Thanks Harshan, But I am using multitenancy feature of API manager so the token is encrypted using using domainname.jks not wso2carbon.jks. And the domainname.jks does not exists in the physical directory.
My requirement is to validate the jwt token signature generated by wso2 for tenant using the public key in the client side. eg, I have a tenant say ibm.com, the code in AbstractJWTToken is signing the token using a key which does not exists, is that a in-memory key in the class AbstractJWTGenerator. private byte[] signJWT(String assertion, String endUserName) throws APIManagementException { try { //get tenant domain String tenantDomain = MultitenantUtils.getTenantDomain(endUserName); //get tenantId int tenantId = APIUtil.getTenantId(endUserName); Key privateKey = null; if (!(privateKeys.containsKey(tenantId))) { APIUtil.loadTenantRegistry(tenantId); //get tenant's key store manager KeyStoreManager tenantKSM = KeyStoreManager.getInstance(tenantId); if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { //derive key store name String ksName = tenantDomain.trim().replace(".", "-"); String jksName = ksName + ".jks"; //obtain private key //TODO: maintain a hash map with tenants' private keys after first initialization privateKey = tenantKSM.getPrivateKey(jksName, tenantDomain); } else { try { privateKey = tenantKSM.getDefaultPrivateKey(); } catch (Exception e) { log.error("Error while obtaining private key for super tenant", e); } } if (privateKey != null) { privateKeys.put(tenantId, privateKey); } } else { privateKey = privateKeys.get(tenantId); } //initialize signature with private key and algorithm Signature signature = Signature.getInstance(signatureAlgorithm); signature.initSign((PrivateKey) privateKey); //update signature with data to be signed byte[] dataInBytes = assertion.getBytes(); signature.update(dataInBytes); //sign the assertion and return the signature byte[] signedInfo = signature.sign(); return signedInfo; } catch (NoSuchAlgorithmException e) { String error = "Signature algorithm not found."; //do not log throw new APIManagementException(error); } catch (InvalidKeyException e) { String error = "Invalid private key provided for the signature"; //do not log throw new APIManagementException(error); } catch (SignatureException e) { String error = "Error in signature"; //do not log throw new APIManagementException(error); } } On Thu, Jan 14, 2016 at 1:20 PM, Harshan Liyanage <hars...@wso2.com> wrote: > Hi Pramod, > > We are storing the public certificate file in wso2carbon.jks keystore. You > can find it in <PRODUCT_HOME>/repository/resources/security directory. > Refer to [1] for obtaining the certificate. For example you can use the > following command to get the public certificate. Keystore password will be > wso2carbon. > > keytool -export -keystore wso2carbon.jks -alias wso2carbon -file > public_cert.cer > > [1]. https://docs.oracle.com/javase/tutorial/security/toolsign/step5.html > [2]. https://docs.wso2.com/display/Carbon420/Keystores > > Thanks, > > Harshan Liyanage > Software Engineer > Mobile: *+94724423048* > Email: hars...@wso2.com > Blog : http://harshanliyanage.blogspot.com/ > *WSO2, Inc. :** wso2.com <http://wso2.com/>* > lean.enterprise.middleware. > > On Thu, Jan 14, 2016 at 1:02 PM, Pramod Thakur <sendpra...@gmail.com> > wrote: > >> Hi, >> >> How can I get public key certificate to validate JWT token signature in >> wso2 Api Manager for tenant. >> >> The problem I am facing is,I couldn't get the public certificate in the >> physical directory but wso2 is managing to sign the token, I couldn't get >> how. >> >> On Thu, Jan 14, 2016 at 12:57 PM, Pramod Thakur <sendpra...@gmail.com> >> wrote: >> >>> Hi, >>> >>> How can I get public key certificate to validate JWT token in wso2 Api >>> Manager for tenant in the client endpoint. >>> >>> The problem i am facing is, i couldn't get the public certificate in the >>> physical directory but wso2 is managing to sign the token, i couldn't get >>> how. >>> >>> >>> -- >>> * Regards* >>> * Pramod Thakur* >>> * 9980422825* >>> * Thank you.* >>> >>> >>> >>> >>> >>> >> >> >> -- >> * Regards* >> * Pramod Thakur* >> * 9980422825* >> * Thank you.* >> >> >> >> >> >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > -- * Regards* * Pramod Thakur* * 9980422825* * Thank you.*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev