io.jsonwebtoken.security.SignatureException Java Examples

The following examples show how to use io.jsonwebtoken.security.SignatureException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: EllipticCurveSignatureValidator.java    From jjwt with Apache License 2.0 6 votes vote down vote up
@Override
public boolean isValid(byte[] data, byte[] signature) {
    Signature sig = createSignatureInstance();
    PublicKey publicKey = (PublicKey) key;
    try {
        int expectedSize = getSignatureByteArrayLength(alg);
        /**
         *
         * If the expected size is not valid for JOSE, fall back to ASN.1 DER signature.
         * This fallback is for backwards compatibility ONLY (to support tokens generated by previous versions of jjwt)
         * and backwards compatibility will possibly be removed in a future version of this library.
         *
         * **/
        byte[] derSignature = expectedSize != signature.length && signature[0] == 0x30 ? signature : EllipticCurveProvider.transcodeSignatureToDER(signature);
        return doVerify(sig, publicKey, data, derSignature);
    } catch (Exception e) {
        String msg = "Unable to verify Elliptic Curve signature using configured ECPublicKey. " + e.getMessage();
        throw new SignatureException(msg, e);
    }
}
 
Example #2
Source File: RsaSignatureValidator.java    From jjwt with Apache License 2.0 6 votes vote down vote up
@Override
public boolean isValid(byte[] data, byte[] signature) {
    if (key instanceof PublicKey) {
        Signature sig = createSignatureInstance();
        PublicKey publicKey = (PublicKey) key;
        try {
            return doVerify(sig, publicKey, data, signature);
        } catch (Exception e) {
            String msg = "Unable to verify RSA signature using configured PublicKey. " + e.getMessage();
            throw new SignatureException(msg, e);
        }
    } else {
        Assert.notNull(this.SIGNER, "RSA Signer instance cannot be null.  This is a bug.  Please report it.");
        byte[] computed = this.SIGNER.sign(data);
        return MessageDigest.isEqual(computed, signature);
    }
}
 
Example #3
Source File: JwtOperator.java    From light-security with Apache License 2.0 5 votes vote down vote up
/**
 * 从token中获取claim
 *
 * @param token token
 * @return claim
 */
public Claims getClaimsFromToken(String token) {
    try {
        return Jwts.parser()
                .setSigningKey(this.reactiveLightSecurityProperties.getJwt().getSecret().getBytes())
                .parseClaimsJws(token)
                .getBody();

    } catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | SignatureException | IllegalArgumentException e) {
        log.error("token解析错误", e);
        throw new LightSecurityException(HttpStatus.UNAUTHORIZED, "Token invalided.", e);
    }
}
 
Example #4
Source File: SignatureProvider.java    From jjwt with Apache License 2.0 5 votes vote down vote up
protected Signature createSignatureInstance() {
    try {
        return getSignatureInstance();
    } catch (NoSuchAlgorithmException e) {
        String msg = "Unavailable " + alg.getFamilyName() + " Signature algorithm '" + alg.getJcaName() + "'.";
        if (!alg.isJdkStandard() && !isBouncyCastleAvailable()) {
            msg += " This is not a standard JDK algorithm. Try including BouncyCastle in the runtime classpath.";
        }
        throw new SignatureException(msg, e);
    }
}
 
Example #5
Source File: EllipticCurveSigner.java    From jjwt with Apache License 2.0 5 votes vote down vote up
protected byte[] doSign(byte[] data) throws InvalidKeyException, java.security.SignatureException, JwtException {
    PrivateKey privateKey = (PrivateKey)key;
    Signature sig = createSignatureInstance();
    sig.initSign(privateKey);
    sig.update(data);
    return transcodeSignatureToConcat(sig.sign(), getSignatureByteArrayLength(alg));
}
 
Example #6
Source File: RsaSigner.java    From jjwt with Apache License 2.0 5 votes vote down vote up
protected byte[] doSign(byte[] data) throws InvalidKeyException, java.security.SignatureException {
    PrivateKey privateKey = (PrivateKey)key;
    Signature sig = createSignatureInstance();
    sig.initSign(privateKey);
    sig.update(data);
    return sig.sign();
}
 
Example #7
Source File: RsaProvider.java    From jjwt with Apache License 2.0 5 votes vote down vote up
protected void setParameter(Signature sig, PSSParameterSpec spec) {
    try {
        doSetParameter(sig, spec);
    } catch (InvalidAlgorithmParameterException e) {
        String msg = "Unsupported RSASSA-PSS parameter '" + spec + "': " + e.getMessage();
        throw new SignatureException(msg, e);
    }
}
 
Example #8
Source File: JwtOperator.java    From light-security with Apache License 2.0 5 votes vote down vote up
/**
 * 从token中获取claim
 *
 * @param token token
 * @return claim
 */
public Claims getClaimsFromToken(String token) {
    try {
        return Jwts.parser()
                .setSigningKey(this.lightSecurityProperties.getJwt().getSecret().getBytes())
                .parseClaimsJws(token)
                .getBody();

    } catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | SignatureException | IllegalArgumentException e) {
        log.error("token解析错误", e);
        throw new LightSecurityException("Token invalided.", e);
    }
}
 
Example #9
Source File: AuthenticationProviderToken.java    From pulsar with Apache License 2.0 5 votes vote down vote up
private SignatureAlgorithm getPublicKeyAlgType(ServiceConfiguration conf) throws IllegalArgumentException {
    if (conf.getProperty(CONF_TOKEN_PUBLIC_ALG) != null
            && StringUtils.isNotBlank((String) conf.getProperty(CONF_TOKEN_PUBLIC_ALG))) {
        String alg = (String) conf.getProperty(CONF_TOKEN_PUBLIC_ALG);
        try {
            return SignatureAlgorithm.forName(alg);
        } catch (SignatureException ex) {
            throw new IllegalArgumentException("invalid algorithm provided " + alg, ex);
        }
    } else {
        return SignatureAlgorithm.RS256;
    }
}
 
Example #10
Source File: ImmutableJwtParser.java    From jjwt with Apache License 2.0 4 votes vote down vote up
@Override
public Jwt parse(String jwt) throws ExpiredJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
    return this.jwtParser.parse(jwt);
}
 
Example #11
Source File: ImmutableJwtParser.java    From jjwt with Apache License 2.0 4 votes vote down vote up
@Override
public <T> T parse(String jwt, JwtHandler<T> handler) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
    return this.jwtParser.parse(jwt, handler);
}
 
Example #12
Source File: ImmutableJwtParser.java    From jjwt with Apache License 2.0 4 votes vote down vote up
@Override
public Jwt<Header, String> parsePlaintextJwt(String plaintextJwt) throws UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
    return this.jwtParser.parsePlaintextJwt(plaintextJwt);
}
 
Example #13
Source File: ImmutableJwtParser.java    From jjwt with Apache License 2.0 4 votes vote down vote up
@Override
public Jwt<Header, Claims> parseClaimsJwt(String claimsJwt) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
    return this.jwtParser.parseClaimsJwt(claimsJwt);
}
 
Example #14
Source File: ImmutableJwtParser.java    From jjwt with Apache License 2.0 4 votes vote down vote up
@Override
public Jws<String> parsePlaintextJws(String plaintextJws) throws UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
    return this.jwtParser.parsePlaintextJws(plaintextJws);
}
 
Example #15
Source File: ImmutableJwtParser.java    From jjwt with Apache License 2.0 4 votes vote down vote up
@Override
public Jws<Claims> parseClaimsJws(String claimsJws) throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException {
    return this.jwtParser.parseClaimsJws(claimsJws);
}
 
Example #16
Source File: EllipticCurveSignatureValidator.java    From jjwt with Apache License 2.0 4 votes vote down vote up
protected boolean doVerify(Signature sig, PublicKey publicKey, byte[] data, byte[] signature)
    throws InvalidKeyException, java.security.SignatureException {
    sig.initVerify(publicKey);
    sig.update(data);
    return sig.verify(signature);
}
 
Example #17
Source File: RsaSignatureValidator.java    From jjwt with Apache License 2.0 4 votes vote down vote up
protected boolean doVerify(Signature sig, PublicKey publicKey, byte[] data, byte[] signature)
    throws InvalidKeyException, java.security.SignatureException {
    sig.initVerify(publicKey);
    sig.update(data);
    return sig.verify(signature);
}
 
Example #18
Source File: JwtParser.java    From jjwt with Apache License 2.0 2 votes vote down vote up
/**
 * Parses the specified compact serialized JWT string based on the builder's current configuration state and
 * returns
 * the resulting unsigned plaintext JWT instance.
 * <p>
 * <p>This is a convenience method that is usable if you are confident that the compact string argument reflects an
 * unsigned Claims JWT. An unsigned Claims JWT has a {@link Claims} body and it is not cryptographically
 * signed.</p>
 * <p>
 * <p><b>If the compact string presented does not reflect an unsigned Claims JWT, an
 * {@link UnsupportedJwtException} will be thrown.</b></p>
 *
 * @param claimsJwt a compact serialized unsigned Claims JWT string.
 * @return the {@link Jwt Jwt} instance that reflects the specified compact JWT string.
 * @throws UnsupportedJwtException  if the {@code claimsJwt} argument does not represent an unsigned Claims JWT
 * @throws MalformedJwtException    if the {@code claimsJwt} string is not a valid JWT
 * @throws SignatureException       if the {@code claimsJwt} string is actually a JWS and signature validation
 *                                  fails
 * @throws ExpiredJwtException      if the specified JWT is a Claims JWT and the Claims has an expiration time
 *                                  before the time this method is invoked.
 * @throws IllegalArgumentException if the {@code claimsJwt} string is {@code null} or empty or only whitespace
 * @see #parsePlaintextJwt(String)
 * @see #parsePlaintextJws(String)
 * @see #parseClaimsJws(String)
 * @see #parse(String, JwtHandler)
 * @see #parse(String)
 * @since 0.2
 */
Jwt<Header, Claims> parseClaimsJwt(String claimsJwt)
    throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException;
 
Example #19
Source File: JwtParser.java    From jjwt with Apache License 2.0 2 votes vote down vote up
/**
 * Parses the specified compact serialized JWT string based on the builder's current configuration state and
 * returns the resulting JWT or JWS instance.
 * <p>
 * <p>This method returns a JWT or JWS based on the parsed string.  Because it may be cumbersome to determine if it
 * is a JWT or JWS, or if the body/payload is a Claims or String with {@code instanceof} checks, the
 * {@link #parse(String, JwtHandler) parse(String,JwtHandler)} method allows for a type-safe callback approach that
 * may help reduce code or instanceof checks.</p>
 *
 * @param jwt the compact serialized JWT to parse
 * @return the specified compact serialized JWT string based on the builder's current configuration state.
 * @throws MalformedJwtException    if the specified JWT was incorrectly constructed (and therefore invalid).
 *                                  Invalid
 *                                  JWTs should not be trusted and should be discarded.
 * @throws SignatureException       if a JWS signature was discovered, but could not be verified.  JWTs that fail
 *                                  signature validation should not be trusted and should be discarded.
 * @throws ExpiredJwtException      if the specified JWT is a Claims JWT and the Claims has an expiration time
 *                                  before the time this method is invoked.
 * @throws IllegalArgumentException if the specified string is {@code null} or empty or only whitespace.
 * @see #parse(String, JwtHandler)
 * @see #parsePlaintextJwt(String)
 * @see #parseClaimsJwt(String)
 * @see #parsePlaintextJws(String)
 * @see #parseClaimsJws(String)
 */
Jwt parse(String jwt) throws ExpiredJwtException, MalformedJwtException, SignatureException, IllegalArgumentException;
 
Example #20
Source File: JwtParser.java    From jjwt with Apache License 2.0 2 votes vote down vote up
/**
 * Parses the specified compact serialized JWT string based on the builder's current configuration state and
 * invokes the specified {@code handler} with the resulting JWT or JWS instance.
 * <p>
 * <p>If you are confident of the format of the JWT before parsing, you can create an anonymous subclass using the
 * {@link io.jsonwebtoken.JwtHandlerAdapter JwtHandlerAdapter} and override only the methods you know are relevant
 * for your use case(s), for example:</p>
 * <p>
 * <pre>
 * String compactJwt = request.getParameter("jwt"); //we are confident this is a signed JWS
 *
 * String subject = Jwts.parser().setSigningKey(key).parse(compactJwt, new JwtHandlerAdapter&lt;String&gt;() {
 *     &#64;Override
 *     public String onClaimsJws(Jws&lt;Claims&gt; jws) {
 *         return jws.getBody().getSubject();
 *     }
 * });
 * </pre>
 * <p>
 * <p>If you know the JWT string can be only one type of JWT, then it is even easier to invoke one of the
 * following convenience methods instead of this one:</p>
 * <p>
 * <ul>
 * <li>{@link #parsePlaintextJwt(String)}</li>
 * <li>{@link #parseClaimsJwt(String)}</li>
 * <li>{@link #parsePlaintextJws(String)}</li>
 * <li>{@link #parseClaimsJws(String)}</li>
 * </ul>
 *
 * @param jwt the compact serialized JWT to parse
 * @return the result returned by the {@code JwtHandler}
 * @throws MalformedJwtException    if the specified JWT was incorrectly constructed (and therefore invalid).
 *                                  Invalid JWTs should not be trusted and should be discarded.
 * @throws SignatureException       if a JWS signature was discovered, but could not be verified.  JWTs that fail
 *                                  signature validation should not be trusted and should be discarded.
 * @throws ExpiredJwtException      if the specified JWT is a Claims JWT and the Claims has an expiration time
 *                                  before the time this method is invoked.
 * @throws IllegalArgumentException if the specified string is {@code null} or empty or only whitespace, or if the
 *                                  {@code handler} is {@code null}.
 * @see #parsePlaintextJwt(String)
 * @see #parseClaimsJwt(String)
 * @see #parsePlaintextJws(String)
 * @see #parseClaimsJws(String)
 * @see #parse(String)
 * @since 0.2
 */
<T> T parse(String jwt, JwtHandler<T> handler)
    throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException;
 
Example #21
Source File: JwtParser.java    From jjwt with Apache License 2.0 2 votes vote down vote up
/**
 * Parses the specified compact serialized JWT string based on the builder's current configuration state and
 * returns
 * the resulting unsigned plaintext JWT instance.
 * <p>
 * <p>This is a convenience method that is usable if you are confident that the compact string argument reflects an
 * unsigned plaintext JWT. An unsigned plaintext JWT has a String (non-JSON) body payload and it is not
 * cryptographically signed.</p>
 * <p>
 * <p><b>If the compact string presented does not reflect an unsigned plaintext JWT with non-JSON string body,
 * an {@link UnsupportedJwtException} will be thrown.</b></p>
 *
 * @param plaintextJwt a compact serialized unsigned plaintext JWT string.
 * @return the {@link Jwt Jwt} instance that reflects the specified compact JWT string.
 * @throws UnsupportedJwtException  if the {@code plaintextJwt} argument does not represent an unsigned plaintext
 *                                  JWT
 * @throws MalformedJwtException    if the {@code plaintextJwt} string is not a valid JWT
 * @throws SignatureException       if the {@code plaintextJwt} string is actually a JWS and signature validation
 *                                  fails
 * @throws IllegalArgumentException if the {@code plaintextJwt} string is {@code null} or empty or only whitespace
 * @see #parseClaimsJwt(String)
 * @see #parsePlaintextJws(String)
 * @see #parseClaimsJws(String)
 * @see #parse(String, JwtHandler)
 * @see #parse(String)
 * @since 0.2
 */
Jwt<Header, String> parsePlaintextJwt(String plaintextJwt)
    throws UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException;
 
Example #22
Source File: JwtParser.java    From jjwt with Apache License 2.0 2 votes vote down vote up
/**
 * Parses the specified compact serialized JWS string based on the builder's current configuration state and
 * returns
 * the resulting plaintext JWS instance.
 * <p>
 * <p>This is a convenience method that is usable if you are confident that the compact string argument reflects a
 * plaintext JWS. A plaintext JWS is a JWT with a String (non-JSON) body (payload) that has been
 * cryptographically signed.</p>
 * <p>
 * <p><b>If the compact string presented does not reflect a plaintext JWS, an {@link UnsupportedJwtException}
 * will be thrown.</b></p>
 *
 * @param plaintextJws a compact serialized JWS string.
 * @return the {@link Jws Jws} instance that reflects the specified compact JWS string.
 * @throws UnsupportedJwtException  if the {@code plaintextJws} argument does not represent an plaintext JWS
 * @throws MalformedJwtException    if the {@code plaintextJws} string is not a valid JWS
 * @throws SignatureException       if the {@code plaintextJws} JWS signature validation fails
 * @throws IllegalArgumentException if the {@code plaintextJws} string is {@code null} or empty or only whitespace
 * @see #parsePlaintextJwt(String)
 * @see #parseClaimsJwt(String)
 * @see #parseClaimsJws(String)
 * @see #parse(String, JwtHandler)
 * @see #parse(String)
 * @since 0.2
 */
Jws<String> parsePlaintextJws(String plaintextJws)
    throws UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException;
 
Example #23
Source File: JwtParser.java    From jjwt with Apache License 2.0 2 votes vote down vote up
/**
 * Parses the specified compact serialized JWS string based on the builder's current configuration state and
 * returns
 * the resulting Claims JWS instance.
 * <p>
 * <p>This is a convenience method that is usable if you are confident that the compact string argument reflects a
 * Claims JWS. A Claims JWS is a JWT with a {@link Claims} body that has been cryptographically signed.</p>
 * <p>
 * <p><b>If the compact string presented does not reflect a Claims JWS, an {@link UnsupportedJwtException} will be
 * thrown.</b></p>
 *
 * @param claimsJws a compact serialized Claims JWS string.
 * @return the {@link Jws Jws} instance that reflects the specified compact Claims JWS string.
 * @throws UnsupportedJwtException  if the {@code claimsJws} argument does not represent an Claims JWS
 * @throws MalformedJwtException    if the {@code claimsJws} string is not a valid JWS
 * @throws SignatureException       if the {@code claimsJws} JWS signature validation fails
 * @throws ExpiredJwtException      if the specified JWT is a Claims JWT and the Claims has an expiration time
 *                                  before the time this method is invoked.
 * @throws IllegalArgumentException if the {@code claimsJws} string is {@code null} or empty or only whitespace
 * @see #parsePlaintextJwt(String)
 * @see #parseClaimsJwt(String)
 * @see #parsePlaintextJws(String)
 * @see #parse(String, JwtHandler)
 * @see #parse(String)
 * @since 0.2
 */
Jws<Claims> parseClaimsJws(String claimsJws)
    throws ExpiredJwtException, UnsupportedJwtException, MalformedJwtException, SignatureException, IllegalArgumentException;
 
Example #24
Source File: Signer.java    From jjwt with Apache License 2.0 votes vote down vote up
byte[] sign(byte[] data) throws SignatureException;