check if the received signature has JOSE or DER format

lbalmaceda · lbalmaceda · commit 2adaaa4be6a9 · 2016-11-04T18:51:53.000-03:00
diff --git a/lib/src/main/java/com/auth0/jwtdecodejava/algorithms/ECDSAAlgorithm.java b/lib/src/main/java/com/auth0/jwtdecodejava/algorithms/ECDSAAlgorithm.java
@@ -31,7 +31,7 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {
             s.initVerify(publicKey);
             s.update(content.getBytes());
             byte[] signature = Base64.decodeBase64(jwtParts[2]);
-            if (isJOSESignature(signature)) {
+            if (!isDERSignature(signature)) {
                 signature = JOSEToDER(signature);
             }
             boolean valid = s.verify(signature);
@@ -43,9 +43,10 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {
         }
     }
 
-    private boolean isJOSESignature(byte[] signature) {
-        //TODO: Check if the signature has JOSE format.
-        return true;
+    private boolean isDERSignature(byte[] signature) {
+        // DER Structure: http://crypto.stackexchange.com/a/1797
+        // Should begin with 0x30 and have exactly the expected length
+        return signature[0] == 0x30 && signature.length == ecNumberSize * 2;
     }
 
     private byte[] JOSEToDER(byte[] joseSignature) throws SignatureException {

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {`
`31`	`31`	`s.initVerify(publicKey);`
`32`	`32`	`s.update(content.getBytes());`
`33`	`33`	`byte[] signature = Base64.decodeBase64(jwtParts[2]);`
`34`		`- if (isJOSESignature(signature)) {`
	`34`	`+ if (!isDERSignature(signature)) {`
`35`	`35`	`signature = JOSEToDER(signature);`
`36`	`36`	`}`
`37`	`37`	`boolean valid = s.verify(signature);`
`@@ -43,9 +43,10 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {`
`43`	`43`	`}`
`44`	`44`	`}`
`45`	`45`
`46`		`- private boolean isJOSESignature(byte[] signature) {`
`47`		`- //TODO: Check if the signature has JOSE format.`
`48`		`- return true;`
	`46`	`+ private boolean isDERSignature(byte[] signature) {`
	`47`	`+ // DER Structure: http://crypto.stackexchange.com/a/1797`
	`48`	`+ // Should begin with 0x30 and have exactly the expected length`
	`49`	`+ return signature[0] == 0x30 && signature.length == ecNumberSize * 2;`
`49`	`50`	`}`
`50`	`51`
`51`	`52`	`private byte[] JOSEToDER(byte[] joseSignature) throws SignatureException {`