Hi Pramod, I have done somewhat similar to what you are trying and can share more details if it suits your requirement.
In the scenario I did, the client application is a webapp deployed in the WSO2 Application Server. It uses a utility (you can find the code in [1]) which is built and put into the AS_HOME/repository/components/dropins directory (since it is an OSGI bundle). With the client webapp I do not bundle this util and set the scope for it as 'provided' in the pom file's dependency. In this [1], it generates a simple JWT and sign with a given tenant's private key. So if your client application is a webapp deployed in AS, then you should be able to access the KeyStoreManager and get the public certificate for the particular tenant for validating the JWT. If not what you can do is write a custom component that exposes an endpoint (i.e a servlet) which can be called by your client application (sample is in [2] for exposing a servlet). This component can be put into the dropins folder of the server so it'll have access to the KeyStoreManager. From the client application, you can send the JWT to that endpoint which can validate and return a response. Hope this helps. [1] https://github.com/thariyarox/JWT_Generator_Util [2] http://tharindue.blogspot.com/2015/11/exposing-servlet-from-osgi-bundle-in.html Thanks, Tharindu On Thu, Jan 14, 2016 at 4:13 PM, Pramod Thakur <sendpra...@gmail.com> wrote: > Hi, > > This won't help I think any how since i am outside of wso2 so I don't have > access to KeyStoreManager. > > The problem is simple, I have a jwt token generated by wso2 which is > transferred in the header to the client using X-JWT-TOKEN now i need to > validate it in the client side using a public key. > > So the only thing that is missing is public key for the tenant. I need a > way to get the access to that public key from the registry. > > > > > > On Thu, Jan 14, 2016 at 3:17 PM, Udara Liyanage <ud...@wso2.com> wrote: > >> Hi, >> >> Have a look at extractAppIdFromIdToken funtion of [1] >> >> [1] >> https://github.com/apache/stratos/blob/master/components/org.apache.stratos.metadata.service/src/main/java/org/apache/stratos/metadata/service/handlers/OAuthHandler.java >> >> On Thu, Jan 14, 2016 at 3:07 PM, Godwin Shrimal <god...@wso2.com> wrote: >> >>> Hi Pramod, >>> >>> You can use Signature class to verify signature. Please see below code >>> snippet. >>> >>> java.security.Signature signature = >>> java.security.Signature.getInstance("SHA1withRSA"); >>> signature.initVerify(publicKey); >>> signature.verify(signature) >>> >>> Thanks >>> Godwin >>> >>> >>> >>> On Thu, Jan 14, 2016 at 2:51 PM, Pramod Thakur <sendpra...@gmail.com> >>> wrote: >>> >>>> Hi Godwin, >>>> >>>> Thanks for the reply, >>>> >>>> Then how can I validate the jwt token that is generated by the wso2 in >>>> the client. >>>> >>>> I need to validate the signature of jwt token generated by Wso2 using >>>> the public key. >>>> >>>> >>>> >>>> >>>> >>>> On Thu, Jan 14, 2016 at 2:39 PM, Godwin Shrimal <god...@wso2.com> >>>> wrote: >>>> >>>>> Hi Pramod, >>>>> >>>>> We keep only supper tenant keystore in the physical file system and >>>>> tenant keystores stores in registry. You can get the public certificate >>>>> for >>>>> the specific tenant using KeyStoreManager class. Please see below code >>>>> snippet. >>>>> >>>>> KeyStoreManager.getInstance(tenantId).getDefaultPublicKey() >>>>> >>>>> >>>>> Thanks >>>>> Godwin >>>>> >>>>> >>>>> On Thu, Jan 14, 2016 at 1:20 PM, Harshan Liyanage <hars...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi Pramod, >>>>>> >>>>>> We are storing the public certificate file in wso2carbon.jks >>>>>> keystore. You can find it in <PRODUCT_HOME>/repository/resources/security >>>>>> directory. Refer to [1] for obtaining the certificate. For example you >>>>>> can >>>>>> use the following command to get the public certificate. Keystore >>>>>> password >>>>>> will be wso2carbon. >>>>>> >>>>>> keytool -export -keystore wso2carbon.jks -alias wso2carbon -file >>>>>> public_cert.cer >>>>>> >>>>>> [1]. >>>>>> https://docs.oracle.com/javase/tutorial/security/toolsign/step5.html >>>>>> [2]. https://docs.wso2.com/display/Carbon420/Keystores >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Harshan Liyanage >>>>>> Software Engineer >>>>>> Mobile: *+94724423048* >>>>>> Email: hars...@wso2.com >>>>>> Blog : http://harshanliyanage.blogspot.com/ >>>>>> *WSO2, Inc. :** wso2.com <http://wso2.com/>* >>>>>> lean.enterprise.middleware. >>>>>> >>>>>> On Thu, Jan 14, 2016 at 1:02 PM, Pramod Thakur <sendpra...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> How can I get public key certificate to validate JWT token signature >>>>>>> in wso2 Api Manager for tenant. >>>>>>> >>>>>>> The problem I am facing is,I couldn't get the public certificate in >>>>>>> the physical directory but wso2 is managing to sign the token, I >>>>>>> couldn't >>>>>>> get how. >>>>>>> >>>>>>> On Thu, Jan 14, 2016 at 12:57 PM, Pramod Thakur < >>>>>>> sendpra...@gmail.com> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> How can I get public key certificate to validate JWT token in wso2 >>>>>>>> Api Manager for tenant in the client endpoint. >>>>>>>> >>>>>>>> The problem i am facing is, i couldn't get the public certificate >>>>>>>> in the physical directory but wso2 is managing to sign the token, i >>>>>>>> couldn't get how. >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> * Regards* >>>>>>>> * Pramod Thakur* >>>>>>>> * 9980422825* >>>>>>>> * Thank you.* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> * Regards* >>>>>>> * Pramod Thakur* >>>>>>> * 9980422825* >>>>>>> * Thank you.* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> Dev@wso2.org >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Godwin Amila Shrimal* >>>>> Senior Software Engineer >>>>> WSO2 Inc.; http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> mobile: *+94772264165* >>>>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>>>> twitter: https://twitter.com/godwinamila >>>>> >>>> >>>> >>>> >>>> -- >>>> * Regards* >>>> * Pramod Thakur* >>>> * 9980422825* >>>> * Thank you.* >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> *Godwin Amila Shrimal* >>> Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>> twitter: https://twitter.com/godwinamila >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> Udara Liyanage >> Software Engineer >> WSO2, Inc.: http://wso2.com >> lean. enterprise. middleware >> >> web: http://udaraliyanage.wordpress.com >> phone: +94 71 443 6897 >> > > > > -- > * Regards* > * Pramod Thakur* > * 9980422825* > * Thank you.* > > > > > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Identity Server Team Blog : tharindue.blogspot.com mobile : 408-714-8437
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev