JWT signature Kotlin/Java

Help
, ,
1

Hi,
I’m trying to validate a token decrypted with JWT
to do this I am using this script, I also insert the token and the json that I use to create the public key

                   //implementation 'com.auth0:java-jwt:3.10.3'

					var license = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRJZCI6MjcwMzYwLCJwYWNrYWdlcyI6WyJBUFBMSV9NT0JJTEUiXSwiZmVhdHVyZXMiOlt7ImtleSI6IkFQUExJX01PQklMRSJ9XSwiZXhwIjoxNjAxOTc3NTA2LjB9.TtaU3WraAEfDud82IIfC6jdJ1QugXLMdHII7Z84XtrC3rUtKZRJxo7tqC3WUbly-rejkoTfIQZvy4mdacYVGcQHAWQEIrkozbl3yqOPR7JAc1btJDsFGBcPxS1_DCF5WNMlf_vXBRanLCIOb-5xKkGcq5gPlMIVjNCgHBZkWW3BucFx04PL5ctl8gBmH7-AjnFK4qtTB724GphARnFLLzlveKWHu5jvJ1wQFw5N-53vRdzU7YVU9IAtwk5zDbsVTL6bXZ8kYTZqjk7Jo9ic9_apuTcPZavustNfiBYEDPgXbbHrkG7YpjOUgMJKbha6GiPNTVdzep6zbVj81EQQr4g"

                    var obj_cert = Gson().toJsonTree(jsonJWKObject)
                    var cert = obj_cert.toString()
					cert ={"alg":"RS256","e":"AQAB","kid":"1","kty":"RSA","n":"rXYc2Ehtb42R83kLIw56biI/ABOp03lzbYHdXI0caeliqP7KPOvaKQjQsCl84qmA7CIRTve4sBUq1Fp/zwMeyxMV5tvLIX2WIexf0OarA5S1ibU9xCD6LWzkdy1nhXeeDCeaN3fn3/7cdQIijII5YBKt0jTdqj9Sc48dguwObWkDbqFTYHf5DNn1qXDpvTCMON696eXJu+wzu3O+U8JBIR0XJyn2tcnrprkE5V+XCBGcLtG6W86r9m/aJptuCEP3L+nVx7CCPd0y/g9QgbtGTJT2CvgRlAzmVmbg9WgKHA4ZIXprvnGgXdu+gSNUB2JiQ3lqRxJgPkXlUb4M0EGH4Q==","use":"sig"}


                    try {
                        var kf = KeyFactory.getInstance("RSA")

                        var e = "AQAB";
                        //cert = cert.replace('+', '-').replace('/', '_').replace("=", "")

                        cert = String( Base64.getEncoder().encode(cert.toByteArray(StandardCharsets.UTF_8)))

                        var eInt = BigInteger(1, Base64.getDecoder().decode(e))
                        var nInt = BigInteger(1, Base64.getDecoder().decode(cert))

                        var spec = RSAPublicKeySpec(nInt, eInt)
                        val publicKey = kf.generatePublic(spec) as RSAPublicKey


                        var algorithm: Algorithm = Algorithm.RSA256(publicKey, null);
                        var verifier: JWTVerifier = com.auth0.jwt.JWT.require(algorithm)
                            .withIssuer("auth0")
                            .build()
                        var jwtDecodedJWT = verifier.verify(license);
                        println(jwtDecodedJWT)
                    } catch (ex: Exception) {
                        println(ex)
                        //com.auth0.jwt.exceptions.SignatureVerificationException: The Token's Signature resulted invalid when verified using the Algorithm: SHA256withRSA
                    }

if I test on the jwt.io site debugger I get Signature Verified if instead I run my script I get the exception “The Token’s Signature resulted invalid when verified using the Algorithm: SHA256withRSA”

the library I know using is ‘com.auth0: java-jwt: 3.10.3’

I’ve been trying everything for a week but I can’t move forward, and above all I can’t understand where the problem is.
I doubt that the public key is incorrect, but I don’t understand how to verify it.

Someone can help me.
Thank you

2

I have solved.
This was the problem.

val nInt = Biginteger(1, Base64.getUrlDecoder().decode(n))

It was not necessary to pass all the “cert” but only the “n” element of the json.
It was also not necessary to make a double getEncoder

        val e = obj_cert.asJsonObject["e"].asString
        val n = obj_cert.asJsonObject["n"].asString.replace('+', '-').replace('/', '_').replace("=", "")
        val eInt = BigInteger(1, Base64.getUrlDecoder().decode(e))
        val nInt = BigInteger(1, Base64.getUrlDecoder().decode(n))

        val spec = RSAPublicKeySpec(nInt, eInt)
        val publicKey =    KeyFactory.getInstance("RSA").generatePublic(spec) as RSAPublicKey

        val algorithm: Algorithm = Algorithm.RSA256(publicKey, null)
        val verifier: JWTVerifier = com.auth0.jwt.JWT.require(algorithm).build()

        verifier.verify(license)