diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationFilter.java index 745ba8ee8..9fa2b2cf4 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationFilter.java @@ -38,6 +38,8 @@ import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; import org.springframework.web.util.WebUtils; +import com.google.common.base.Splitter; +import com.google.common.collect.Lists; import com.google.gson.JsonElement; import com.google.gson.JsonParser; @@ -324,7 +326,7 @@ public class OpenIdConnectAuthenticationFilter extends public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { - + if (request.getParameter("error") != null) { handleError(request, response); @@ -443,6 +445,25 @@ public class OpenIdConnectAuthenticationFilter extends try { idToken = IdToken.parse(jsonRoot.getAsJsonObject() .get("id_token").getAsString()); + + List parts = Lists.newArrayList(Splitter.on(".") + .split(jsonRoot.getAsJsonObject().get("id_token") + .getAsString())); + + if (parts.size() != 3) { + throw new IllegalArgumentException( + "Invalid JWT format."); + } + + String h64 = parts.get(0); + String c64 = parts.get(1); + String s64 = parts.get(2); + + logger.debug("h64 = " + h64); + logger.debug("c64 = " + c64); + logger.debug("s64 = " + s64); + + } catch (Exception e) { // I suspect this could happen diff --git a/openid-connect-server/.settings/org.eclipse.wst.common.component b/openid-connect-server/.settings/org.eclipse.wst.common.component index cec04dc6f..af6d54bbb 100644 --- a/openid-connect-server/.settings/org.eclipse.wst.common.component +++ b/openid-connect-server/.settings/org.eclipse.wst.common.component @@ -1,17 +1,11 @@ - - - - - - - - - uses - - - uses - - - - - + + + + + + + + + + + diff --git a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/EcdsaSigner.java b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/EcdsaSigner.java index 06c8dd3e7..8df59519a 100644 --- a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/EcdsaSigner.java +++ b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/EcdsaSigner.java @@ -3,10 +3,10 @@ package org.mitre.jwt.signer.impl; import java.io.UnsupportedEncodingException; import java.security.GeneralSecurityException; import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; -import java.security.SignatureException; import java.util.List; import org.apache.commons.codec.binary.Base64; @@ -15,6 +15,7 @@ import org.apache.commons.logging.LogFactory; import org.mitre.jwt.signer.AbstractJwtSigner; import org.mitre.jwt.signer.service.impl.KeyStore; import org.springframework.beans.factory.InitializingBean; +import org.springframework.util.Assert; import com.google.common.base.Splitter; import com.google.common.collect.Lists; @@ -24,8 +25,8 @@ import com.google.common.collect.Lists; * * @author AANGANES, nemonik * - * Requires static install of BC - * + * Requires static install of BC + * */ public class EcdsaSigner extends AbstractJwtSigner implements InitializingBean { @@ -33,37 +34,38 @@ public class EcdsaSigner extends AbstractJwtSigner implements InitializingBean { * an enum for mapping a JWS name to standard algorithm name * * @author nemonik - * + * */ public enum Algorithm { - //Algorithm constants - ES256("SHA256withECDSA"), - ES384("SHA384withECDSA"), - ES512("SHA512withECDSA"); + // Algorithm constants + ES256("SHA256withECDSA"), ES384("SHA384withECDSA"), ES512( + "SHA512withECDSA"); public static final String DEFAULT = Algorithm.ES256.toString(); public static final String PREPEND = "ES"; - + /** - * Returns the Algorithm for the name - * @param name - * @return - */ - public static Algorithm getByName(String name) { - for (Algorithm correspondingType : Algorithm.values()) { - if (correspondingType.toString().equals(name)) { - return correspondingType; - } - } - - // corresponding type not found - throw new IllegalArgumentException("Algorithm name does not have a corresponding Algorithm"); - } - + * Returns the Algorithm for the name + * + * @param name + * @return + */ + public static Algorithm getByName(String name) { + for (Algorithm correspondingType : Algorithm.values()) { + if (correspondingType.toString().equals(name)) { + return correspondingType; + } + } + + // corresponding type not found + throw new IllegalArgumentException( + "Algorithm name does not have a corresponding Algorithm"); + } + private final String standardName; - - /** + + /** * Constructor of Algorithm * * @param standardName @@ -71,122 +73,156 @@ public class EcdsaSigner extends AbstractJwtSigner implements InitializingBean { Algorithm(String standardName) { this.standardName = standardName; } - - /** - * Return the Java standard algorithm name - * @return - */ - public String getStandardName() { - return standardName; - } - }; - - static final String PROVIDER = "BC"; - + + /** + * Return the Java standard algorithm name + * + * @return + */ + public String getStandardName() { + return standardName; + } + }; + private static Log logger = LogFactory.getLog(EcdsaSigner.class); - - public static final String KEYPAIR_ALGORITHM = "EC"; - public static final String DEFAULT_PASSWORD = "changeit"; - + + public static final String KEYPAIR_ALGORITHM = "EC"; + public static final String DEFAULT_PASSWORD = "changeit"; + private KeyStore keystore; private String alias; - private String password; - + private String password = DEFAULT_PASSWORD; + private PrivateKey privateKey; private PublicKey publicKey; - private Signature signer; - + private Signature signer; + /** * Default constructor */ public EcdsaSigner() { - this(Algorithm.DEFAULT, null, null, DEFAULT_PASSWORD); + super(Algorithm.DEFAULT); } - + /** + * Creates an EcdsaSigner from an algorithm name, a Java Keystore, an alias + * for the key pair, and the default password to access. Key pairs created + * with larger bit sizes obviously create larger signatures. + * * @param algorithmName + * The algorithm name * @param keystore + * A Java Keystore containing the key pair * @param alias + * The alias for the key pair + * @throws GeneralSecurityException */ - public EcdsaSigner(String algorithmName, KeyStore keystore, String alias) { + public EcdsaSigner(String algorithmName, KeyStore keystore, String alias) + throws GeneralSecurityException { this(algorithmName, keystore, alias, DEFAULT_PASSWORD); } - + /** + * Creates an EcdsaSigner from an algorithm name, a Java Keystore, an alias + * for the key pair, and the password to access. Key pairs created with + * larger bit sizes obviously create larger signatures. + * * @param algorithmName + * The algorithm name * @param keystore + * A Java Keystore containing the key pair * @param alias + * The alias for the key pair * @param password + * The password used to access and retrieve the key pair. + * @throws GeneralSecurityException */ - public EcdsaSigner(String algorithmName, KeyStore keystore, String alias, String password) { + public EcdsaSigner(String algorithmName, KeyStore keystore, String alias, + String password) throws GeneralSecurityException { super(algorithmName); + Assert.notNull(keystore, "A keystore must be supplied"); + Assert.notNull(alias, "A alias must be supplied"); + Assert.notNull(password, "A password must be supplied"); + setKeystore(keystore); setAlias(alias); setPassword(password); - try { - signer = Signature.getInstance(Algorithm.getByName(algorithmName).getStandardName(), PROVIDER); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - + KeyPair keyPair = keystore.getKeyPairForAlias(alias, password); + + publicKey = keyPair.getPublic(); + privateKey = keyPair.getPrivate(); + + } + /** + * Creates an RsaSigner from an algorithm name, and key pair. Key pairs + * created with larger bit sizes obviously create larger signatures. + * * @param algorithmName + * The algorithm name * @param publicKey + * The public key * @param privateKey + * The private key */ - public EcdsaSigner(String algorithmName, PublicKey publicKey, PrivateKey privateKey) { + public EcdsaSigner(String algorithmName, PublicKey publicKey, + PrivateKey privateKey) { super(algorithmName); + + Assert.notNull(publicKey, "A publicKey must be supplied"); + Assert.notNull(privateKey, "A privateKey must be supplied"); + this.publicKey = publicKey; this.privateKey = privateKey; } - - /* (non-Javadoc) - * @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet() + + /* + * (non-Javadoc) + * + * @see + * org.springframework.beans.factory.InitializingBean#afterPropertiesSet() */ @Override public void afterPropertiesSet() throws Exception { - KeyPair keyPair = keystore.getKeyPairForAlias(alias, password); - publicKey = keyPair.getPublic(); - privateKey = keyPair.getPrivate(); + // Can throw a GeneralException + signer = Signature.getInstance(Algorithm.getByName(super.getAlgorithm()) + .getStandardName()); // PROVIDER); - logger.debug( Algorithm.getByName(getAlgorithm()).getStandardName() + " ECDSA Signer ready for business"); + logger.debug(Algorithm.getByName(getAlgorithm()).getStandardName() + + " ECDSA Signer ready for business"); } + /* (non-Javadoc) + * @see org.mitre.jwt.signer.AbstractJwtSigner#generateSignature(java.lang.String) + */ @Override protected String generateSignature(String signatureBase) { - try { + String sig = null; + + try { + signer.initSign(privateKey); signer.update(signatureBase.getBytes("UTF-8")); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (UnsupportedEncodingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - byte[] sigBytes; - String sig = ""; - - try { - sigBytes = signer.sign(); + byte[] sigBytes = signer.sign(); sig = new String(Base64.encodeBase64URLSafe(sigBytes)); + // strip off any padding sig = sig.replace("=", ""); - } catch (SignatureException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + + } catch (GeneralSecurityException e) { + logger.error(e); + } catch (UnsupportedEncodingException e) { + logger.error(e); } - + return sig; } - + public String getAlias() { return alias; } @@ -214,9 +250,10 @@ public class EcdsaSigner extends AbstractJwtSigner implements InitializingBean { public void setPassword(String password) { this.password = password; } - - /* (non-Javadoc) + /* + * (non-Javadoc) + * * @see java.lang.Object#toString() */ @Override @@ -226,12 +263,14 @@ public class EcdsaSigner extends AbstractJwtSigner implements InitializingBean { + ", publicKey=" + publicKey + ", signer=" + signer + "]"; } - /* (non-Javadoc) + /* + * (non-Javadoc) + * * @see org.mitre.jwt.signer.AbstractJwtSigner#verify(java.lang.String) */ @Override public boolean verify(String jwtString) { - + // split on the dots List parts = Lists.newArrayList(Splitter.on(".").split( jwtString)); @@ -251,14 +290,11 @@ public class EcdsaSigner extends AbstractJwtSigner implements InitializingBean { signer.update(signingInput.getBytes("UTF-8")); signer.verify(s64.getBytes("UTF-8")); } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + logger.error(e); } catch (UnsupportedEncodingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + logger.error(e); } return true; - } - + } } \ No newline at end of file diff --git a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java index bb0a013d8..b518b1c31 100644 --- a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java +++ b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java @@ -2,7 +2,7 @@ package org.mitre.jwt.signer.impl; import java.io.UnsupportedEncodingException; import java.nio.charset.Charset; -import java.security.InvalidKeyException; +import java.security.GeneralSecurityException; import java.security.NoSuchAlgorithmException; import javax.crypto.Mac; @@ -12,6 +12,8 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.mitre.jwt.signer.AbstractJwtSigner; +import org.springframework.beans.factory.InitializingBean; +import org.springframework.util.Assert; /** * JWT Signer using either the HMAC SHA-256, SHA-384, SHA-512 hash algorithm @@ -19,7 +21,7 @@ import org.mitre.jwt.signer.AbstractJwtSigner; * @author AANGANES, nemonik * */ -public class HmacSigner extends AbstractJwtSigner { +public class HmacSigner extends AbstractJwtSigner implements InitializingBean { /** * an enum for mapping a JWS name to standard algorithm name @@ -71,16 +73,18 @@ public class HmacSigner extends AbstractJwtSigner { public String getStandardName() { return standardName; } - }; + } + + public static final String DEFAULT_PASSPHRASE = "changeit";; + + private static Log logger = LogFactory.getLog(HmacSigner.class); - private static Log logger = LogFactory.getLog(HmacSigner.class); - private Mac mac; - private String passphrase; + private String passphrase = DEFAULT_PASSPHRASE; /** - * Create a signer with no passphrase + * Default constructor */ public HmacSigner() { super(Algorithm.DEFAULT); @@ -90,30 +94,34 @@ public class HmacSigner extends AbstractJwtSigner { * Create HMAC singer with default algorithm and passphrase as raw bytes * * @param passphraseAsRawBytes + * The passphrase as raw bytes */ - public HmacSigner(byte[] passphraseAsRawBytes) { + public HmacSigner(byte[] passphraseAsRawBytes) + throws NoSuchAlgorithmException { this(Algorithm.DEFAULT, new String(passphraseAsRawBytes, Charset.forName("UTF-8"))); } - + /** * Create HMAC singer with default algorithm and passphrase * * @param passwordAsRawBytes + * The passphrase as raw bytes */ - public HmacSigner(String passphrase) { + public HmacSigner(String passphrase) throws NoSuchAlgorithmException { this(Algorithm.DEFAULT, passphrase); - } + } /** * Create HMAC singer with given algorithm and password as raw bytes * * @param algorithmName - * the JWS name for the standard name of the requested MAC - * algorithm + * The Java standard name of the requested MAC algorithm * @param passphraseAsRawBytes + * The passphrase as raw bytes */ - public HmacSigner(String algorithmName, byte[] passphraseAsRawBytes) { + public HmacSigner(String algorithmName, byte[] passphraseAsRawBytes) + throws NoSuchAlgorithmException { this(algorithmName, new String(passphraseAsRawBytes, Charset.forName("UTF-8"))); } @@ -122,26 +130,36 @@ public class HmacSigner extends AbstractJwtSigner { * Create HMAC singer with given algorithm and passwords * * @param algorithmName - * the JWS name for the standard name of the requested MAC - * algorithm + * The Java standard name of the requested MAC algorithm * @param passphrase * the passphrase */ public HmacSigner(String algorithmName, String passphrase) { super(algorithmName); + Assert.notNull(passphrase, "A passphrase must be supplied"); + setPassphrase(passphrase); - try { - mac = Mac.getInstance(Algorithm.getByName(algorithmName) - .getStandardName()); - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } } - + /* + * (non-Javadoc) + * + * @see + * org.springframework.beans.factory.InitializingBean#afterPropertiesSet() + */ + @Override + public void afterPropertiesSet() throws Exception { + + mac = Mac.getInstance(Algorithm.getByName(super.getAlgorithm()) + .getStandardName()); + + logger.debug(Algorithm.getByName(getAlgorithm()).getStandardName() + + " ECDSA Signer ready for business"); + } + + /* * (non-Javadoc) * @@ -152,25 +170,18 @@ public class HmacSigner extends AbstractJwtSigner { @Override protected String generateSignature(String signatureBase) { if (passphrase == null) { - return null; // TODO: probably throw some kind of exception + throw new IllegalArgumentException("Passphrase cannot be null"); } try { mac.init(new SecretKeySpec(getPassphrase().getBytes(), mac .getAlgorithm())); - } catch (InvalidKeyException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - try { mac.update(signatureBase.getBytes("UTF-8")); - } catch (IllegalStateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + } catch (GeneralSecurityException e) { + logger.error(e); } catch (UnsupportedEncodingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + logger.error(e); } byte[] sigBytes = mac.doFinal(); @@ -179,6 +190,7 @@ public class HmacSigner extends AbstractJwtSigner { // strip off any padding sig = sig.replace("=", ""); + return sig; } @@ -191,18 +203,16 @@ public class HmacSigner extends AbstractJwtSigner { } public void setPassphrase(String passphrase) { - - if (passphrase.isEmpty()) - throw new IllegalArgumentException("passphrase must be set"); - this.passphrase = passphrase; } - /* (non-Javadoc) + /* + * (non-Javadoc) + * * @see java.lang.Object#toString() */ @Override public String toString() { return "HmacSigner [mac=" + mac + ", passphrase=" + passphrase + "]"; } -} +} \ No newline at end of file diff --git a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java index 95b0f2a81..7fa5fc67d 100644 --- a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java +++ b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java @@ -6,7 +6,6 @@ import java.security.KeyPair; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; -import java.security.SignatureException; import java.security.interfaces.RSAPrivateKey; import java.util.List; @@ -16,6 +15,7 @@ import org.apache.commons.logging.LogFactory; import org.mitre.jwt.signer.AbstractJwtSigner; import org.mitre.jwt.signer.service.impl.KeyStore; import org.springframework.beans.factory.InitializingBean; +import org.springframework.util.Assert; import com.google.common.base.Splitter; import com.google.common.collect.Lists; @@ -42,7 +42,6 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { public static final String DEFAULT = Algorithm.RS256.toString(); public static final String PREPEND = "RS"; - /** * Returns the Algorithm for the name * @@ -89,7 +88,7 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { private KeyStore keystore; private String alias; - private String password; + private String password = DEFAULT_PASSWORD; private PrivateKey privateKey; private PublicKey publicKey; @@ -99,93 +98,128 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { * Default constructor */ public RsaSigner() { - this(Algorithm.DEFAULT, null, null, DEFAULT_PASSWORD); + super(Algorithm.DEFAULT); } /** + * Creates an RsaSigner from an algorithm name, a Java Keystore, an alias + * for the key pair, and the default password to access. Key pairs created + * with larger bit sizes obviously create larger signatures. + * * @param algorithmName + * The algorithm name * @param keystore + * A Java Keystore containing the key pair * @param alias + * The alias for the key pair + * @throws GeneralSecurityException */ - public RsaSigner(String algorithmName, KeyStore keystore, String alias) { + public RsaSigner(String algorithmName, KeyStore keystore, String alias) + throws GeneralSecurityException { this(algorithmName, keystore, alias, DEFAULT_PASSWORD); } - + /** + * Creates an RsaSigner from an algorithm name, a Java Keystore, an alias + * for the key pair, and the password to access. Key pairs created with + * larger bit sizes obviously create larger signatures. + * * @param algorithmName + * The algorithm name * @param keystore + * A Java Keystore containing the key pair * @param alias + * The alias for the key pair * @param password + * The password used to access and retrieve the key pair. + * @throws GeneralSecurityException */ public RsaSigner(String algorithmName, KeyStore keystore, String alias, - String password) { + String password) throws GeneralSecurityException { super(algorithmName); + Assert.notNull(keystore, "An keystore must be supplied"); + Assert.notNull(alias, "A alias must be supplied"); + Assert.notNull(password, "A password must be supplied"); + setKeystore(keystore); setAlias(alias); setPassword(password); - - try { - signer = Signature.getInstance(Algorithm.getByName(algorithmName).getStandardName()); //, PROVIDER); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } + KeyPair keyPair = keystore.getKeyPairForAlias(alias, password); + + publicKey = keyPair.getPublic(); + privateKey = keyPair.getPrivate(); + + } /** + * Creates an RsaSigner from an algorithm name, and key pair. Key pairs + * created with larger bit sizes obviously create larger signatures. + * * @param algorithmName + * The algorithm name * @param publicKey + * The public key * @param privateKey + * The private key */ - public RsaSigner(String algorithmName, PublicKey publicKey, PrivateKey privateKey) { + public RsaSigner(String algorithmName, PublicKey publicKey, + PrivateKey privateKey) { super(algorithmName); + + Assert.notNull(publicKey, "An publicKey must be supplied"); + Assert.notNull(privateKey, "A privateKey must be supplied"); + this.publicKey = publicKey; this.privateKey = privateKey; } + /* + * (non-Javadoc) + * + * @see + * org.springframework.beans.factory.InitializingBean#afterPropertiesSet() + */ @Override public void afterPropertiesSet() throws Exception { - KeyPair keyPair = keystore.getKeyPairForAlias(alias, password); - publicKey = keyPair.getPublic(); - privateKey = keyPair.getPrivate(); - - logger.debug( Algorithm.getByName(getAlgorithm()).getStandardName() + " RSA Signer ready for business"); + // unsupported algorithm will throw a NoSuchAlgorithmException + signer = Signature.getInstance(Algorithm + .getByName(super.getAlgorithm()).getStandardName()); // , + // PROVIDER); + + logger.debug(Algorithm.getByName(getAlgorithm()).getStandardName() + + " RSA Signer ready for business"); } - /* (non-Javadoc) - * @see org.mitre.jwt.signer.AbstractJwtSigner#generateSignature(java.lang.String) + /* + * (non-Javadoc) + * + * @see + * org.mitre.jwt.signer.AbstractJwtSigner#generateSignature(java.lang.String + * ) */ @Override protected String generateSignature(String signatureBase) { - try { + String sig = null; + + try { signer.initSign(privateKey); signer.update(signatureBase.getBytes("UTF-8")); - } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (UnsupportedEncodingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - byte[] sigBytes; - String sig = ""; + byte[] sigBytes = signer.sign(); - try { - sigBytes = signer.sign(); - sig = new String(Base64.encodeBase64URLSafe(sigBytes)); - // strip off any padding - sig = sig.replace("=", ""); - } catch (SignatureException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + sig = (new String(Base64.encodeBase64URLSafe(sigBytes))).replace( + "=", ""); + } catch (GeneralSecurityException e) { + logger.error(e); + } catch (UnsupportedEncodingException e) { + logger.error(e); } - + return sig; } @@ -237,15 +271,16 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { + ", publicKey=" + publicKey + ", signer=" + signer + "]"; } - /* (non-Javadoc) - * @see org.mitre.jwt.signer.AbstractJwtSigner#verify(java.lang.String) - */ - /* (non-Javadoc) + /* + * (non-Javadoc) + * * @see org.mitre.jwt.signer.AbstractJwtSigner#verify(java.lang.String) */ @Override public boolean verify(String jwtString) { + boolean value = false; + // split on the dots List parts = Lists.newArrayList(Splitter.on(".").split( jwtString)); @@ -263,15 +298,15 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { try { signer.initVerify(publicKey); signer.update(signingInput.getBytes("UTF-8")); - signer.verify(s64.getBytes("UTF-8")); + value = signer.verify(s64.getBytes("UTF-8")); } catch (GeneralSecurityException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + logger.error(e); + return false; } catch (UnsupportedEncodingException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + logger.error(e); + return false; } - return true; + return value; } -} +} \ No newline at end of file