JWS verification throws exception
Hello,
I want to validate signature of JWS structure with PS256 algorithm. I used RSASSAVerifier and BouncyCastleProvider. It’s work well, but when i want to verify on Android 4.4.2 device, throws exception like “com.nimbusds.jose.JOSEException: java.lang.UnsupportedOperationException“. I'm not sure what caused the error. Am i doing something wrong?
Here is my code;
val verifier: JWSVerifier = when (jwsObject.header.algorithm) {
JWSAlgorithm.PS256, JWSAlgorithm.RS256 -> {
RSASSAVerifier(publicKey as RSAPublicKey)
}
JWSAlgorithm.ES256 -> {
ECDSAVerifier(publicKey as ECPublicKey)
}
else -> {
throw ErrorCodes.jwsAlgorithmTypeError
}
}
val provider = BouncyCastleProviderSingleton.getInstance()
verifier.jcaContext.provider = provider
Security.addProvider(provider)
try {
if (!jwsObject.verify(verifier)) {
throw ErrorCodes.jwsSignVerificationError
}
} catch (e: Exception) {
throw ErrorCodes.jwsSignVerificationError
}
Thank you.
Comments (4)
-
-
reporter Hello,
Here is the stacktrace;
e = java.lang.UnsupportedOperationException stackTrace = {StackTraceElement[15]@830064281128} 0 = {StackTraceElement@830062841864} "java.security.SignatureSpi.engineSetParameter(SignatureSpi.java:278)" declaringClass = "java.security.SignatureSpi" fileName = "SignatureSpi.java" methodName = "engineSetParameter" lineNumber = 278 1 = {StackTraceElement@830062776976} "java.security.Signature.setParameter(Signature.java:545)" declaringClass = "java.security.Signature" fileName = "Signature.java" methodName = "setParameter" lineNumber = 545 2 = {StackTraceElement@830062759744} "com.nimbusds.jose.crypto.impl.RSASSA.getSignerAndVerifier(RSASSA.java:98)" declaringClass = "com.nimbusds.jose.crypto.impl.RSASSA" fileName = "RSASSA.java" methodName = "getSignerAndVerifier" lineNumber = 98 3 = {StackTraceElement@830062702744} "com.nimbusds.jose.crypto.RSASSAVerifier.verify(RSASSAVerifier.java:159)" declaringClass = "com.nimbusds.jose.crypto.RSASSAVerifier" fileName = "RSASSAVerifier.java" methodName = "verify" lineNumber = 159
Thank you for your support.
-
Hi,
This appears to be the underlying java.security.SignatureSpi not supporting PS256. PS256 is not widely supported.
Can you run a test to be sure PS256 is indeed the unsupported alg?
BouncyCastle should support it, unless perhaps you’re using an old version.
-
- changed status to invalid
Verification needs JCA provider with PSxxx support, e.g. BouncyCastle
- Log in to comment
Could you post the stack trace?
This will show where and possibly why the exception is occurring.