1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

JWS verification throws exception

Issue #321 invalid
Ensar Bayhan created an issue

Hello,

I want to validate signature of JWS structure with PS256 algorithm. I used RSASSAVerifier and BouncyCastleProvider. It’s work well, but when i want to verify on Android 4.4.2 device, throws exception like “com.nimbusds.jose.JOSEException: java.lang.UnsupportedOperationException“. I'm not sure what caused the error. Am i doing something wrong?

Here is my code;

val verifier: JWSVerifier = when (jwsObject.header.algorithm) {
            JWSAlgorithm.PS256, JWSAlgorithm.RS256 -> {
                RSASSAVerifier(publicKey as RSAPublicKey)
            }
            JWSAlgorithm.ES256 -> {
                ECDSAVerifier(publicKey as ECPublicKey)
            }
            else -> {
                throw ErrorCodes.jwsAlgorithmTypeError
            }
        }

val provider = BouncyCastleProviderSingleton.getInstance()

verifier.jcaContext.provider = provider
Security.addProvider(provider)

try {
    if (!jwsObject.verify(verifier)) {
        throw ErrorCodes.jwsSignVerificationError
    }
} catch (e: Exception) {
    throw ErrorCodes.jwsSignVerificationError
}

Thank you.

Comments (4)

  1. Connect2id OSS

    Could you post the stack trace?

    This will show where and possibly why the exception is occurring.

  2. Ensar Bayhan reporter

    Hello,

    Here is the stacktrace;

    e = java.lang.UnsupportedOperationException
stackTrace = {StackTraceElement[15]@830064281128} 
0 = {StackTraceElement@830062841864} "java.security.SignatureSpi.engineSetParameter(SignatureSpi.java:278)"
declaringClass = "java.security.SignatureSpi"
fileName = "SignatureSpi.java"
methodName = "engineSetParameter"
lineNumber = 278

1 = {StackTraceElement@830062776976} "java.security.Signature.setParameter(Signature.java:545)"
declaringClass = "java.security.Signature"
fileName = "Signature.java"
methodName = "setParameter"
lineNumber = 545

2 = {StackTraceElement@830062759744} "com.nimbusds.jose.crypto.impl.RSASSA.getSignerAndVerifier(RSASSA.java:98)"
declaringClass = "com.nimbusds.jose.crypto.impl.RSASSA"
fileName = "RSASSA.java"
methodName = "getSignerAndVerifier"
lineNumber = 98

3 = {StackTraceElement@830062702744} "com.nimbusds.jose.crypto.RSASSAVerifier.verify(RSASSAVerifier.java:159)"
declaringClass = "com.nimbusds.jose.crypto.RSASSAVerifier"
fileName = "RSASSAVerifier.java"
methodName = "verify"
lineNumber = 159

    Thank you for your support.

  3. Connect2id OSS

    Hi,

    This appears to be the underlying java.security.SignatureSpi not supporting PS256. PS256 is not widely supported.

    Can you run a test to be sure PS256 is indeed the unsupported alg?

    BouncyCastle should support it, unless perhaps you’re using an old version.

  5. Log in to comment
Assignee
Type
bug
Priority
critical
Status
invalid
Component
Milestone
5.0
Votes
0
Watchers
1
Jira Software: the preferred issue tracker for Bitbucket. Join the team!