(Node.js) Validate JWS Using RSASSA-PKCS1-v1_5 SHA-256

Validates a JSON Web Signature (JWS) that uses RSASSA-PKCS1-v1_5 SHA-256.

Note: This example requires Chilkat v9.5.0.66 or greater.

Install Chilkat for Node.js and Electron using npm at Chilkat npm packages for Node.js Chilkat npm packages for Electron on Windows, Linux, MacOSX, and ARM

var os = require('os');
if (os.platform() == 'win32') {  
    if (os.arch() == 'ia32') {
        var chilkat = require('@chilkat/ck-node21-win-ia32');
    } else {
        var chilkat = require('@chilkat/ck-node21-win64'); 
    }
} else if (os.platform() == 'linux') {
    if (os.arch() == 'arm') {
        var chilkat = require('@chilkat/ck-node21-arm');
    } else if (os.arch() == 'x86') {
        var chilkat = require('@chilkat/ck-node21-linux32');
    } else {
        var chilkat = require('@chilkat/ck-node21-linux64');
    }
} else if (os.platform() == 'darwin') {
    if (os.arch() == 'arm64') {
        var chilkat = require('@chilkat/ck-node21-mac-m1');
    } else {
        var chilkat = require('@chilkat/ck-node21-macosx');
    }
}

function chilkatExample() {

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: This example requires Chilkat v9.5.0.66 or greater.

    // This example takes a JSON signature in compact serialization format,
    // and uses an RSA public key to validate and recover the protected header and payload.

    // We only need a public key for signature validation.  This is the RSA public key
    // that is used:

    //      {"kty":"RSA", 
    //       "n":"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx
    //            HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs
    //            D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH
    //            SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV
    //            MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8
    //            NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ", 
    //       "e":"AQAB"
    //      }

    var sbPubKey = new chilkat.StringBuilder();
    sbPubKey.Append("{\"kty\":\"RSA\",");
    sbPubKey.Append("\"n\":\"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx");
    sbPubKey.Append("HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs");
    sbPubKey.Append("D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH");
    sbPubKey.Append("SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV");
    sbPubKey.Append("MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8");
    sbPubKey.Append("NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ\",");
    sbPubKey.Append("\"e\":\"AQAB\"");
    sbPubKey.Append("}");

    var pubKey = new chilkat.PublicKey();
    var success = pubKey.LoadFromString(sbPubKey.GetAsString());
    if (success !== true) {
        console.log(pubKey.LastErrorText);
        return;
    }

    var jws = new chilkat.Jws();

    // Set the RSA public key:
    var signatureIndex = 0;
    jws.SetPublicKey(signatureIndex,pubKey);

    // Load the JWS.
    var sbJws = new chilkat.StringBuilder();
    sbJws.Append("eyJhbGciOiJSUzI1NiJ9");
    sbJws.Append(".");
    sbJws.Append("eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt");
    sbJws.Append("cGxlLmNvbS9pc19yb290Ijp0cnVlfQ");
    sbJws.Append(".");
    sbJws.Append("cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7");
    sbJws.Append("AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4");
    sbJws.Append("BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K");
    sbJws.Append("0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv");
    sbJws.Append("hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB");
    sbJws.Append("p0igcN_IoypGlUPQGe77Rw");

    success = jws.LoadJwsSb(sbJws);
    if (success !== true) {
        console.log(jws.LastErrorText);
        return;
    }

    // Validate the 1st (and only) signature at index 0..
    var v = jws.Validate(signatureIndex);
    if (v < 0) {
        // Perhaps Chilkat was not unlocked or the trial expired..
        console.log("Method call failed for some other reason.");
        console.log(jws.LastErrorText);
        return;
    }

    if (v == 0) {
        console.log("Invalid signature.  The RSA key was incorrect, the JWS was invalid, or both.");
        return;
    }

    // If we get here, the signature was validated..
    console.log("Signature validated.");
    console.log("--");

    // Recover the original content:
    console.log("Recovered content:");
    console.log(jws.GetPayload("utf-8"));
    console.log("--");

    // Examine the protected header:
    // joseHeader: JsonObject
    var joseHeader = jws.GetProtectedHeader(signatureIndex);
    if (jws.LastMethodSuccess !== true) {
        console.log("No protected header found at the given index.");
        return;
    }

    joseHeader.EmitCompact = false;

    console.log("Protected (JOSE) header:");
    console.log(joseHeader.Emit());

    // Output:

    // 	Signature validated.
    // 	--
    // 	Recovered content:
    // 	{"iss":"joe", 
    // 	 "exp":1300819380,
    // 	 "http://example.com/is_root":true}
    // 	--
    // 	Protected (JOSE) header:
    // 	{ 
    // 	  "alg": "RS256"
    // 	}

}

chilkatExample();