From 89cf7f69ac530dd3e4bc0bb231c690c050b4c428 Mon Sep 17 00:00:00 2001 From: Robert Mathew Date: Sun, 8 Sep 2024 12:51:37 +0530 Subject: [PATCH] feat: add JWT verify (jvm) in common module, removed verify from LoclKMS and AmazonKMS --- .../amazon-kms/src/main/kotlin/AmazonKms.kt | 25 --------- .../sphereon/oid/fed/kms/local/LocalKms.kt | 5 -- .../sphereon/oid/fed/kms/local/jwt/JoseJwt.kt | 1 - .../oid/fed/kms/local/jwt/JoseJwt.js.kt | 10 ---- .../oid/fed/kms/local/jwt/JoseJwt.jvm.kt | 21 ++----- .../oid/fed/kms/local/jwt/JoseJwtTest.jvm.kt | 16 ------ .../openid-federation-common/build.gradle.kts | 1 + .../oid/fed/common/crypto/JwtVerify.kt | 3 + .../oid/fed/common/crypto/JwtVerify.js.kt | 5 ++ .../oid/fed/common/crypto/JwtVerify.jvm.kt | 56 +++++++++++++++++++ .../oid/fed/common/crypto/JwtVerifyTest.kt | 14 +++++ .../oid/fed/services/kms/AmazonKmsClient.kt | 5 +- .../oid/fed/services/kms/KmsService.kt | 2 +- .../oid/fed/services/kms/LocalKmsClient.kt | 4 +- 14 files changed, 88 insertions(+), 80 deletions(-) create mode 100644 modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.kt create mode 100644 modules/openid-federation-common/src/jsMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.js.kt create mode 100644 modules/openid-federation-common/src/jvmMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.jvm.kt create mode 100644 modules/openid-federation-common/src/jvmTest/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerifyTest.kt diff --git a/modules/amazon-kms/src/main/kotlin/AmazonKms.kt b/modules/amazon-kms/src/main/kotlin/AmazonKms.kt index da867e09..6e5b5f20 100644 --- a/modules/amazon-kms/src/main/kotlin/AmazonKms.kt +++ b/modules/amazon-kms/src/main/kotlin/AmazonKms.kt @@ -69,31 +69,6 @@ class AmazonKms { return encodedHeader + "." + encodedPayload + "." + signature } - fun verify(token: String, keyId: String): Boolean { - try { - val parts = token.split(".") - if (parts.size != 3) { - return false // Invalid token format - } - - val header = parts[0] - val payload = parts[1] - val signature = parts[2] - - val verificationRequest = VerifyRequest.builder().keyId(keyId) - .message(SdkBytes.fromString(header + "." + payload, StandardCharsets.UTF_8)) - .signature(SdkBytes.fromByteArray(Base64.getUrlDecoder().decode(signature))) - .signingAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256) // Adjust if needed - .build() - - val verificationResponse = kmsClient.verify(verificationRequest) - - return verificationResponse.signatureValid() - } catch (e: Exception) { - return false - } - } - private fun createKey(): String { val request = CreateKeyRequest.builder().keyUsage(KeyUsageType.SIGN_VERIFY) .build() diff --git a/modules/local-kms/src/commonMain/kotlin/com/sphereon/oid/fed/kms/local/LocalKms.kt b/modules/local-kms/src/commonMain/kotlin/com/sphereon/oid/fed/kms/local/LocalKms.kt index bdff9c4e..0eadfa92 100644 --- a/modules/local-kms/src/commonMain/kotlin/com/sphereon/oid/fed/kms/local/LocalKms.kt +++ b/modules/local-kms/src/commonMain/kotlin/com/sphereon/oid/fed/kms/local/LocalKms.kt @@ -5,7 +5,6 @@ import com.sphereon.oid.fed.kms.local.encryption.AesEncryption import com.sphereon.oid.fed.kms.local.extensions.toJwkAdminDto import com.sphereon.oid.fed.kms.local.jwk.generateKeyPair import com.sphereon.oid.fed.kms.local.jwt.sign -import com.sphereon.oid.fed.kms.local.jwt.verify import com.sphereon.oid.fed.openapi.models.JWTHeader import com.sphereon.oid.fed.openapi.models.Jwk import com.sphereon.oid.fed.openapi.models.JwkAdminDTO @@ -37,8 +36,4 @@ class LocalKms { return sign(header = mHeader, payload = payload, key = jwkObject) } - - fun verify(token: String, jwk: Jwk): Boolean { - return verify(jwt = token, key =jwk) - } } diff --git a/modules/local-kms/src/commonMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.kt b/modules/local-kms/src/commonMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.kt index a4032967..d092897f 100644 --- a/modules/local-kms/src/commonMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.kt +++ b/modules/local-kms/src/commonMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.kt @@ -5,4 +5,3 @@ import com.sphereon.oid.fed.openapi.models.Jwk import kotlinx.serialization.json.JsonObject expect fun sign(payload: JsonObject, header: JWTHeader, key: Jwk): String -expect fun verify(jwt: String, key: Jwk): Boolean diff --git a/modules/local-kms/src/jsMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.js.kt b/modules/local-kms/src/jsMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.js.kt index aa502766..8bac77b2 100644 --- a/modules/local-kms/src/jsMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.js.kt +++ b/modules/local-kms/src/jsMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.js.kt @@ -38,13 +38,3 @@ actual fun sign( .setProtectedHeader(JSON.parse(Json.encodeToString(header))) .sign(key = privateKey, signOptions = opts) } - -@ExperimentalJsExport -@JsExport -actual fun verify( - jwt: String, - key: Any, - opts: Map -): Boolean { - return Jose.jwtVerify(jwt, key, opts) -} diff --git a/modules/local-kms/src/jvmMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.jvm.kt b/modules/local-kms/src/jvmMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.jvm.kt index a6d4ed96..717eb106 100644 --- a/modules/local-kms/src/jvmMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.jvm.kt +++ b/modules/local-kms/src/jvmMain/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwt.jvm.kt @@ -1,8 +1,10 @@ package com.sphereon.oid.fed.kms.local.jwt -import com.nimbusds.jose.* +import com.nimbusds.jose.JOSEObjectType +import com.nimbusds.jose.JWSAlgorithm +import com.nimbusds.jose.JWSHeader +import com.nimbusds.jose.JWSSigner import com.nimbusds.jose.crypto.ECDSASigner -import com.nimbusds.jose.crypto.ECDSAVerifier import com.nimbusds.jose.jwk.ECKey import com.nimbusds.jwt.JWTClaimsSet import com.nimbusds.jwt.SignedJWT @@ -28,21 +30,6 @@ actual fun sign( return signedJWT.serialize() } -actual fun verify( - jwt: String, key: Jwk -): Boolean { - try { - val jwkJsonString = Json.encodeToString(key) - val ecKey = ECKey.parse(jwkJsonString) - val verifier: JWSVerifier = ECDSAVerifier(ecKey) - val signedJWT = SignedJWT.parse(jwt) - val verified = signedJWT.verify(verifier) - return verified - } catch (e: Exception) { - throw Exception("Couldn't verify the JWT Signature: ${e.message}", e) - } -} - fun JWTHeader.toJWSHeader(): JWSHeader { val type = typ return JWSHeader.Builder(JWSAlgorithm.parse(alg)).apply { diff --git a/modules/local-kms/src/jvmTest/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwtTest.jvm.kt b/modules/local-kms/src/jvmTest/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwtTest.jvm.kt index 2ec5ec71..57d5f7a9 100644 --- a/modules/local-kms/src/jvmTest/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwtTest.jvm.kt +++ b/modules/local-kms/src/jvmTest/kotlin/com/sphereon/oid/fed/kms/local/jwt/JoseJwtTest.jvm.kt @@ -31,20 +31,4 @@ class JoseJwtTest { ) assertTrue { signature.startsWith("ey") } } - - @Test - fun verifyTest() { - val key = ECKeyGenerator(Curve.P_256).keyID("key1").algorithm(Algorithm("ES256")).generate() - val jwk = key.toString() - val entityStatement = EntityConfigurationStatement( - iss = "test", sub = "test", exp = 111111, iat = 111111, jwks = JsonObject(mapOf()) - ) - val payload: JsonObject = Json.encodeToJsonElement(entityStatement) as JsonObject - val signature = sign( - payload, - JWTHeader(alg = JWSAlgorithm.ES256.toString(), typ = "JWT", kid = key.keyID), - Json.decodeFromString(jwk) - ) - assertTrue { verify(signature, Json.decodeFromString(jwk)) } - } } diff --git a/modules/openid-federation-common/build.gradle.kts b/modules/openid-federation-common/build.gradle.kts index a411df92..a8064e92 100644 --- a/modules/openid-federation-common/build.gradle.kts +++ b/modules/openid-federation-common/build.gradle.kts @@ -73,6 +73,7 @@ kotlin { dependencies { implementation("io.ktor:ktor-client-core-jvm:$ktorVersion") runtimeOnly("io.ktor:ktor-client-cio-jvm:$ktorVersion") + implementation("com.nimbusds:nimbus-jose-jwt:9.40") } } val jvmTest by getting { diff --git a/modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.kt b/modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.kt new file mode 100644 index 00000000..98d9a0f0 --- /dev/null +++ b/modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.kt @@ -0,0 +1,3 @@ +package com.sphereon.oid.fed.common.crypto + +expect fun verify(jwtToken: String): Boolean diff --git a/modules/openid-federation-common/src/jsMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.js.kt b/modules/openid-federation-common/src/jsMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.js.kt new file mode 100644 index 00000000..3ac64eab --- /dev/null +++ b/modules/openid-federation-common/src/jsMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.js.kt @@ -0,0 +1,5 @@ +package com.sphereon.oid.fed.common.crypto + +actual fun verify(jwtToken: String): Boolean { + TODO("Not yet implemented") +} \ No newline at end of file diff --git a/modules/openid-federation-common/src/jvmMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.jvm.kt b/modules/openid-federation-common/src/jvmMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.jvm.kt new file mode 100644 index 00000000..53fa49d8 --- /dev/null +++ b/modules/openid-federation-common/src/jvmMain/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerify.jvm.kt @@ -0,0 +1,56 @@ +package com.sphereon.oid.fed.common.crypto + +import com.nimbusds.jose.JOSEException +import com.nimbusds.jose.crypto.ECDSAVerifier +import com.nimbusds.jose.crypto.RSASSAVerifier +import com.nimbusds.jose.jwk.ECKey +import com.nimbusds.jose.jwk.JWK +import com.nimbusds.jose.jwk.RSAKey +import com.nimbusds.jwt.SignedJWT +import com.sphereon.oid.fed.common.logging.Logger +import com.sphereon.oid.fed.openapi.models.EntityConfigurationStatement +import kotlinx.serialization.encodeToString +import kotlinx.serialization.json.Json +import kotlinx.serialization.json.jsonArray +import kotlinx.serialization.json.jsonObject +import kotlinx.serialization.json.jsonPrimitive +import java.text.ParseException + +actual fun verify(jwtToken: String): Boolean { + return try { + val json = Json { ignoreUnknownKeys = true } + val signedJWT = SignedJWT.parse(jwtToken) + val payload = json.decodeFromString(signedJWT.payload.toString()) + + //Filtering key from array of jwks + val jwkArray = payload.jwks.get("keys")?.jsonArray + val filteredJwk = jwkArray?.filter { + val value: String = it.jsonObject.get("kid")?.jsonPrimitive?.content ?: "" + value == signedJWT.header.keyID + } + + val jwk: JWK = JWK.parse(Json.encodeToString(filteredJwk?.get(0))) + + when (jwk) { + is RSAKey -> { + val publicKey = jwk.toRSAPublicKey() + val verifier = RSASSAVerifier(publicKey) + signedJWT.verify(verifier) + } + + is ECKey -> { + val publicKey = jwk.toECPublicKey() + val verifier = ECDSAVerifier(publicKey) + signedJWT.verify(verifier) + } + + else -> false // Unsupported key type + } + } catch (e: ParseException) { + Logger.error("OIDF", "Exception", e) + false + } catch (e: JOSEException) { + Logger.error("OIDF", "Exception", e) + false + } +} \ No newline at end of file diff --git a/modules/openid-federation-common/src/jvmTest/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerifyTest.kt b/modules/openid-federation-common/src/jvmTest/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerifyTest.kt new file mode 100644 index 00000000..63498859 --- /dev/null +++ b/modules/openid-federation-common/src/jvmTest/kotlin/com/sphereon/oid/fed/common/crypto/JwtVerifyTest.kt @@ -0,0 +1,14 @@ +package com.sphereon.oid.fed.common.crypto + +import kotlin.test.Test +import kotlin.test.assertTrue + +class JwtVerifyTest { + + @Test + fun verifyTest() { + val jwt = + "eyJraWQiOiJkZWZhdWx0UlNBU2lnbiIsInR5cCI6ImVudGl0eS1zdGF0ZW1lbnQrand0IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdCIsIm1ldGFkYXRhIjp7ImZlZGVyYXRpb25fZW50aXR5Ijp7ImZlZGVyYXRpb25fZmV0Y2hfZW5kcG9pbnQiOiJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9mZXRjaCIsImZlZGVyYXRpb25fcmVzb2x2ZV9lbmRwb2ludCI6Imh0dHBzOi8vb2lkYy5yZWdpc3RyeS5zZXJ2aXppY2llLmludGVybm8uZ292Lml0L3Jlc29sdmUiLCJmZWRlcmF0aW9uX3RydXN0X21hcmtfc3RhdHVzX2VuZHBvaW50IjoiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQvdHJ1c3RfbWFya19zdGF0dXMiLCJmZWRlcmF0aW9uX2xpc3RfZW5kcG9pbnQiOiJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9saXN0In19LCJqd2tzIjp7ImtleXMiOlt7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwidXNlIjoic2lnIiwia2lkIjoiZGVmYXVsdFJTQVNpZ24iLCJuIjoicVJUSkhRZ2IyZjhjbG45ZEpiLVdnaWs0cUVMNUdHX19zUHpsQVU0aTY5UzZ5SHhlTWczMllnTGZVenBOQnhfOGtYMm5kellYTV9SS21vM2poalF4dXhDSzFJSFNRY01rZzFoR2lpLXhSdzh4NDV0OFNHbFdjU0hpN182UmFBWTFTeUZjRUVsTkFxSGk1b2VCYUIzRkd2ZnJWLUVQLWNOa1V2R0VWYnlzX0NieHlHRFE5UU0wTkVyc2lsVmxNQVJERXJFTlpjclkwck5LdDUyV29aZ3kzcHNWY2Q4VTVEMExxZkM3N2JQakczNVBhVmh3WUFubFAwZXowSGY2dHV5V0pIZUE1MmRDZGUtbmEzV2ptUGFya2NscEZyLUtqWGVJQzhCd2ZqRXBBWGJLY3A4Tm11UUZqOWZEOUtuUjZ2Q2RPOTFSeUJJYkRsdUw1TEg4czBxRENRIn0seyJrdHkiOiJFQyIsInVzZSI6InNpZyIsImNydiI6IlAtMjU2Iiwia2lkIjoiZGVmYXVsdEVDU2lnbiIsIngiOiJ4TWtXSWExRVp5amdtazNKUUx0SERBOXAwVHBQOXdNU2JKSzBvQWl0Z2NrIiwieSI6IkNWTEZzdE93S3d0UXJ1dF92b0hqWU82SnoxSzBOWFJ1OE9MQ1RtS29zTGcifSx7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwidXNlIjoiZW5jIiwia2lkIjoiZGVmYXVsdFJTQUVuYyIsIm4iOiJ3ZXcyMnhjcGZBU2tRUXA3U09vX0dzNmNLajJYeTd4VlpLX3RnWnh6QXlReExTeG01c1U0WkdzNm1kSUFIZEV2UTkxU25FSFR0anBlQVM5d0N2TlhWbVZ4TklqRkFQSnpDWXBzZkZ4R3pXMVBSM1NDQmVLUFl6VWpTeUJTZWw1LW1Td1U4MHlZQXFPbFoxUVJaTlFJNUVTVXZOUG9lUEZqR0NvZnhuRlJzbXF5X21Bd1p5bmQyTnJyc1QyQXlwMEw2UFF3ei1Fa09oakVCcHpzeXEwcE11am5aRWZ2UHk5UC1YdjJTVUZMZUpQcm1jRHllNjRaMlk5V1BoMmpwa25oT3hESzhSTUwtMllUdmI0dVNPalowWFpPVzltVm9nTkpSSm0yemVQVGVlTFBxR2x1TGNEenBsYnkwbkxiTGpkWDdLM29MYnFoRGFld2o3VnJhS2Vtc1EifV19LCJ0cnVzdF9tYXJrX2lzc3VlcnMiOnsiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQvb2F1dGhfcmVzb3VyY2UvcHJpdmF0ZSI6WyJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdCJdLCJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9vcGVuaWRfcHJvdmlkZXIvcHJpdmF0ZSI6WyJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdCJdLCJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9vYXV0aF9yZXNvdXJjZS9wdWJsaWMiOlsiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQiXSwiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQvaW50ZXJtZWRpYXRlL3B1YmxpYyI6WyJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdCJdLCJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9vcGVuaWRfcmVseWluZ19wYXJ0eS9wdWJsaWMiOlsiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQiLCJodHRwczovL2NvaGVzaW9uMi5yZWdpb25lLm1hcmNoZS5pdC9vaWRjL3NhLyIsImh0dHBzOi8vYXV0aC50b3NjYW5hLml0L2F1dGgvcmVhbG1zL2VudGkvZmVkZXJhdGlvbi1lbnRpdHkvcl90b3NjYW5fc2FfZW50aSIsImh0dHBzOi8vYXV0ZW50aWNhemlvbmUuY2xvdWQucHJvdmluY2lhLnRuLml0L2FnZ3JlZ2F0b3JlIiwiaHR0cHM6Ly9vaWRjc2Eud2VibG9vbS5pdCIsImh0dHBzOi8vc3BpZC53YnNzLml0L1NwaWQvb2lkYy9zYSIsImh0dHBzOi8vc2VjdXJlLmVyZW1pbmQuaXQvaWRlbnRpdGEtZGlnaXRhbGUtb2lkYy9vaWRjLWZlZCIsImh0dHBzOi8vY2llLW9pZGMuY29tdW5lLW9ubGluZS5pdC9BdXRoU2VydmljZU9JREMvb2lkYy9zYSIsImh0dHBzOi8vcGhwLWNpZS5hbmR4b3IuaXQiLCJodHRwczovL2xvZ2luLmFzZndlYi5pdC8iLCJodHRwczovL29pZGMuc3R1ZGlvYW1pY2EuY29tIiwiaHR0cHM6Ly9pZHAuZW50cmFuZXh0Lml0L3NlcnZpY2VzL29pZGMvc2Evc3NvIiwiaHR0cHM6Ly9jd29sc3NvLm51dm9sYXBhbGl0YWxzb2Z0Lml0L3NlcnZpY2VzL29pZGMvc2Evc3NvIiwiaHR0cHM6Ly9mZWRlcmEubGVwaWRhLml0L2d3L09pZGNTYUZ1bGwvIiwiaHR0cHM6Ly93d3cuZXVyb2NvbnRhYi5pdC9hcGkiXSwiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQvaW50ZXJtZWRpYXRlL3ByaXZhdGUiOlsiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQiXSwiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQvb3BlbmlkX3Byb3ZpZGVyL3B1YmxpYyI6WyJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdCJdLCJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9vcGVuaWRfcmVseWluZ19wYXJ0eS9wcml2YXRlIjpbImh0dHBzOi8vb2lkYy5yZWdpc3RyeS5zZXJ2aXppY2llLmludGVybm8uZ292Lml0IiwiaHR0cHM6Ly9vaWRjc2Eud2VibG9vbS5pdCIsImh0dHBzOi8vc3BpZC53YnNzLml0L1NwaWQvb2lkYy9zYSIsImh0dHBzOi8vc2VjdXJlLmVyZW1pbmQuaXQvaWRlbnRpdGEtZGlnaXRhbGUtb2lkYy9vaWRjLWZlZCIsImh0dHBzOi8vY2llLW9pZGMuY29tdW5lLW9ubGluZS5pdC9BdXRoU2VydmljZU9JREMvb2lkYy9zYSIsImh0dHBzOi8vcGhwLWNpZS5hbmR4b3IuaXQiLCJodHRwczovL2xvZ2luLmFzZndlYi5pdC8iLCJodHRwczovL29pZGMuc3R1ZGlvYW1pY2EuY29tIiwiaHR0cHM6Ly9pZHAuZW50cmFuZXh0Lml0L3NlcnZpY2VzL29pZGMvc2Evc3NvIiwiaHR0cHM6Ly9jd29sc3NvLm51dm9sYXBhbGl0YWxzb2Z0Lml0L3NlcnZpY2VzL29pZGMvc2Evc3NvIiwiaHR0cHM6Ly9mZWRlcmEubGVwaWRhLml0L2d3L09pZGNTYUZ1bGwvIiwiaHR0cHM6Ly93d3cuZXVyb2NvbnRhYi5pdC9hcGkiXX0sImlzcyI6Imh0dHBzOi8vb2lkYy5yZWdpc3RyeS5zZXJ2aXppY2llLmludGVybm8uZ292Lml0IiwiZXhwIjoxNzI1ODY0ODA1LCJpYXQiOjE3MjU3Nzg0MDUsImNvbnN0cmFpbnRzIjp7Im1heF9wYXRoX2xlbmd0aCI6MX0sInRydXN0X21hcmtzX2lzc3VlcnMiOnsiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQvb2F1dGhfcmVzb3VyY2UvcHJpdmF0ZSI6WyJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdCJdLCJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9vcGVuaWRfcHJvdmlkZXIvcHJpdmF0ZSI6WyJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdCJdLCJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9vYXV0aF9yZXNvdXJjZS9wdWJsaWMiOlsiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQiXSwiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQvaW50ZXJtZWRpYXRlL3B1YmxpYyI6WyJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdCJdLCJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9vcGVuaWRfcmVseWluZ19wYXJ0eS9wdWJsaWMiOlsiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQiLCJodHRwczovL2NvaGVzaW9uMi5yZWdpb25lLm1hcmNoZS5pdC9vaWRjL3NhLyIsImh0dHBzOi8vYXV0aC50b3NjYW5hLml0L2F1dGgvcmVhbG1zL2VudGkvZmVkZXJhdGlvbi1lbnRpdHkvcl90b3NjYW5fc2FfZW50aSIsImh0dHBzOi8vYXV0ZW50aWNhemlvbmUuY2xvdWQucHJvdmluY2lhLnRuLml0L2FnZ3JlZ2F0b3JlIiwiaHR0cHM6Ly9vaWRjc2Eud2VibG9vbS5pdCIsImh0dHBzOi8vc3BpZC53YnNzLml0L1NwaWQvb2lkYy9zYSIsImh0dHBzOi8vc2VjdXJlLmVyZW1pbmQuaXQvaWRlbnRpdGEtZGlnaXRhbGUtb2lkYy9vaWRjLWZlZCIsImh0dHBzOi8vY2llLW9pZGMuY29tdW5lLW9ubGluZS5pdC9BdXRoU2VydmljZU9JREMvb2lkYy9zYSIsImh0dHBzOi8vcGhwLWNpZS5hbmR4b3IuaXQiLCJodHRwczovL2xvZ2luLmFzZndlYi5pdC8iLCJodHRwczovL29pZGMuc3R1ZGlvYW1pY2EuY29tIiwiaHR0cHM6Ly9pZHAuZW50cmFuZXh0Lml0L3NlcnZpY2VzL29pZGMvc2Evc3NvIiwiaHR0cHM6Ly9jd29sc3NvLm51dm9sYXBhbGl0YWxzb2Z0Lml0L3NlcnZpY2VzL29pZGMvc2Evc3NvIiwiaHR0cHM6Ly9mZWRlcmEubGVwaWRhLml0L2d3L09pZGNTYUZ1bGwvIiwiaHR0cHM6Ly93d3cuZXVyb2NvbnRhYi5pdC9hcGkiXSwiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQvaW50ZXJtZWRpYXRlL3ByaXZhdGUiOlsiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQiXSwiaHR0cHM6Ly9vaWRjLnJlZ2lzdHJ5LnNlcnZpemljaWUuaW50ZXJuby5nb3YuaXQvb3BlbmlkX3Byb3ZpZGVyL3B1YmxpYyI6WyJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdCJdLCJodHRwczovL29pZGMucmVnaXN0cnkuc2Vydml6aWNpZS5pbnRlcm5vLmdvdi5pdC9vcGVuaWRfcmVseWluZ19wYXJ0eS9wcml2YXRlIjpbImh0dHBzOi8vb2lkYy5yZWdpc3RyeS5zZXJ2aXppY2llLmludGVybm8uZ292Lml0IiwiaHR0cHM6Ly9vaWRjc2Eud2VibG9vbS5pdCIsImh0dHBzOi8vc3BpZC53YnNzLml0L1NwaWQvb2lkYy9zYSIsImh0dHBzOi8vc2VjdXJlLmVyZW1pbmQuaXQvaWRlbnRpdGEtZGlnaXRhbGUtb2lkYy9vaWRjLWZlZCIsImh0dHBzOi8vY2llLW9pZGMuY29tdW5lLW9ubGluZS5pdC9BdXRoU2VydmljZU9JREMvb2lkYy9zYSIsImh0dHBzOi8vcGhwLWNpZS5hbmR4b3IuaXQiLCJodHRwczovL2xvZ2luLmFzZndlYi5pdC8iLCJodHRwczovL29pZGMuc3R1ZGlvYW1pY2EuY29tIiwiaHR0cHM6Ly9pZHAuZW50cmFuZXh0Lml0L3NlcnZpY2VzL29pZGMvc2Evc3NvIiwiaHR0cHM6Ly9jd29sc3NvLm51dm9sYXBhbGl0YWxzb2Z0Lml0L3NlcnZpY2VzL29pZGMvc2Evc3NvIiwiaHR0cHM6Ly9mZWRlcmEubGVwaWRhLml0L2d3L09pZGNTYUZ1bGwvIiwiaHR0cHM6Ly93d3cuZXVyb2NvbnRhYi5pdC9hcGkiXX19.QUWSJHLsDz3yjml_5x0kb_c98mSuHo3XsChjKpvvw5x9M85bRdlTmlP-h3q3Hxdkz-fXicSZxCitFymNcwLyonzEJuFIZrgWcYbPiBnvxDCsgXkM3cEwO-zEHFbI6wf1A2ludm8iCMmQwgu-CDesHgw3jIOa_7gUTxgdXL44LKhiizoInHS5wywsBKtKSjQfK34Se1pthp_9sECtTux7DDgCCedd10JnLD7uGSTgb_aWwFvL7s3obDKMlbtE0hr54D11k8Ch150im6L-cds_vmMvt3RavBuZVBVS7XBcMCnzuRy2SI6Fv5wCyqLkyeFJ91jslj96nq1RF10cWCtnjg" + assertTrue { verify(jwt) } + } +} \ No newline at end of file diff --git a/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/AmazonKmsClient.kt b/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/AmazonKmsClient.kt index 042e198c..d0d6a856 100644 --- a/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/AmazonKmsClient.kt +++ b/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/AmazonKmsClient.kt @@ -2,7 +2,6 @@ package com.sphereon.oid.fed.services.kms import com.sphereon.oid.fed.kms.local.AmazonKms import com.sphereon.oid.fed.openapi.models.JWTHeader -import com.sphereon.oid.fed.openapi.models.Jwk import com.sphereon.oid.fed.openapi.models.JwkAdminDTO import kotlinx.serialization.json.JsonObject @@ -18,7 +17,7 @@ class AmazonKmsClient : KmsClient { return amazonKms.sign(header, payload, keyId) } - override fun verify(token: String, keyId: String?, jwk: Jwk?): Boolean { - return amazonKms.verify(token, keyId!!) + override fun verify(token: String): Boolean { + return com.sphereon.oid.fed.common.crypto.verify(token) } } \ No newline at end of file diff --git a/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/KmsService.kt b/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/KmsService.kt index 70a314bf..c5cfefbc 100644 --- a/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/KmsService.kt +++ b/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/KmsService.kt @@ -20,5 +20,5 @@ object KmsService { interface KmsClient { fun generateKeyPair(): JwkAdminDTO fun sign(header: JWTHeader, payload: JsonObject, keyId: String): String - fun verify(token: String, keyId: String?, jwk: Jwk?): Boolean + fun verify(token: String): Boolean } diff --git a/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/LocalKmsClient.kt b/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/LocalKmsClient.kt index 07c721ad..6e7cdaa7 100644 --- a/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/LocalKmsClient.kt +++ b/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/kms/LocalKmsClient.kt @@ -20,7 +20,7 @@ class LocalKmsClient : KmsClient { return localKms.sign(header, payload, keyId) } - override fun verify(token: String, keyId: String?, jwk: Jwk?): Boolean { - return localKms.verify(token, jwk!!) + override fun verify(token: String): Boolean { + return com.sphereon.oid.fed.common.crypto.verify(token) } }