Fork me on GitHub
#aws
<
2021-09-28
>
Ben Hammond15:09:44

I'm trying to understand how to manually verify a JWT from its jwks public key properties I have a ~/.well-known/jwks.json that looki like

{"alg":"RS256",
"e":"AQAB",
"kid":"nIkH2Qf4xgTHg5Tyr8kb6EbrACIbzdbjjKjsIgThxAk=",
"kty":"RSA",
"n":"twLD4PL2Dk0SB1kpv34Vkv7ChT78idsbbu08bzzn0e3hCxehKPB3K8X_0aL99lxpgRDzUjuFYYeOTlzcHQUdb5L9E68Ktd_H8nxvLC1oqTkTyUp6xgbdiKh6OGg3AVE65lensfDeAn_BpR7TTnffeTBIVrI2KD8Vyt2CnfPKNfwSblHKtfNKm-o0Rb_IiGzdAutbedACToEkmsfnQ_AaMqHiY7XBuZ12qR04lbKGqWEol5PHKFquXtw7Nrs7CaXx0RqDesKHuRIC-FXGNs8jzfRzv2nNUAbG__jjsqlwlr-6OUSaHpuIf0hWJOG3mzc_6QAaB_TiIQuL2TmMEV_lew",
"use":"sig"},
and I am trying to plug those key properties into
(com.auth0.jwt.JWT/require
     (com.auth0.jwt.algorithms.Algorithm/RSA256
      (.generatePublic (KeyFactory/getInstance "RSA")
                       (RSAPublicKeySpec.
                        (biginteger (.decode (java.util.Base64/getUrlDecoder) n))
                        (biginteger (.decode (Base64/getUrlDecoder) e)))) nil))
but the modulus is coming out negative (and it is supposed to be a Base64urlUInt putting an .abs on does not seem to help tells me the signature is good, so what am I missing? how do I decode a a jwks modulus into a positive BigInteger?

Ben Hammond15:09:51

oh theres an arity-2 BigInteger constructor

public BigInteger(int signum, byte[] magnitude, int off, int len) {
 

Ben Hammond15:09:52

that was indeed my problem...

Ben Hammond15:09:10

my next question is > is it possible to cajole the Cognito User Pool App signing key into signing my customized JWT?

Ben Hammond15:09:47

I had a small hope that I could plug the > Cognito App Client Secret into an RSAPrivateKeySpec as the private Exponent but it does not does appear to work...

Ben Hammond12:10:53

I have concluded that it is not