spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/TokenValidator.java [88:107]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - private boolean hasValidSignature(Token token, String key) { try { PublicKey publicKey = getPublicKey(key); Signature signature = Signature.getInstance("SHA256withRSA"); signature.initVerify(publicKey); signature.update(token.getContent()); return signature.verify(token.getSignature()); } catch (GeneralSecurityException ex) { return false; } } private PublicKey getPublicKey(String key) throws NoSuchAlgorithmException, InvalidKeySpecException { key = key.replace("-----BEGIN PUBLIC KEY-----\n", ""); key = key.replace("-----END PUBLIC KEY-----", ""); key = key.trim().replace("\n", ""); byte[] bytes = Base64Utils.decodeFromString(key); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes); return KeyFactory.getInstance("RSA").generatePublic(keySpec); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/reactive/ReactiveTokenValidator.java [94:113]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - private boolean hasValidSignature(Token token, String key) { try { PublicKey publicKey = getPublicKey(key); Signature signature = Signature.getInstance("SHA256withRSA"); signature.initVerify(publicKey); signature.update(token.getContent()); return signature.verify(token.getSignature()); } catch (GeneralSecurityException ex) { return false; } } private PublicKey getPublicKey(String key) throws NoSuchAlgorithmException, InvalidKeySpecException { key = key.replace("-----BEGIN PUBLIC KEY-----\n", ""); key = key.replace("-----END PUBLIC KEY-----", ""); key = key.trim().replace("\n", ""); byte[] bytes = Base64Utils.decodeFromString(key); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes); return KeyFactory.getInstance("RSA").generatePublic(keySpec); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -