in src/main/java/org/apache/geronimo/microprofile/impl/jwtauth/jwt/SignatureValidator.java [66:102]
public void verifySignature(final String alg, final String key, final String signingString, final String expected) {
final String normalizedAlg = alg.toLowerCase(Locale.ROOT);
if (!supportedAlgorithms.contains(normalizedAlg)) {
throw new JwtException("Unsupported algorithm", HttpURLConnection.HTTP_UNAUTHORIZED);
}
switch (normalizedAlg) {
case "rs256":
verifySignature(toPublicKey(key, "RSA"), signingString, expected, "SHA256withRSA");
break;
case "rs384":
verifySignature(toPublicKey(key, "RSA"), signingString, expected, "SHA384withRSA");
break;
case "rs512":
verifySignature(toPublicKey(key, "RSA"), signingString, expected, "SHA512withRSA");
break;
case "hs256":
verifyMac(toSecretKey(key, "HmacSHA256"), signingString, expected);
break;
case "hs384":
verifyMac(toSecretKey(key, "HmacSHA384"), signingString, expected);
break;
case "hs512":
verifyMac(toSecretKey(key, "HmacSHA512"), signingString, expected);
break;
case "es256":
verifySignature(toPublicKey(key, "EC"), signingString, expected, "SHA256withECDSA");
break;
case "es384":
verifySignature(toPublicKey(key, "EC"), signingString, expected, "SHA384withECDSA");
break;
case "es512":
verifySignature(toPublicKey(key, "EC"), signingString, expected, "SHA512withECDSA");
break;
default:
throw new IllegalArgumentException("Unsupported algorithm: " + normalizedAlg);
}
}