From 267f1b2de3dd2a6c685da929c21cb45bc437827d Mon Sep 17 00:00:00 2001 From: nemonik Date: Mon, 2 Apr 2012 21:32:42 -0400 Subject: [PATCH] bas64 decoded signature prior to verifying, modified unit rsa unit test, and fixed ecdsa signer verify --- .../main/java/org/mitre/jwt/signer/impl/EcdsaSigner.java | 6 ++++-- .../src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java | 4 +--- .../src/test/java/org/mitre/jwt/JwtTest.java | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/EcdsaSigner.java b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/EcdsaSigner.java index 5230c40ba..bba2623d8 100644 --- a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/EcdsaSigner.java +++ b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/EcdsaSigner.java @@ -217,6 +217,8 @@ public class EcdsaSigner extends AbstractJwtSigner implements InitializingBean { @Override public boolean verify(String jwtString) { + boolean value = false; + // split on the dots List parts = Lists.newArrayList(Splitter.on(".").split( jwtString)); @@ -234,13 +236,13 @@ public class EcdsaSigner extends AbstractJwtSigner implements InitializingBean { try { signer.initVerify(publicKey); signer.update(signingInput.getBytes("UTF-8")); - signer.verify(s64.getBytes("UTF-8")); + value = signer.verify(Base64.decodeBase64(s64)); } catch (GeneralSecurityException e) { logger.error(e); } catch (UnsupportedEncodingException e) { logger.error(e); } - return true; + return value; } } \ No newline at end of file diff --git a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java index e99208076..66739680b 100644 --- a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java +++ b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java @@ -253,13 +253,11 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { try { signer.initVerify(publicKey); signer.update(signingInput.getBytes("UTF-8")); - value = signer.verify(s64.getBytes("UTF-8")); + value = signer.verify(Base64.decodeBase64(s64)); } catch (GeneralSecurityException e) { logger.error(e); - return false; } catch (UnsupportedEncodingException e) { logger.error(e); - return false; } return value; diff --git a/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java b/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java index 165e1ce4d..bc968a5d4 100644 --- a/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java +++ b/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java @@ -162,7 +162,8 @@ public class JwtTest { signer.sign(jwt); String actual = jwt.toString(); - + + assertThat(signer.verify(actual), equalTo(true)); assertThat(actual, equalTo(expected)); assertThat(jwt.getSignature(), equalTo(signature)); }