@Override public boolean test(JsonWebToken jsonWebToken) throws VerificationException { if (expectedIssuedFor == null) { throw new VerificationException("Missing expectedIssuedFor"); } if (expectedIssuedFor.equals(jsonWebToken.getIssuedFor())) { return true; } throw new VerificationException("Expected issuedFor doesn't match"); } }
@Override public boolean test(JsonWebToken t) throws VerificationException { if (expectedAudience == null) { throw new VerificationException("Missing expectedAudience"); } String[] audience = t.getAudience(); if (audience == null) { throw new VerificationException("No audience in the token"); } if (t.hasAudience(expectedAudience)) { return true; } throw new VerificationException("Expected audience not available in the token"); } };
String algorithm = "MD5withRSA"; // Initialize JCE provider Signature verifier = Signature.getInstance(algorithm); // Do the verification boolean result=false; try { verifier.initVerify(cert); // This one checks key usage in the cert verifier.update(data); result = verifier.verify(sigBytes); } catch (Exception e) { throw new VerificationException("Verification error: "+e, e); }
@Override public boolean test(JsonWebToken t) throws VerificationException { String subject = t.getSubject(); if (subject == null) { throw new VerificationException("Subject missing in token"); } return true; } };
public void verifyPostBindingSignature(Document document, KeyLocator keyLocator) throws VerificationException { SAML2Signature saml2Signature = new SAML2Signature(); try { if (!saml2Signature.validate(document, keyLocator)) { throw new VerificationException("Invalid signature on document"); } } catch (ProcessingException e) { throw new VerificationException("Error validating signature", e); } }
@Override public boolean test(JsonWebToken t) throws VerificationException { if (this.realmUrl == null) { throw new VerificationException("Realm URL not set"); } if (! this.realmUrl.equals(t.getIssuer())) { throw new VerificationException("Invalid token issuer. Expected '" + this.realmUrl + "', but was '" + t.getIssuer() + "'"); } return true; } };
public TokenVerifier<T> parse() throws VerificationException { if (jws == null) { if (tokenString == null) { throw new VerificationException("Token not set"); } try { jws = new JWSInput(tokenString); } catch (JWSInputException e) { throw new VerificationException("Failed to parse JWT", e); } try { token = jws.readJsonContent(clazz); } catch (JWSInputException e) { throw new VerificationException("Failed to read access token from JWT", e); } } return this; }
@Override public boolean verify(byte[] data, byte[] signature) throws VerificationException { try { Signature verifier = Signature.getInstance(JavaAlgorithm.getJavaAlgorithm(key.getAlgorithm())); verifier.initVerify((PublicKey) key.getVerifyKey()); verifier.update(data); return verifier.verify(signature); } catch (Exception e) { throw new VerificationException("Signing failed", e); } }
@Override public boolean test(JsonWebToken t) throws VerificationException { if (! tokenType.equalsIgnoreCase(t.getType())) { throw new VerificationException("Token type is incorrect. Expected '" + tokenType + "' but was '" + t.getType() + "'"); } return true; } };
@Override public boolean verify(byte[] data, byte[] signature) throws VerificationException { try { Mac mac = Mac.getInstance(JavaAlgorithm.getJavaAlgorithm(key.getAlgorithm())); mac.init(key.getSecretKey()); mac.update(data); byte[] verificationSignature = mac.doFinal(); return MessageDigest.isEqual(verificationSignature, signature); } catch (Exception e) { throw new VerificationException("Signing failed", e); } }
public static void verify(String privateKeyPem, String publicKeyPem) throws VerificationException { PrivateKey privateKey; try { privateKey = PemUtils.decodePrivateKey(privateKeyPem); } catch (Exception e) { throw new VerificationException("Failed to decode private key"); } PublicKey publicKey; try { publicKey = PemUtils.decodePublicKey(publicKeyPem); } catch (Exception e) { throw new VerificationException("Failed to decode public key"); } try { String jws = new JWSBuilder().content("content".getBytes()).rsa256(privateKey); if (!RSAProvider.verify(new JWSInput(jws), publicKey)) { throw new VerificationException("Keys don't match"); } } catch (Exception e) { throw new VerificationException("Keys don't match"); } }
private static PublicKey getPublicKey(String kid, KeycloakDeployment deployment) throws VerificationException { PublicKeyLocator pkLocator = deployment.getPublicKeyLocator(); PublicKey publicKey = pkLocator.getPublicKey(kid, deployment); if (publicKey == null) { log.errorf("Didn't find publicKey for kid: %s", kid); throw new VerificationException("Didn't find publicKey for specified kid"); } return publicKey; }
throw new VerificationException(e); throw new VerificationException("Unknown or unsupported token algorithm"); } else switch (algorithmType) { case RSA: if (publicKey == null) { throw new VerificationException("Public key not set"); case HMAC: if (secretKey == null) { throw new VerificationException("Secret key not set"); throw new VerificationException("Unknown or unsupported token algorithm");
public TokenVerifier<T> verify() throws VerificationException { if (getToken() == null) { parse(); } if (jws != null) { verifySignature(); } for (Predicate<? super T> check : checks) { if (! check.test(getToken())) { throw new VerificationException("JWT check failed for check " + check); } } return this; }
throw new VerificationException("SAML Request was null"); if (algorithm == null) throw new VerificationException("SigAlg was null"); if (signature == null) throw new VerificationException("Signature was null"); throw new VerificationException("Invalid query param signature"); throw new VerificationException(e);
idToken = input.readJsonContent(IDToken.class); } catch (JWSInputException e) { throw new VerificationException(e);