@Override public Base64URL extractValue(T identifier) { return new Base64URL(identifier.toString().split("\\.")[0]); } }
/** * Base64URL-encodes the specified byte array. * * @param bytes The byte array to encode. Must not be {@code null}. * * @return The resulting Base64URL object. */ public static Base64URL encode(final byte[] bytes) { return new Base64URL(Base64Codec.encodeToString(bytes, true)); }
@Override public Base64URL validateAndExtractValue(final T identifier) throws InvalidIdentifierException { IdentifierWithHMAC id = IdentifierWithHMAC.parseAndValidate(identifier.toString(), getHMACKey()); return new Base64URL(id.toString().split("\\.")[0]); }
@Override public JsonObject process(String jwt) throws JWTException { String[] parts = jwt.split("\\."); if(parts.length == 3) { Base64URL first = new Base64URL(parts[0]); Base64URL second = new Base64URL(parts[1]); Base64URL third = new Base64URL(parts[2]); try { String rawJwt = new JWSObject(first, second, third).getPayload().toString(); return Json.createReader(new StringReader(rawJwt)).readObject(); } catch (ParseException e) { throw new JWTException("Unable to parse JWT", e); } } else { return null; } } }
/** * Parses the optional X.509 certificate thumbprint. * * @param o The JSON object to parse. Must not be {@code null}. * * @return The X.509 certificate thumbprint, {@code null} if not * specified. * * @throws ParseException If parsing failed. */ static Base64URL parseX509CertThumbprint(final JSONObject o) throws ParseException { if (o.containsKey("x5t")) { return new Base64URL(JSONObjectUtils.getString(o, "x5t")); } else { return null; } }
/** * Parses the optional X.509 certificate SHA-256 thumbprint. * * @param o The JSON object to parse. Must not be {@code null}. * * @return The X.509 certificate SHA-256 thumbprint, {@code null} if * not specified. * * @throws ParseException If parsing failed. */ static Base64URL parseX509CertSHA256Thumbprint(final JSONObject o) throws ParseException { if (o.containsKey("x5t#S256")) { return new Base64URL(JSONObjectUtils.getString(o, "x5t#S256")); } else { return null; } }
throw new ParseException("Invalid JWT serialization: Missing dot delimiter(s)", 0); Base64URL header = new Base64URL(s.substring(0, firstDotPos));
String thumbPrint = getThumbPrint(publicCert); headerBuilder.keyID(thumbPrint); headerBuilder.x509CertThumbprint(new Base64URL(thumbPrint)); JWEHeader header = headerBuilder.build(); EncryptedJWT encryptedJWT = new EncryptedJWT(header, jwtClaimsSet);
JWSHeader.Builder headerBuilder = new JWSHeader.Builder((JWSAlgorithm) signatureAlgorithm); headerBuilder.keyID(getThumbPrint(tenantDomain, tenantId)); headerBuilder.x509CertThumbprint(new Base64URL(getThumbPrint(tenantDomain, tenantId))); SignedJWT signedJWT = new SignedJWT(headerBuilder.build(), jwtClaimsSet); signedJWT.sign(signer);
certs.add(new Base64(credential.getPublicCertificate())); builder.x509CertChain(certs); builder.x509CertThumbprint(new Base64URL(credential .getPublicCertificateHash())); jwt = new SignedJWT(builder.build(), claimsSet);
Base64URL k = new Base64URL(JSONObjectUtils.getString(jsonObject, "k"));
private String signJwt(JWTClaimsSet jwtClaimsSet) throws AuthException { if (JWSAlgorithm.RS256.equals(signatureAlgorithm) || JWSAlgorithm.RS384.equals(signatureAlgorithm) || JWSAlgorithm.RS512.equals(signatureAlgorithm)) { try { JWSSigner signer = new RSASSASigner(ServiceReferenceHolder.getInstance().getPrivateKey()); JWSAlgorithm jwsAlgorithm; if (signatureAlgorithm instanceof JWSAlgorithm) { jwsAlgorithm = (JWSAlgorithm) signatureAlgorithm; } else { throw new AuthException("Signature Algorithm couldn't convert to JWSAlgorithm"); } JWSHeader.Builder headerBuilder = new JWSHeader.Builder(jwsAlgorithm); String certThumbPrint = getThumbPrint(ServiceReferenceHolder.getInstance().getPublicKey()); headerBuilder.keyID(certThumbPrint); headerBuilder.x509CertThumbprint(new Base64URL(certThumbPrint)); SignedJWT signedJWT = new SignedJWT(headerBuilder.build(), jwtClaimsSet); signedJWT.sign(signer); return signedJWT.serialize(); } catch (NoSuchAlgorithmException | CertificateEncodingException | JOSEException e) { throw new AuthException("Invalid signature algorithm provided. " + signatureAlgorithm); } } else { throw new AuthException("Invalid signature algorithm provided. " + signatureAlgorithm); } }