github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Added implementation of the verify method to the Rs256Signer class. 

Added comments for steps needed in stub of Es256Signer class.
pull/59/head
Amanda Anganes 2011-12-29 09:12:19 -05:00
parent 15f8675e1a
commit f31fd5c3a5
2 changed files with 90 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/main/java/org/mitre/jwt/signer/impl/Es256Signer.java
View File

@ -4,15 +4,45 @@ import org.mitre.jwt.signer.AbstractJwtSigner;
public class Es256Signer extends AbstractJwtSigner { public class Es256Signer extends AbstractJwtSigner {
public Es256Signer() {
this(null);
}
public Es256Signer(String algorithm) { public Es256Signer(String algorithm) {
super(algorithm); super("ES256");
// TODO Auto-generated constructor stub
} }
@Override @Override
protected String generateSignature(String signatureBase) { protected String generateSignature(String signatureBase) {
// TODO Auto-generated method stub
/*
1) Generate a digital signature of the UTF-8 representation of the JWS Signing Input
using ECDSA P-256 SHA-256 with the desired private key. The output will be the
EC point (R, S), where R and S are unsigned integers.
2) Turn R and S into byte arrays in big endian order. Each array will be 32 bytes long.
3) Concatenate the two byte arrays in the order R and then S.
4) Base64url encode the resulting 64 byte array.
*/
return null; return null;
} }
@Override
public boolean verify(String jwtString) {
/*
1) Take the Encoded JWS Signature and base64url decode it into a byte array.
If decoding fails, the signed content MUST be rejected.
2) The output of the base64url decoding MUST be a 64 byte array.
3) Split the 64 byte array into two 32 byte arrays. The first array will be R and
the second S. Remember that the byte arrays are in big endian byte order;
please check the ECDSA validator in use to see what byte order it requires.
4) Submit the UTF-8 representation of the JWS Signing Input, R, S and the public
key (x, y) to the ECDSA P-256 SHA-256 validator.
5) If the validation fails, the signed content MUST be rejected.
*/
return false;
}
} }

57
src/main/java/org/mitre/jwt/signer/impl/Rs256Signer.java
View File

@ -4,12 +4,17 @@ import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature; import java.security.Signature;
import java.security.SignatureException; import java.security.SignatureException;
import java.util.List;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
import org.mitre.jwt.signer.AbstractJwtSigner; import org.mitre.jwt.signer.AbstractJwtSigner;
import com.google.common.base.Splitter;
import com.google.common.collect.Lists;
/** /**
* JWT Signer using RSA SHA-256 algorithm * JWT Signer using RSA SHA-256 algorithm
* @author AANGANES * @author AANGANES
@ -19,6 +24,9 @@ public class Rs256Signer extends AbstractJwtSigner {
//TODO: should this class generate a new private key or get one passed into the constructor? //TODO: should this class generate a new private key or get one passed into the constructor?
private PrivateKey privateKey; private PrivateKey privateKey;
//TODO: where does the publicKey come from?
private PublicKey publicKey;
private Signature signer; private Signature signer;
public Rs256Signer() { public Rs256Signer() {
@ -74,6 +82,55 @@ public class Rs256Signer extends AbstractJwtSigner {
return sig; return sig;
} }
@Override
public boolean verify(String jwtString) {
// split on the dots
List<String> parts = Lists.newArrayList(Splitter.on(".").split(jwtString));
if (parts.size() != 3) {
throw new IllegalArgumentException("Invalid JWT format.");
}
String h64 = parts.get(0);
String c64 = parts.get(1);
String s64 = parts.get(2);
String signingInput = h64 + "." + c64 + ".";
try {
signer.initVerify(publicKey);
} catch (InvalidKeyException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
return false;
}
try {
signer.update(signingInput.getBytes("UTF-8"));
} catch (SignatureException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
} catch (UnsupportedEncodingException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
try {
signer.verify(s64.getBytes("UTF-8"));
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
return false;
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
return false;
}
return true;
}
public PrivateKey getPrivateKey() { public PrivateKey getPrivateKey() {
return privateKey; return privateKey;
} }