github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

removed verification of signature in decryption

pull/105/head
Mike Derryberry 2012-07-17 13:40:14 -04:00
parent 1dbf2808c1
commit 4f78c3db80
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java
View File

@ -51,7 +51,7 @@ public class RsaDecrypter extends AbstractJweDecrypter {
jwe.setCiphertext(decryptCipherText(jwe, contentEncryptionKey));
//generate signature for decrypted signature base in order to verify that decryption worked
String signature = null;
/*String signature = null;
try {
HmacSigner hmacSigner = new HmacSigner(contentIntegrityKey);
signature = hmacSigner.generateSignature(jwe.getSignatureBase());
@ -61,7 +61,7 @@ public class RsaDecrypter extends AbstractJweDecrypter {
}
//verifys that the signature base was decrypted correctly
/*if(signature != jwe.getSignature()){
if(signature != jwe.getSignature()){
throw new IllegalArgumentException("Didn't decrypt correctly. Decoded Sig and generated Sig do not match. " +
"Generated Signature is: " + signature + " while decoded sig is: " + jwe.getSignature());
}*/