Spermato
Reputation: 63
Validate JWT signature with ECDSA public key - Error decoding signature bytes
i need some help to validate a jwt signature with a ECDSA public key. I'm reading the key from a .pem file with bouncy castle and using jjwt to do the validation. I'm getting an error while validating the signature.
Security.addProvider(new BouncyCastleProvider());
String jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJtc2kiOiI5NzE1NTA5ODc2NTUiLCJmZWEiOiJzaWdudXAtZGF0YSIsImlzcyI6IkNEUCIsImV4cCI6MTU1NDU2NjMzNiwiaWF0IjoxNTU0MzkzNTM2LCJzaWQiOiIwNDI0MDMwMDg5NzI4MTg3QG5haS5lcGMubW5jMTMwLm1jYzMxMC4zZ3BwbmV0d29yay5vcmcifQ.RwxoGmFd1_dQPeGN-0gnWIW79xXvGHoyJKBbCKajgO75UooceS6tskxwqViEuP1gZD66UE8Bd2L0FaeI2aS_IA";
PemReader pemReader = new PemReader(new FileReader("/publickey.pem"));
X509EncodedKeySpec spec = new X509EncodedKeySpec(pemReader.readPemObject().getContent());
KeyFactory kf = KeyFactory.getInstance("ECDSA","BC");
PublicKey publicKey = kf.generatePublic(spec);
Jws<Claims> claims = Jwts.parser().setSigningKey(publicKey).parseClaimsJws(jwt);
I'm getting a Signature Exception with: Unable to verify Elliptic Curve signature using configured ECPublicKey. error decoding signature bytes.
Upvotes: 3
Views: 2833
Answers (2)
Anish Panthi
Reputation: 1032
This will work as well without mentioning any algorithm.
public boolean isTokenValid(String token) {
try {
String certificate = "GET_YOUR_PUBLIC_CERTIFICATE_HERE"; //Either from REST call or reading from a cert file.
getPublicKeyAndParseToken(token, certificate);
return true;
} catch (IOException e) {
log.error("", e);
} catch (Exception e) {
log.error("", e);
log.error("JWT Not-Verified");
}
return false;
}
private void getPublicKeyAndParseToken(String token, String certificate) throws IOException, CertificateException {
log.debug("Certificate:: " + certificate); //Only for debugging purpose
InputStream is = new ByteArrayInputStream(certificate.getBytes(StandardCharsets.UTF_8));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(is);
PublicKey publicKey = cert.getPublicKey();
Jws parsedClaimsJws = Jwts.parser().setSigningKey(publicKey).parseClaimsJws(token);
log.debug("Header:: " + parsedClaimsJws.getHeader()); //Only for debugging purpose
log.debug("Body:: " + parsedClaimsJws.getBody()); //Only for debugging purpose
}
Don't forget to use version '0.9.x' of jjwt library. I've below dependency in my build.gradle:
compile('io.jsonwebtoken:jjwt:0.9.1')
Upvotes: 5
Spermato
Reputation: 63
Problem found, i was using an old jjwt lib (0.6). Changed to 0.9 with the same code and it works as expected.
Thanks
Upvotes: 1
Related Questions
- jwt Signature exception while decoding
- java.security.spec.InvalidKeySpecException: encoded key spec not recognized: failed to construct sequence from byte[] by generating ECDSA Signature
- ECDSA ES256 JWKS JWT signature verification in Java (Elliptic Curve Signatures)
- Error when verifying ECDSA signature in Java with BouncyCastle
- ES256 JWT validation - SignatureException: invalid encoding for signature: java.io.IOException: Sequence tag error
- Cannot sign a JWT using Elliptic Curve (EC) cryptography
- Java Bouncy Castle generated ES256 key doesn't work with JWT.io
- Verifying JWT Signature using public key endpoint
- JWT invalid signature
- fail to verify jwt signature in Java