protected static String sign(JSONObject header, JSONObject payload, JSONWebKey webkey) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { return sign(concat(header, payload), webkey); }
public static boolean verify(JSONObject header, JSONObject payload, String sig, JSONWebKey webKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, InvalidKeySpecException { Object alg = header.get(ALGORITHM); if (alg == null || !(alg instanceof String)) { throw new IllegalStateException("Unknown algorithm"); } String algorithm = (String) alg; DebugUtil.dbg(JWTUtil.class, "Verifying ID token with algorithm =" + algorithm); Signature signature = null; if (algorithm.equals(NONE_JWT)) { return true; } signature = Signature.getInstance(getJavaSignatureName(algorithm)); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(webKey.publicKey.getEncoded()); RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec); signature.initVerify(pubKey); signature.update(concat(header, payload).getBytes()); boolean rc = signature.verify(Base64.decodeBase64(sig)); DebugUtil.dbg(JWTUtil.class, "Verification ok?" + rc); return rc; }
/** * Creates an unsigned token. * * @param payload * @return */ public static String createJWT(JSONObject payload) { JSONObject header = new JSONObject(); header.put(TYPE, "JWT"); header.put(ALGORITHM, NONE_JWT); return concat(header, payload) + "."; // as per spec. }
public static void testSigning() throws Exception { String h = "{\"typ\":\"JWT\",\"kid\":\"9k0HPG3moXENne\",\"alg\":\"RS256\"}"; String p = "{\"iss\":\"https://ashigaru.ncsa.uiuc.edu:9443\",\"sub\":\"jgaynor\",\"exp\":1484764744,\"aud\":\"myproxy:oa4mp,2012:/client_id/14649e2f468450dac0c1834811dbd4c7\",\"iat\":1484763844,\"nonce\":\"0ZIi-EuxeC_X8AgB3VifOoqKiXWsz_NlXSzIu7h8rzU\",\"auth_time\":\"1484763843\"}\n"; JSONObject header = JSONObject.fromObject(h); System.out.println("header=" + header); JSONObject payload = JSONObject.fromObject(p); System.out.println("payload=" + payload); System.out.println("base 64=" + concat(header, payload)); //String keyID = "9k0HPG3moXENne"; String keyID = "244B235F6B28E34108D101EAC7362C4E"; JSONWebKeys keys = JSONWebKeyUtil.fromJSON(new File("/home/ncsa/dev/csd/config/polo-keys.jwk")); String idTokken = createJWT(payload, keys.get(keyID)); System.out.println(idTokken); JSONObject claims = verifyAndReadJWT(idTokken, keys); System.out.println("claims = " + claims); JSONWebKey webKey = keys.get(keyID); System.out.println(KeyUtil.toX509PEM(webKey.publicKey)); }
byte[] content = concat(header, payload).getBytes(); signature.update(content); byte[] signatureBytes = signature.sign();
public static void signAndVerify(JSONWebKeys keys, String keyID) throws Exception { String h = "{" + " \"typ\": \"JWT\"," + " \"kid\": \"9k0HPG3moXENne\"," + " \"alg\": \"RS256\"" + "}"; String p = "{\n" + " \"iss\": \"https://ashigaru.ncsa.uiuc.edu:9443\"," + " \"sub\": \"jgaynor\"," + " \"exp\": 1484764744," + " \"aud\": \"myproxy:oa4mp,2012:/client_id/14649e2f468450dac0c1834811dbd4c7\"," + " \"iat\": 1484763844," + " \"nonce\": \"0ZIi-EuxeC_X8AgB3VifOoqKiXWsz_NlXSzIu7h8rzU\"," + " \"auth_time\": \"1484763843\"" + "}"; JSONObject header = JSONObject.fromObject(h); JSONObject payload = JSONObject.fromObject(p); JSONWebKey key = keys.get(keyID); String signature = sign(header, payload, key); System.out.println(concat(header, payload) + "." + signature); System.out.println(KeyUtil.toX509PEM(key.publicKey)); System.out.println("verified?" + verify(header, payload, signature, key)); }
public static String createJWT(JSONObject payload, JSONWebKey jsonWebKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeySpecException, InvalidKeyException, IOException { JSONObject header = new JSONObject(); header.put(TYPE, "JWT"); header.put(KEY_ID, jsonWebKey.id); String signature = null; header.put(ALGORITHM, jsonWebKey.algorithm); if (jsonWebKey.algorithm.equals(NONE_JWT)) { signature = ""; // as per spec } else { DebugUtil.dbg(JWTUtil.class, "Signing ID token with algorithm=" + jsonWebKey.algorithm); signature = sign(header, payload, jsonWebKey); } String x = concat(header, payload); return x + "." + signature; }