Java Code Examples for org.apache.cxf.rs.security.jose.jws.JwsUtils#getSignatureVerifier()

The following examples show how to use org.apache.cxf.rs.security.jose.jws.JwsUtils#getSignatureVerifier() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ApacheCXFConsumer.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected void consumeCompactJWS(String signedData, String plainText, JsonWebKeys keys) {

        // Validate Signature

        // 1. Read data to get key id (only need to do this if you don't know the key)
        JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(signedData);
        String kid = jwsConsumer.getJwsHeaders().getKeyId();

        Assert.assertNotNull("Data does not contain kid header.", kid);

        // 2. Get key
        JsonWebKey key = keys.getKey(kid);
        Assert.assertNotNull("Data signed with unknown key", key);

        // 3. Verify
        SignatureAlgorithm signAlgo = jwsConsumer.getJwsHeaders().getSignatureAlgorithm();
        Assert.assertNotNull("Signed data does not define algorithm used", signAlgo);
        JwsSignatureVerifier signatureVerifier = JwsUtils.getSignatureVerifier(key, signAlgo);
        Assert.assertTrue("Signature validation failed", jwsConsumer.verifySignatureWith(signatureVerifier));

        // Validate plain text
        Assert.assertEquals(plainText, jwsConsumer.getDecodedJwsPayload());
    }
 
Example 2
Source File: JwtVerifier.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up
private JwsSignatureVerifier getInitializedSignatureVerifier(JsonWebKey key, JwtToken jwt)
		throws BadCredentialsException, JwtException {

    validateSignatureAlgorithm(key, jwt);
       JwsSignatureVerifier result = JwsUtils.getSignatureVerifier(key, jwt.getJwsHeaders().getSignatureAlgorithm());
	if (result == null) {
		throw new BadCredentialsException("Cannot verify JWT");
	} else {
		return result;
	}
}
 
Example 3
Source File: DefaultJoseImpl.java    From thorntail with Apache License 2.0 5 votes vote down vote up
private JwsSignatureVerifier getJwsSignatureVerifier(Properties props, JwsHeaders headers) {
    if (config.acceptSignatureAlias()) {
        props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId());
    }

    if (isInlinedJwkSetAvailable()) {
        return JwsUtils.getSignatureVerifier(loadJsonWebKey(verificationKeyAlias()));
    } else {
        return JwsUtils.loadSignatureVerifier(props, headers);
    }
}
 
Example 4
Source File: JwsJwksJwtAccessTokenValidator.java    From cxf with Apache License 2.0 4 votes vote down vote up
public JwsSignatureVerifier getJwsSignatureVerifier() {
    if (null == jwsSignatureVerifier) {
        jwsSignatureVerifier = JwsUtils.getSignatureVerifier(jsonWebKey);
    }
    return jwsSignatureVerifier;
}
 
Example 5
Source File: OidcClaimsValidator.java    From cxf with Apache License 2.0 4 votes vote down vote up
@Override
protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwt) {
    JsonWebKey key = null;
    if (supportSelfIssuedProvider && SELF_ISSUED_ISSUER.equals(jwt.getClaim("issuer"))) {
        String publicKeyJson = (String)jwt.getClaim("sub_jwk");
        if (publicKeyJson != null) {
            JsonWebKey publicKey = JwkUtils.readJwkKey(publicKeyJson);
            String thumbprint = JwkUtils.getThumbprint(publicKey);
            if (thumbprint.equals(jwt.getClaim("sub"))) {
                key = publicKey;
            }
        }
        if (key == null) {
            throw new SecurityException("Self-issued JWK key is invalid or not available");
        }
    } else {
        String keyId = jwt.getJwsHeaders().getKeyId();
        key = keyId != null ? keyMap.get(keyId) : null;
        if (key == null && jwkSetClient != null) {
            JsonWebKeys keys = jwkSetClient.get(JsonWebKeys.class);
            if (keyId != null) {
                key = keys.getKey(keyId);
            } else if (keys.getKeys().size() == 1) {
                key = keys.getKeys().get(0);
            }
            //jwkSetClient returns the most up-to-date keys
            keyMap.clear();
            keyMap.putAll(keys.getKeyIdMap());
        }
    }
    JwsSignatureVerifier theJwsVerifier = null;
    if (key != null) {
        theJwsVerifier = JwsUtils.getSignatureVerifier(key, jwt.getJwsHeaders().getSignatureAlgorithm());
    } else {
        theJwsVerifier = super.getInitializedSignatureVerifier(jwt.getJwsHeaders());
    }
    if (theJwsVerifier == null) {
        throw new SecurityException("JWS Verifier is not available");
    }

    return theJwsVerifier;
}