From f36e2fca5993dfcf1191babfb44c895be79c6036 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Fri, 15 Jan 2021 22:15:35 -0700 Subject: [PATCH] Remove SingleKeyJWSKeySelector Closes gh-9348 --- .../security/oauth2/jwt/NimbusJwtDecoder.java | 3 +- .../oauth2/jwt/NimbusReactiveJwtDecoder.java | 3 +- .../oauth2/jwt/SingleKeyJWSKeySelector.java | 57 ------------------- .../oauth2/jwt/NimbusJwtDecoderTests.java | 5 +- 4 files changed, 6 insertions(+), 62 deletions(-) delete mode 100644 oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/SingleKeyJWSKeySelector.java diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java index c4e80d2316..de76dae836 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,6 +42,7 @@ import com.nimbusds.jose.jwk.source.RemoteJWKSet; import com.nimbusds.jose.proc.JWSKeySelector; import com.nimbusds.jose.proc.JWSVerificationKeySelector; import com.nimbusds.jose.proc.SecurityContext; +import com.nimbusds.jose.proc.SingleKeyJWSKeySelector; import com.nimbusds.jose.util.Resource; import com.nimbusds.jose.util.ResourceRetriever; import com.nimbusds.jwt.JWT; diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java index 122cf14c37..9043c0c679 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,6 +42,7 @@ import com.nimbusds.jose.proc.JWKSecurityContext; import com.nimbusds.jose.proc.JWSKeySelector; import com.nimbusds.jose.proc.JWSVerificationKeySelector; import com.nimbusds.jose.proc.SecurityContext; +import com.nimbusds.jose.proc.SingleKeyJWSKeySelector; import com.nimbusds.jwt.JWT; import com.nimbusds.jwt.JWTClaimsSet; import com.nimbusds.jwt.JWTParser; diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/SingleKeyJWSKeySelector.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/SingleKeyJWSKeySelector.java deleted file mode 100644 index 677e06ed60..0000000000 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/SingleKeyJWSKeySelector.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 2002-2020 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.oauth2.jwt; - -import java.security.Key; -import java.util.Arrays; -import java.util.List; - -import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jose.proc.JWSKeySelector; -import com.nimbusds.jose.proc.SecurityContext; - -import org.springframework.util.Assert; - -/** - * An internal implementation of {@link JWSKeySelector} that always returns the same key - * - * @author Josh Cummings - * @since 5.2 - */ -final class SingleKeyJWSKeySelector implements JWSKeySelector { - - private final List keySet; - - private final JWSAlgorithm expectedJwsAlgorithm; - - SingleKeyJWSKeySelector(JWSAlgorithm expectedJwsAlgorithm, Key key) { - Assert.notNull(expectedJwsAlgorithm, "expectedJwsAlgorithm cannot be null"); - Assert.notNull(key, "key cannot be null"); - this.keySet = Arrays.asList(key); - this.expectedJwsAlgorithm = expectedJwsAlgorithm; - } - - @Override - public List selectJWSKeys(JWSHeader header, C context) { - if (!this.expectedJwsAlgorithm.equals(header.getAlgorithm())) { - throw new BadJwtException("Unsupported algorithm of " + header.getAlgorithm()); - } - return this.keySet; - } - -} diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java index 0169f03d30..5500f2a3bc 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoderTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -503,8 +503,7 @@ public class NimbusJwtDecoderTests { .macAlgorithm(MacAlgorithm.HS512) .build(); assertThatExceptionOfType(BadJwtException.class) - .isThrownBy(() -> decoder.decode(signedJWT.serialize())) - .withMessageContaining("Unsupported algorithm of HS256"); + .isThrownBy(() -> decoder.decode(signedJWT.serialize())); // @formatter:on }