github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

switched to nimbus to check JWT signature

pull/263/head
Justin Richer 2013-01-17 17:44:44 -05:00
parent ef12ed375f
commit 2d21a72e7e
1 changed files with 26 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java
View File

@ -6,6 +6,7 @@ package org.mitre.openid.connect.assertion;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@ -37,6 +38,13 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.JWSVerifier;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
/** /**
* @author jricher * @author jricher
* *
@ -70,32 +78,20 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
try { try {
ClientDetailsEntity client = clientService.loadClientByClientId(jwtAuth.getClientId()); ClientDetailsEntity client = clientService.loadClientByClientId(jwtAuth.getClientId());
JwtSigningAndValidationService validator = getValidatorForClient(client); // fetch our client's key
KeyFetcher keyFetch = new KeyFetcher();
if (validator == null) { RSAPublicKey k2 = (RSAPublicKey) keyFetch.retrieveJwkKey(client.getJwkUrl());
throw new AuthenticationServiceException("Could not find signing keys for " + jwtAuth.getClientId());
} // use Nimbus to verify the signature
JWSVerifier v2 = new RSASSAVerifier(k2);
// process the JWT
JWSObject j3 = JWSObject.parse(jwtAuth.getJwt().toString());
Jwt jwt = jwtAuth.getJwt(); Jwt jwt = jwtAuth.getJwt();
JwtClaims jwtClaims = jwt.getClaims(); JwtClaims jwtClaims = jwt.getClaims();
// do a deep copy if (!j3.verify(v2)) {
Jwt newJwt = new Jwt(new JwtHeader(jwt.getHeader()), new JwtClaims(jwt.getClaims()), null);
// sign it
try {
for (JwtSigner signer : validator.getAllSigners().values()) {
signer.sign(newJwt);
}
//validator.signJwt(newJwt);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (!validator.validateSignature(jwt.toString())) {
throw new AuthenticationServiceException("Invalid signature"); throw new AuthenticationServiceException("Invalid signature");
} }
@ -146,7 +142,13 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
} catch (ClientNotFoundException e) { } catch (ClientNotFoundException e) {
throw new UsernameNotFoundException("Could not find client: " + jwtAuth.getClientId()); throw new UsernameNotFoundException("Could not find client: " + jwtAuth.getClientId());
} } catch (ParseException e) {
// TODO Auto-generated catch block
throw new AuthenticationServiceException("Invalid JWT format");
} catch (JOSEException e) {
// TODO Auto-generated catch block
throw new AuthenticationServiceException("JOSE Error");
}
} }