com.virgilsecurity.sdk.jwt.JwtVerifier Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of sdk Show documentation

Virgil is a stack of security libraries (ECIES with Crypto Agility wrapped in Virgil Cryptogram) and all the necessary infrastructure to enable seamless, end-to-end encryption for any application, platform or device. Learn about Virgil Java/Android SDK https://virgilsecurity.com/api-docs/java-android/quickstart

The newest version!

/*
 * Copyright (c) 2015-2020, Virgil Security, Inc.
 *
 * Lead Maintainer: Virgil Security Inc. 
 *
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *     (1) Redistributions of source code must retain the above copyright notice, this
 *     list of conditions and the following disclaimer.
 *
 *     (2) Redistributions in binary form must reproduce the above copyright notice,
 *     this list of conditions and the following disclaimer in the documentation
 *     and/or other materials provided with the distribution.
 *
 *     (3) Neither the name of virgil nor the names of its
 *     contributors may be used to endorse or promote products derived from
 *     this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

package com.virgilsecurity.sdk.jwt;

import com.virgilsecurity.common.exception.NullArgumentException;
import com.virgilsecurity.sdk.crypto.VirgilAccessTokenSigner;
import com.virgilsecurity.sdk.crypto.VirgilPublicKey;
import com.virgilsecurity.sdk.crypto.exceptions.CryptoException;
import com.virgilsecurity.sdk.utils.ConvertionUtils;

import java.util.logging.Logger;

/**
 * The {@link JwtVerifier} class is implemented for verification of {@link Jwt}.
 */
public class JwtVerifier {
  private static final Logger LOGGER = Logger.getLogger(JwtVerifier.class.getName());

  private VirgilPublicKey apiPublicKey;
  private String apiPublicKeyIdentifier;
  private VirgilAccessTokenSigner accessTokenSigner;

  /**
   * Instantiates a new Jwt verifier.
   *
   * @param apiPublicKey           The api public key.
   * @param apiPublicKeyIdentifier The api public key identifier.
   * @param accessTokenSigner      The access token signer.
   */
  public JwtVerifier(VirgilPublicKey apiPublicKey, String apiPublicKeyIdentifier,
                     VirgilAccessTokenSigner accessTokenSigner) {
    this.apiPublicKey = apiPublicKey;
    this.apiPublicKeyIdentifier = apiPublicKeyIdentifier;
    this.accessTokenSigner = accessTokenSigner;
  }

  /**
   * Checks whether the token's signature is valid.
   *
   * @param jwtToken The jwt token.
   *
   * @return {@code true} if the token's signature is valid, otherwise {@code false}.
   *
   * @throws CryptoException If issue occurred during token's signature verification.
   */
  public boolean verifyToken(Jwt jwtToken) throws CryptoException {
    if (jwtToken == null) {
      throw new NullArgumentException("jwtToken");
    }

    JwtHeaderContent header = jwtToken.getHeaderContent();
    if (!this.apiPublicKeyIdentifier.equals(header.getKeyIdentifier())
        || !this.accessTokenSigner.getAlgorithm().equals(header.getAlgorithm())
        || !JwtHeaderContent.VIRGIL_CONTENT_TYPE.equals(header.getContentType())
        || !JwtHeaderContent.JWT_TYPE.equals(header.getType())) {
      LOGGER.info(
          "Some of next args mismatches in Jwt header and provided data while instantiating JwtVerifier:\n"
              + "api public key identifier, algorithm, content type, jwt type");
      return false;
    }

    byte[] jwtBytes = ConvertionUtils.toBytes(jwtToken.unsigned());
    return this.accessTokenSigner.verifyTokenSignature(jwtToken.getSignatureData(), jwtBytes,
        apiPublicKey);
  }
}