本文整理汇总了Java中com.nimbusds.jose.crypto.RSASSAVerifier类的典型用法代码示例。如果您正苦于以下问题:Java RSASSAVerifier类的具体用法?Java RSASSAVerifier怎么用?Java RSASSAVerifier使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
RSASSAVerifier类属于com.nimbusds.jose.crypto包,在下文中一共展示了RSASSAVerifier类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: retrieveUsernamePasswordFromLoginToken
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
/**
* retrieves username and password from JSON web tocken
*
* @param token - the serialized JSON web token from login
* @return username and password (combined by ":")
*/
public static String retrieveUsernamePasswordFromLoginToken(String token) {
JWEObject jweObject;
try {
jweObject = JWEObject.parse(token);
// Decrypt with shared key
jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
// Extract payload
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
RSAKey serverPublicKey = RSAKey.parse(signedJWT.getHeader().getJWK().toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(serverPublicKey))) {
//Token is valid
String username = signedJWT.getJWTClaimsSet().getSubject();
String password = signedJWT.getJWTClaimsSet().getStringClaim("password");
return username + ":" + password;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
示例2: testRolesEndpointToJWTString
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
/**
*
* @throws Exception
*/
@Test
public void testRolesEndpointToJWTString() throws Exception {
// Transform the JSON content into a signed JWT
String jwt = TokenUtils.generateTokenString("/Token1.json");
System.out.println(jwt);
/* Note that if you try to validate this token string via jwt.io debugger, you need to take the
/publicKey.pem contents, and use
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
rather than the:
-----BEGIN RSA PUBLIC KEY-----
...
-----END RSA PUBLIC KEY-----
in the file.
*/
// Validate the string via Nimbus
SignedJWT signedJWT = SignedJWT.parse(jwt);
PublicKey publicKey = TokenUtils.readPublicKey("/publicKey.pem");
Assert.assertTrue(publicKey instanceof RSAPublicKey, "publicKey isa RSAPublicKey");
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey)publicKey);
Assert.assertTrue(signedJWT.verify(verifier));
}
示例3: validateSignature
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
/**
* Verify the signature of the JWT token in this method. This method depends
* on the public key that was established during init based upon the
* provisioned public key. Override this method in subclasses in order to
* customize the signature verification behavior.
*
* @param jwtToken the token that contains the signature to be validated
* @return valid true if signature verifies successfully; false otherwise
*/
protected boolean validateSignature(SignedJWT jwtToken) {
boolean valid = false;
if (JWSObject.State.SIGNED == jwtToken.getState()) {
LOG.debug("JWT token is in a SIGNED state");
if (jwtToken.getSignature() != null) {
LOG.debug("JWT token signature is not null");
try {
JWSVerifier verifier = new RSASSAVerifier(publicKey);
if (jwtToken.verify(verifier)) {
valid = true;
LOG.debug("JWT token has been successfully verified");
} else {
LOG.warn("JWT signature verification failed.");
}
} catch (JOSEException je) {
LOG.warn("Error while validating signature", je);
}
}
}
return valid;
}
示例4: parseAndVerifyToken
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
public SignedJWT parseAndVerifyToken(String jwtString) throws WebApiClientException {
try {
SignedJWT signedJWT = SignedJWT.parse(jwtString);
JWSVerifier verifier = new RSASSAVerifier(jwtConfig.getRSAPublicKey());
if (signedJWT.verify(verifier)) {
JWTClaimsSet claimsSet = signedJWT.getJWTClaimsSet();
if (claimsSet.getAudience().contains(jwtConfig.getServiceUUID()) &&
claimsSet.getIssuer().equalsIgnoreCase(JwtUtil.ISSUER)) {
return signedJWT;
}
}
} catch (ParseException | JOSEException e) {
throw new WebApiClientException(e.getMessage());
}
throw new WebApiClientException("Authorization token cannot be verified");
}
示例5: retrievePublicKeyFromLoginToken
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
/**
* retrieves the client public key from Login Token
*
* @param token - the serialized JSON Web Token from login
* @return the public key as JWK object
*/
public static JWK retrievePublicKeyFromLoginToken(String token) {
JWK result = null;
JWEObject jweObject;
try {
jweObject = JWEObject.parse(token);
// Decrypt with shared key
jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
// Extract payload
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
result = signedJWT.getHeader().getJWK();
RSAKey publicKey = RSAKey.parse(result.toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(publicKey))) {
return result;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
示例6: verifyTokenRSA
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
public static boolean verifyTokenRSA( PublicKey pKey, String token )
{
try
{
Payload pl = new Payload( token );
JWSObject jwsObject = new JWSObject( new JWSHeader( JWSAlgorithm.RS256 ), pl );
JWSVerifier verifier = new RSASSAVerifier( ( RSAPublicKey ) pKey );
return jwsObject.verify( verifier );
}
catch ( JOSEException e )
{
LOG.warn( "Error verifying RSA token", e.getMessage() );
return false;
}
}
示例7: validateSignature
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
protected boolean validateSignature(SignedJWT jwtToken) {
boolean valid = false;
if (JWSObject.State.SIGNED == jwtToken.getState()) {
if (jwtToken.getSignature() != null) {
try {
RSAPublicKey publicKey = parseRSAPublicKey(publicKeyPath);
JWSVerifier verifier = new RSASSAVerifier(publicKey);
if (verifier != null && jwtToken.verify(verifier)) {
valid = true;
}
} catch (Exception e) {
LOGGER.info("Exception in validateSignature", e);
}
}
}
return valid;
}
示例8: verifySignature
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
private boolean verifySignature(String jwt) {
try {
SignedJWT signedJWT = SignedJWT.parse(jwt);
if (new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime())) {
JWSVerifier verifier =
new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS));
return signedJWT.verify(verifier);
} else {
log.info("Token has expired");
}
} catch (ParseException | IOException | KeyStoreException | CertificateException |
NoSuchAlgorithmException | UnrecoverableKeyException | JOSEException e) {
log.error("Error occurred while JWT signature verification. JWT=" + jwt, e);
}
return false;
}
示例9: extractAppIdFromIdToken
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
private String extractAppIdFromIdToken(String token) {
String appId = null;
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
try {
keyStoreManager.getDefaultPrimaryCertificate();
JWSVerifier verifier =
new RSASSAVerifier((RSAPublicKey) keyStoreManager.getDefaultPublicKey());
SignedJWT jwsObject = SignedJWT.parse(token);
if (jwsObject.verify(verifier)) {
appId = jwsObject.getJWTClaimsSet().getStringClaim("appId");
}
} catch (Exception e) {
String message = "Could not extract application id from id token";
log.error(message, e);
}
return appId;
}
示例10: setKeyPair
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
public void setKeyPair(KeyPair keyPair) {
PrivateKey privateKey = keyPair.getPrivate();
signer = new RSASSASigner(privateKey);
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
verifier = new RSASSAVerifier(publicKey);
verifierKey = "-----BEGIN PUBLIC KEY-----\n"
+ Base64Utils.encodeToString(publicKey.getEncoded())
+ "\n-----END PUBLIC KEY-----";
}
示例11: authenticate
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
Authentication authenticationResult = authenticationManager
.authenticate(authentication);
if (authenticationResult.isAuthenticated()) {
// validates nonce because JWT is already valid
if (authentication instanceof PoPAuthenticationToken) {
PoPAuthenticationToken popAuthentication = (PoPAuthenticationToken) authentication;
// starts validating nonce here
String nonce = popAuthentication.getNonce();
if (nonce == null) {
throw new UnapprovedClientAuthenticationException(
"This request does not have a valid signed nonce");
}
String token = (String) popAuthentication.getPrincipal();
System.out.println("access token:" + token);
try {
JWT jwt = JWTParser.parse(token);
String publicKey = jwt.getJWTClaimsSet().getClaim("public_key").toString();
JWK jwk = JWK.parse(publicKey);
JWSObject jwsNonce = JWSObject.parse(nonce);
JWSVerifier verifier = new RSASSAVerifier((RSAKey) jwk);
if (!jwsNonce.verify(verifier)) {
throw new InvalidTokenException("Client hasn't possession of given token");
}
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
return authenticationResult;
}
示例12: retrieveCredential
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
@Override
public JWTCredential retrieveCredential(String token) {
JWTCredential result = null;
try {
JWSObject jws = JWSObject.parse(token);
String apiKey = jws.getHeader().getKeyID();
if (apiKey != null && keys.contains(apiKey)) {
RSAKey rsaKey = (RSAKey) jwkSet.getKeyByKeyId(apiKey).toPublicJWK();
JWSVerifier verifier = new RSASSAVerifier(rsaKey);
if (jws.verify(verifier)) {
JWTClaimsSet claimsSet = JWTClaimsSet.parse(jws.getPayload().toJSONObject());
// Verify time validity of token.
Date creationTime = claimsSet.getIssueTime();
Date expirationTime = claimsSet.getExpirationTime();
Date now = new Date();
long validityPeriod = expirationTime.getTime() - creationTime.getTime();
if (creationTime.before(now) && now.before(expirationTime) && validityPeriod < 120000 /*2 minutes*/) {
JSONObject realmAccess = (JSONObject) claimsSet.getClaim("realm_access");
JSONArray rolesArray = (JSONArray) realmAccess.get("roles");
Set<String> roles = new HashSet<>();
rolesArray.forEach(r -> roles.add(r.toString()));
result = new JWTCredential(claimsSet.getSubject(), roles);
}
}
}
} catch (ParseException | JOSEException e) {
; // Token is not valid
}
return result;
}
示例13: verify
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
@Override
public boolean verify(final SignedJWT jwt) throws JOSEException {
init();
CommonHelper.assertNotNull("publicKey", publicKey);
final JWSVerifier verifier = new RSASSAVerifier(this.publicKey);
return jwt.verify(verifier);
}
示例14: retrievePublicKeyFromAuthenticationToken
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
/**
* retrieves the client public key from Authentication Token
*
* @param signedJWT - the authentication token
* @return the public key as JWK object
*/
public static JWK retrievePublicKeyFromAuthenticationToken(SignedJWT signedJWT) {
JWK result = null;
try {
result = JWK.parse(signedJWT.getJWTClaimsSet().getJSONObjectClaim("sub_jwk"));
RSAKey publicKey = (RSAKey) signedJWT.getHeader().getJWK();
if (signedJWT.verify(new RSASSAVerifier(publicKey))) {
return result;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
示例15: retrieveUsernameFromAuthenticationToken
import com.nimbusds.jose.crypto.RSASSAVerifier; //导入依赖的package包/类
/**
* retrieves the username from Authentication Token
*
* @param signedJWT - the authentication token
* @return the user name
*/
public static String retrieveUsernameFromAuthenticationToken(SignedJWT signedJWT) {
try {
// Extract payload
RSAKey serverPublicKey = RSAKey.parse(signedJWT.getHeader().getJWK().toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(serverPublicKey))) {
//Token is valid
return signedJWT.getJWTClaimsSet().getSubject();
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return MCRSystemUserInformation.getGuestInstance().getUserID();
}