Skip to content

Commit 3f0f9bd

Browse files
peacekeeperpeacekeeper
committed
Use Nimbus as dependency.
Signed-off-by: Markus Sabadello <[email protected]>
1 parent a7be849 commit 3f0f9bd

File tree

5 files changed

+114
-108
lines changed

5 files changed

+114
-108
lines changed

pom.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,12 @@
9191
<version>0.2-SNAPSHOT</version>
9292
<scope>compile</scope>
9393
</dependency>
94+
<dependency>
95+
<groupId>com.nimbusds</groupId>
96+
<artifactId>nimbus-jose-jwt</artifactId>
97+
<version>8.2.1</version>
98+
<scope>compile</scope>
99+
</dependency>
94100
<dependency>
95101
<groupId>com.github.jsonld-java</groupId>
96102
<artifactId>jsonld-java</artifactId>

src/main/java/com/danubetech/verifiablecredentials/jwt/JwtVerifiableCredential.java

Lines changed: 49 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -4,29 +4,34 @@
44
import java.security.GeneralSecurityException;
55
import java.security.PrivateKey;
66
import java.security.PublicKey;
7+
import java.security.interfaces.RSAPublicKey;
8+
import java.text.ParseException;
79
import java.util.Date;
8-
import java.util.LinkedHashMap;
9-
10-
import org.jose4j.jwa.AlgorithmConstraints;
11-
import org.jose4j.jws.JsonWebSignature;
12-
import org.jose4j.jwt.JwtClaims;
13-
import org.jose4j.jwt.MalformedClaimException;
14-
import org.jose4j.jwt.NumericDate;
15-
import org.jose4j.jwt.consumer.InvalidJwtException;
16-
import org.jose4j.lang.JoseException;
1710

1811
import com.danubetech.verifiablecredentials.VerifiableCredential;
12+
import com.fasterxml.jackson.core.JsonParseException;
13+
import com.nimbusds.jose.JOSEException;
14+
import com.nimbusds.jose.JWSAlgorithm;
15+
import com.nimbusds.jose.JWSHeader;
16+
import com.nimbusds.jose.JWSSigner;
17+
import com.nimbusds.jose.JWSVerifier;
18+
import com.nimbusds.jose.crypto.RSASSASigner;
19+
import com.nimbusds.jose.crypto.RSASSAVerifier;
20+
import com.nimbusds.jwt.JWTClaimsSet;
21+
import com.nimbusds.jwt.SignedJWT;
22+
23+
import net.minidev.json.JSONObject;
1924

2025
public class JwtVerifiableCredential {
2126

2227
public static final String JWT_CLAIM_VC = "vc";
2328

24-
private final JwtClaims payload;
29+
private final JWTClaimsSet payload;
2530
private final VerifiableCredential payloadVerifiableCredential;
2631

2732
private String compactSerialization;
2833

29-
private JwtVerifiableCredential(JwtClaims payload, VerifiableCredential payloadVerifiableCredential, String compactSerialization) {
34+
private JwtVerifiableCredential(JWTClaimsSet payload, VerifiableCredential payloadVerifiableCredential, String compactSerialization) {
3035

3136
if (payload == null) throw new NullPointerException();
3237
if (payloadVerifiableCredential == null) throw new NullPointerException();
@@ -36,34 +41,28 @@ private JwtVerifiableCredential(JwtClaims payload, VerifiableCredential payloadV
3641
this.compactSerialization = compactSerialization;
3742
}
3843

39-
public static JwtVerifiableCredential fromJwt(String jwt, String algorithm, PublicKey publicKey, boolean doValidate) throws JoseException, GeneralSecurityException, InvalidJwtException {
44+
public static JwtVerifiableCredential fromJwt(String jwt, String algorithm, PublicKey publicKey, boolean doValidate) throws GeneralSecurityException, ParseException, JOSEException, JsonParseException, IOException {
4045

4146
boolean validate;
4247

43-
JsonWebSignature jws = new JsonWebSignature();
44-
jws.setAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, algorithm));
45-
jws.setCompactSerialization(jwt);
48+
SignedJWT signedJWT = SignedJWT.parse(jwt);
4649

4750
if (doValidate) {
4851

49-
jws.setKey(publicKey);
50-
validate = jws.verifySignature();
51-
if (! validate) throw new GeneralSecurityException("Invalid signature: " + jwt);
52-
53-
System.setProperty("org.jose4j.jws.getPayload-skip-verify", "false");
54-
} else {
52+
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
53+
validate = signedJWT.verify(verifier);
5554

56-
System.setProperty("org.jose4j.jws.getPayload-skip-verify", "true");
55+
if (! validate) throw new GeneralSecurityException("Invalid signature: " + jwt);
5756
}
5857

59-
JwtClaims jwtPayload = JwtClaims.parse(jws.getPayload());
60-
LinkedHashMap<String, Object> jsonLdObject = (LinkedHashMap<String, Object>) jwtPayload.getClaimValue(JWT_CLAIM_VC);
61-
VerifiableCredential payloadVerifiableCredential = VerifiableCredential.fromJsonLdObject(jsonLdObject, false);
58+
JWTClaimsSet jwtPayload = signedJWT.getJWTClaimsSet();
59+
JSONObject jsonLdObject = (JSONObject) jwtPayload.getClaims().get(JWT_CLAIM_VC);
60+
VerifiableCredential payloadVerifiableCredential = VerifiableCredential.fromJsonString(jsonLdObject.toJSONString(), false);
6261

6362
return new JwtVerifiableCredential(jwtPayload, payloadVerifiableCredential, jwt);
6463
}
6564

66-
public static JwtVerifiableCredential fromJwt(String jwt, String algorithm, PublicKey publicKey) throws JoseException, GeneralSecurityException, InvalidJwtException {
65+
public static JwtVerifiableCredential fromJwt(String jwt, String algorithm, PublicKey publicKey) throws GeneralSecurityException, ParseException, JOSEException, JsonParseException, IOException {
6766

6867
return fromJwt(jwt, algorithm, publicKey, true);
6968
}
@@ -80,54 +79,54 @@ public static JwtVerifiableCredential fromVerifiableCredential(VerifiableCredent
8079
throw new RuntimeException(ex.getMessage(), ex);
8180
}
8281

83-
JwtClaims payload = new JwtClaims();
82+
JWTClaimsSet.Builder payloadBuilder = new JWTClaimsSet.Builder();
8483

8584
String id = payloadVerifiableCredential.getId();
8685
if (id != null) {
87-
payload.setJwtId(id);
86+
payloadBuilder.jwtID(id);
8887
payloadVerifiableCredential.setId(null);
8988
}
9089

9190
String credentialSubject = payloadVerifiableCredential.getCredentialSubject();
9291
if (credentialSubject != null) {
93-
payload.setSubject(credentialSubject);
92+
payloadBuilder.subject(credentialSubject);
9493
payloadVerifiableCredential.setCredentialSubject(null);
9594
}
9695

9796
String issuer = payloadVerifiableCredential.getIssuer();
9897
if (issuer != null) {
99-
payload.setIssuer(issuer);
98+
payloadBuilder.issuer(issuer);
10099
payloadVerifiableCredential.setIssuer(null);
101100
}
102101

103102
Date issuanceDate = payloadVerifiableCredential.getIssuanceDate();
104103
if (issuanceDate != null) {
105-
payload.setNotBefore(NumericDate.fromMilliseconds(issuanceDate.getTime()));
104+
payloadBuilder.notBeforeTime(issuanceDate);
106105
payloadVerifiableCredential.setIssuanceDate(null);
107106
}
108107

109108
Date expirationDate = payloadVerifiableCredential.getExpirationDate();
110109
if (expirationDate != null) {
111-
payload.setExpirationTime(NumericDate.fromMilliseconds(expirationDate.getTime()));
110+
payloadBuilder.expirationTime(expirationDate);
112111
payloadVerifiableCredential.setExpirationDate(null);
113112
}
114113

115114
if (aud != null) {
116115

117-
payload.setAudience(aud);
116+
payloadBuilder.audience(aud);
118117
}
119118

120-
payload.setClaim(JWT_CLAIM_VC, payloadVerifiableCredential.getJsonLdObject());
119+
payloadBuilder.claim(JWT_CLAIM_VC, payloadVerifiableCredential.getJsonLdObject());
121120

122-
return new JwtVerifiableCredential(payload, payloadVerifiableCredential, null);
121+
return new JwtVerifiableCredential(payloadBuilder.build(), payloadVerifiableCredential, null);
123122
}
124123

125124
public static JwtVerifiableCredential fromVerifiableCredential(VerifiableCredential verifiableCredential) {
126125

127126
return fromVerifiableCredential(verifiableCredential, null);
128127
}
129128

130-
public JwtClaims getPayload() {
129+
public JWTClaimsSet getPayload() {
131130

132131
return this.payload;
133132
}
@@ -142,21 +141,20 @@ public String getCompactSerialization() {
142141
return this.compactSerialization;
143142
}
144143

145-
public String toJwt(String algorithm, PrivateKey privateKey) throws JoseException {
144+
public String toJwt(String algorithm, PrivateKey privateKey) throws JOSEException {
146145

147-
String payload = this.getPayload().toJson();
146+
JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.parse(algorithm)).build();
147+
SignedJWT signedJWT = new SignedJWT(jwsHeader, this.getPayload());
148148

149-
JsonWebSignature jws = new JsonWebSignature();
150-
jws.setAlgorithmHeaderValue(algorithm);
151-
jws.setPayload(payload);
149+
JWSSigner signer = new RSASSASigner(privateKey);
152150

153-
jws.setKey(privateKey);
151+
signedJWT.sign(signer);
154152

155-
this.compactSerialization = jws.getCompactSerialization();
153+
this.compactSerialization = signedJWT.serialize();
156154
return compactSerialization;
157155
}
158156

159-
public VerifiableCredential toVerifiableCredential() throws MalformedClaimException {
157+
public VerifiableCredential toVerifiableCredential() {
160158

161159
VerifiableCredential verifiableCredential;
162160

@@ -168,9 +166,9 @@ public VerifiableCredential toVerifiableCredential() throws MalformedClaimExcept
168166
throw new RuntimeException(ex.getMessage(), ex);
169167
}
170168

171-
JwtClaims payload = this.getPayload();
169+
JWTClaimsSet payload = this.getPayload();
172170

173-
String jwtId = payload.getJwtId();
171+
String jwtId = payload.getJWTID();
174172
if (jwtId != null) {
175173
verifiableCredential.setId(jwtId);
176174
}
@@ -185,14 +183,14 @@ public VerifiableCredential toVerifiableCredential() throws MalformedClaimExcept
185183
verifiableCredential.setIssuer(issuer);
186184
}
187185

188-
NumericDate notBefore = payload.getNotBefore();
189-
if (notBefore != null) {
190-
verifiableCredential.setIssuanceDate(new Date(notBefore.getValueInMillis()));
186+
Date notBeforeTime = payload.getNotBeforeTime();
187+
if (notBeforeTime != null) {
188+
verifiableCredential.setIssuanceDate(notBeforeTime);
191189
}
192190

193-
NumericDate expirationTime = payload.getExpirationTime();
191+
Date expirationTime = payload.getExpirationTime();
194192
if (expirationTime != null) {
195-
verifiableCredential.setExpirationDate(new Date(expirationTime.getValueInMillis()));
193+
verifiableCredential.setExpirationDate(expirationTime);
196194
}
197195

198196
return verifiableCredential;

src/main/java/com/danubetech/verifiablecredentials/jwt/JwtVerifiablePresentation.java

Lines changed: 31 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -2,26 +2,28 @@
22

33
import java.io.IOException;
44
import java.security.PrivateKey;
5+
import java.util.Date;
56
import java.util.UUID;
67

7-
import org.jose4j.jws.JsonWebSignature;
8-
import org.jose4j.jwt.JwtClaims;
9-
import org.jose4j.jwt.MalformedClaimException;
10-
import org.jose4j.lang.JoseException;
11-
128
import com.danubetech.verifiablecredentials.VerifiablePresentation;
13-
import com.fasterxml.jackson.core.JsonGenerationException;
9+
import com.nimbusds.jose.JOSEException;
10+
import com.nimbusds.jose.JWSAlgorithm;
11+
import com.nimbusds.jose.JWSHeader;
12+
import com.nimbusds.jose.JWSSigner;
13+
import com.nimbusds.jose.crypto.RSASSASigner;
14+
import com.nimbusds.jwt.JWTClaimsSet;
15+
import com.nimbusds.jwt.SignedJWT;
1416

1517
public class JwtVerifiablePresentation {
1618

1719
public static final String JWT_CLAIM_VP = "vp";
1820

19-
private final JwtClaims payload;
21+
private final JWTClaimsSet payload;
2022
private final JwtVerifiableCredential payloadJwtVerifiableCredential;
2123

2224
private String compactSerialization;
2325

24-
private JwtVerifiablePresentation(JwtClaims payload, JwtVerifiableCredential payloadJwtVerifiableCredential, String compactSerialization) {
26+
private JwtVerifiablePresentation(JWTClaimsSet payload, JwtVerifiableCredential payloadJwtVerifiableCredential, String compactSerialization) {
2527

2628
if (payload == null) throw new NullPointerException();
2729
if (payloadJwtVerifiableCredential == null) throw new NullPointerException();
@@ -31,34 +33,36 @@ private JwtVerifiablePresentation(JwtClaims payload, JwtVerifiableCredential pay
3133
this.compactSerialization = compactSerialization;
3234
}
3335

34-
public static JwtVerifiablePresentation fromJwtVerifiableCredential(JwtVerifiableCredential jwtVerifiableCredential, String aud) throws JsonGenerationException, IOException, MalformedClaimException {
36+
public static JwtVerifiablePresentation fromJwtVerifiableCredential(JwtVerifiableCredential jwtVerifiableCredential, String aud) throws IOException {
3537

3638
JwtVerifiableCredential payloadJwtVerifiableCredential = jwtVerifiableCredential;
39+
VerifiablePresentation verifiablePresentation = VerifiablePresentation.fromJwtVerifiableCredential(payloadJwtVerifiableCredential);
40+
41+
JWTClaimsSet.Builder payloadBuilder = new JWTClaimsSet.Builder();
3742

38-
JwtClaims payload = new JwtClaims();
43+
Date issueTime = new Date();
44+
45+
payloadBuilder.jwtID("urn:uuid:" + UUID.randomUUID().toString());
46+
payloadBuilder.issuer(jwtVerifiableCredential.getPayload().getSubject());
47+
payloadBuilder.issueTime(issueTime);
48+
payloadBuilder.notBeforeTime(issueTime);
3949

4050
if (aud != null) {
4151

42-
payload.setAudience(aud);
52+
payloadBuilder.audience(aud);
4353
}
4454

45-
VerifiablePresentation verifiablePresentation = VerifiablePresentation.fromJwtVerifiableCredential(payloadJwtVerifiableCredential);
46-
47-
payload.setJwtId("urn:uuid:" + UUID.randomUUID().toString());
48-
payload.setIssuer(jwtVerifiableCredential.getPayload().getSubject());
49-
payload.setIssuedAtToNow();
50-
payload.setNotBefore(payload.getIssuedAt());
51-
payload.setClaim(JWT_CLAIM_VP, verifiablePresentation.getJsonLdObject());
55+
payloadBuilder.claim(JWT_CLAIM_VP, verifiablePresentation.getJsonLdObject());
5256

53-
return new JwtVerifiablePresentation(payload, payloadJwtVerifiableCredential, null);
57+
return new JwtVerifiablePresentation(payloadBuilder.build(), payloadJwtVerifiableCredential, null);
5458
}
5559

56-
public static JwtVerifiablePresentation fromJwtVerifiableCredential(JwtVerifiableCredential jwtVerifiableCredential) throws JsonGenerationException, IOException, MalformedClaimException {
60+
public static JwtVerifiablePresentation fromJwtVerifiableCredential(JwtVerifiableCredential jwtVerifiableCredential) throws IOException {
5761

5862
return fromJwtVerifiableCredential(jwtVerifiableCredential, null);
5963
}
6064

61-
public JwtClaims getPayload() {
65+
public JWTClaimsSet getPayload() {
6266

6367
return this.payload;
6468
}
@@ -73,17 +77,16 @@ public String getCompactSerialization() {
7377
return this.compactSerialization;
7478
}
7579

76-
public String toJwt(String algorithm, PrivateKey privateKey) throws JoseException {
80+
public String toJwt(String algorithm, PrivateKey privateKey) throws JOSEException {
7781

78-
String payload = this.getPayload().toJson();
82+
JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.parse(algorithm)).build();
83+
SignedJWT signedJWT = new SignedJWT(jwsHeader, this.getPayload());
7984

80-
JsonWebSignature jws = new JsonWebSignature();
81-
jws.setAlgorithmHeaderValue(algorithm);
82-
jws.setPayload(payload);
85+
JWSSigner signer = new RSASSASigner(privateKey);
8386

84-
jws.setKey(privateKey);
87+
signedJWT.sign(signer);
8588

86-
this.compactSerialization = jws.getCompactSerialization();
89+
this.compactSerialization = signedJWT.serialize();
8790
return compactSerialization;
8891
}
8992
}

0 commit comments

Comments
 (0)