def validSignature(self, jwt):
print "Passport-social. validSignature. Checking JWT token signature"
valid = False
# security vulnerability - we need to validate
sigAlgorithm = jwt.getHeader().getAlgorithm().getName()
if ( sigAlgorithm != "RS512" ):
return False
try:
appConfiguration = AppConfiguration()
appConfiguration.setWebKeysStorage(WebKeyStorage.KEYSTORE)
appConfiguration.setKeyStoreFile(self.keyStoreFile)
appConfiguration.setKeyStoreSecret(self.keyStorePassword)
appConfiguration.setKeyRegenerationEnabled(False)
cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration)
valid = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), jwt.getHeader().getKeyId(),
None, None, jwt.getHeader().getAlgorithm())
except:
print "Exception: ", sys.exc_info()[1]
print "Passport-social. validSignature. Validation result was %s" % valid
return valid
def validSignature(self, jwt):
print "Passport. validSignature. Checking JWT token signature"
valid = False
try:
appConfiguration = AppConfiguration()
appConfiguration.setWebKeysStorage(WebKeyStorage.KEYSTORE)
appConfiguration.setKeyStoreFile(self.keyStoreFile)
appConfiguration.setKeyStoreSecret(self.keyStorePassword)
appConfiguration.setKeyRegenerationEnabled(False)
cryptoProvider = CryptoProviderFactory.getCryptoProvider(
appConfiguration)
alg_string = str(jwt.getHeader().getAlgorithm())
signature_string = str(jwt.getEncodedSignature())
if alg_string == "none" or alg_string == "None" or alg_string == "NoNe" or alg_string == "nONE" or alg_string == "NONE" or alg_string == "NonE" or alg_string == "nOnE":
# blocks none attack
print "WARNING: JWT Signature algorithm is none"
valid = False
elif alg_string != "RS512":
# blocks anything that's not RS512
print "WARNING: JWT Signature algorithm is NOT RS512"
valid = False
elif signature_string == "":
# blocks empty signature string
print "WARNING: JWT Signature not sent"
valid = False
else:
# class extends AbstractCryptoProvider
''' on version 4.2 .getAlgorithm() method was renamed to .getSignatureAlgorithm()
for older versions:
valid = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), jwt.getHeader().getKeyId(),
None, None, jwt.getHeader().getAlgorithm())
'''
# working on 4.2:
valid = cryptoProvider.verifySignature(
jwt.getSigningInput(), jwt.getEncodedSignature(),
jwt.getHeader().getKeyId(), None, None,
jwt.getHeader().getSignatureAlgorithm())
except:
print "Exception: ", sys.exc_info()[1]
print "Passport. validSignature. Validation result was %s" % valid
return valid
def validSignature(self, jwt):
print "Passport. validSignature. Checking JWT token signature"
valid = False
try:
appConfiguration = AppConfiguration()
appConfiguration.setWebKeysStorage(WebKeyStorage.KEYSTORE)
appConfiguration.setKeyStoreFile(self.keyStoreFile)
appConfiguration.setKeyStoreSecret(self.keyStorePassword)
cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration)
valid = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), jwt.getHeader().getKeyId(),
None, None, jwt.getHeader().getAlgorithm())
except:
print "Exception: ", sys.exc_info()[1]
print "Passport. validSignature. Validation result was %s" % valid
return valid
def validSignature(self, jwt):
print "Passport. validSignature. Checking JWT token signature"
valid = False
try:
appConfiguration = AppConfiguration()
appConfiguration.setWebKeysStorage(WebKeyStorage.KEYSTORE)
appConfiguration.setKeyStoreFile(self.keyStoreFile)
appConfiguration.setKeyStoreSecret(self.keyStorePassword)
cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration)
valid = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), jwt.getHeader().getKeyId(),
None, None, jwt.getHeader().getAlgorithm())
except:
print "Exception: ", sys.exc_info()[1]
print "Passport. validSignature. Validation result was %s" % valid
return valid
def init(self, configurationAttributes, scriptName):
print("Passport. init called from " + scriptName)
self.telemetryClient = TelemetryClient()
try:
# Instantiate a Crypto Provider to verify token signatures
self.keyStoreFile = configurationAttributes.get(
"key_store_file").getValue2()
self.keyStorePassword = configurationAttributes.get(
"key_store_password").getValue2()
appConfiguration = AppConfiguration()
appConfiguration.setWebKeysStorage(WebKeyStorage.KEYSTORE)
appConfiguration.setKeyStoreFile(self.keyStoreFile)
appConfiguration.setKeyStoreSecret(self.keyStorePassword)
appConfiguration.setRejectJwtWithNoneAlg(True)
appConfiguration.setKeyRegenerationEnabled(False)
self.cryptoProvider = CryptoProviderFactory.getCryptoProvider(
appConfiguration)
# Load the passport config
with open('/etc/gluu/conf/passport-config.json',
'r') as configFile:
self.passportConfig = json.load(configFile)
if StringHelper.isEmpty(
self.passportConfig["keyAlg"]) or StringHelper.isEmpty(
self.passportConfig["keyId"]):
print(
"Passport. init for %s. Failed to read key information from passport-config"
% scriptName)
return False
# Load all provider configurations
self.registeredProviders = self.parseProviders()
except:
print("Passport. init for %s. Initialization failed:" % scriptName)
print(sys.exc_info())
return False
print("Passport. init for %s. Initialization success" % scriptName)
return True
