), any(String.class), any(String.class), any(byte[].class)))
            .thenThrow(NoSuchAlgorithmException.class);

    ECPublicKey publicKey = mock(ECPublicKey.class);
    ECPrivateKey privateKey = mock(ECPrivateKey.class);
    ECDSAKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey);
    Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider);
    String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g";
    algorithm.verify(JWT.decode(jwt));
}
 
Example #7
Source File: ECDSAAlgorithm.java    From java-jwt with MIT License 6 votes vote down vote up
@Override
public void verify(DecodedJWT jwt) throws SignatureVerificationException {
    byte[] signatureBytes = Base64.decodeBase64(jwt.getSignature());

    try {
        ECPublicKey publicKey = keyProvider.getPublicKeyById(jwt.getKeyId());
        if (publicKey == null) {
            throw new IllegalStateException("The given Public Key is null.");
        }
        boolean valid = crypto.verifySignatureFor(getDescription(), publicKey, jwt.getHeader(), jwt.getPayload(), JOSEToDER(signatureBytes));

        if (!valid) {
            throw new SignatureVerificationException(this);
        }
    } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalStateException e) {
        throw new SignatureVerificationException(this, e);
    }
}
 
Example #8
Source File: SignTest.java    From staffjoy with MIT License 6 votes vote down vote up
@Test
public void testEmailToken() {
    String userId = UUID.randomUUID().toString();
    String email = "[email protected]";
    String signingToken = "test_signing_token";

    String emailToken = Sign.generateEmailConfirmationToken(userId, email, signingToken);
    assertThat(emailToken).isNotNull();

    DecodedJWT jwt = Sign.verifyEmailConfirmationToken(emailToken, signingToken);
    assertThat(jwt.getClaim(Sign.CLAIM_USER_ID).asString()).isEqualTo(userId);
    assertThat(jwt.getClaim(Sign.CLAIM_EMAIL).asString()).isEqualTo(email);

    expectedException.expect(SignatureVerificationException.class);
    expectedException.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: HmacSHA512");

    jwt = Sign.verifyEmailConfirmationToken(emailToken, "wrong_signing_token");
}
 
Example #9
Source File: ECDSABouncyCastleProviderTests.java    From java-jwt with MIT License 6 votes vote down vote up
@Test
public void shouldThrowOnVerifyWhenThePublicKeyIsInvalid() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: some-alg");
    exception.expectCause(isA(InvalidKeyException.class));

    CryptoHelper crypto = mock(CryptoHelper.class);
    when(crypto.verifySignatureFor(anyString(), any(PublicKey.class), any(String.class), any(String.class), any(byte[].class)))
            .thenThrow(InvalidKeyException.class);

    ECPublicKey publicKey = mock(ECPublicKey.class);
    ECPrivateKey privateKey = mock(ECPrivateKey.class);
    ECDSAKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey);
    Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider);
    String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g";
    algorithm.verify(JWT.decode(jwt));
}
 
Example #10
Source File: RSAAlgorithm.java    From java-jwt with MIT License 6 votes vote down vote up
@Override
public void verify(DecodedJWT jwt) throws SignatureVerificationException {
    byte[] signatureBytes = Base64.decodeBase64(jwt.getSignature());

    try {
        RSAPublicKey publicKey = keyProvider.getPublicKeyById(jwt.getKeyId());
        if (publicKey == null) {
            throw new IllegalStateException("The given Public Key is null.");
        }
        boolean valid = crypto.verifySignatureFor(getDescription(), publicKey, jwt.getHeader(), jwt.getPayload(), signatureBytes);
        if (!valid) {
            throw new SignatureVerificationException(this);
        }
    } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalStateException e) {
        throw new SignatureVerificationException(this, e);
    }
}
 
Example #11
Source File: ECDSABouncyCastleProviderTests.java    From java-jwt with MIT License 6 votes vote down vote up
@Test
public void shouldThrowOnVerifyWhenTheSignatureIsNotPrepared() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: some-alg");
    exception.expectCause(isA(SignatureException.class));

    CryptoHelper crypto = mock(CryptoHelper.class);
    when(crypto.verifySignatureFor(anyString(), any(PublicKey.class), any(String.class), any(String.class), any(byte[].class)))
            .thenThrow(SignatureException.class);

    ECPublicKey publicKey = mock(ECPublicKey.class);
    ECPrivateKey privateKey = mock(ECPrivateKey.class);
    ECDSAKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey);
    Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider);
    String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g";
    algorithm.verify(JWT.decode(jwt));
}
 
Example #12
Source File: RSAAlgorithmTest.java    From java-jwt with MIT License 6 votes vote down vote up
@Test
public void shouldThrowWhenMacAlgorithmDoesNotExists() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: some-alg");
    exception.expectCause(isA(NoSuchAlgorithmException.class));
    
    CryptoHelper crypto = mock(CryptoHelper.class);
    when(crypto.verifySignatureFor(anyString(), any(PublicKey.class), any(String.class), any(String.class), any(byte[].class)))
            .thenThrow(NoSuchAlgorithmException.class);

    RSAPublicKey publicKey = mock(RSAPublicKey.class);
    RSAPrivateKey privateKey = mock(RSAPrivateKey.class);
    RSAKeyProvider provider = RSAAlgorithm.providerForKeys(publicKey, privateKey);
    Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", provider);
    String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.dxXF3MdsyW-AuvwJpaQtrZ33fAde9xWxpLIg9cO2tMLH2GSRNuLAe61KsJusZhqZB9Iy7DvflcmRz-9OZndm6cj_ThGeJH2LLc90K83UEvvRPo8l85RrQb8PcanxCgIs2RcZOLygERizB3pr5icGkzR7R2y6zgNCjKJ5_NJ6EiZsGN6_nc2PRK_DbyY-Wn0QDxIxKoA5YgQJ9qafe7IN980pXvQv2Z62c3XR8dYuaXBqhthBj-AbaFHEpZapN-V-TmuLNzR2MCB6Xr7BYMuCaqWf_XU8og4XNe8f_8w9Wv5vvgqMM1KhqVpG5VdMJv4o_L4NoCROHhtUQSLRh2M9cA";
    algorithm.verify(JWT.decode(jwt));
}
 
Example #13
Source File: RSAAlgorithmTest.java    From java-jwt with MIT License 6 votes vote down vote up
@Test
public void shouldThrowWhenTheSignatureIsNotPrepared() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: some-alg");
    exception.expectCause(isA(SignatureException.class));

    CryptoHelper crypto = mock(CryptoHelper.class);
    when(crypto.verifySignatureFor(anyString(), any(PublicKey.class), any(String.class), any(String.class), any(byte[].class)))
            .thenThrow(SignatureException.class);

    RSAPublicKey publicKey = mock(RSAPublicKey.class);
    RSAPrivateKey privateKey = mock(RSAPrivateKey.class);
    RSAKeyProvider provider = RSAAlgorithm.providerForKeys(publicKey, privateKey);
    Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", provider);
    String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.dxXF3MdsyW-AuvwJpaQtrZ33fAde9xWxpLIg9cO2tMLH2GSRNuLAe61KsJusZhqZB9Iy7DvflcmRz-9OZndm6cj_ThGeJH2LLc90K83UEvvRPo8l85RrQb8PcanxCgIs2RcZOLygERizB3pr5icGkzR7R2y6zgNCjKJ5_NJ6EiZsGN6_nc2PRK_DbyY-Wn0QDxIxKoA5YgQJ9qafe7IN980pXvQv2Z62c3XR8dYuaXBqhthBj-AbaFHEpZapN-V-TmuLNzR2MCB6Xr7BYMuCaqWf_XU8og4XNe8f_8w9Wv5vvgqMM1KhqVpG5VdMJv4o_L4NoCROHhtUQSLRh2M9cA";
    algorithm.verify(JWT.decode(jwt));
}
 
Example #14
Source File: RSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailRSA512VerificationWhenUsingPrivateKey() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA512withRSA");
    exception.expectCause(isA(IllegalStateException.class));
    exception.expectCause(hasMessage(is("The given Public Key is null.")));
    String jwt = "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.mvL5LoMyIrWYjk5umEXZTmbyIrkbbcVPUkvdGZbu0qFBxGOf0nXP5PZBvPcOu084lvpwVox5n3VaD4iqzW-PsJyvKFgi5TnwmsbKchAp7JexQEsQOnTSGcfRqeUUiBZqRQdYsho71oAB3T4FnalDdFEpM-fztcZY9XqKyayqZLreTeBjqJm4jfOWH7KfGBHgZExQhe96NLq1UA9eUyQwdOA1Z0SgXe4Ja5PxZ6Fm37KnVDtDlNnY4JAAGFo6y74aGNnp_BKgpaVJCGFu1f1S5xCQ1HSvs8ZSdVWs5NgawW3wRd0kRt_GJ_Y3mIwiF4qUyHWGtsSHu_qjVdCTtbFyow";
    Algorithm algorithm = Algorithm.RSA512((RSAKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE, "RSA"));
    algorithm.verify(JWT.decode(jwt));
}
 
Example #15
Source File: NoneAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailNoneVerificationWhenSignatureIsPresent() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: none");
    String jwt = "eyJhbGciOiJub25lIiwiY3R5IjoiSldUIn0.eyJpc3MiOiJhdXRoMCJ9.Ox-WRXRaGAuWt2KfPvWiGcCrPqZtbp_4OnQzZXaTfss";
    Algorithm algorithm = Algorithm.none();
    algorithm.verify(JWT.decode(jwt));
}
 
Example #16
Source File: RSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldThrowWhenThePublicKeyIsInvalid() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: some-alg");
    exception.expectCause(isA(InvalidKeyException.class));

    CryptoHelper crypto = mock(CryptoHelper.class);
    when(crypto.verifySignatureFor(anyString(), any(PublicKey.class), any(String.class), any(String.class), any(byte[].class)))
            .thenThrow(InvalidKeyException.class);

    RSAPublicKey publicKey = mock(RSAPublicKey.class);
    RSAPrivateKey privateKey = mock(RSAPrivateKey.class);
    RSAKeyProvider provider = RSAAlgorithm.providerForKeys(publicKey, privateKey);
    Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", provider);
    String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.dxXF3MdsyW-AuvwJpaQtrZ33fAde9xWxpLIg9cO2tMLH2GSRNuLAe61KsJusZhqZB9Iy7DvflcmRz-9OZndm6cj_ThGeJH2LLc90K83UEvvRPo8l85RrQb8PcanxCgIs2RcZOLygERizB3pr5icGkzR7R2y6zgNCjKJ5_NJ6EiZsGN6_nc2PRK_DbyY-Wn0QDxIxKoA5YgQJ9qafe7IN980pXvQv2Z62c3XR8dYuaXBqhthBj-AbaFHEpZapN-V-TmuLNzR2MCB6Xr7BYMuCaqWf_XU8og4XNe8f_8w9Wv5vvgqMM1KhqVpG5VdMJv4o_L4NoCROHhtUQSLRh2M9cA";
    algorithm.verify(JWT.decode(jwt));
}
 
Example #17
Source File: ECDSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailECDSA384VerificationWithInvalidPublicKey() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA384withECDSA");
    String jwt = "eyJhbGciOiJFUzM4NCJ9.eyJpc3MiOiJhdXRoMCJ9._k5h1KyO-NE0R2_HAw0-XEc0bGT5atv29SxHhOGC9JDqUHeUdptfCK_ljQ01nLVt2OQWT2SwGs-TuyHDFmhPmPGFZ9wboxvq_ieopmYqhQilNAu-WF-frioiRz9733fU";
    Algorithm algorithm = Algorithm.ECDSA384((ECKey) readPublicKeyFromFile(INVALID_PUBLIC_KEY_FILE_384, "EC"));
    algorithm.verify(JWT.decode(jwt));
}
 
Example #18
Source File: ECDSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailECDSA384VerificationOnInvalidJOSESignatureLength() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA384withECDSA");
    exception.expectCause(isA(SignatureException.class));
    exception.expectCause(hasMessage(is("Invalid JOSE signature format.")));

    byte[] bytes = new byte[95];
    new SecureRandom().nextBytes(bytes);
    String signature = Base64.encodeBase64URLSafeString(bytes);
    String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9." + signature;
    Algorithm algorithm = Algorithm.ECDSA384((ECKey) readPublicKeyFromFile(INVALID_PUBLIC_KEY_FILE_384, "EC"));
    algorithm.verify(JWT.decode(jwt));
}
 
Example #19
Source File: ECDSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailECDSA384VerificationWhenUsingPrivateKey() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA384withECDSA");
    exception.expectCause(isA(IllegalStateException.class));
    exception.expectCause(hasMessage(is("The given Public Key is null.")));
    String jwt = "eyJhbGciOiJFUzM4NCJ9.eyJpc3MiOiJhdXRoMCJ9._k5h1KyO-NE0R2_HAw0-XEc0bGT5atv29SxHhOGC9JDqUHeUdptfCK_ljQ01nLVt2OQWT2SwGs-TuyHDFmhPmPGFZ9wboxvq_ieopmYqhQilNAu-WF-frioiRz9733fU";
    Algorithm algorithm = Algorithm.ECDSA384((ECKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_384, "EC"));
    algorithm.verify(JWT.decode(jwt));
}
 
Example #20
Source File: ECDSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailECDSA384VerificationOnInvalidJOSESignature() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA384withECDSA");

    byte[] bytes = new byte[96];
    new SecureRandom().nextBytes(bytes);
    String signature = Base64.encodeBase64URLSafeString(bytes);
    String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9." + signature;
    Algorithm algorithm = Algorithm.ECDSA384((ECKey) readPublicKeyFromFile(INVALID_PUBLIC_KEY_FILE_384, "EC"));
    algorithm.verify(JWT.decode(jwt));
}
 
Example #21
Source File: ECDSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailECDSA384VerificationWhenProvidedPublicKeyIsNull() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA384withECDSA");
    exception.expectCause(isA(IllegalStateException.class));
    exception.expectCause(hasMessage(is("The given Public Key is null.")));
    ECDSAKeyProvider provider = mock(ECDSAKeyProvider.class);
    when(provider.getPublicKeyById("my-key-id")).thenReturn(null);
    String jwt = "eyJhbGciOiJFUzM4NCIsImtpZCI6Im15LWtleS1pZCJ9.eyJpc3MiOiJhdXRoMCJ9.9kjGuFTPx3ylfpqL0eY9H7TGmPepjQOBKI8UPoEvby6N7dDLF5HxLohosNxxFymNT7LzpeSgOPAB0wJEwG2Nl2ukgdUOpZOf492wog_i5ZcZmAykd3g1QH7onrzd69GU";
    Algorithm algorithm = Algorithm.ECDSA384(provider);
    algorithm.verify(JWT.decode(jwt));
}
 
Example #22
Source File: RSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailRSA512VerificationWithInvalidPublicKey() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA512withRSA");
    String jwt = "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.mvL5LoMyIrWYjk5umEXZTmbyIrkbbcVPUkvdGZbu0qFBxGOf0nXP5PZBvPcOu084lvpwVox5n3VaD4iqzW-PsJyvKFgi5TnwmsbKchAp7JexQEsQOnTSGcfRqeUUiBZqRQdYsho71oAB3T4FnalDdFEpM-fztcZY9XqKyayqZLreTeBjqJm4jfOWH7KfGBHgZExQhe96NLq1UA9eUyQwdOA1Z0SgXe4Ja5PxZ6Fm37KnVDtDlNnY4JAAGFo6y74aGNnp_BKgpaVJCGFu1f1S5xCQ1HSvs8ZSdVWs5NgawW3wRd0kRt_GJ_Y3mIwiF4qUyHWGtsSHu_qjVdCTtbFyow";
    Algorithm algorithm = Algorithm.RSA512((RSAKey) readPublicKeyFromFile(INVALID_PUBLIC_KEY_FILE, "RSA"));
    algorithm.verify(JWT.decode(jwt));
}
 
Example #23
Source File: RSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailRSA512VerificationWhenProvidedPublicKeyIsNull() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA512withRSA");
    exception.expectCause(isA(IllegalStateException.class));
    exception.expectCause(hasMessage(is("The given Public Key is null.")));
    RSAKeyProvider provider = mock(RSAKeyProvider.class);
    when(provider.getPublicKeyById("my-key-id")).thenReturn(null);
    String jwt = "eyJhbGciOiJSUzUxMiIsImtpZCI6Im15LWtleS1pZCJ9.eyJpc3MiOiJhdXRoMCJ9.GpHv85Q8tAU_6hNWsmO0GEpO1qz9lmK3NKeAcemysz9MGo4FXWn8xbD8NjCfzZ8EWphm65M0NArKSjpKHO5-gcNsQxLBVfSED1vzcoaZH_Vy5Rp1M76dGH7JghB_66KrpfyMxer_yRJb-KXesNvIroDGilLQF2ENG-IfLF5nBKlDiVHmPaqr3pm1q20fNLhegkSRca4BJ5VdIlT6kOqE_ykVyCBqzD_oXp3LKO_ARnxoeB9SegIW1fy_3tuxSTKYsCZiOfiyVEXXblAuY3pSLZnGvgeBRnfvmWXDWhP0vVUFtYJBF09eULvvUMVqWcrjUG9gDzzzT7veiY_fHd_x8g";
    Algorithm algorithm = Algorithm.RSA512(provider);
    algorithm.verify(JWT.decode(jwt));
}
 
Example #24
Source File: ECDSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailECDSA512VerificationWithInvalidPublicKey() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA512withECDSA");
    String jwt = "eyJhbGciOiJFUzUxMiJ9.eyJpc3MiOiJhdXRoMCJ9.AZgdopFFsN0amCSs2kOucXdpylD31DEm5ChK1PG0_gq5Mf47MrvVph8zHSVuvcrXzcE1U3VxeCg89mYW1H33Y-8iAF0QFkdfTUQIWKNObH543WNMYYssv3OtOj0znPv8atDbaF8DMYAtcT1qdmaSJRhx-egRE9HGZkinPh9CfLLLt58X";
    Algorithm algorithm = Algorithm.ECDSA512((ECKey) readPublicKeyFromFile(INVALID_PUBLIC_KEY_FILE_512, "EC"));
    algorithm.verify(JWT.decode(jwt));
}
 
Example #25
Source File: RSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailRSA384VerificationWithInvalidPublicKey() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA384withRSA");
    String jwt = "eyJhbGciOiJSUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.TZlWjXObwGSQOiu2oMq8kiKz0_BR7bbBddNL6G8eZ_GoR82BXOZDqNrQr7lb_M-78XGBguWLWNIdYhzgxOUL9EoCJlrqVm9s9vo6G8T1sj1op-4TbjXZ61TwIvrJee9BvPLdKUJ9_fp1Js5kl6yXkst40Th8Auc5as4n49MLkipjpEhKDKaENKHpSubs1ripSz8SCQZSofeTM_EWVwSw7cpiM8Fy8jOPvWG8Xz4-e3ODFowvHVsDcONX_4FTMNbeRqDuHq2ZhCJnEfzcSJdrve_5VD5fM1LperBVslTrOxIgClOJ3RmM7-WnaizJrWP3D6Z9OLxPxLhM6-jx6tcxEw";
    Algorithm algorithm = Algorithm.RSA384((RSAKey) readPublicKeyFromFile(INVALID_PUBLIC_KEY_FILE, "RSA"));
    algorithm.verify(JWT.decode(jwt));
}
 
Example #26
Source File: RSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailRSA384VerificationWhenProvidedPublicKeyIsNull() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA384withRSA");
    exception.expectCause(isA(IllegalStateException.class));
    exception.expectCause(hasMessage(is("The given Public Key is null.")));
    RSAKeyProvider provider = mock(RSAKeyProvider.class);
    when(provider.getPublicKeyById("my-key-id")).thenReturn(null);
    String jwt = "eyJhbGciOiJSUzM4NCIsImtpZCI6Im15LWtleS1pZCJ9.eyJpc3MiOiJhdXRoMCJ9.ITNTVCT7ercumZKHV4-BXGkJwwa7fyF3CnSfEvm09fDFSkaseDxNo_75WLDmK9WM8RMHTPvkpHcTKm4guYEbC_la7RzFIKpU72bppzQojggSmWWXt_6zq50QP2t5HFMebote1zxhp8ccEdSCX5pyY6J2sm9kJ__HKK32KxIVCTjVCz-bFBS60oG35aYEySdKsxuUdWbD5FQ9I16Ony2x0EPvmlL3GPiAPmgjSFp3LtcBIbCDaoonM7iuDRGIQiDN_n2FKKb1Bt4_38uWPtTkwRpNalt6l53Y3JDdzGI5fMrMo3RQnQlAJxUJKD0eL6dRAA645IVIIXucHwuhgGGIVw";
    Algorithm algorithm = Algorithm.RSA384(provider);
    algorithm.verify(JWT.decode(jwt));
}
 
Example #27
Source File: ECDSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailECDSA256VerificationWithInvalidPublicKey() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA256withECDSA");
    String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.W9qfN1b80B9hnMo49WL8THrOsf1vEjOhapeFemPMGySzxTcgfyudS5esgeBTO908X5SLdAr5jMwPUPBs9b6nNg";
    Algorithm algorithm = Algorithm.ECDSA256((ECKey) readPublicKeyFromFile(INVALID_PUBLIC_KEY_FILE_256, "EC"));
    algorithm.verify(JWT.decode(jwt));
}
 
Example #28
Source File: RSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailRSA256VerificationWithInvalidPublicKey() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA256withRSA");
    String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.dxXF3MdsyW-AuvwJpaQtrZ33fAde9xWxpLIg9cO2tMLH2GSRNuLAe61KsJusZhqZB9Iy7DvflcmRz-9OZndm6cj_ThGeJH2LLc90K83UEvvRPo8l85RrQb8PcanxCgIs2RcZOLygERizB3pr5icGkzR7R2y6zgNCjKJ5_NJ6EiZsGN6_nc2PRK_DbyY-Wn0QDxIxKoA5YgQJ9qafe7IN980pXvQv2Z62c3XR8dYuaXBqhthBj-AbaFHEpZapN-V-TmuLNzR2MCB6Xr7BYMuCaqWf_XU8og4XNe8f_8w9Wv5vvgqMM1KhqVpG5VdMJv4o_L4NoCROHhtUQSLRh2M9cA";
    Algorithm algorithm = Algorithm.RSA256((RSAKey) readPublicKeyFromFile(INVALID_PUBLIC_KEY_FILE, "RSA"));
    algorithm.verify(JWT.decode(jwt));
}
 
Example #29
Source File: RSAAlgorithmTest.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailRSA256VerificationWhenProvidedPublicKeyIsNull() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA256withRSA");
    exception.expectCause(isA(IllegalStateException.class));
    exception.expectCause(hasMessage(is("The given Public Key is null.")));
    RSAKeyProvider provider = mock(RSAKeyProvider.class);
    when(provider.getPublicKeyById("my-key-id")).thenReturn(null);
    String jwt = "eyJhbGciOiJSUzI1NiIsImtpZCI6Im15LWtleS1pZCJ9.eyJpc3MiOiJhdXRoMCJ9.jXrbue3xJmnzWH9kU-uGeCTtgbQEKbch8uHd4Z52t86ncNyepfusl_bsyLJIcxMwK7odRzKiSE9efV9JaRSEDODDBdMeCzODFx82uBM7e46T1NLVSmjYIM7Hcfh81ZeTIk-hITvgtL6hvTdeJWOCZAB0bs18qSVW5SvursRUhY38xnhuNI6HOHCtqp7etxWAu6670L53I3GtXsmi6bXIzv_0v1xZcAFg4HTvXxfhfj3oCqkSs2nC27mHxBmQtmZKWmXk5HzVUyPRwTUWx5wHPT_hCsGer-CMCAyGsmOg466y1KDqf7ogpMYojfVZGWBsyA39LO1oWZ4Ryomkn8t5Vg";
    Algorithm algorithm = Algorithm.RSA256(provider);
    algorithm.verify(JWT.decode(jwt));
}
 
Example #30
Source File: ECDSABouncyCastleProviderTests.java    From java-jwt with MIT License 5 votes vote down vote up
@Test
public void shouldFailJOSEToDERConversionOnInvalidJOSESignatureLength() throws Exception {
    exception.expect(SignatureVerificationException.class);
    exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: SHA256withECDSA");
    exception.expectCause(isA(SignatureException.class));
    exception.expectCause(hasMessage(is("Invalid JOSE signature format.")));

    byte[] bytes = new byte[256];
    new SecureRandom().nextBytes(bytes);
    String signature = Base64.encodeBase64URLSafeString(bytes);
    String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9." + signature;

    ECPublicKey publicKey = (ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_256, "EC");
    ECPrivateKey privateKey = mock(ECPrivateKey.class);
    ECDSAKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey);
    Algorithm algorithm = new ECDSAAlgorithm("ES256", "SHA256withECDSA", 128, provider);
    algorithm.verify(JWT.decode(jwt));
}