how to verify an id token

I want to verify the id token.but when use the public key ,the exception happened

Signature length not correct: got 256 but was expecting 342

This is my code:

@Test
public void parseToken() throws InvalidKeySpecException, NoSuchAlgorithmException, InvalidKeyException {
  String key = "lxrwmuYSAsTfn-lUu4goZSXBD9ackM9OJuwUVQHmbZo6GW4Fu_auUdN5zI7Y1dEDfgt7m7QXWbHuMD01HLnD4eRtY-RNwCWdjNfEaY_esUPY3OVMrNDI15Ns13xspWS3q-13kdGv9jHI28P87RvMpjz_JCpQ5IM44oSyRnYtVJO-320SB8E2Bw92pmrenbp67KRUzTEVfGU4-obP5RZ09OxvCr1io4KJvEOjDJuuoClF66AT72WymtoMdwzUmhINjR0XSqK6H0MdWsjw7ysyd_JhmqX5CAaT9Pgi0J8lU_pcl215oANqjy7Ob-VMhug9eGyxAWVfu_1u6QJKePlE-w";
  String e = "AQAB";
  String idToken = "eyJraWQiOiJBSURPUEsxIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLmdlbWQuaXRpbmciLCJleHAiOjE1NjI3MjUyOTMsImlhdCI6MTU2MjcyNDY5Mywic3ViIjoiMDAxODk3Ljg2OWJhYjU5OWE0NTQyZTFhMGY1MDc1ZTAyODkxZjBjLjExMDYifQ.dK0Yk1n-Df5xoXFtQd8kWq6ePNk9urkenwKvvBwLryWS8fe3u5XtusTiq0tIrzuvaqv0Ug2Jz9wG6h5o2ulsG0DnYbznrb7DdrFo_-ubezWDXx-ltT6IViHynlc8Isar5LkZL2YpbqRvf9qowyKdaQma0UXZmnZsMQue5BxxRK2P23seMj9TMrpr4JLIBZqRhms1nI5SRPHD6jZ5vimUHWYldPI18JL-FMhFVumlbMbVYZEYeEj6wYkQH45NmL-1NHh7ua0YonLlcUBJKhosDMI28RYKjzlb3Kjxkni-21PH-X56s1ZvlWCXbAY0yUbzmFZ-CuPVGvh6hj-SSV4KUQ";
  RSAPublicKey publicKey = generateRSAPublicKey(key, e);
  JwtParser jwtParser = new DefaultJwtParser();
  jwtParser.setSigningKey(publicKey);
  jwtParser.parseClaimsJws(idToken);
}

private RSAPublicKey generateRSAPublicKey(String modulus, String publicExponent) {
  KeyFactory keyFac = null;
  try {
  keyFac = KeyFactory.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider());
  } catch (NoSuchAlgorithmException ex) {
  throw new RuntimeException(ex.getMessage());
  }
  RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(modulus.getBytes()), new BigInteger(publicExponent.getBytes()));
  try {
  return (RSAPublicKey) keyFac.generatePublic(pubKeySpec);
  } catch (InvalidKeySpecException ex) {
  throw new RuntimeException(ex.getMessage());
  }
}
Up vote post of zhilun.wang Down vote post of zhilun.wang
1.7k views
Posted by
zhilun.wang
Reply
Add a Comment

Replies

Sorry to answer late. Here is what is working for me :


final String appleModulus = "lxrwmuY..."; // Modulus
final String appleExponent = "AQAB"; // Exponent
final String[] wbSplit = "ey...".split("\\."); // id_token

final RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(new BigInteger(1, Base64.decodeBase64(appleModulus)),
               new BigInteger(1, Base64.decodeBase64(appleExponent)));
final KeyFactory keyFactory = KeyFactory.getInstance("RSA");
final PublicKey pubKey = keyFactory.generatePublic(pubSpec);
final Signature verifier = Signature.getInstance("SHA256withRSA");
verifier.initVerify(pubKey);
verifier.update((wbSplit[0] + "." + wbSplit[1]).getBytes());
boolean signatureVerification = verifier.verify(Base64.decodeBase64(wbSplit[2]));

System.out.println("The signature is valid? " + signatureVerification);
Posted by
mblanchet514
Up vote reply of mblanchet514 Down vote reply of mblanchet514
Add a Comment