Java Code Examples for org.jose4j.jws.JsonWebSignature#setCompactSerialization()
The following examples show how to use
org.jose4j.jws.JsonWebSignature#setCompactSerialization() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DefaultCipherExecutor.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
|
/**
* Verify signature.
*
* @param value the value
* @return the value associated with the signature, which may have to
* be decoded, or null.
*/
private String verifySignature(@NotNull final String value) {
try {
final JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(value);
jws.setKey(this.secretKeySigningKey);
final boolean verified = jws.verifySignature();
if (verified) {
logger.debug("Signature successfully verified. Payload is [{}]", jws.getPayload());
return jws.getPayload();
}
return null;
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
Example 2
| Source File: VerificationJwkSelectorTest.java From Jose4j with Apache License 2.0 | 6 votes |
|
@Test
public void noKidTestNovJwksEndpoint() throws JoseException
{
// JSON content from https://connect-op.herokuapp.com/jwks.json on Jan 8, 2015
String json = "{\"keys\":[" +
"{\"kty\":\"RSA\"," +
"\"e\":\"AQAB\"," +
"\"n\":\"pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE-Yopfu3B58QlgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JBqaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9RfzT87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw\"" +
",\"use\":\"sig\"}]}";
JsonWebKeySet jwks = new JsonWebKeySet(json);
VerificationJwkSelector verificationJwkSelector = new VerificationJwkSelector();
JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization("eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2Nvbm5lY3Qtb3AuaGVyb2t1YXBwLmNvbSIsInN1YiI6IjZiOTYyYzk1Nzk4NThkNzJjNjY0M2FiZjhkN2E2ZWJjIiwiYXVkIjoiZGIwZTdmYTNmNmQwN2ZhMjYzMjZhNzE4NjQwMGVhOTEiLCJleHAiOjE0MjA3NTI0NzAsImlhdCI6MTQyMDczMDg3MCwibm9uY2UiOiJiOGU1OTlhM2JkYTRkNDExYzhiMDc0OGM1MGQwZjQxNyJ9.FNyq7K90vW7eLmsjzUPQ8eTnTreOWXVt_WKyqS686_D_kZ9tl3_uE3tKBw004XyFwMYd-4zWhvXaDPkhFGJ6BPy_woxnQdiTobNE-jyQscp6-6keg3QRkjV-Te7F48Pyfzl-lwvzhb76ygjuv7v_1Nf49fHZb-SiQ2KmapabHpIfVvuqTQ_MZjU613XJIW0tMqFv4__fgaZD-JU6qCkVbkXpvIMg_tZDafsipJ6ZYH9_9JuXQqjzmsM6vHN53MiQZaDtwb6nLDFln6YPqmVPXJV6SLvM_vn0g5w6jvmfsPGZL-xo-iqWbYtnMK-dX4HmnLpK4JVba_OnA9NQfj2DRQ");
List<JsonWebKey> jsonWebKeys = jwks.getJsonWebKeys();
List<JsonWebKey> selected = verificationJwkSelector.selectList(jws, jsonWebKeys);
assertThat(1, equalTo(selected.size()));
JsonWebKey jsonWebKey = selected.get(0);
jws.setKey(jsonWebKey.getKey());
assertTrue(jws.verifySignature());
}
Example 3
| Source File: DefaultCipherExecutor.java From nano-framework with Apache License 2.0 | 6 votes |
|
/**
* Verify signature.
*
* @param value the value
* @return the value associated with the signature, which may have to
* be decoded, or null.
*/
private String verifySignature(@NotNull final String value) {
try {
final JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(value);
jws.setKey(this.secretKeySigningKey);
final boolean verified = jws.verifySignature();
if (verified) {
LOGGER.debug("Signature successfully verified. Payload is [{}]", jws.getPayload());
return jws.getPayload();
}
return null;
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
Example 4
| Source File: JwtSignTest.java From smallrye-jwt with Apache License 2.0 | 5 votes |
|
private static JsonWebSignature getVerifiedJws(String jwt, Key key) throws Exception {
JsonWebSignature jws = new JsonWebSignature();
jws.setKey(key);
jws.setCompactSerialization(jwt);
Assert.assertTrue(jws.verifySignature());
return jws;
}
Example 5
| Source File: JwtClaimShortcutsTest.java From smallrye-jwt with Apache License 2.0 | 5 votes |
|
private static void verifyJwt(String jwt, String customClaim, String customValue) throws Exception {
JsonWebSignature jws = new JsonWebSignature();
jws.setKey(KeyUtils.readPublicKey("/publicKey.pem"));
jws.setCompactSerialization(jwt);
Assert.assertTrue(jws.verifySignature());
JwtClaims claims = JwtClaims.parse(jws.getPayload());
Assert.assertEquals(4, claims.getClaimsMap().size());
Assert.assertEquals(customValue, claims.getClaimValue(customClaim));
Assert.assertNotNull(claims.getIssuedAt());
Assert.assertNotNull(claims.getExpirationTime());
Assert.assertNotNull(claims.getJwtId());
}
Example 6
| Source File: JwtClaimShortcutsTest.java From smallrye-jwt with Apache License 2.0 | 5 votes |
|
private static void verifyJwtWithIssuer(String jwt) throws Exception {
JsonWebSignature jws = new JsonWebSignature();
jws.setKey(KeyUtils.readPublicKey("/publicKey.pem"));
jws.setCompactSerialization(jwt);
Assert.assertTrue(jws.verifySignature());
JwtClaims claims = JwtClaims.parse(jws.getPayload());
Assert.assertEquals(4, claims.getClaimsMap().size());
Assert.assertEquals("iss", claims.getIssuer());
Assert.assertNotNull(claims.getIssuedAt());
Assert.assertNotNull(claims.getExpirationTime());
Assert.assertNotNull(claims.getJwtId());
}
Example 7
| Source File: JwtClaimShortcutsTest.java From smallrye-jwt with Apache License 2.0 | 5 votes |
|
private static void verifyJwtWithArray(String jwt, String customClaim, String customValue) throws Exception {
JsonWebSignature jws = new JsonWebSignature();
jws.setKey(KeyUtils.readPublicKey("/publicKey.pem"));
jws.setCompactSerialization(jwt);
Assert.assertTrue(jws.verifySignature());
JwtClaims claims = JwtClaims.parse(jws.getPayload());
Assert.assertEquals(4, claims.getClaimsMap().size());
@SuppressWarnings("unchecked")
List<String> list = (List<String>) claims.getClaimValue(customClaim);
Assert.assertEquals(1, list.size());
Assert.assertEquals(customValue, list.get(0));
Assert.assertNotNull(claims.getIssuedAt());
Assert.assertNotNull(claims.getExpirationTime());
Assert.assertNotNull(claims.getJwtId());
}
Example 8
| Source File: JwtSignEncryptTest.java From smallrye-jwt with Apache License 2.0 | 5 votes |
|
private static JsonWebSignature getVerifiedJws(String jwt, Key key) throws Exception {
JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(jwt);
jws.setKey(key);
if (key == null) {
jws.setAlgorithmConstraints(AlgorithmConstraints.ALLOW_ONLY_NONE);
}
Assert.assertTrue(jws.verifySignature());
return jws;
}
Example 9
| Source File: OpenIDConnectAuthenticator.java From java with Apache License 2.0 | 5 votes |
|
@Override
public boolean isExpired(Map<String, Object> config) {
String idToken = (String) config.get(OIDC_ID_TOKEN);
if (idToken == null) {
return true;
} else {
JsonWebSignature jws = new JsonWebSignature();
try {
jws.setCompactSerialization(idToken);
// we don't care if its valid or not cryptographicly as the only way to verify is to query
// the remote identity provider's configuration url which is the same chanel as the token
// request. If there is a malicious proxy there's no way for the client to know. Also,
// the client doesn't need to trust the, token, only bear it to the server which will verify
// it.
String jwt = jws.getUnverifiedPayload();
JwtClaims claims = JwtClaims.parse(jwt);
// expired now is >= expiration AND exp is present
return claims.getExpirationTime() == null
|| NumericDate.now().isOnOrAfter(claims.getExpirationTime());
} catch (JoseException | InvalidJwtException | MalformedClaimException e) {
throw new RuntimeException(e);
}
}
}
Example 10
| Source File: ExamplesTest.java From Jose4j with Apache License 2.0 | 5 votes |
|
@Test
public void jwsVerificationExample() throws JoseException
{
//
// An example of signature verification using JSON Web Signature (JWS)
//
// The complete JWS representation, or compact serialization, is string consisting of
// three dot ('.') separated base64url-encoded parts in the form Header.Payload.Signature
String compactSerialization = "eyJhbGciOiJFUzI1NiJ9." +
"VGhpcyBpcyBzb21lIHRleHQgdGhhdCBpcyB0byBiZSBzaWduZWQu." +
"GHiNd8EgKa-2A4yJLHyLCqlwoSxwqv2rzGrvUTxczTYDBeUHUwQRB3P0dp_DALL0jQIDz2vQAT_cnWTIW98W_A";
// Create a new JsonWebSignature
JsonWebSignature jws = new JsonWebSignature();
// Set the compact serialization on the JWS
jws.setCompactSerialization(compactSerialization);
// Set the verification key
// Note that your application will need to determine where/how to get the key
// Here we use an example from the JWS spec
PublicKey publicKey = ExampleEcKeysFromJws.PUBLIC_256;
jws.setKey(publicKey);
// Check the signature
boolean signatureVerified = jws.verifySignature();
// Do something useful with the result of signature verification
System.out.println("JWS Signature is valid: " + signatureVerified);
// Get the payload, or signed content, from the JWS
String payload = jws.getPayload();
// Do something useful with the content
System.out.println("JWS payload: " + payload);
}
Example 11
| Source File: ExamplesTest.java From Jose4j with Apache License 2.0 | 4 votes |
|
@Test
public void parseJwksAndVerifyJwsExample() throws JoseException
{
//
// An example of signature verification using JSON Web Signature (JWS)
// where the verification key is obtained from a JSON Web Key Set document.
//
// A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a
// cryptographic key (often but not always a public key). A JSON Web Key Set (JWK Set) document
// is a JSON data structure for representing one or more JSON Web Keys (JWK). A JWK Set might,
// for example, be obtained from an HTTPS endpoint controlled by the signer but this example
// presumes the JWK Set JSONhas already been acquired by some secure/trusted means.
String jsonWebKeySetJson = "{\"keys\":[" +
"{\"kty\":\"EC\",\"use\":\"sig\"," +
"\"kid\":\"the key\"," +
"\"x\":\"amuk6RkDZi-48mKrzgBN_zUZ_9qupIwTZHJjM03qL-4\"," +
"\"y\":\"ZOESj6_dpPiZZR-fJ-XVszQta28Cjgti7JudooQJ0co\",\"crv\":\"P-256\"}," +
"{\"kty\":\"EC\",\"use\":\"sig\"," +
" \"kid\":\"other key\"," +
"\"x\":\"eCNZgiEHUpLaCNgYIcvWzfyBlzlaqEaWbt7RFJ4nIBA\"," +
"\"y\":\"UujFME4pNk-nU4B9h4hsetIeSAzhy8DesBgWppiHKPM\",\"crv\":\"P-256\"}]}";
// The complete JWS representation, or compact serialization, is string consisting of
// three dot ('.') separated base64url-encoded parts in the form Header.Payload.Signature
String compactSerialization = "eyJhbGciOiJFUzI1NiIsImtpZCI6InRoZSBrZXkifQ." +
"UEFZTE9BRCE."+
"Oq-H1lk5G0rl6oyNM3jR5S0-BZQgTlamIKMApq3RX8Hmh2d2XgB4scvsMzGvE-OlEmDY9Oy0YwNGArLpzXWyjw";
// Create a new JsonWebSignature object
JsonWebSignature jws = new JsonWebSignature();
// Set the compact serialization on the JWS
jws.setCompactSerialization(compactSerialization);
// Create a new JsonWebKeySet object with the JWK Set JSON
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(jsonWebKeySetJson);
// The JWS header contains information indicating which key was used to secure the JWS.
// In this case (as will hopefully often be the case) the JWS Key ID
// corresponds directly to the Key ID in the JWK Set.
// The VerificationJwkSelector looks at Key ID, Key Type, designated use (signatures vs. encryption),
// and the designated algorithm in order to select the appropriate key for verification from
// a set of JWKs.
VerificationJwkSelector jwkSelector = new VerificationJwkSelector();
JsonWebKey jwk = jwkSelector.select(jws, jsonWebKeySet.getJsonWebKeys());
// The verification key on the JWS is the public key from the JWK we pulled from the JWK Set.
jws.setKey(jwk.getKey());
// Check the signature
boolean signatureVerified = jws.verifySignature();
// Do something useful with the result of signature verification
System.out.println("JWS Signature is valid: " + signatureVerified);
// Get the payload, or signed content, from the JWS
String payload = jws.getPayload();
// Do something useful with the content
System.out.println("JWS payload: " + payload);
}
Example 12
| Source File: ExamplesFromOpenIdConnectTest.java From Jose4j with Apache License 2.0 | 4 votes |
|
@Test
public void verifySignedRequestObject() throws Exception
{
// OpenID Connect Core 1.0 - draft 15
// 5.1. Passing a Request Object by Value has a JWS JWT with a JWK
String requestObject =
"eyJhbGciOiJSUzI1NiJ9.ew0KICJyZXNwb25zZV90eXBlIjogImNvZGUgaWRfdG9rZW" +
"4iLA0KICJjbGllbnRfaWQiOiAiczZCaGRSa3F0MyIsDQogInJlZGlyZWN0X3VyaSI6I" +
"CJodHRwczovL2NsaWVudC5leGFtcGxlLm9yZy9jYiIsDQogInNjb3BlIjogIm9wZW5p" +
"ZCIsDQogInN0YXRlIjogImFmMGlmanNsZGtqIiwNCiAibm9uY2UiOiAibi0wUzZfV3p" +
"BMk1qIiwNCiAibWF4X2FnZSI6IDg2NDAwLA0KICJjbGFpbXMiOiANCiAgew0KICAgIn" +
"VzZXJpbmZvIjogDQogICAgew0KICAgICAiZ2l2ZW5fbmFtZSI6IHsiZXNzZW50aWFsI" +
"jogdHJ1ZX0sDQogICAgICJuaWNrbmFtZSI6IG51bGwsDQogICAgICJlbWFpbCI6IHsi" +
"ZXNzZW50aWFsIjogdHJ1ZX0sDQogICAgICJlbWFpbF92ZXJpZmllZCI6IHsiZXNzZW5" +
"0aWFsIjogdHJ1ZX0sDQogICAgICJwaWN0dXJlIjogbnVsbA0KICAgIH0sDQogICAiaW" +
"RfdG9rZW4iOiANCiAgICB7DQogICAgICJnZW5kZXIiOiBudWxsLA0KICAgICAiYmlyd" +
"GhkYXRlIjogeyJlc3NlbnRpYWwiOiB0cnVlfSwNCiAgICAgImFjciI6IHsidmFsdWVz" +
"IjogWyIyIl19DQogICAgfQ0KICB9DQp9.bOD4rUiQfzh4QPIs_f_R2GVBhNHcc1p2cQ" +
"TgixB1tsYRs52xW4TO74USgb-nii3RPsLdfoPlsEbJLmtbxG8-TQBHqGAyZxMDPWy3p" +
"hjeRt9ApDRnLQrjYuvsCj6byu9TVaKX9r1KDFGT-HLqUNlUTpYtCyM2B2rLkWM08ufB" +
"q9JBCEzzaLRzjevYEPMaoLAOjb8LPuYOYTBqshRMUxy4Z380-FJ2Lc7VSfSu6HcB2nL" +
"SjiKrrfI35xkRJsaSSmjasMYeDZarYCl7r4o17rFclk5KacYMYgAs-JYFkwab6Dd56Z" +
"rAzakHt9cExMpg04lQIux56C-Qk6dAsB6W6W91AQ";
String jwkJson = "{" +
" \"kty\":\"RSA\"," +
" \"n\":\"y9Lqv4fCp6Ei-u2-ZCKq83YvbFEk6JMs_pSj76eMkddWRuWX2aBKGHAtKlE5P" +
" 7_vn__PCKZWePt3vGkB6ePgzAFu08NmKemwE5bQI0e6kIChtt_6KzT5OaaXDF" +
" I6qCLJmk51Cc4VYFaxgqevMncYrzaW_50mZ1yGSFIQzLYP8bijAHGVjdEFgZa" +
" ZEN9lsn_GdWLaJpHrB3ROlS50E45wxrlg9xMncVb8qDPuXZarvghLL0HzOuYR" +
" adBJVoWZowDNTpKpk2RklZ7QaBO7XDv3uR7s_sf2g-bAjSYxYUGsqkNA9b3xV" +
" W53am_UZZ3tZbFTIh557JICWKHlWj5uzeJXaw\"," +
" \"e\":\"AQAB\"" +
" }";
JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);
JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(requestObject);
jws.setKey(jwk.getKey());
assertThat(jws.verifySignature(), is(true));
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setVerificationKey(jwk.getKey())
.build();
JwtClaims jwtClaims = jwtConsumer.processToClaims(requestObject);
assertThat("https://client.example.org/cb", equalTo(jwtClaims.getStringClaimValue("redirect_uri")));
}
Example 13
| Source File: ExamplesFromOpenIdConnectTest.java From Jose4j with Apache License 2.0 | 4 votes |
|
@Test
public void verifyIdTokens() throws JoseException, InvalidJwtException, MalformedClaimException
{
// OpenID Connect Core 1.0 - draft 15
// Appendix A. Authorization Examples has several singed ID Tokens and a JWK
String idTokenA2 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3Nlc" +
"nZlci5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KI" +
"CJhdWQiOiAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNa" +
"iIsDQogImV4cCI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsD" +
"QogIm5hbWUiOiAiSmFuZSBEb2UiLA0KICJnaXZlbl9uYW1lIjogIkphbmUiL" +
"A0KICJmYW1pbHlfbmFtZSI6ICJEb2UiLA0KICJnZW5kZXIiOiAiZmVtYWxlI" +
"iwNCiAiYmlydGhkYXRlIjogIjAwMDAtMTAtMzEiLA0KICJlbWFpbCI6ICJqY" +
"W5lZG9lQGV4YW1wbGUuY29tIiwNCiAicGljdHVyZSI6ICJodHRwOi8vZXhhb" +
"XBsZS5jb20vamFuZWRvZS9tZS5qcGciDQp9.Bgdr1pzosIrnnnpIekmJ7ooe" +
"DbXuA2AkwfMf90Po2TrMcl3NQzUE_9dcr9r8VOuk4jZxNpV5kCu0RwqqF11-" +
"6pQ2KQx_ys2i0arLikdResxvJlZzSm_UG6-21s97IaXC97vbnTCcpAkokSe8" +
"Uik6f8-U61zVmCBMJnpvnxEJllfV8fYldo8lWCqlOngScEbFQUh4fzRsH8O3" +
"Znr20UZib4V4mGZqYPtPDVGTeu8xkty1t0aK-wEhbm6Hi-TQTi4kltJlw47M" +
"cSVgF_8SswaGcW6Bf_954ir_ddi4Nexo9RBiWu4n3JMNcQvZU5xMPhu-EF-6" +
"_nJNotp-lbnBUyxTSg";
String idTokenA3 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3NlcnZlc" +
"i5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KICJhdWQiO" +
"iAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNaiIsDQogImV4c" +
"CI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsDQogImF0X2hhc2giO" +
"iAiNzdRbVVQdGpQZnpXdEYyQW5wSzlSUSINCn0.g7UR4IDBNIjoPFV8exQCosUNV" +
"eh8bNUTeL4wdQp-2WXIWnly0_4ZK0sh4A4uddfenzo4Cjh4wuPPrSw6lMeujYbGy" +
"zKspJrRYL3iiYWc2VQcl8RKdHPz_G-7yf5enut1YE8v7PhKucPJCRRoobMjqD73f" +
"1nJNwQ9KBrfh21Ggbx1p8hNqQeeLLXb9b63JD84hVOXwyHmmcVgvZskge-wExwnh" +
"Ivv_cxTzxIXsSxcYlh3d9hnu0wdxPZOGjT0_nNZJxvdIwDD4cAT_LE5Ae447qB90" +
"ZF89Nmb0Oj2b1GdGVQEIr8-FXrHlyD827f0N_hLYPdZ73YK6p10qY9oRtMimg";
String idTokenA4 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3NlcnZlc" +
"i5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KICJhdWQiO" +
"iAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNaiIsDQogImV4c" +
"CI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsDQogImNfaGFzaCI6I" +
"CJMRGt0S2RvUWFrM1BrMGNuWHhDbHRBIg0KfQ.dAVXerlNOJ_tqMUysD_k1Q_bRX" +
"RJbLkTOsCPVxpKUis5V6xMRvtjfRg8gUfPuAMYrKQMEqZZmL87Hxkv6cFKavb4ft" +
"BUrY2qUnrvqe_bNjVEz89QSdxGmdFwSTgFVGWkDf5dV5eIiRxXfIkmlgCltPNocR" +
"AyvdNrsWC661rHz5F9MzBho2vgi5epUa_KAl6tK4ksgl68pjZqlBqsWfTbGEsWQX" +
"Efu664dJkdXMLEnsPUeQQLjMhLH7qpZk2ry0nRx0sS1mRwOM_Q0Xmps0vOkNn284" +
"pMUpmWEAjqklWITgtVYXOzF4ilbmZK6ONpFyKCpnSkAYtTEuqz-m7MoLCD_A";
String idTokenA6 = "eyJhbGciOiJSUzI1NiJ9.ew0KICJpc3MiOiAiaHR0cDovL3NlcnZlc" +
"i5leGFtcGxlLmNvbSIsDQogInN1YiI6ICIyNDgyODk3NjEwMDEiLA0KICJhdWQiO" +
"iAiczZCaGRSa3F0MyIsDQogIm5vbmNlIjogIm4tMFM2X1d6QTJNaiIsDQogImV4c" +
"CI6IDEzMTEyODE5NzAsDQogImlhdCI6IDEzMTEyODA5NzAsDQogImF0X2hhc2giO" +
"iAiNzdRbVVQdGpQZnpXdEYyQW5wSzlSUSIsDQogImNfaGFzaCI6ICJMRGt0S2RvU" +
"WFrM1BrMGNuWHhDbHRBIg0KfQ.JQthrBsOirujair9aD5gj1Yd5qEv0j4fhLgl8h" +
"3RaH3soYhwPOiN2Iy_yb7wMCO6I3bPoGJc3zCkpjgUtdB4O2eEhFqXHdwnE4c0oV" +
"TaTHJi_PdV2ox9g-1ikDB0ckWk0f0SzBd7yM2RoYYxJCiGBQlsSSRQz6ehykonI3" +
"hLAhXFdpfbK-3_a3HBNKOv_9Mr_JJrz2pqSygk5IBNvwzf1ouVeM91KKvr7EdriK" +
"N8ysk68fctbFAga1p8rE3cfBOX7Acn4p9QSNpUx0i_x4WHktyKDvH_hLdUw91Fql" +
"_UOgMP_9h8TYdkAjcq8n1tFzaO7kVaazlZ5SM32J7OSDgNSA";
String jwkJson = " {" +
" \"kty\":\"RSA\"," +
" \"n\":\"zhEWTBJVTfcUeqnMzOQFMCEVQWOyOUZwP8LrBWh88tKrZyPGCvBkTDp-E2Bzy" +
" HMQV4pK51Uys2YOwzL9se5THDWMda9rtsCJVcj1V7WaE7wPgl-kIIdWWf4o2g" +
" 6ZszOy_Fp4q0nG3OTtDRCkBu2iEP21j82pRSRrkCBxnzaChflA7KZbI1n_yhK" +
" txyA7FdA480LaSVZyKApvrKiYhocACSwf0y6CQ-wkEi6mVXRJt1aBSywlLYA0" +
" 8ojp5hkZQ39eCM2k1EdXdhbar998Q9PZTwXA1cfvuGTZbDWxEKLjMKVuKrT1Y" +
" vs-2NTXhZAW1KjFS_3UwLkDk-w4dVN-x5tDnw\"," +
" \"e\":\"AQAB\"" +
" }";
JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);
for (String idToken : new String[] {idTokenA2, idTokenA3, idTokenA4, idTokenA6})
{
JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(idToken);
jws.setKey(jwk.getKey());
assertThat(jws.verifySignature(), is(true));
JwtConsumer jwtConsumer = new JwtConsumerBuilder()
.setExpectedIssuer("http://server.example.com")
.setExpectedAudience("s6BhdRkqt3")
.setRequireSubject()
.setEvaluationTime(NumericDate.fromSeconds(1311280978))
.setVerificationKey(jwk.getKey())
.build();
JwtClaims jwtClaims = jwtConsumer.processToClaims(idToken);
assertThat("248289761001", equalTo(jwtClaims.getSubject()));
}
}
Example 14
| Source File: JoseCookbookTest.java From Jose4j with Apache License 2.0 | 4 votes |
|
@Test
public void ecdsaSignature_4_3() throws JoseException
{
String jwkJson =
"{\n" +
" \"kty\": \"EC\",\n" +
" \"kid\": \"[email protected]\",\n" +
" \"use\": \"sig\",\n" +
" \"crv\": \"P-521\",\n" +
" \"x\": \"AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9\n" +
" A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt\",\n" +
" \"y\": \"AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVy\n" +
" SsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1\",\n" +
" \"d\": \"AAhRON2r9cqXX1hg-RoI6R1tX5p2rUAYdmpHZoC1XNM56KtscrX6zb\n" +
" KipQrCW9CGZH3T4ubpnoTKLDYJ_fF3_rJt\"\n" +
"}";
String jwsCompactSerialization =
"eyJhbGciOiJFUzUxMiIsImtpZCI6ImJpbGJvLmJhZ2dpbnNAaG9iYml0b24uZX" +
"hhbXBsZSJ9" +
"." +
"SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IH" +
"lvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBk" +
"b24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcm" +
"UgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4" +
"." +
"AE_R_YZCChjn4791jSQCrdPZCNYqHXCTZH0-JZGYNlaAjP2kqaluUIIUnC9qvb" +
"u9Plon7KRTzoNEuT4Va2cmL1eJAQy3mtPBu_u_sDDyYjnAMDxXPn7XrT0lw-kv" +
"AD890jl8e2puQens_IEKBpHABlsbEPX6sFY8OcGDqoRuBomu9xQ2";
String alg = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;
// verify consuming the JWS
JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(jwsCompactSerialization);
JsonWebKey jwk = JsonWebKey.Factory.newJwk(jwkJson);
jws.setKey(jwk.getKey());
assertThat(jws.getUnverifiedPayload(), equalTo(jwsPayload));
assertThat(jws.verifySignature(), is(true));
assertThat(jws.getPayload(), equalTo(jwsPayload));
assertThat(jws.getKeyIdHeaderValue(), equalTo(jwk.getKeyId()));
assertThat(alg, equalTo(jws.getAlgorithmHeaderValue()));
// can't really verify reproducing ECDSA
}
