From 7898ce2dedf2b80507bf1b59ad196ec80f2ced6e Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 14 Jun 2018 17:04:14 -0500 Subject: [PATCH] Add JWKContextJWKSource Issue: gh-5330 --- .../oauth2/jwt/JWKContextJWKSource.java | 43 +++++++++++++++++++ .../oauth2/jwt/JWKContextJWKSourceTests.java | 42 ++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JWKContextJWKSource.java create mode 100644 oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JWKContextJWKSourceTests.java diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JWKContextJWKSource.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JWKContextJWKSource.java new file mode 100644 index 0000000000..e444d39982 --- /dev/null +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JWKContextJWKSource.java @@ -0,0 +1,43 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.jwt; + +import com.nimbusds.jose.jwk.JWK; +import com.nimbusds.jose.jwk.JWKSelector; +import com.nimbusds.jose.jwk.source.JWKSource; + +import java.util.List; + +/** + * A {@link JWKSource} used for reactive applications that returns the {@link JWK} from the {@link JWKContext}. + * + *

+ * The Nimbus {@link JWKSource} is a blocking API which means the {@link JWK} cannot be resolved using code that blocks. + * This means that the JWK Set could not be retrieved from HTTP endpoint. To work around this the {@link JWK} is + * resolved in the {@link ReactiveJwtDecoder} and provided via the {@link JWKContext}. + *

+ * + * @author Rob Winch + * @since 5.1 + */ +class JWKContextJWKSource implements JWKSource { + + @Override + public List get(JWKSelector jwkSelector, JWKContext context) { + return context.getJwkList(); + } +} diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JWKContextJWKSourceTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JWKContextJWKSourceTests.java new file mode 100644 index 0000000000..1da696bfdf --- /dev/null +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JWKContextJWKSourceTests.java @@ -0,0 +1,42 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.jwt; + +import com.nimbusds.jose.jwk.JWK; +import org.junit.Test; + +import java.util.Arrays; + +import static org.assertj.core.api.Assertions.*; +import static org.mockito.Mockito.mock; + +/** + * @author Rob Winch + * @since 5.1 + */ +public class JWKContextJWKSourceTests { + private JWKContextJWKSource source = new JWKContextJWKSource(); + + @Test + public void getWhenKeysNotEmptyThenContainsKeys() { + JWK key = mock(JWK.class); + JWKContext jwkContext = new JWKContext(Arrays.asList(key)); + + assertThat(this.source.get(null, jwkContext)).containsOnly(key); + } + +}