Refine search
throw new ParseException("Invalid JWE header: " + e.getMessage(), 0); if (secondPart == null || secondPart.toString().isEmpty()) { if (thirdPart == null || thirdPart.toString().isEmpty()) { if (fifthPart == null || fifthPart.toString().isEmpty()) {
throw new ParseException("Invalid JWT serialization: Missing dot delimiter(s)", 0); Base64URL header = new Base64URL(s.substring(0, firstDotPos)); jsonObject = JSONObjectUtils.parse(header.decodeToString()); throw new ParseException("Invalid unsecured/JWS/JWE header: " + e.getMessage(), 0);
jsonObject = JSONObjectUtils.parse(parts[0].decodeToString()); throw new ParseException("Invalid unsecured/JWS/JWE header: " + e.getMessage(), 0);
throw new ParseException("The algorithm \"alg\" header parameter must be for signatures", 0); for (final String name: jsonObject.keySet()) { header = header.x509CertURL(JSONObjectUtils.getURI(jsonObject, name)); } else if("x5t".equals(name)) { header = header.x509CertThumbprint(new Base64URL(JSONObjectUtils.getString(jsonObject, name))); } else if("x5t#S256".equals(name)) { header = header.x509CertSHA256Thumbprint(new Base64URL(JSONObjectUtils.getString(jsonObject, name))); } else if("x5c".equals(name)) { header = header.x509CertChain(X509CertChainUtils.toBase64List(JSONObjectUtils.getJSONArray(jsonObject, name))); header = header.keyID(JSONObjectUtils.getString(jsonObject, name)); } else { header = header.customParam(name, jsonObject.get(name));
Base64URL x = new Base64URL(JSONObjectUtils.getString(jsonObject, "x")); Base64URL y = new Base64URL(JSONObjectUtils.getString(jsonObject, "y")); throw new ParseException("The key type \"kty\" must be EC", 0); if (jsonObject.get("d") != null) { d = new Base64URL(JSONObjectUtils.getString(jsonObject, "d")); throw new ParseException(ex.getMessage(), 0);
throw new ParseException("Invalid serialized unsecured/JWS/JWE object: Missing part delimiters", 0); throw new ParseException("Invalid serialized unsecured/JWS/JWE object: Missing second delimiter", 0); parts[0] = new Base64URL(t.substring(0, dot1)); parts[1] = new Base64URL(t.substring(dot1 + 1, dot2)); parts[2] = new Base64URL(t.substring(dot2 + 1)); return parts; throw new ParseException("Invalid serialized JWE object: Missing fourth delimiter", 0); parts[0] = new Base64URL(t.substring(0, dot1)); parts[1] = new Base64URL(t.substring(dot1 + 1, dot2)); parts[2] = new Base64URL(t.substring(dot2 + 1, dot3)); parts[3] = new Base64URL(t.substring(dot3 + 1, dot4)); parts[4] = new Base64URL(t.substring(dot4 + 1)); return parts;
/** * Parses an unsecured (plain) JSON Web Token (JWT) from the specified * string in compact format. * * @param s The string to parse. Must not be {@code null}. * * @return The unsecured JWT. * * @throws ParseException If the string couldn't be parsed to a valid * unsecured JWT. */ public static PlainJWT parse(final String s) throws ParseException { Base64URL[] parts = JOSEObject.split(s); if (! parts[2].toString().isEmpty()) { throw new ParseException("Unexpected third Base64URL part in the unsecured JWT object", 0); } return new PlainJWT(parts[0], parts[1]); } }
Base64URL n = new Base64URL(JSONObjectUtils.getString(jsonObject, "n")); Base64URL e = new Base64URL(JSONObjectUtils.getString(jsonObject, "e")); throw new ParseException("The key type \"kty\" must be RSA", 0); if (jsonObject.containsKey("d")) { d = new Base64URL(JSONObjectUtils.getString(jsonObject, "d")); if (jsonObject.containsKey("p")) { p = new Base64URL(JSONObjectUtils.getString(jsonObject, "p")); if (jsonObject.containsKey("q")) { q = new Base64URL(JSONObjectUtils.getString(jsonObject, "q")); if (jsonObject.containsKey("dp")) { dp = new Base64URL(JSONObjectUtils.getString(jsonObject, "dp")); if (jsonObject.containsKey("dq")) { dq = new Base64URL(JSONObjectUtils.getString(jsonObject, "dq")); if (jsonObject.containsKey("qi")) { qi = new Base64URL(JSONObjectUtils.getString(jsonObject, "qi")); JSONObject otherJson = (JSONObject)o; Base64URL r = new Base64URL(JSONObjectUtils.getString(otherJson, "r")); Base64URL odq = new Base64URL(JSONObjectUtils.getString(otherJson, "dq")); Base64URL t = new Base64URL(JSONObjectUtils.getString(otherJson, "t"));
private JWTClaimsSet parse(String token) { try { SignedJWT signedJWT = SignedJWT.parse(token); if (signedJWT.getSignature().toString().isEmpty()) { throw new IllegalArgumentException("The token doesn't have a signature"); } // check if payload is a valid JSON object and throws ParseException when it's not return signedJWT.getJWTClaimsSet(); } catch (ParseException e) { throw new IllegalArgumentException( "The token does not conform to signed JWT format. " + e.getMessage()); } }
o.put("n", n.toString()); o.put("e", e.toString()); if (d != null) { o.put("d", d.toString()); o.put("p", p.toString()); o.put("q", q.toString()); o.put("dp", dp.toString()); o.put("dq", dq.toString()); o.put("qi", qi.toString()); JSONObject oo = new JSONObject(); oo.put("r", other.r.toString()); oo.put("d", other.d.toString()); oo.put("t", other.t.toString());
throws JOSEException { final String json = JSONObject.toJSONString(params); throw new JOSEException("Couldn't compute JWK thumbprint: Unsupported hash algorithm: " + e.getMessage(), e); return Base64URL.encode(md.digest());
return SignedJWT.parse(jwt.getPayload().toBase64URL().decodeToString()); final String innerToken = (String) tagInternal.get("inner-jwt"); return SignedJWT.parse(innerToken);
/** * Parses the optional X.509 certificate thumbprint. * * @param o The JSON object to parse. Must not be {@code null}. * * @return The X.509 certificate thumbprint, {@code null} if not * specified. * * @throws ParseException If parsing failed. */ static Base64URL parseX509CertThumbprint(final JSONObject o) throws ParseException { if (o.containsKey("x5t")) { return new Base64URL(JSONObjectUtils.getString(o, "x5t")); } else { return null; } }
epu = new Base64URL((String)header.getCustomParam("epu")).decode(); epv = new Base64URL((String)header.getCustomParam("epv")).decode(); String macInput = header.toBase64URL().toString() + "." + encryptedKey.toString() + "." + iv.toString() + "." + cipherText.toString(); if (! ConstantTimeUtils.areEqual(authTag.decode(), mac)) { throw new JOSEException("MAC check failed"); return AESCBC.decrypt(cekAlt, iv.decode(), cipherText.decode(), ceProvider);
@Override public Base64URL sign(final JWSHeader header, final byte[] signingInput) throws JOSEException { // Check alg field in header final JWSAlgorithm alg = header.getAlgorithm(); if (! JWSAlgorithm.EdDSA.equals(alg)) { throw new JOSEException("Ed25519Signer requires alg=EdDSA in JWSHeader"); } final byte[] jwsSignature; try { jwsSignature = tinkSigner.sign(signingInput); } catch (GeneralSecurityException e) { throw new JOSEException(e.getMessage(), e); } return Base64URL.encode(jwsSignature); } }
/** * Composes the signing input for the specified JWS object parts. * * <p>Format: * * <pre> * [header-base64url].[payload-base64url] * </pre> * * @param firstPart The first part, corresponding to the JWS header. * Must not be {@code null}. * @param secondPart The second part, corresponding to the payload. * Must not be {@code null}. * * @return The signing input string. */ private static String composeSigningInput(final Base64URL firstPart, final Base64URL secondPart) { return firstPart.toString() + '.' + secondPart.toString(); }