Update two dependencies for our OpenID Connect realm implementation to their latest versions
This commit is contained in:
parent
08bf89b92b
commit
a0362153e2
|
@ -56,8 +56,8 @@ dependencies {
|
||||||
compile 'com.google.guava:guava:19.0'
|
compile 'com.google.guava:guava:19.0'
|
||||||
|
|
||||||
// Dependencies for oidc
|
// Dependencies for oidc
|
||||||
compile "com.nimbusds:oauth2-oidc-sdk:6.5"
|
compile "com.nimbusds:oauth2-oidc-sdk:6.16.5"
|
||||||
compile "com.nimbusds:nimbus-jose-jwt:4.41.2"
|
compile "com.nimbusds:nimbus-jose-jwt:8.2"
|
||||||
compile "com.nimbusds:lang-tag:1.4.4"
|
compile "com.nimbusds:lang-tag:1.4.4"
|
||||||
compile "com.sun.mail:jakarta.mail:1.6.3"
|
compile "com.sun.mail:jakarta.mail:1.6.3"
|
||||||
compile "net.jcip:jcip-annotations:1.0"
|
compile "net.jcip:jcip-annotations:1.0"
|
||||||
|
@ -82,7 +82,7 @@ dependencies {
|
||||||
testCompile('org.apache.kerby:kerb-crypto:1.1.1')
|
testCompile('org.apache.kerby:kerb-crypto:1.1.1')
|
||||||
testCompile('org.apache.kerby:kerb-util:1.1.1')
|
testCompile('org.apache.kerby:kerb-util:1.1.1')
|
||||||
testCompile('org.apache.kerby:token-provider:1.1.1')
|
testCompile('org.apache.kerby:token-provider:1.1.1')
|
||||||
testCompile('com.nimbusds:nimbus-jose-jwt:4.41.2')
|
testCompile('com.nimbusds:nimbus-jose-jwt:8.2')
|
||||||
testCompile('net.jcip:jcip-annotations:1.0')
|
testCompile('net.jcip:jcip-annotations:1.0')
|
||||||
testCompile('org.apache.kerby:kerb-admin:1.1.1')
|
testCompile('org.apache.kerby:kerb-admin:1.1.1')
|
||||||
testCompile('org.apache.kerby:kerb-server:1.1.1')
|
testCompile('org.apache.kerby:kerb-server:1.1.1')
|
||||||
|
@ -270,7 +270,13 @@ thirdPartyAudit {
|
||||||
// [missing classes] SLF4j includes an optional class that depends on an extension class (!)
|
// [missing classes] SLF4j includes an optional class that depends on an extension class (!)
|
||||||
'org.slf4j.ext.EventData',
|
'org.slf4j.ext.EventData',
|
||||||
// Optional dependency of oauth2-oidc-sdk that we don't need since we do not support AES-SIV for JWE
|
// Optional dependency of oauth2-oidc-sdk that we don't need since we do not support AES-SIV for JWE
|
||||||
'org.cryptomator.siv.SivMode'
|
'org.cryptomator.siv.SivMode',
|
||||||
|
// Optional dependency of nimbus-jose-jwt for handling Ed25519 signatures and ECDH with X25519 (RFC 8037)
|
||||||
|
'com.google.crypto.tink.subtle.Ed25519Sign',
|
||||||
|
'com.google.crypto.tink.subtle.Ed25519Sign$KeyPair',
|
||||||
|
'com.google.crypto.tink.subtle.Ed25519Verify',
|
||||||
|
'com.google.crypto.tink.subtle.X25519'
|
||||||
|
|
||||||
)
|
)
|
||||||
|
|
||||||
ignoreViolations (
|
ignoreViolations (
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
3981d32ddfa2919a7af46eb5e484f8dc064da665
|
|
|
@ -0,0 +1 @@
|
||||||
|
3cc99de85969253f2f085c39d87124e21011ae74
|
|
@ -0,0 +1 @@
|
||||||
|
690bf0290fe0c03dabfb43566dbd334f78ddce84
|
|
@ -1 +0,0 @@
|
||||||
422759fc195f65345e8da3265c69dea3c6cf56a5
|
|
|
@ -10,6 +10,7 @@ import com.nimbusds.jose.JWSHeader;
|
||||||
import com.nimbusds.jose.crypto.ECDSASigner;
|
import com.nimbusds.jose.crypto.ECDSASigner;
|
||||||
import com.nimbusds.jose.crypto.MACSigner;
|
import com.nimbusds.jose.crypto.MACSigner;
|
||||||
import com.nimbusds.jose.crypto.RSASSASigner;
|
import com.nimbusds.jose.crypto.RSASSASigner;
|
||||||
|
import com.nimbusds.jose.jwk.Curve;
|
||||||
import com.nimbusds.jose.jwk.ECKey;
|
import com.nimbusds.jose.jwk.ECKey;
|
||||||
import com.nimbusds.jose.jwk.JWK;
|
import com.nimbusds.jose.jwk.JWK;
|
||||||
import com.nimbusds.jose.jwk.JWKSet;
|
import com.nimbusds.jose.jwk.JWKSet;
|
||||||
|
@ -971,7 +972,7 @@ public class OpenIdConnectAuthenticatorTests extends OpenIdConnectTestCase {
|
||||||
|
|
||||||
} else if (type.equals("ES")) {
|
} else if (type.equals("ES")) {
|
||||||
hashSize = randomFrom(256, 384, 512);
|
hashSize = randomFrom(256, 384, 512);
|
||||||
ECKey.Curve curve = curveFromHashSize(hashSize);
|
Curve curve = curveFromHashSize(hashSize);
|
||||||
KeyPairGenerator gen = KeyPairGenerator.getInstance("EC");
|
KeyPairGenerator gen = KeyPairGenerator.getInstance("EC");
|
||||||
gen.initialize(curve.toECParameterSpec());
|
gen.initialize(curve.toECParameterSpec());
|
||||||
KeyPair keyPair = gen.generateKeyPair();
|
KeyPair keyPair = gen.generateKeyPair();
|
||||||
|
@ -986,13 +987,13 @@ public class OpenIdConnectAuthenticatorTests extends OpenIdConnectTestCase {
|
||||||
return new Tuple(key, new JWKSet(jwk));
|
return new Tuple(key, new JWKSet(jwk));
|
||||||
}
|
}
|
||||||
|
|
||||||
private ECKey.Curve curveFromHashSize(int size) {
|
private Curve curveFromHashSize(int size) {
|
||||||
if (size == 256) {
|
if (size == 256) {
|
||||||
return ECKey.Curve.P_256;
|
return Curve.P_256;
|
||||||
} else if (size == 384) {
|
} else if (size == 384) {
|
||||||
return ECKey.Curve.P_384;
|
return Curve.P_384;
|
||||||
} else if (size == 512) {
|
} else if (size == 512) {
|
||||||
return ECKey.Curve.P_521;
|
return Curve.P_521;
|
||||||
} else {
|
} else {
|
||||||
throw new IllegalArgumentException("Invalid hash size:" + size);
|
throw new IllegalArgumentException("Invalid hash size:" + size);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue