From 4f78c3db80bdf72aca40ef3bd88e88beb3db7cb9 Mon Sep 17 00:00:00 2001
From: Mike Derryberry <derryberry@mitre.org>
Date: Tue, 17 Jul 2012 13:40:14 -0400
Subject: [PATCH] removed verification of signature in decryption

---
 .../main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java
index 7057758ec..a4e9af839 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/impl/RsaDecrypter.java
@@ -51,7 +51,7 @@ public class RsaDecrypter extends AbstractJweDecrypter {
 			jwe.setCiphertext(decryptCipherText(jwe, contentEncryptionKey));
 			
 			//generate signature for decrypted signature base in order to verify that decryption worked
-			String signature = null;
+			/*String signature = null;
 			try {
 				HmacSigner hmacSigner = new HmacSigner(contentIntegrityKey);
 				signature = hmacSigner.generateSignature(jwe.getSignatureBase());
@@ -61,7 +61,7 @@ public class RsaDecrypter extends AbstractJweDecrypter {
 			}
 			
 			//verifys that the signature base was decrypted correctly
-			/*if(signature != jwe.getSignature()){
+			if(signature != jwe.getSignature()){
 				throw new IllegalArgumentException("Didn't decrypt correctly. Decoded Sig and generated Sig do not match. " +
 						"Generated Signature is: " + signature + " while decoded sig is: " + jwe.getSignature());
 			}*/