From 84583f2afd8bde0cc67c27d80e1d6855f8037c29 Mon Sep 17 00:00:00 2001
From: David Schwarzmann <david.schwarzmann@codecentric.de>
Date: Tue, 3 Aug 2021 16:50:02 +0200
Subject: [PATCH] refactor(example): Ensure in the example that we only allow
 PS512 keys

---
 docs/getting-started/event-log.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/getting-started/event-log.md b/docs/getting-started/event-log.md
index df1dfc981..34043fc63 100644
--- a/docs/getting-started/event-log.md
+++ b/docs/getting-started/event-log.md
@@ -214,6 +214,11 @@ static final ZUSTELLDIENST_BASE_URL = "https://zustelldienst.example.com";
 boolean verifySignature(SignedJWT securityEventToken, String keyId) {
   JWKSet jwks = JWKSet.load(ZUSTELLDIENST_BASE_URL + "/.well-known/jwks.json");
   JWK publicKey = jwks.getKeyByKeyId(keyId)
+
+  if (publicKey.getAlgorithm() != JWSAlgorithm.PS512) {
+    throw new RuntimeException("The key specified for signature verification doesn't use/specify PS512 as algorithm.")
+  }
+
   JWSVerifier jwsVerifier = new RSASSAVerifier(publicKey.toRSAKey());
   return signedJWT.verify(jwsVerifier);
 }
-- 
GitLab