Skip to content

Commit 6d8e080

Browse files
regendregend
authored
feat(AuthService): Add JWT verification support for ECDSA algorithm (#113)
1 parent 6b4d192 commit 6d8e080

File tree

1 file changed

+20
-2
lines changed

1 file changed

+20
-2
lines changed

src/main/java/org/casbin/casdoor/service/AuthService.java

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@
1717
import com.fasterxml.jackson.core.JsonProcessingException;
1818
import com.nimbusds.jose.JOSEException;
1919
import com.nimbusds.jose.JWSVerifier;
20+
import com.nimbusds.jose.JWSAlgorithm;
21+
import com.nimbusds.jose.crypto.ECDSAVerifier;
2022
import com.nimbusds.jose.crypto.RSASSAVerifier;
2123
import com.nimbusds.jwt.JWTClaimsSet;
2224
import com.nimbusds.jwt.SignedJWT;
@@ -41,7 +43,9 @@
4143
import java.security.cert.CertificateException;
4244
import java.security.cert.CertificateFactory;
4345
import java.security.cert.X509Certificate;
46+
import java.security.PublicKey;
4447
import java.security.interfaces.RSAPublicKey;
48+
import java.security.interfaces.ECPublicKey;
4549
import java.text.ParseException;
4650
import java.util.Date;
4751
import java.util.LinkedHashMap;
@@ -81,8 +85,22 @@ public User parseJwtToken(String token) {
8185
try {
8286
CertificateFactory cf = CertificateFactory.getInstance("X.509");
8387
X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(config.certificate.getBytes()));
84-
RSAPublicKey publicKey = (RSAPublicKey) cert.getPublicKey();
85-
JWSVerifier verifier = new RSASSAVerifier(publicKey);
88+
PublicKey publicKey = cert.getPublicKey();
89+
JWSAlgorithm alg = parseJwt.getHeader().getAlgorithm();
90+
JWSVerifier verifier;
91+
if (JWSAlgorithm.Family.RSA.contains(alg)) {
92+
if (!(publicKey instanceof RSAPublicKey)) {
93+
throw new AuthException("Public key type mismatch for RSA algorithm.");
94+
}
95+
verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
96+
} else if (JWSAlgorithm.Family.EC.contains(alg)) {
97+
if (!(publicKey instanceof ECPublicKey)) {
98+
throw new AuthException("Public key type mismatch for EC algorithm.");
99+
}
100+
verifier = new ECDSAVerifier((ECPublicKey) publicKey);
101+
} else {
102+
throw new AuthException("Unsupported jwt algorithm: " + alg.getName());
103+
}
86104
boolean verify = parseJwt.verify(verifier);
87105
if (!verify) {
88106
throw new AuthException("Cannot verify signature.");

0 commit comments

Comments
 (0)