Hi,
I’m trying to validate a token decrypted with JWT
to do this I am using this script, I also insert the token and the json that I use to create the public key
//implementation 'com.auth0:java-jwt:3.10.3'
var license = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRJZCI6MjcwMzYwLCJwYWNrYWdlcyI6WyJBUFBMSV9NT0JJTEUiXSwiZmVhdHVyZXMiOlt7ImtleSI6IkFQUExJX01PQklMRSJ9XSwiZXhwIjoxNjAxOTc3NTA2LjB9.TtaU3WraAEfDud82IIfC6jdJ1QugXLMdHII7Z84XtrC3rUtKZRJxo7tqC3WUbly-rejkoTfIQZvy4mdacYVGcQHAWQEIrkozbl3yqOPR7JAc1btJDsFGBcPxS1_DCF5WNMlf_vXBRanLCIOb-5xKkGcq5gPlMIVjNCgHBZkWW3BucFx04PL5ctl8gBmH7-AjnFK4qtTB724GphARnFLLzlveKWHu5jvJ1wQFw5N-53vRdzU7YVU9IAtwk5zDbsVTL6bXZ8kYTZqjk7Jo9ic9_apuTcPZavustNfiBYEDPgXbbHrkG7YpjOUgMJKbha6GiPNTVdzep6zbVj81EQQr4g"
var obj_cert = Gson().toJsonTree(jsonJWKObject)
var cert = obj_cert.toString()
cert ={"alg":"RS256","e":"AQAB","kid":"1","kty":"RSA","n":"rXYc2Ehtb42R83kLIw56biI/ABOp03lzbYHdXI0caeliqP7KPOvaKQjQsCl84qmA7CIRTve4sBUq1Fp/zwMeyxMV5tvLIX2WIexf0OarA5S1ibU9xCD6LWzkdy1nhXeeDCeaN3fn3/7cdQIijII5YBKt0jTdqj9Sc48dguwObWkDbqFTYHf5DNn1qXDpvTCMON696eXJu+wzu3O+U8JBIR0XJyn2tcnrprkE5V+XCBGcLtG6W86r9m/aJptuCEP3L+nVx7CCPd0y/g9QgbtGTJT2CvgRlAzmVmbg9WgKHA4ZIXprvnGgXdu+gSNUB2JiQ3lqRxJgPkXlUb4M0EGH4Q==","use":"sig"}
try {
var kf = KeyFactory.getInstance("RSA")
var e = "AQAB";
//cert = cert.replace('+', '-').replace('/', '_').replace("=", "")
cert = String( Base64.getEncoder().encode(cert.toByteArray(StandardCharsets.UTF_8)))
var eInt = BigInteger(1, Base64.getDecoder().decode(e))
var nInt = BigInteger(1, Base64.getDecoder().decode(cert))
var spec = RSAPublicKeySpec(nInt, eInt)
val publicKey = kf.generatePublic(spec) as RSAPublicKey
var algorithm: Algorithm = Algorithm.RSA256(publicKey, null);
var verifier: JWTVerifier = com.auth0.jwt.JWT.require(algorithm)
.withIssuer("auth0")
.build()
var jwtDecodedJWT = verifier.verify(license);
println(jwtDecodedJWT)
} catch (ex: Exception) {
println(ex)
//com.auth0.jwt.exceptions.SignatureVerificationException: The Token's Signature resulted invalid when verified using the Algorithm: SHA256withRSA
}
if I test on the jwt.io site debugger I get Signature Verified if instead I run my script I get the exception “The Token’s Signature resulted invalid when verified using the Algorithm: SHA256withRSA”
the library I know using is ‘com.auth0: java-jwt: 3.10.3’
I’ve been trying everything for a week but I can’t move forward, and above all I can’t understand where the problem is.
I doubt that the public key is incorrect, but I don’t understand how to verify it.
Someone can help me.
Thank you