Java Code Examples for org.apache.cxf.rs.security.jose.jws.JwsUtils#getSignatureVerifier()
The following examples show how to use
org.apache.cxf.rs.security.jose.jws.JwsUtils#getSignatureVerifier() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ApacheCXFConsumer.java From cxf with Apache License 2.0 | 6 votes |
protected void consumeCompactJWS(String signedData, String plainText, JsonWebKeys keys) { // Validate Signature // 1. Read data to get key id (only need to do this if you don't know the key) JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(signedData); String kid = jwsConsumer.getJwsHeaders().getKeyId(); Assert.assertNotNull("Data does not contain kid header.", kid); // 2. Get key JsonWebKey key = keys.getKey(kid); Assert.assertNotNull("Data signed with unknown key", key); // 3. Verify SignatureAlgorithm signAlgo = jwsConsumer.getJwsHeaders().getSignatureAlgorithm(); Assert.assertNotNull("Signed data does not define algorithm used", signAlgo); JwsSignatureVerifier signatureVerifier = JwsUtils.getSignatureVerifier(key, signAlgo); Assert.assertTrue("Signature validation failed", jwsConsumer.verifySignatureWith(signatureVerifier)); // Validate plain text Assert.assertEquals(plainText, jwsConsumer.getDecodedJwsPayload()); }
Example 2
Source File: JwtVerifier.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
private JwsSignatureVerifier getInitializedSignatureVerifier(JsonWebKey key, JwtToken jwt) throws BadCredentialsException, JwtException { validateSignatureAlgorithm(key, jwt); JwsSignatureVerifier result = JwsUtils.getSignatureVerifier(key, jwt.getJwsHeaders().getSignatureAlgorithm()); if (result == null) { throw new BadCredentialsException("Cannot verify JWT"); } else { return result; } }
Example 3
Source File: DefaultJoseImpl.java From thorntail with Apache License 2.0 | 5 votes |
private JwsSignatureVerifier getJwsSignatureVerifier(Properties props, JwsHeaders headers) { if (config.acceptSignatureAlias()) { props.setProperty(JoseConstants.RSSEC_KEY_STORE_ALIAS, headers.getKeyId()); } if (isInlinedJwkSetAvailable()) { return JwsUtils.getSignatureVerifier(loadJsonWebKey(verificationKeyAlias())); } else { return JwsUtils.loadSignatureVerifier(props, headers); } }
Example 4
Source File: JwsJwksJwtAccessTokenValidator.java From cxf with Apache License 2.0 | 4 votes |
public JwsSignatureVerifier getJwsSignatureVerifier() { if (null == jwsSignatureVerifier) { jwsSignatureVerifier = JwsUtils.getSignatureVerifier(jsonWebKey); } return jwsSignatureVerifier; }
Example 5
Source File: OidcClaimsValidator.java From cxf with Apache License 2.0 | 4 votes |
@Override protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwt) { JsonWebKey key = null; if (supportSelfIssuedProvider && SELF_ISSUED_ISSUER.equals(jwt.getClaim("issuer"))) { String publicKeyJson = (String)jwt.getClaim("sub_jwk"); if (publicKeyJson != null) { JsonWebKey publicKey = JwkUtils.readJwkKey(publicKeyJson); String thumbprint = JwkUtils.getThumbprint(publicKey); if (thumbprint.equals(jwt.getClaim("sub"))) { key = publicKey; } } if (key == null) { throw new SecurityException("Self-issued JWK key is invalid or not available"); } } else { String keyId = jwt.getJwsHeaders().getKeyId(); key = keyId != null ? keyMap.get(keyId) : null; if (key == null && jwkSetClient != null) { JsonWebKeys keys = jwkSetClient.get(JsonWebKeys.class); if (keyId != null) { key = keys.getKey(keyId); } else if (keys.getKeys().size() == 1) { key = keys.getKeys().get(0); } //jwkSetClient returns the most up-to-date keys keyMap.clear(); keyMap.putAll(keys.getKeyIdMap()); } } JwsSignatureVerifier theJwsVerifier = null; if (key != null) { theJwsVerifier = JwsUtils.getSignatureVerifier(key, jwt.getJwsHeaders().getSignatureAlgorithm()); } else { theJwsVerifier = super.getInitializedSignatureVerifier(jwt.getJwsHeaders()); } if (theJwsVerifier == null) { throw new SecurityException("JWS Verifier is not available"); } return theJwsVerifier; }