My customer sends to me a JWT, I need to validate this JWT using their public key.
I am using Java and JJWT framework to validate this token.
I know decode this token using HS256, but using RS256 I don't know.
their configurations is:
Editing here to improve my question.
The jjwt example of parse that I am using:
Claims String secret = "-----BEGIN CERTIFICATE-----myx5ckey-----END CERTIFICATE-----"
byte[] dataBytes = Base64.getEncoder().encode(secret.getBytes());
byte[] byteKey = Base64.getDecoder().decode(dataBytes);
X509EncodedKeySpec X509publicKey = new X509EncodedKeySpec(byteKey);
KeyFactory kf = KeyFactory.getInstance("RSA");
PublicKey publicKey = kf.generatePublic(X509publicKey);
Claims body = null;
body = Jwts.parser().setSigningKey(publicKey.getEncoded())
.parseClaimsJws(idToken)
.getBody();
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:205)
How can I validate the received token using the JWKS informations that I show? (imagem above)
I solved my problem.
String secret2 = "myX5c";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = cf.generateCertificate(new ByteArrayInputStream(DatatypeConverter.parseBase64Binary(secret2)));
PublicKey publicKey = certificate.getPublicKey();
Claims body = null;
body = Jwts.parser().setSigningKey(publicKey)
.parseClaimsJws(idToken)
.getBody();
#KcDoD thanks for your tips.
tldr; Need to follow three steps
Extract public key from JWK may be going through discovery document or from any other mean.
Extract JWS Signature and JWS Signing input as described by JWS specification
Pass public key, JWS signature and JWS Signing input to signature verifier
Depending on the library, step 2 and 3 may be done in single step.!
Long answer
To validate you have to follow the JWS specification.
JWS specification, defined in RFC7515 explains how to create JWT's MAC needed to validate the token. Appendix 2 of the protocol explains how to create a MAC with RS256 and validate it.
Using the discovery information, you must identify the public key. Now here you have received key details as a JWK. According JWK protocol definition on x5x,
The "x5c" (X.509 certificate chain) parameter contains a chain of one
or more PKIX certificates
So basically you have public key in the JWK. Now you need to convert the encoded String of x5x to public key. To do that, please check this already answered question.
Once the public key is constructed use it to validate the token. Following is the extraction from spec.
A.2.2. Validating
Since the "alg" Header Parameter is "RS256", we validate the
RSASSA- PKCS1-v1_5 SHA-256 digital signature contained in the JWS
Signature.
Validating the JWS Signature is a bit different from the previous example. We pass the public key (n, e), the JWS Signature (which is base64url decoded from the value encoded in the JWS representation), and the JWS Signing Input (which is the initial substring of the JWS Compact Serialization representation up until but not including the second period character) to an RSASSA-PKCS1-v1_5 signature verifier that has been configured to use the SHA-256 hash function.
To validate, its better to use a library. For reference, here is a link to how its done using nimbus
Related
I am trying to port java code that verifies a signature. To generate said signature, a string is first hashed with a SHA-256 digest, then base64 encoded then signed.
The Java code to verify the signature:
public static boolean ver(X509Certificate cert, String data, String sig) throws Exception {
byte[] hashOnly = MessageDigest.getInstance("SHA-256").digest(
data.getBytes(StandardCharsets.UTF_8)
);
String hashWithEncode = Base64.getEncoder().encodeToString(hashOnly);
byte[] encodedDataBytes = hashWithEncode.getBytes();// Byte array of payload that is signed
byte[] decodedSignature = Base64.getDecoder().decode(sig);// Get byte[] of signature string from payload
Signature verifier = Signature.getInstance("SHA256withRSA");
verifier.initVerify(cert.getPublicKey());
verifier.update(encodedDataBytes);
return( verifier.verify(decodedSignature) );
}
Note the data is first hashed, then encoded, then the signature is verified. This will correctly verify a signature
My Ruby code is:
def ver(cert, signature, data)
pub_key = cert.public_key
digest = OpenSSL::Digest::SHA256.new
decoded_sig = Base64.decode64(signature)
ver = pub_key.verify(digest, decoded_sig, data)
end
which will not verify the same signature and data.
The output of
OpenSSL::Digest::SHA256.base64digest(data)
will match hashWithEncode from the Java code, but I do not understand how to pass this value to the signature verification, rather than only the SHA256 hash, as you cannot specify the base64 encoding output in the Digest object required for the verify method.
I want to user SWCrypt for RSA encryption and decryption. i should send my public key base64 decoded to server. but when i try send generated public key base64 i can't get this error in server side:
let (privateKey, publicKey) = try CC.RSA.generateKeyPair(2048)
let publicKeyBase64 = publicKey.base64EncodedString()
error: java.security.InvalidKeyException: IOException: algid parse error, not a sequence
but when send PEMPublicKey getting successfully response.
let publicKeyPEM = SwKeyConvert.PublicKey.derToPKCS8PEM(publicKey)
what is difference between publicKeyBase64 and publicKeyPEM?
sample of generated key:
MIIBCgKCAQEAuWwCZpNXJtT2spBsDwrQaTFGVAjicM341Qzg+1whtlj9J60c/7HYe6AcGHa8Dinkiuk7Whs1Wpa34aa223WQsa+kFSNwkC6oDUXhewan3VEsv1uedzHc8JPlTXnItJsP8cIETFgHpdKWk462hU09mVCTtQTix0BEb8snS96wERvKq957OeaGtFasfT/bQfY0mbDu6eEMqswmfX8j84kuTfwWtqt6mLMTJaDwnsGc5WY1zkau68IQ/CBiiLpZ5hSVMs2pPj3Ao0+wNhR5MlMgdcwrU62SHWcMJ5cYssFgWZyZSvO3n/yW43fE5a1i+9Tm2trveGIdMR4d/MoA79/8IQIDAQAB
sample of generated PEM key :
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWwCZpNXJtT2spBsDwrQaTFGVAjicM341Qzg+1whtlj9J60c/7HYe6AcGHa8Dinkiuk7Whs1Wpa34aa223WQsa+kFSNwkC6oDUXhewan3VEsv1uedzHc8JPlTXnItJsP8cIETFgHpdKWk462hU09mVCTtQTix0BEb8snS96wERvKq957OeaGtFasfT/bQfY0mbDu6eEMqswmfX8j84kuTfwWtqt6mLMTJaDwnsGc5WY1zkau68IQ/CBiiLpZ5hSVMs2pPj3Ao0+wNhR5MlMgdcwrU62SHWcMJ5cYssFgWZyZSvO3n/yW43fE5a1i+9Tm2trveGIdMR4d/MoA79/8IQIDAQAB
how can send generated public key simple of PEM key format?
thanks.
X509 is a standard for Public Key Infraestructure, not a encoding format. You can encode a X509 public key in PEM (base64), DER(binary) or XML. Also the binary data of the public key can be represented in PCKS#1 or X509 SubjectPublicKeyInfo.
In my knowledge PKCS#8 is a standard for private keys. See PKCS #8: Private-Key Information Syntax Standard. So I guess SWCrypt is really using X509 SubjectPublicKeyInfo (Maybe i have not read some RFCs), which is what your server is waiting for.
let publicKeyPEM = SwKeyConvert.PublicKey.derToPKCS8PEM(publicKey)
SubjectPublicKeyInfo encapsulates the public key into a ASN.1 structure adding a header. If you encode the raw data of the public key (DER) using publicKey.base64EncodedString, that header is not added and your server does not know how to manage it.
How to work with Dwolla API which required Client_id & Client_Secret
https://www.dwolla.com/oauth/rest/users/{account_identifier}?client_id={client_id}&client_secret={client_secret}
I already register Application. And Got Key and Secret
But when I call above described API Endpoint via Fiddler. Got bellow response.
{"Success":false,"Message":"Invalid application credentials.","Response":null}
Note: I tested Client_id = API Key / Client_id = Application Key. But the response remain same. What is the problem ?
The client_id is just another name for the API/Application Key, which identifies your application. The client/application secret is a string that functions as a password for your application. Just like a password, you should never give out your application secret; and if it's ever compromised, let us know immediately and we'll generate a new key/secret pair for you.
About your failed request: Try encoding your application key and secret. If special characters aren't escaped from the URL, the request will be interpreted differently from what you intend.
You can quickly encode the two strings from your Javascript console:
var key = "EUFH378&36%394749D\DWIHD";
encodeURIComponent(key);
Result: "EUFH378%2636%25394749DDWIHD"
var secret = "WOIDJ38&IDI\DK389DDDDD";
encodeURIComponent(secret);
Result: "WOIDJ38%26IDIDK389DDDDD"
And place their encoded equivalents back into your request URL:
https://www.dwolla.com/oauth/rest/users/gordon#dwolla.com?client_id=EUFH378%2636%25394749DDWIHD&client_secret=WOIDJ38%26IDIDK389DDDDD
The HMAC-SHA1 signature method requires a key formed with the concatenation of the client shared secret, '&' and the token shared secret.
I wonder which value should I use for the token shared secret when the client still does not have the request or access token: the client shared-secret again or leave it empty.
From the specification:
3.4.2. HMAC-SHA1
The "HMAC-SHA1" signature method uses the HMAC-SHA1 signature
algorithm as defined in [RFC2104]:
digest = HMAC-SHA1 (key, text)
The HMAC-SHA1 function variables are used in following way:
text is set to the value of the signature base string from
Section 3.4.1.1.
key is set to the concatenated values of:
1. The client shared-secret, after being encoded
(Section 3.6).
2. An "&" character (ASCII code 38), which MUST be included
even when either secret is empty.
3. The token shared-secret, after being encoded
(Section 3.6).
digest is used to set the value of the "oauth_signature" protocol
parameter, after the result octet string is base64-encoded
per [RFC2045], Section 6.8.
Thanks
The key should be set to the client shared-secret plus the "&" character when the token shared-secret is unavailable.
I am using oauth to authenticate dropbox and download a file from dropbox after getting access_token am using the below signature for download a file from dropbox am passing the root, path of the file, consumerKey and oauth_token with signature_method as PLAINTEXT and am getting an error
{"error": "Bad oauth_signature for oauth_signature_method 'PLAINTEXT'"}
Signature am using is given below :
https://api-content.dropbox.com/1/files?oauth_consumer_key=twcek2m7cxtantc&oauth_signature_method=PLAINTEXT&oauth_token=1jczc39y7rn1265&oauth_version=1.0&path=test%2Fut.txt&root=dropbox&oauth_signature=fbs34nykryouuj1%2526gbwmn3e27g97cfy
What should I do to resolve this error?
I was searching about this and found that:
1) The PLAINTEXT method does not provide any security protection and SHOULD only be used over a secure channel such as HTTPS. It does not use the Signature Base String.
2) The Service Provider declares support for the HMAC-SHA1 signature method for all requests, and PLAINTEXT only for secure (HTTPS) requests.
3) When used with PLAINTEXT signatures, the OAuth protocol makes no attempts to protect User credentials from eavesdroppers or man-in-the-middle attacks. The PLAINTEXT signature algorithm is only intended to be used in conjunction with a transport-layer security mechanism such as TLS or SSL which does provide such protection. If transport-layer protection is unavailable, the PLAINTEXT signature method should not be used.
You can refer this link http://oauth.net/core/1.0/#anchor22
You can also check if your keys are correct
The signature Protocol Parameters are set with the following values unencrypted:
oauth_signature_method : Set to PLAINTEXT.
oauth_signature : Set to the concatenated encoded value of the oauth_consumer_secret parameter and the value of the oauth_token_secret parameter. If the values contain a . character (ASCII code 46), it must be encoded as %2E. The values are separated by a . character (ASCII code 46), even if empty. The result MUST not be encoded again.
For example, if the Consumer Key is dj.9rj$0jd78jf88 and Token Secret is jjd999(j88ui.hs3, the encoded values are:
Consumer Key : dj%2E9rj%240jd78jf88
Token Secret : jjd999%28j88ui%2Ehs3
And the oauth_signature value is dj%2E9rj%240jd78jf88.jjd999%28j88ui%2Ehs3. This value is not encoded anymore and is used as it in the HTTP request. If the Token Secret is empty, the value is dj%2E9rj%240jd78jf88. (the separator . is retained).