try { MessageDigest digest = MessageDigest.getInstance("SHA-256"); String hash = Base64URL.encode(digest.digest(codeVerifier.getBytes(StandardCharsets.US_ASCII))).toString(); options.put("code_challenge", hash); } catch (NoSuchAlgorithmException e) {
String hash = Base64URL.encode(digest.digest(verifier.getBytes(StandardCharsets.US_ASCII))).toString(); if (!challenge.equals(hash)) { throw new InvalidRequestException("Code challenge and verifier do not match");
/** * Composes the signing input for the specified JWS object parts. * * <p>Format: * * <pre> * [header-base64url].[payload-base64url] * </pre> * * @param firstPart The first part, corresponding to the JWS header. * Must not be {@code null}. * @param secondPart The second part, corresponding to the payload. * Must not be {@code null}. * * @return The signing input string. */ private static String composeSigningInput(final Base64URL firstPart, final Base64URL secondPart) { return firstPart.toString() + '.' + secondPart.toString(); }
/** * Computes the Additional Authenticated Data (AAD) for the specified * BASE64URL-encoded JWE header. * * @param encodedJWEHeader The BASE64URL-encoded JWE header. Must not * be {@code null}. * * @return The AAD. */ public static byte[] compute(final Base64URL encodedJWEHeader) { return encodedJWEHeader.toString().getBytes(Charset.forName("ASCII")); }
/** * Overrides {@code Object.equals()}. * * @param object The object to compare to. * * @return {@code true} if the objects have the same value, otherwise * {@code false}. */ @Override public boolean equals(final Object object) { return object != null && object instanceof Base64URL && this.toString().equals(object.toString()); }
@Override public LinkedHashMap<String,?> getRequiredParams() { // Put mandatory params in sorted order LinkedHashMap<String,String> requiredParams = new LinkedHashMap<>(); requiredParams.put("e", e.toString()); requiredParams.put("kty", getKeyType().getValue()); requiredParams.put("n", n.toString()); return requiredParams; }
@Override public LinkedHashMap<String,?> getRequiredParams() { // Put mandatory params in sorted order LinkedHashMap<String,String> requiredParams = new LinkedHashMap<>(); requiredParams.put("crv", crv.toString()); requiredParams.put("kty", getKeyType().getValue()); requiredParams.put("x", x.toString()); requiredParams.put("y", y.toString()); return requiredParams; }
@Override public LinkedHashMap<String,?> getRequiredParams() { // Put mandatory params in sorted order LinkedHashMap<String,String> requiredParams = new LinkedHashMap<>(); requiredParams.put("k", k.toString()); requiredParams.put("kty", getKeyType().toString()); return requiredParams; }
/** * Serialises this JWS object to its compact format consisting of * Base64URL-encoded parts delimited by period ('.') characters. It * must be in a {@link State#SIGNED signed} or * {@link State#VERIFIED verified} state. * * <pre> * [header-base64url].[payload-base64url].[signature-base64url] * </pre> * * @return The serialised JWS object. * * @throws IllegalStateException If the JWS object is not in a * {@link State#SIGNED signed} or * {@link State#VERIFIED verified} state. */ @Override public String serialize() { ensureSignedOrVerifiedState(); return signingInputString + '.' + signature.toString(); }
@Override public LinkedHashMap<String,?> getRequiredParams() { // Put mandatory params in sorted order LinkedHashMap<String,String> requiredParams = new LinkedHashMap<>(); requiredParams.put("crv", crv.toString()); requiredParams.put("kty", getKeyType().getValue()); requiredParams.put("x", x.toString()); return requiredParams; }
private JWTClaimsSet parse(String token) { try { SignedJWT signedJWT = SignedJWT.parse(token); if (signedJWT.getSignature().toString().isEmpty()) { throw new IllegalArgumentException("The token doesn't have a signature"); } // check if payload is a valid JSON object and throws ParseException when it's not return signedJWT.getJWTClaimsSet(); } catch (ParseException e) { throw new IllegalArgumentException( "The token does not conform to signed JWT format. " + e.getMessage()); } }
/** * Serialises this unsecured JOSE object to its compact format * consisting of Base64URL-encoded parts delimited by period ('.') * characters. * * <pre> * [header-base64url].[payload-base64url].[] * </pre> * * @return The serialised unsecured JOSE object. */ @Override public String serialize() { return header.toBase64URL().toString() + '.' + getPayload().toBase64URL().toString() + '.'; }
/** * Parses an unsecured (plain) JSON Web Token (JWT) from the specified * string in compact format. * * @param s The string to parse. Must not be {@code null}. * * @return The unsecured JWT. * * @throws ParseException If the string couldn't be parsed to a valid * unsecured JWT. */ public static PlainJWT parse(final String s) throws ParseException { Base64URL[] parts = JOSEObject.split(s); if (! parts[2].toString().isEmpty()) { throw new ParseException("Unexpected third Base64URL part in the unsecured JWT object", 0); } return new PlainJWT(parts[0], parts[1]); } }
@Override public JSONObject toJSONObject() { JSONObject o = super.toJSONObject(); // Append key value o.put("k", k.toString()); return o; }
private JWK fromRSA(com.nimbusds.jose.jwk.RSAKey jwk) { RSAKey rsaKey = new RSAKey(); rsaKey.setKty(KeyType.RSA.getKeyType()); rsaKey.setKid(jwk.getKeyID()); rsaKey.setUse(jwk.getKeyUse() != null ? jwk.getKeyUse().identifier() : null); rsaKey.setE(jwk.getPublicExponent() != null ? jwk.getPublicExponent().toString() : null); rsaKey.setN(jwk.getModulus() != null ? jwk.getModulus().toString() : null); return rsaKey; }
private JWK fromRSA(com.nimbusds.jose.jwk.RSAKey jwk) { RSAKey rsaKey = new RSAKey(); rsaKey.setKty(KeyType.RSA.getKeyType()); rsaKey.setKid(jwk.getKeyID()); rsaKey.setUse(jwk.getKeyUse() != null ? jwk.getKeyUse().identifier() : null); rsaKey.setE(jwk.getPublicExponent() != null ? jwk.getPublicExponent().toString() : null); rsaKey.setN(jwk.getModulus() != null ? jwk.getModulus().toString() : null); return rsaKey; }
private JWK fromEC(com.nimbusds.jose.jwk.ECKey jwk) { ECKey ecKey = new ECKey(); ecKey.setKty(KeyType.EC.getKeyType()); ecKey.setKid(jwk.getKeyID()); ecKey.setUse(jwk.getKeyUse() != null ? jwk.getKeyUse().identifier() : null); ecKey.setX(jwk.getX() != null ? jwk.getX().toString() : null); ecKey.setY(jwk.getY() != null ? jwk.getY().toString() : null); Optional<Curve> curve = Curve.getByName(jwk.getCurve().getName()); //if not present, parse method will fail before... ecKey.setCrv(curve.get().getName()); return ecKey; } }
private JWK fromEC(com.nimbusds.jose.jwk.ECKey jwk) { ECKey ecKey = new ECKey(); ecKey.setKty(KeyType.EC.getKeyType()); ecKey.setKid(jwk.getKeyID()); ecKey.setUse(jwk.getKeyUse() != null ? jwk.getKeyUse().identifier() : null); ecKey.setX(jwk.getX() != null ? jwk.getX().toString() : null); ecKey.setY(jwk.getY() != null ? jwk.getY().toString() : null); Optional<Curve> curve = Curve.getByName(jwk.getCurve().getName()); //if not present, parse method will fail before... ecKey.setCrv(curve.get().getName()); return ecKey; } }