Java Code Examples for org.jose4j.jws.JsonWebSignature#setCompactSerialization()

The following examples show how to use org.jose4j.jws.JsonWebSignature#setCompactSerialization() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: DefaultCipherExecutor.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
/**
 * Verify signature.
 *
 * @param value the value
 * @return the value associated with the signature, which may have to
 * be decoded, or null.
 */
private String verifySignature(@NotNull final String value) {
    try {
        final JsonWebSignature jws = new JsonWebSignature();
        jws.setCompactSerialization(value);
        jws.setKey(this.secretKeySigningKey);
        final boolean verified = jws.verifySignature();
        if (verified) {
            logger.debug("Signature successfully verified. Payload is [{}]", jws.getPayload());
            return jws.getPayload();
        }
        return null;
    } catch (final Exception e) {
        throw new RuntimeException(e);
    }
}
 
Example 2
Source File: VerificationJwkSelectorTest.java    From Jose4j with Apache License 2.0 6 votes vote down vote up
@Test
public void noKidTestNovJwksEndpoint() throws JoseException
{
    // JSON content from https://connect-op.herokuapp.com/jwks.json on Jan 8, 2015
    String json = "{\"keys\":[" +
            "{\"kty\":\"RSA\"," +
            "\"e\":\"AQAB\"," +
            "\"n\":\"pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE-Yopfu3B58QlgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JBqaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9RfzT87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw\"" +
            ",\"use\":\"sig\"}]}";

    JsonWebKeySet jwks = new JsonWebKeySet(json);

    VerificationJwkSelector verificationJwkSelector = new VerificationJwkSelector();
    JsonWebSignature jws = new JsonWebSignature();
    jws.setCompactSerialization("eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2Nvbm5lY3Qtb3AuaGVyb2t1YXBwLmNvbSIsInN1YiI6IjZiOTYyYzk1Nzk4NThkNzJjNjY0M2FiZjhkN2E2ZWJjIiwiYXVkIjoiZGIwZTdmYTNmNmQwN2ZhMjYzMjZhNzE4NjQwMGVhOTEiLCJleHAiOjE0MjA3NTI0NzAsImlhdCI6MTQyMDczMDg3MCwibm9uY2UiOiJiOGU1OTlhM2JkYTRkNDExYzhiMDc0OGM1MGQwZjQxNyJ9.FNyq7K90vW7eLmsjzUPQ8eTnTreOWXVt_WKyqS686_D_kZ9tl3_uE3tKBw004XyFwMYd-4zWhvXaDPkhFGJ6BPy_woxnQdiTobNE-jyQscp6-6keg3QRkjV-Te7F48Pyfzl-lwvzhb76ygjuv7v_1Nf49fHZb-SiQ2KmapabHpIfVvuqTQ_MZjU613XJIW0tMqFv4__fgaZD-JU6qCkVbkXpvIMg_tZDafsipJ6ZYH9_9JuXQqjzmsM6vHN53MiQZaDtwb6nLDFln6YPqmVPXJV6SLvM_vn0g5w6jvmfsPGZL-xo-iqWbYtnMK-dX4HmnLpK4JVba_OnA9NQfj2DRQ");
    List<JsonWebKey> jsonWebKeys = jwks.getJsonWebKeys();
    List<JsonWebKey> selected = verificationJwkSelector.selectList(jws, jsonWebKeys);
    assertThat(1, equalTo(selected.size()));
    JsonWebKey jsonWebKey = selected.get(0);
    jws.setKey(jsonWebKey.getKey());
    assertTrue(jws.verifySignature());
}
 
Example 3
Source File: DefaultCipherExecutor.java    From nano-framework with Apache License 2.0 6 votes vote down vote up
/**
 * Verify signature.
 *
 * @param value the value
 * @return the value associated with the signature, which may have to
 * be decoded, or null.
 */
private String verifySignature(@NotNull final String value) {
    try {
        final JsonWebSignature jws = new JsonWebSignature();
        jws.setCompactSerialization(value);
        jws.setKey(this.secretKeySigningKey);
        final boolean verified = jws.verifySignature();
        if (verified) {
            LOGGER.debug("Signature successfully verified. Payload is [{}]", jws.getPayload());
            return jws.getPayload();
        }
        return null;
    } catch (final Exception e) {
        throw new RuntimeException(e);
    }
}
 
Example 4
Source File: JwtSignTest.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
private static JsonWebSignature getVerifiedJws(String jwt, Key key) throws Exception {
    JsonWebSignature jws = new JsonWebSignature();
    jws.setKey(key);
    jws.setCompactSerialization(jwt);
    Assert.assertTrue(jws.verifySignature());
    return jws;
}
 
Example 5
Source File: JwtClaimShortcutsTest.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
private static void verifyJwt(String jwt, String customClaim, String customValue) throws Exception {
    JsonWebSignature jws = new JsonWebSignature();
    jws.setKey(KeyUtils.readPublicKey("/publicKey.pem"));
    jws.setCompactSerialization(jwt);
    Assert.assertTrue(jws.verifySignature());
    JwtClaims claims = JwtClaims.parse(jws.getPayload());
    Assert.assertEquals(4, claims.getClaimsMap().size());
    Assert.assertEquals(customValue, claims.getClaimValue(customClaim));
    Assert.assertNotNull(claims.getIssuedAt());
    Assert.assertNotNull(claims.getExpirationTime());
    Assert.assertNotNull(claims.getJwtId());
}
 
Example 6
Source File: JwtClaimShortcutsTest.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
private static void verifyJwtWithIssuer(String jwt) throws Exception {
    JsonWebSignature jws = new JsonWebSignature();
    jws.setKey(KeyUtils.readPublicKey("/publicKey.pem"));
    jws.setCompactSerialization(jwt);
    Assert.assertTrue(jws.verifySignature());
    JwtClaims claims = JwtClaims.parse(jws.getPayload());
    Assert.assertEquals(4, claims.getClaimsMap().size());
    Assert.assertEquals("iss", claims.getIssuer());
    Assert.assertNotNull(claims.getIssuedAt());
    Assert.assertNotNull(claims.getExpirationTime());
    Assert.assertNotNull(claims.getJwtId());
}
 
Example 7
Source File: JwtClaimShortcutsTest.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
private static void verifyJwtWithArray(String jwt, String customClaim, String customValue) throws Exception {
    JsonWebSignature jws = new JsonWebSignature();
    jws.setKey(KeyUtils.readPublicKey("/publicKey.pem"));
    jws.setCompactSerialization(jwt);
    Assert.assertTrue(jws.verifySignature());
    JwtClaims claims = JwtClaims.parse(jws.getPayload());
    Assert.assertEquals(4, claims.getClaimsMap().size());
    @SuppressWarnings("unchecked")
    List<String> list = (List<String>) claims.getClaimValue(customClaim);
    Assert.assertEquals(1, list.size());
    Assert.assertEquals(customValue, list.get(0));
    Assert.assertNotNull(claims.getIssuedAt());
    Assert.assertNotNull(claims.getExpirationTime());
    Assert.assertNotNull(claims.getJwtId());
}
 
Example 8
Source File: JwtSignEncryptTest.java    From smallrye-jwt with Apache License 2.0 5 votes vote down vote up
private static JsonWebSignature getVerifiedJws(String jwt, Key key) throws Exception {
    JsonWebSignature jws = new JsonWebSignature();
    jws.setCompactSerialization(jwt);
    jws.setKey(key);
    if (key == null) {
        jws.setAlgorithmConstraints(AlgorithmConstraints.ALLOW_ONLY_NONE);
    }
    Assert.assertTrue(jws.verifySignature());
    return jws;
}
 
Example 9
Source File: OpenIDConnectAuthenticator.java    From java with Apache License 2.0 5 votes vote down vote up
@Override
public boolean isExpired(Map<String, Object> config) {
  String idToken = (String) config.get(OIDC_ID_TOKEN);

  if (idToken == null) {
    return true;
  } else {
    JsonWebSignature jws = new JsonWebSignature();
    try {
      jws.setCompactSerialization(idToken);
      // we don't care if its valid or not cryptographicly as the only way to verify is to query
      // the remote identity provider's configuration url which is the same chanel as the token
      // request.  If there is a malicious proxy there's no way for the client to know.  Also,
      // the client doesn't need to trust the, token, only bear it to the server which will verify
      // it.

      String jwt = jws.getUnverifiedPayload();
      JwtClaims claims = JwtClaims.parse(jwt);

      // expired now is >= expiration AND exp is present
      return claims.getExpirationTime() == null
          || NumericDate.now().isOnOrAfter(claims.getExpirationTime());
    } catch (JoseException | InvalidJwtException | MalformedClaimException e) {
      throw new RuntimeException(e);
    }
  }
}
 
Example 10
Source File: ExamplesTest.java    From Jose4j with Apache License 2.0 5 votes vote down vote up
@Test
public void jwsVerificationExample() throws JoseException
{
    //
    // An example of signature verification using JSON Web Signature (JWS)
    //

    // The complete JWS representation, or compact serialization, is string consisting of
    // three dot ('.') separated base64url-encoded parts in the form Header.Payload.Signature
    String compactSerialization = "eyJhbGciOiJFUzI1NiJ9." +
            "VGhpcyBpcyBzb21lIHRleHQgdGhhdCBpcyB0byBiZSBzaWduZWQu." +
            "GHiNd8EgKa-2A4yJLHyLCqlwoSxwqv2rzGrvUTxczTYDBeUHUwQRB3P0dp_DALL0jQIDz2vQAT_cnWTIW98W_A";

    // Create a new JsonWebSignature
    JsonWebSignature jws = new JsonWebSignature();

    // Set the compact serialization on the JWS
    jws.setCompactSerialization(compactSerialization);

    // Set the verification key
    // Note that your application will need to determine where/how to get the key
    // Here we use an example from the JWS spec
    PublicKey publicKey = ExampleEcKeysFromJws.PUBLIC_256;
    jws.setKey(publicKey);

    // Check the signature
    boolean signatureVerified = jws.verifySignature();

    // Do something useful with the result of signature verification
    System.out.println("JWS Signature is valid: " + signatureVerified);

    // Get the payload, or signed content, from the JWS
    String payload = jws.getPayload();

    // Do something useful with the content
    System.out.println("JWS payload: " + payload);
}
 
Example 11
Source File: ExamplesTest.java    From Jose4j with Apache License 2.0 4 votes vote down vote up
@Test
public void parseJwksAndVerifyJwsExample() throws JoseException
{
    //
    // An example of signature verification using JSON Web Signature (JWS)
    // where the verification key is obtained from a JSON Web Key Set document.
    //

    // A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a
    // cryptographic key (often but not always a public key). A JSON Web Key Set (JWK Set) document
    // is a JSON data structure for representing one or more JSON Web Keys (JWK). A JWK Set might,
    // for example, be obtained from an HTTPS endpoint controlled by the signer but this example
    // presumes the JWK Set JSONhas already been acquired by some secure/trusted means.
    String jsonWebKeySetJson = "{\"keys\":[" +
            "{\"kty\":\"EC\",\"use\":\"sig\"," +
             "\"kid\":\"the key\"," +
             "\"x\":\"amuk6RkDZi-48mKrzgBN_zUZ_9qupIwTZHJjM03qL-4\"," +
             "\"y\":\"ZOESj6_dpPiZZR-fJ-XVszQta28Cjgti7JudooQJ0co\",\"crv\":\"P-256\"}," +
            "{\"kty\":\"EC\",\"use\":\"sig\"," +
            " \"kid\":\"other key\"," +
             "\"x\":\"eCNZgiEHUpLaCNgYIcvWzfyBlzlaqEaWbt7RFJ4nIBA\"," +
             "\"y\":\"UujFME4pNk-nU4B9h4hsetIeSAzhy8DesBgWppiHKPM\",\"crv\":\"P-256\"}]}";

    // The complete JWS representation, or compact serialization, is string consisting of
    // three dot ('.') separated base64url-encoded parts in the form Header.Payload.Signature
    String compactSerialization = "eyJhbGciOiJFUzI1NiIsImtpZCI6InRoZSBrZXkifQ." +
            "UEFZTE9BRCE."+
            "Oq-H1lk5G0rl6oyNM3jR5S0-BZQgTlamIKMApq3RX8Hmh2d2XgB4scvsMzGvE-OlEmDY9Oy0YwNGArLpzXWyjw";

    // Create a new JsonWebSignature object
    JsonWebSignature jws = new JsonWebSignature();

    // Set the compact serialization on the JWS
    jws.setCompactSerialization(compactSerialization);

    // Create a new JsonWebKeySet object with the JWK Set JSON
    JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(jsonWebKeySetJson);

    // The JWS header contains information indicating which key was used to secure the JWS.
    // In this case (as will hopefully often be the case) the JWS Key ID
    // corresponds directly to the Key ID in the JWK Set.
    // The VerificationJwkSelector looks at Key ID, Key Type, designated use (signatures vs. encryption),
    // and the designated algorithm in order to select the appropriate key for verification from
    // a set of JWKs.
    VerificationJwkSelector jwkSelector = new VerificationJwkSelector();
    JsonWebKey jwk = jwkSelector.select(jws, jsonWebKeySet.getJsonWebKeys());

    // The verification key on the JWS is the public key from the JWK we pulled from the JWK Set.
    jws.setKey(jwk.getKey());

    // Check the signature
    boolean signatureVerified = jws.verifySignature();

    // Do something useful with the result of signature verification
    System.out.println("JWS Signature is valid: " + signatureVerified);

    // Get the payload, or signed content, from the JWS
    String payload = jws.getPayload();

    // Do something useful with the content
    System.out.println("JWS payload: " + payload);
}
 
Example 12
Source File: ExamplesFromOpenIdConnectTest.java    From Jose4j with Apache License 2.0 4 votes vote down vote up
@Test
public void verifySignedRequestObject() throws Exception
{
    // OpenID Connect Core 1.0 - draft 15
    // 5.1.  Passing a Request Object by Value has a JWS JWT with a JWK
    String requestObject = 
            "eyJhbGciOiJSUzI1NiJ9.ew0KICJyZXNwb25zZV90eXBlIjogImNvZGUgaWRfdG9rZW" +
            "4iLA0KICJjbGllbnRfaWQiOiAiczZCaGRSa3F0MyIsDQogInJlZGlyZWN0X3VyaSI6I" +
            "CJodHRwczovL2NsaWVudC5leGFtcGxlLm9yZy9jYiIsDQogInNjb3BlIjogIm9wZW5p" +
            "ZCIsDQogInN0YXRlIjogImFmMGlmanNsZGtqIiwNCiAibm9uY2UiOiAibi0wUzZfV3p" +
            "BMk1qIiwNCiAibWF4X2FnZSI6IDg2NDAwLA0KICJjbGFpbXMiOiANCiAgew0KICAgIn" +
            "VzZXJpbmZvIjogDQogICAgew0KICAgICAiZ2l2ZW5fbmFtZSI6IHsiZXNzZW50aWFsI" +
            "jogdHJ1ZX0sDQogICAgICJuaWNrbmFtZSI6IG51bGwsDQogICAgICJlbWFpbCI6IHsi" +
            "ZXNzZW50aWFsIjogdHJ1ZX0sDQogICAgICJlbWFpbF92ZXJpZmllZCI6IHsiZXNzZW5" +
            "0aWFsIjogdHJ1ZX0sDQogICAgICJwaWN0dXJlIjogbnVsbA0KICAgIH0sDQogICAiaW" +
            "RfdG9rZW4iOiANCiAgICB7DQogICAgICJnZW5kZXIiOiBudWxsLA0KICAgICAiYmlyd" +
            "GhkYXRlIjogeyJlc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgImFjciI6IHsidmFsdWVz" +
            "IjogWyIyIl19DQogICAgfQ0KICB9DQp9.bOD4rUiQfzh4QPIs_f_R2GVBhNHcc1p2cQ" +
            "TgixB1tsYRs52xW4TO74USgb-nii3RPsLdfoPlsEbJLmtbxG8-TQBHqGAyZxMDPWy3p" +
            "hjeRt9ApDRnLQrjYuvsCj6byu9TVaKX9r1KDFGT-HLqUNlUTpYtCyM2B2rLkWM08ufB" +
            "q9JBCEzzaLRzjevYEPMaoLAOjb8LPuYOYTBqshRMUxy4Z380-FJ2Lc7VSfSu6HcB2nL" +
            "SjiKrrfI35xkRJsaSSmjasMYeDZarYCl7r4o17rFclk5KacYMYgAs-JYFkwab6Dd56Z" +
            "rAzakHt9cExMpg04lQIux56C-Qk6dAsB6W6W91AQ";

    String jwkJson = "{" +
            "   \"kty\":\"RSA\"," +
            "   \"n\":\"y9Lqv4fCp6Ei-u2-ZCKq83YvbFEk6JMs_pSj76eMkddWRuWX2aBKGHAtKlE5P" +
            "        7_vn__PCKZWePt3vGkB6ePgzAFu08NmKemwE5bQI0e6kIChtt_6KzT5OaaXDF" +
            "        I6qCLJmk51Cc4VYFaxgqevMncYrzaW_50mZ1yGSFIQzLYP8bijAHGVjdEFgZa" +
            "        ZEN9lsn_GdWLaJpHrB3ROlS50E45wxrlg9xMncVb8qDPuXZarvghLL0HzOuYR" +
            "        adBJVoWZowDNTpKpk2RklZ7QaBO7XDv3uR7s_sf2g-bAjSYxYUGsqkNA9b3xV" +
            "        W53am_UZZ3tZbFTIh557JICWKHlWj5uzeJXaw\"," +
            "   \"e\":\"AQAB\"" +
            "  }";

    JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);

    JsonWebSignature jws = new JsonWebSignature();
    jws.setCompactSerialization(requestObject);
    jws.setKey(jwk.getKey());
    assertThat(jws.verifySignature(), is(true));

    JwtConsumer jwtConsumer = new JwtConsumerBuilder()
            .setVerificationKey(jwk.getKey())
            .build();

    JwtClaims jwtClaims = jwtConsumer.processToClaims(requestObject);
    assertThat("https://client.example.org/cb", equalTo(jwtClaims.getStringClaimValue("redirect_uri")));
}
 
Example 13
Source File: ExamplesFromOpenIdConnectTest.java    From Jose4j with Apache License 2.0 4 votes vote down vote up
@Test
public void verifyIdTokens() throws JoseException, InvalidJwtException, MalformedClaimException
{
    // OpenID Connect Core 1.0 - draft 15
    // Appendix A.  Authorization Examples has several singed ID Tokens and a JWK
    String idTokenA2 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3Nlc" +
            "nZlci5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KI" +
            "CJhdWQiOiAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNa" +
            "iIsDQogImV4cCI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsD" +
            "QogIm5hbWUiOiAiSmFuZSBEb2UiLA0KICJnaXZlbl9uYW1lIjogIkphbmUiL" +
            "A0KICJmYW1pbHlfbmFtZSI6ICJEb2UiLA0KICJnZW5kZXIiOiAiZmVtYWxlI" +
            "iwNCiAiYmlydGhkYXRlIjogIjAwMDAtMTAtMzEiLA0KICJlbWFpbCI6ICJqY" +
            "W5lZG9lQGV4YW1wbGUuY29tIiwNCiAicGljdHVyZSI6ICJodHRwOi8vZXhhb" +
            "XBsZS5jb20vamFuZWRvZS9tZS5qcGciDQp9.Bgdr1pzosIrnnnpIekmJ7ooe" +
            "DbXuA2AkwfMf90Po2TrMcl3NQzUE_9dcr9r8VOuk4jZxNpV5kCu0RwqqF11-" +
            "6pQ2KQx_ys2i0arLikdResxvJlZzSm_UG6-21s97IaXC97vbnTCcpAkokSe8" +
            "Uik6f8-U61zVmCBMJnpvnxEJllfV8fYldo8lWCqlOngScEbFQUh4fzRsH8O3" +
            "Znr20UZib4V4mGZqYPtPDVGTeu8xkty1t0aK-wEhbm6Hi-TQTi4kltJlw47M" +
            "cSVgF_8SswaGcW6Bf_954ir_ddi4Nexo9RBiWu4n3JMNcQvZU5xMPhu-EF-6" +
            "_nJNotp-lbnBUyxTSg";

    String idTokenA3 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3NlcnZlc" +
            "i5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KICJhdWQiO" +
            "iAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNaiIsDQogImV4c" +
            "CI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsDQogImF0X2hhc2giO" +
            "iAiNzdRbVVQdGpQZnpXdEYyQW5wSzlSUSINCn0.g7UR4IDBNIjoPFV8exQCosUNV" +
            "eh8bNUTeL4wdQp-2WXIWnly0_4ZK0sh4A4uddfenzo4Cjh4wuPPrSw6lMeujYbGy" +
            "zKspJrRYL3iiYWc2VQcl8RKdHPz_G-7yf5enut1YE8v7PhKucPJCRRoobMjqD73f" +
            "1nJNwQ9KBrfh21Ggbx1p8hNqQeeLLXb9b63JD84hVOXwyHmmcVgvZskge-wExwnh" +
            "Ivv_cxTzxIXsSxcYlh3d9hnu0wdxPZOGjT0_nNZJxvdIwDD4cAT_LE5Ae447qB90" +
            "ZF89Nmb0Oj2b1GdGVQEIr8-FXrHlyD827f0N_hLYPdZ73YK6p10qY9oRtMimg";

    String idTokenA4 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3NlcnZlc" +
            "i5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KICJhdWQiO" +
            "iAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNaiIsDQogImV4c" +
            "CI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsDQogImNfaGFzaCI6I" +
            "CJMRGt0S2RvUWFrM1BrMGNuWHhDbHRBIg0KfQ.dAVXerlNOJ_tqMUysD_k1Q_bRX" +
            "RJbLkTOsCPVxpKUis5V6xMRvtjfRg8gUfPuAMYrKQMEqZZmL87Hxkv6cFKavb4ft" +
            "BUrY2qUnrvqe_bNjVEz89QSdxGmdFwSTgFVGWkDf5dV5eIiRxXfIkmlgCltPNocR" +
            "AyvdNrsWC661rHz5F9MzBho2vgi5epUa_KAl6tK4ksgl68pjZqlBqsWfTbGEsWQX" +
            "Efu664dJkdXMLEnsPUeQQLjMhLH7qpZk2ry0nRx0sS1mRwOM_Q0Xmps0vOkNn284" +
            "pMUpmWEAjqklWITgtVYXOzF4ilbmZK6ONpFyKCpnSkAYtTEuqz-m7MoLCD_A";


    String idTokenA6 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3NlcnZlc" +
            "i5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KICJhdWQiO" +
            "iAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNaiIsDQogImV4c" +
            "CI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsDQogImF0X2hhc2giO" +
            "iAiNzdRbVVQdGpQZnpXdEYyQW5wSzlSUSIsDQogImNfaGFzaCI6ICJMRGt0S2RvU" +
            "WFrM1BrMGNuWHhDbHRBIg0KfQ.JQthrBsOirujair9aD5gj1Yd5qEv0j4fhLgl8h" +
            "3RaH3soYhwPOiN2Iy_yb7wMCO6I3bPoGJc3zCkpjgUtdB4O2eEhFqXHdwnE4c0oV" +
            "TaTHJi_PdV2ox9g-1ikDB0ckWk0f0SzBd7yM2RoYYxJCiGBQlsSSRQz6ehykonI3" +
            "hLAhXFdpfbK-3_a3HBNKOv_9Mr_JJrz2pqSygk5IBNvwzf1ouVeM91KKvr7EdriK" +
            "N8ysk68fctbFAga1p8rE3cfBOX7Acn4p9QSNpUx0i_x4WHktyKDvH_hLdUw91Fql" +
            "_UOgMP_9h8TYdkAjcq8n1tFzaO7kVaazlZ5SM32J7OSDgNSA";

    String jwkJson = "  {" +
            "   \"kty\":\"RSA\"," +
            "   \"n\":\"zhEWTBJVTfcUeqnMzOQFMCEVQWOyOUZwP8LrBWh88tKrZyPGCvBkTDp-E2Bzy" +
            "        HMQV4pK51Uys2YOwzL9se5THDWMda9rtsCJVcj1V7WaE7wPgl-kIIdWWf4o2g" +
            "       6ZszOy_Fp4q0nG3OTtDRCkBu2iEP21j82pRSRrkCBxnzaChflA7KZbI1n_yhK" +
            "       txyA7FdA480LaSVZyKApvrKiYhocACSwf0y6CQ-wkEi6mVXRJt1aBSywlLYA0" +
            "       8ojp5hkZQ39eCM2k1EdXdhbar998Q9PZTwXA1cfvuGTZbDWxEKLjMKVuKrT1Y" +
            "        vs-2NTXhZAW1KjFS_3UwLkDk-w4dVN-x5tDnw\"," +
            "   \"e\":\"AQAB\"" +
            "  }";

    JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);

    for (String idToken : new String[] {idTokenA2, idTokenA3, idTokenA4, idTokenA6})
    {
        JsonWebSignature jws = new JsonWebSignature();
        jws.setCompactSerialization(idToken);
        jws.setKey(jwk.getKey());
        assertThat(jws.verifySignature(), is(true));

        JwtConsumer jwtConsumer = new JwtConsumerBuilder()
                .setExpectedIssuer("http://server.example.com")
                .setExpectedAudience("s6BhdRkqt3")
                .setRequireSubject()
                .setEvaluationTime(NumericDate.fromSeconds(1311280978))
                .setVerificationKey(jwk.getKey())
                .build();

        JwtClaims jwtClaims = jwtConsumer.processToClaims(idToken);
        assertThat("248289761001", equalTo(jwtClaims.getSubject()));
    }
}
 
Example 14
Source File: JoseCookbookTest.java    From Jose4j with Apache License 2.0 4 votes vote down vote up
@Test
public void ecdsaSignature_4_3() throws JoseException
{
    String jwkJson = 
            "{\n" +
            "  \"kty\": \"EC\",\n" +
            "  \"kid\": \"bilbo.baggins@hobbiton.example\",\n" +
            "  \"use\": \"sig\",\n" +
            "  \"crv\": \"P-521\",\n" +
            "  \"x\": \"AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9\n" +
            "      A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt\",\n" +
            "  \"y\": \"AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy\n" +
            "      SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1\",\n" +
            "  \"d\": \"AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb\n" +
            "      KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt\"\n" +
            "}";


    String jwsCompactSerialization =
            "eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX" +
            "hhbXBsZSJ9" +
            "." +
            "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH" +
            "lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk" +
            "b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm" +
            "UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4" +
            "." +
            "AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb" +
            "u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv" +
            "AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2";

    String alg = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;

    // verify consuming the JWS
    JsonWebSignature jws = new JsonWebSignature();
    jws.setCompactSerialization(jwsCompactSerialization);
    JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);

    jws.setKey(jwk.getKey());
    assertThat(jws.getUnverifiedPayload(), equalTo(jwsPayload));

    assertThat(jws.verifySignature(), is(true));
    assertThat(jws.getPayload(), equalTo(jwsPayload));

    assertThat(jws.getKeyIdHeaderValue(), equalTo(jwk.getKeyId()));
    assertThat(alg, equalTo(jws.getAlgorithmHeaderValue()));

    // can't really verify reproducing ECDSA
}