Java Code Examples for com.nimbusds.jwt.SignedJWT#getSignature()

The following examples show how to use com.nimbusds.jwt.SignedJWT#getSignature() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: JWTAuthenticationHandler.java    From registry with Apache License 2.0 6 votes vote down vote up
/**
 * Verify the signature of the JWT token in this method. This method depends
 * on the public key that was established during init based upon the
 * provisioned public key. Override this method in subclasses in order to
 * customize the signature verification behavior.
 *
 * @param jwtToken the token that contains the signature to be validated
 * @return valid true if signature verifies successfully; false otherwise
 */
protected boolean validateSignature(SignedJWT jwtToken) {
    boolean valid = false;
    if (JWSObject.State.SIGNED == jwtToken.getState()) {
        LOG.debug("JWT token is in a SIGNED state");
        if (jwtToken.getSignature() != null) {
            LOG.debug("JWT token signature is not null");
            try {
                JWSVerifier verifier = new RSASSAVerifier(publicKey);
                if (jwtToken.verify(verifier)) {
                    valid = true;
                    LOG.debug("JWT token has been successfully verified");
                } else {
                    LOG.warn("JWT signature verification failed.");
                }
            } catch (JOSEException je) {
                LOG.warn("Error while validating signature", je);
            }
        }
    }
    return valid;
}
 
Example 2
Source File: KnoxJwtRealm.java    From zeppelin with Apache License 2.0 6 votes vote down vote up
protected boolean validateSignature(SignedJWT jwtToken) {
  boolean valid = false;
  if (JWSObject.State.SIGNED == jwtToken.getState()) {
    if (jwtToken.getSignature() != null) {
      try {
        RSAPublicKey publicKey = parseRSAPublicKey(publicKeyPath);
        JWSVerifier verifier = new RSASSAVerifier(publicKey);
        if (verifier != null && jwtToken.verify(verifier)) {
          valid = true;
        }
      } catch (Exception e) {
        LOGGER.info("Exception in validateSignature", e);
      }
    }
  }
  return valid;
}
 
Example 3
Source File: KnoxService.java    From nifi with Apache License 2.0 6 votes vote down vote up
/**
 * Validate the jwt signature.
 *
 * @param jwtToken knox jwt
 * @return whether this jwt signature is valid
 * @throws JOSEException if the jws object couldn't be verified
 */
private boolean validateSignature(final SignedJWT jwtToken) throws JOSEException {
    boolean valid = false;

    // ensure the token is signed
    if (JWSObject.State.SIGNED.equals(jwtToken.getState())) {

        // ensure the signature is present
        if (jwtToken.getSignature() != null) {

            // verify the token
            valid = jwtToken.verify(verifier);
        }
    }

    if (!valid) {
        logger.error("The Knox JWT has an invalid signature.");
    }

    return valid;
}
 
Example 4
Source File: JwtLoginService.java    From cruise-control with BSD 2-Clause "Simplified" License 5 votes vote down vote up
private boolean validateSignature(SignedJWT jwtToken) {
  if (JWSObject.State.SIGNED != jwtToken.getState() || jwtToken.getSignature() == null) {
    return false;
  }
  JWSVerifier verifier = new RSASSAVerifier(_publicKey);
  try {
    return jwtToken.verify(verifier);
  } catch (JOSEException e) {
    JWT_LOGGER.warn("Couldn't verify the signature of a token", e);
    return false;
  }
}
 
Example 5
Source File: AtlasKnoxSSOAuthenticationFilter.java    From atlas with Apache License 2.0 5 votes vote down vote up
/**
 * Verify the signature of the JWT token in this method. This method depends
 * on the public key that was established during init based upon the
 * provisioned public key. Override this method in subclasses in order to
 * customize the signature verification behavior.
 *
 * @param jwtToken the token that contains the signature to be validated
 * @return valid true if signature verifies successfully; false otherwise
 */
protected boolean validateSignature(SignedJWT jwtToken) {
    boolean valid = false;
    if (JWSObject.State.SIGNED == jwtToken.getState()) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("SSO token is in a SIGNED state");
        }
        if (jwtToken.getSignature() != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("SSO token signature is not null");
            }
            try {
                if (verifier != null && jwtToken.verify(verifier)) {
                    valid = true;
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("SSO token has been successfully verified");
                    }
                } else {
                    LOG.warn("SSO signature verification failed.Please check the public key");
                }
            } catch (JOSEException je) {
                LOG.warn("Error while validating signature", je);
            } catch (Exception e) {
                LOG.warn("Error while validating signature", e);
            }
        }
    }
    return valid;
}
 
Example 6
Source File: AtlasKnoxSSOAuthenticationFilter.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
/**
 * Verify the signature of the JWT token in this method. This method depends
 * on the public key that was established during init based upon the
 * provisioned public key. Override this method in subclasses in order to
 * customize the signature verification behavior.
 *
 * @param jwtToken the token that contains the signature to be validated
 * @return valid true if signature verifies successfully; false otherwise
 */
protected boolean validateSignature(SignedJWT jwtToken) {
    boolean valid = false;
    if (JWSObject.State.SIGNED == jwtToken.getState()) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("SSO token is in a SIGNED state");
        }
        if (jwtToken.getSignature() != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("SSO token signature is not null");
            }
            try {
                if (verifier != null && jwtToken.verify(verifier)) {
                    valid = true;
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("SSO token has been successfully verified");
                    }
                } else {
                    LOG.warn("SSO signature verification failed.Please check the public key");
                }
            } catch (JOSEException je) {
                LOG.warn("Error while validating signature", je);
            } catch (Exception e) {
                LOG.warn("Error while validating signature", e);
            }
        }
    }
    return valid;
}
 
Example 7
Source File: KnoxSSOAuthenticationFilter.java    From metron with Apache License 2.0 5 votes vote down vote up
/**
 * Verify the signature of the JWT token in this method. This method depends on
 * the public key that was established during init based upon the provisioned
 * public key. Override this method in subclasses in order to customize the
 * signature verification behavior.
 *
 * @param jwtToken The token that contains the signature to be validated.
 * @return valid true if signature verifies successfully; false otherwise
 */
protected boolean validateSignature(SignedJWT jwtToken) {
  // Verify the token signature algorithm was as expected
  String receivedSigAlg = jwtToken.getHeader().getAlgorithm().getName();

  if (!receivedSigAlg.equals(JWSAlgorithm.RS256.getName())) {
    return false;
  }

  // Verify the token has been properly signed
  if (JWSObject.State.SIGNED == jwtToken.getState()) {
    LOG.debug("SSO token is in a SIGNED state");
    if (jwtToken.getSignature() != null) {
      LOG.debug("SSO token signature is not null");
      try {
        JWSVerifier verifier = getRSASSAVerifier();
        if (jwtToken.verify(verifier)) {
          LOG.debug("SSO token has been successfully verified");
          return true;
        } else {
          LOG.warn("SSO signature verification failed. Please check the public key.");
        }
      } catch (Exception e) {
        LOG.warn("Error while validating signature", e);
      }
    }
  }
  return false;
}
 
Example 8
Source File: RangerSSOAuthenticationFilter.java    From ranger with Apache License 2.0 5 votes vote down vote up
/**
 * Verify the signature of the JWT token in this method. This method depends
 * on the public key that was established during init based upon the
 * provisioned public key. Override this method in subclasses in order to
 * customize the signature verification behavior.
 *
 * @param jwtToken
 *            the token that contains the signature to be validated
 * @return valid true if signature verifies successfully; false otherwise
 */
protected boolean validateSignature(SignedJWT jwtToken) {
	boolean valid = false;
	if (JWSObject.State.SIGNED == jwtToken.getState()) {
		if (LOG.isDebugEnabled()) {
			LOG.debug("SSO token is in a SIGNED state");
		}
		if (jwtToken.getSignature() != null) {
			if (LOG.isDebugEnabled()) {
				LOG.debug("SSO token signature is not null");
			}
			try {
				JWSVerifier verifier = new RSASSAVerifier(publicKey);
				if (jwtToken.verify(verifier)) {
					valid = true;
					if (LOG.isDebugEnabled()) {
						LOG.debug("SSO token has been successfully verified");
					}
				} else {
					LOG.warn("SSO signature verification failed.Please check the public key");
				}
			} catch (JOSEException je) {
				LOG.warn("Error while validating signature", je);
			}catch(Exception e){
				LOG.warn("Error while validating signature", e);
			}
		}

		// Now check that the signature algorithm was as expected
		if (valid) {
		  String receivedSigAlg = jwtToken.getHeader().getAlgorithm().getName();
		  if (!receivedSigAlg.equals(jwtProperties.getExpectedSigAlg())) {
		    valid = false;
		  }
		}
	}
	return valid;
}