- edited description
Signature verification fails using crv: "P-256", kty: "EC"
Hi,
I'm trying to verify a JSON JWS document here: https://fedscim-poc.skolfederation.se/md/skolfederation-fedscim-0_1.json
using the key here: https://fedscim-poc.skolfederation.se/jwks
The signature verifies using the python verifier here: https://github.com/kirei/scim-fed-auth/blob/master/tools/verify.py
I'm using the following code to verify the JWS - what am I doing wrong?
Thanks!
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.VerificationJwkSelector;
import org.jose4j.jws.JsonWebSignature;
import org.junit.Assert;
import org.junit.Test;
import java.net.URL;
import java.util.Scanner;
public class JWSUtilTest {
private static ObjectMapper mapper = new ObjectMapper();
@Test
public void parse() throws Exception {
String keys = new Scanner(new URL("https://fedscim-poc.skolfederation.se/jwks").openStream(), "UTF-8").useDelimiter("\\A").next();
String meta = new Scanner(new URL("https://fedscim-poc.skolfederation.se/md/skolfederation-fedscim-0_1.json").openStream(), "UTF-8").useDelimiter("\\A").next();
JsonWebSignature jws = parseJSONSerialization(meta);
jws.setKnownCriticalHeaders("exp");
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(keys);
VerificationJwkSelector jwkSelector = new VerificationJwkSelector();
JsonWebKey jwk = jwkSelector.select(jws, jsonWebKeySet.getJsonWebKeys());
jws.setKey(jwk.getKey());
Assert.assertTrue("Verification failed", jws.verifySignature());
}
/**
* Utility to convert JSON serialization to compact, as nimbus-jose-jwt doesnt seem to support it.
*
* @param json
* @return
*/
static JsonWebSignature parseJSONSerialization(String json) {
try {
JsonNode root = mapper.readTree(json);
JsonNode payload = root.get("payload");
JsonNode signatures = root.get("signatures");
JsonNode signature = signatures.get(0);
String protectedString = signature.get("protected").asText();
String signaturePart = signature.get("signature").asText();
JsonWebSignature jsonWebSignature = new JsonWebSignature();
jsonWebSignature.setCompactSerialization(protectedString + "." + payload + "." + signaturePart);
return jsonWebSignature;
} catch (Exception e) {
throw new RuntimeException("Could not parse jws json");
}
}
}
Comments (6)
-
reporter -
repo owner You need the
.asText()
bit on the payload part as well. The payload part has quotes around it when building the compact serialization, which results in the JWS beingheader."payload".signature
and signature verification failing. -
reporter Doh! Many thanks.
Is there support for, or any plans to, handle parsing of JWS JSON Serialization?
-
repo owner No current support for the JSON Serializations and no plans.
-
reporter Ok, thanks. Happy holidays!
-
reporter - changed status to resolved
- Log in to comment