honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLEAN BUILD WITH TESTS! YAY!

This commit is contained in:
Les Hazlewood 2021-10-12 21:32:26 -07:00
parent f77697cef1
commit 0bb95d535c
11 changed files with 131 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/src/main/java/io/jsonwebtoken/JwtHandlerAdapter.java
View File

@ -42,12 +42,12 @@ public class JwtHandlerAdapter<T> implements JwtHandler<T> {
@Override @Override
public T onPlaintextJws(Jws<String> jws) { public T onPlaintextJws(Jws<String> jws) {
throw new UnsupportedJwtException("Signed plaintext JWSs are not supported."); throw new UnsupportedJwtException("Signed plaintext JWTs are not supported.");
} }
@Override @Override
public T onClaimsJws(Jws<Claims> jws) { public T onClaimsJws(Jws<Claims> jws) {
throw new UnsupportedJwtException("Signed Claims JWSs are not supported."); throw new UnsupportedJwtException("Signed Claims JWTs are not supported.");
} }
@Override @Override

8
api/src/test/groovy/io/jsonwebtoken/JwtHandlerAdapterTest.groovy
View File

@ -16,7 +16,9 @@
package io.jsonwebtoken package io.jsonwebtoken
import org.junit.Test import org.junit.Test
import static org.junit.Assert.*
import static org.junit.Assert.assertEquals
import static org.junit.Assert.fail
class JwtHandlerAdapterTest { class JwtHandlerAdapterTest {
@ -49,7 +51,7 @@ class JwtHandlerAdapterTest {
handler.onPlaintextJws(null) handler.onPlaintextJws(null)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Signed plaintext JWSs are not supported.' assertEquals e.getMessage(), 'Signed plaintext JWTs are not supported.'
} }
} }
@ -60,7 +62,7 @@ class JwtHandlerAdapterTest {
handler.onClaimsJws(null) handler.onClaimsJws(null)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Signed Claims JWSs are not supported.' assertEquals e.getMessage(), 'Signed Claims JWTs are not supported.'
} }
} }
} }

2
api/src/test/groovy/io/jsonwebtoken/lang/ArraysTest.groovy
View File

@ -29,7 +29,7 @@ class ArraysTest {
@Test @Test
void testByteArrayLengthWithNull() { void testByteArrayLengthWithNull() {
assertEquals 0, Arrays.length(null) assertEquals 0, Arrays.length((byte[])null)
} }
@Test @Test

41
impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java
View File

@ -376,11 +376,17 @@ public class DefaultJwtParser implements JwtParser {
// //
final String alg = Strings.clean(header.getAlgorithm()); final String alg = Strings.clean(header.getAlgorithm());
if (!Strings.hasText(alg)) { if (!Strings.hasText(alg)) {
String msg = "Compact JWT strings MUST always have an 'alg' (Algorithm) header value per " + String msg = tokenized instanceof TokenizedJwe ? MISSING_JWE_ALG_MSG : MISSING_JWS_ALG_MSG;
"https://tools.ietf.org/html/rfc7515#section-4.1.1 and " +
"https://tools.ietf.org/html/rfc7516#section-4.1.1. Also see " +
"https://tools.ietf.org/html/rfc7515#section-10.7 for more information.";
throw new MalformedJwtException(msg); throw new MalformedJwtException(msg);
} else {
if (!SignatureAlgorithms.NONE.getId().equals(alg) && !Strings.hasText(tokenized.getDigest())) {
String type = tokenized instanceof TokenizedJwe ? "JWE" : "JWS";
String algType = tokenized instanceof TokenizedJwe ? "key management" : "signature";
String digestType = tokenized instanceof TokenizedJwe ? "an AAD authentication tag" : "a signature";
String msg = "The " + type + " header references " + algType + " algorithm '" + alg + "' but the " +
"compact " + type + " string does not have " + digestType + " token.";
throw new MalformedJwtException(msg);
}
} }
// =============== Body ================= // =============== Body =================
@ -452,8 +458,7 @@ public class DefaultJwtParser implements JwtParser {
final Key key = ((Function<JweHeader, Key>) this.keyLocator).apply(jweHeader); final Key key = ((Function<JweHeader, Key>) this.keyLocator).apply(jweHeader);
if (key == null) { if (key == null) {
String msg = "No key found for use with JWE key algorithm '" + keyAlg.getId() + String msg = "Cannot decrypt JWE payload: unable to locate key for JWE with header: " + jweHeader;
"'. Unable to decrypt JWE payload.";
throw new UnsupportedJwtException(msg); throw new UnsupportedJwtException(msg);
} }
@ -500,9 +505,16 @@ public class DefaultJwtParser implements JwtParser {
final JwsHeader jwsHeader = jws.getHeader(); final JwsHeader jwsHeader = jws.getHeader();
SignatureAlgorithm<?, Key> algorithm = (SignatureAlgorithm<?, Key>) signatureAlgorithmLocator.apply(jwsHeader); SignatureAlgorithm<?, Key> algorithm;
try {
algorithm = (SignatureAlgorithm<?, Key>) signatureAlgorithmLocator.apply(jwsHeader);
} catch (UnsupportedJwtException e) {
//For backwards compatibility. TODO: remove this try/catch block for 1.0 and let UnsupportedJwtException propagate
String msg = "Unsupported signature algorithm '" + alg + "'";
throw new SignatureException(msg, e);
}
if (algorithm == null) { if (algorithm == null) {
String msg = "Unrecognized JWS algorithm identifier: " + alg; String msg = "Unrecognized JWS signature algorithm '" + alg + "'.";
throw new UnsupportedJwtException(msg); throw new UnsupportedJwtException(msg);
} }
@ -526,7 +538,10 @@ public class DefaultJwtParser implements JwtParser {
} else { } else {
key = signingKeyResolver.resolveSigningKey(jwsHeader, payload); key = signingKeyResolver.resolveSigningKey(jwsHeader, payload);
} }
Assert.notNull(key, "A signature verification key is required if the specified JWT is digitally signed."); if (key == null) {
String msg = "Cannot verify JWS signature: unable to locate signature verification key for JWS with header: " + jwsHeader;
throw new UnsupportedJwtException(msg);
}
//re-create the jwt part without the signature. This is what is needed for signature verification: //re-create the jwt part without the signature. This is what is needed for signature verification:
String jwtWithoutSignature = tokenized.getProtected() + SEPARATOR_CHAR + tokenized.getBody(); String jwtWithoutSignature = tokenized.getProtected() + SEPARATOR_CHAR + tokenized.getBody();
@ -711,30 +726,22 @@ public class DefaultJwtParser implements JwtParser {
@Override @Override
public Jwt<?, Claims> parseClaimsJwt(String claimsJwt) { public Jwt<?, Claims> parseClaimsJwt(String claimsJwt) {
try {
return parse(claimsJwt, new JwtHandlerAdapter<Jwt<?, Claims>>() { return parse(claimsJwt, new JwtHandlerAdapter<Jwt<?, Claims>>() {
@Override @Override
public Jwt<?, Claims> onClaimsJwt(Jwt<?, Claims> jwt) { public Jwt<?, Claims> onClaimsJwt(Jwt<?, Claims> jwt) {
return jwt; return jwt;
} }
}); });
} catch (IllegalArgumentException iae) {
throw new UnsupportedJwtException("Signed JWSs are not supported.", iae);
}
} }
@Override @Override
public Jws<String> parsePlaintextJws(String plaintextJws) { public Jws<String> parsePlaintextJws(String plaintextJws) {
try {
return parse(plaintextJws, new JwtHandlerAdapter<Jws<String>>() { return parse(plaintextJws, new JwtHandlerAdapter<Jws<String>>() {
@Override @Override
public Jws<String> onPlaintextJws(Jws<String> jws) { public Jws<String> onPlaintextJws(Jws<String> jws) {
return jws; return jws;
} }
}); });
} catch (IllegalArgumentException iae) {
throw new UnsupportedJwtException("Signed JWSs are not supported.", iae);
}
} }
@Override @Override

44
impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtParserBuilder.java
View File

@ -68,6 +68,7 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
@SuppressWarnings({"rawtypes"}) @SuppressWarnings({"rawtypes"})
private Function<Header, Key> keyLocator = ConstantFunction.forNull(); private Function<Header, Key> keyLocator = ConstantFunction.forNull();
@SuppressWarnings("deprecation") //TODO: remove for 1.0 @SuppressWarnings("deprecation") //TODO: remove for 1.0
private SigningKeyResolver signingKeyResolver = new ConstantKeyLocator<>(null , null); private SigningKeyResolver signingKeyResolver = new ConstantKeyLocator<>(null , null);
@ -89,6 +90,9 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
private long allowedClockSkewMillis = 0; private long allowedClockSkewMillis = 0;
private Key signatureVerificationKey;
private Key decryptionKey;
@Override @Override
public JwtParserBuilder setProvider(Provider provider) { public JwtParserBuilder setProvider(Provider provider) {
this.provider = provider; this.provider = provider;
@ -186,31 +190,15 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
return setSigningKey(bytes); return setSigningKey(bytes);
} }
@SuppressWarnings("rawtypes")
@Override @Override
public JwtParserBuilder setSigningKey(final Key key) { public JwtParserBuilder setSigningKey(final Key key) {
Assert.notNull(key, "signing key cannot be null."); this.signatureVerificationKey = Assert.notNull(key, "signing key cannot be null.");
final Function<Header, Key> existing = this.keyLocator;
this.keyLocator = new Function<Header, Key>() {
@Override
public Key apply(Header header) {
return header instanceof JwsHeader ? key : existing.apply(header);
}
};
return setSigningKeyResolver(new ConstantKeyLocator<>(key, null)); return setSigningKeyResolver(new ConstantKeyLocator<>(key, null));
} }
@SuppressWarnings("rawtypes")
@Override @Override
public JwtParserBuilder decryptWith(final Key key) { public JwtParserBuilder decryptWith(final Key key) {
Assert.notNull(key, "decryption key cannot be null."); this.decryptionKey = Assert.notNull(key, "decryption key cannot be null.");
final Function<Header, Key> existing = this.keyLocator;
this.keyLocator = new Function<Header, Key>() {
@Override
public Key apply(Header header) {
return header instanceof JweHeader ? key : existing.apply(header);
}
};
return this; return this;
} }
@ -262,6 +250,7 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
return this; return this;
} }
@SuppressWarnings("rawtypes")
@Override @Override
public JwtParser build() { public JwtParser build() {
@ -273,6 +262,25 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
this.deserializer = Services.loadFirst(Deserializer.class); this.deserializer = Services.loadFirst(Deserializer.class);
} }
final Function<Header,Key> existing1 = this.keyLocator;
if (this.signatureVerificationKey != null) {
this.keyLocator = new Function<Header, Key>() {
@Override
public Key apply(Header header) {
return header instanceof JwsHeader ? signatureVerificationKey : existing1.apply(header);
}
};
}
final Function<Header,Key> existing2 = this.keyLocator;
if (this.decryptionKey != null) {
this.keyLocator = new Function<Header, Key>() {
@Override
public Key apply(Header header) {
return header instanceof JweHeader ? decryptionKey : existing2.apply(header);
}
};
}
// Invariants. If these are ever violated, it's an error in this class implementation // Invariants. If these are ever violated, it's an error in this class implementation
// (we default to non-null instances, and the setters should never allow null): // (we default to non-null instances, and the setters should never allow null):
assert this.keyLocator != null : "Key locator should never be null."; assert this.keyLocator != null : "Key locator should never be null.";

4
impl/src/main/java/io/jsonwebtoken/impl/lang/Bytes.java
View File

@ -86,6 +86,10 @@ public final class Bytes {
return output; return output;
} }
public static int byteLength(byte[] bytes) {
return bytes == null ? 0 : bytes.length;
}
public static long bitLength(byte[] bytes) { public static long bitLength(byte[] bytes) {
return bytes == null ? 0 : bytes.length * (long) Byte.SIZE; return bytes == null ? 0 : bytes.length * (long) Byte.SIZE;
} }

45
impl/src/test/groovy/io/jsonwebtoken/DeprecatedJwtParserTest.groovy
View File

@ -23,7 +23,6 @@ import io.jsonwebtoken.lang.Strings
import io.jsonwebtoken.security.SignatureException import io.jsonwebtoken.security.SignatureException
import org.junit.Test import org.junit.Test
import javax.crypto.spec.SecretKeySpec
import java.security.SecureRandom import java.security.SecureRandom
import static ClaimJwtException.INCORRECT_EXPECTED_CLAIM_MESSAGE_TEMPLATE import static ClaimJwtException.INCORRECT_EXPECTED_CLAIM_MESSAGE_TEMPLATE
@ -276,13 +275,10 @@ class DeprecatedJwtParserTest {
String compact = Jwts.builder().setPayload(payload).signWith(SignatureAlgorithm.HS256, randomKey()).compact() String compact = Jwts.builder().setPayload(payload).signWith(SignatureAlgorithm.HS256, randomKey()).compact()
try { try {
Jwts.parser().parsePlaintextJws(compact) Jwts.parser().parsePlaintextJwt(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
String expected = 'Signed JWTs are not supported: the JwtParser has not been configured with a signature ' + assertEquals 'Cannot verify JWS signature: unable to locate signature verification key for JWS with header: {alg=HS256}', e.getMessage()
'verification key or a KeyResolver. Consider configuring the JwtParserBuilder with one of these ' +
'to ensure it can use the necessary key to verify JWS signatures.'
assertEquals expected, e.getMessage()
} }
} }
@ -292,13 +288,10 @@ class DeprecatedJwtParserTest {
String compact = Jwts.builder().setSubject('Joe').signWith(SignatureAlgorithm.HS256, randomKey()).compact() String compact = Jwts.builder().setSubject('Joe').signWith(SignatureAlgorithm.HS256, randomKey()).compact()
try { try {
Jwts.parser().parsePlaintextJws(compact) Jwts.parser().parsePlaintextJwt(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
String expected = 'Signed JWTs are not supported: the JwtParser has not been configured with a signature ' + assertEquals 'Cannot verify JWS signature: unable to locate signature verification key for JWS with header: {alg=HS256}', e.getMessage()
'verification key or a KeyResolver. Consider configuring the JwtParserBuilder with one of these ' +
'to ensure it can use the necessary key to verify JWS signatures.'
assertEquals expected, e.getMessage()
} }
} }
@ -329,7 +322,7 @@ class DeprecatedJwtParserTest {
Jwts.parser().parseClaimsJwt(compact) Jwts.parser().parseClaimsJwt(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unsigned plaintext JWTs are not supported.' assertEquals 'Unsigned plaintext JWTs are not supported.', e.getMessage()
} }
} }
@ -344,10 +337,7 @@ class DeprecatedJwtParserTest {
Jwts.parser().parseClaimsJwt(compact) Jwts.parser().parseClaimsJwt(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
String expected = 'Signed JWTs are not supported: the JwtParser has not been configured with a signature ' + assertEquals 'Cannot verify JWS signature: unable to locate signature verification key for JWS with header: {alg=HS256}', e.getMessage()
'verification key or a KeyResolver. Consider configuring the JwtParserBuilder with one of these ' +
'to ensure it can use the necessary key to verify JWS signatures.'
assertEquals expected, e.getMessage()
} }
} }
@ -360,10 +350,7 @@ class DeprecatedJwtParserTest {
Jwts.parser().parseClaimsJwt(compact) Jwts.parser().parseClaimsJwt(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
String expected = 'Signed JWTs are not supported: the JwtParser has not been configured with a signature ' + assertEquals 'Cannot verify JWS signature: unable to locate signature verification key for JWS with header: {alg=HS256}', e.getMessage()
'verification key or a KeyResolver. Consider configuring the JwtParserBuilder with one of these ' +
'to ensure it can use the necessary key to verify JWS signatures.'
assertEquals expected, e.getMessage()
} }
} }
@ -430,7 +417,7 @@ class DeprecatedJwtParserTest {
Jwts.parser().setSigningKey(key).parsePlaintextJws(compact) Jwts.parser().setSigningKey(key).parsePlaintextJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unsigned plaintext JWTs are not supported.' assertEquals 'Unsigned plaintext JWTs are not supported.', e.getMessage()
} }
} }
@ -447,7 +434,7 @@ class DeprecatedJwtParserTest {
Jwts.parser().setSigningKey(key).parsePlaintextJws(compact) Jwts.parser().setSigningKey(key).parsePlaintextJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unsigned Claims JWTs are not supported.' assertEquals 'Unsigned Claims JWTs are not supported.', e.getMessage()
} }
} }
@ -464,7 +451,7 @@ class DeprecatedJwtParserTest {
Jwts.parser().setSigningKey(key).parsePlaintextJws(compact) Jwts.parser().setSigningKey(key).parsePlaintextJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Signed Claims JWSs are not supported.' assertEquals 'Signed Claims JWTs are not supported.', e.getMessage()
} }
} }
@ -543,7 +530,7 @@ class DeprecatedJwtParserTest {
Jwts.parser().setSigningKey(key).parseClaimsJws(compact) Jwts.parser().setSigningKey(key).parseClaimsJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unsigned plaintext JWTs are not supported.' assertEquals 'Unsigned plaintext JWTs are not supported.', e.getMessage()
} }
} }
@ -560,24 +547,24 @@ class DeprecatedJwtParserTest {
Jwts.parser().setSigningKey(key).parseClaimsJws(compact) Jwts.parser().setSigningKey(key).parseClaimsJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unsigned Claims JWTs are not supported.' assertEquals 'Unsigned Claims JWTs are not supported.', e.getMessage()
} }
} }
@Test @Test
void testParseClaimsJwsWithPlaintextJws() { void testParseClaimsJwsWithPlaintextJws() {
String subject = 'Joe' String payload = 'Hello world'
byte[] key = randomKey() byte[] key = randomKey()
String compact = Jwts.builder().setSubject(subject).signWith(SignatureAlgorithm.HS256, key).compact() String compact = Jwts.builder().setPayload(payload).signWith(SignatureAlgorithm.HS256, key).compact()
try { try {
Jwts.parser().setSigningKey(key).parsePlaintextJws(compact) Jwts.parser().setSigningKey(key).parseClaimsJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Signed Claims JWSs are not supported.' assertEquals 'Signed plaintext JWTs are not supported.', e.getMessage()
} }
} }

56
impl/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy
View File

@ -317,29 +317,24 @@ class JwtParserTest {
String compact = Jwts.builder().setPayload(payload).signWith(SignatureAlgorithm.HS256, randomKey()).compact() String compact = Jwts.builder().setPayload(payload).signWith(SignatureAlgorithm.HS256, randomKey()).compact()
try { try {
Jwts.parserBuilder().build().parsePlaintextJws(compact) Jwts.parserBuilder().build().parsePlaintextJwt(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
String msg = 'Signed JWTs are not supported: the JwtParser has not been configured with a signature ' + assertEquals 'Cannot verify JWS signature: unable to locate signature verification key for JWS with header: {alg=HS256}', e.getMessage()
'verification key or a KeyResolver. Consider configuring the JwtParserBuilder with one of ' +
'these to ensure it can use the necessary key to verify JWS signatures.'
assertEquals msg, e.getMessage()
} }
} }
@Test @Test
void testParsePlaintextJwtWithClaimsJws() { void testParsePlaintextJwtWithClaimsJws() {
String compact = Jwts.builder().setSubject('Joe').signWith(SignatureAlgorithm.HS256, randomKey()).compact() def key = randomKey()
String compact = Jwts.builder().setSubject('Joe').signWith(SignatureAlgorithm.HS256, key).compact()
try { try {
Jwts.parserBuilder().build().parsePlaintextJws(compact) Jwts.parserBuilder().setSigningKey(key).build().parsePlaintextJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
String msg = 'Signed JWTs are not supported: the JwtParser has not been configured with a signature ' + assertEquals 'Signed Claims JWTs are not supported.', e.getMessage()
'verification key or a KeyResolver. Consider configuring the JwtParserBuilder with one of ' +
'these to ensure it can use the necessary key to verify JWS signatures.'
assertEquals msg, e.getMessage()
} }
} }
@ -370,7 +365,7 @@ class JwtParserTest {
Jwts.parserBuilder().build().parseClaimsJwt(compact) Jwts.parserBuilder().build().parseClaimsJwt(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unsigned plaintext JWTs are not supported.' assertEquals 'Unsigned plaintext JWTs are not supported.', e.getMessage()
} }
} }
@ -385,26 +380,21 @@ class JwtParserTest {
Jwts.parserBuilder().build().parseClaimsJwt(compact) Jwts.parserBuilder().build().parseClaimsJwt(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
String msg = 'Signed JWTs are not supported: the JwtParser has not been configured with a signature ' + assertEquals 'Cannot verify JWS signature: unable to locate signature verification key for JWS with header: {alg=HS256}', e.getMessage()
'verification key or a KeyResolver. Consider configuring the JwtParserBuilder with one of ' +
'these to ensure it can use the necessary key to verify JWS signatures.'
assertEquals msg, e.getMessage()
} }
} }
@Test @Test
void testParseClaimsJwtWithClaimsJws() { void testParseClaimsJwtWithClaimsJws() {
String compact = Jwts.builder().setSubject('Joe').signWith(SignatureAlgorithm.HS256, randomKey()).compact() def key = randomKey()
String compact = Jwts.builder().setSubject('Joe').signWith(SignatureAlgorithm.HS256, key).compact()
try { try {
Jwts.parserBuilder().build().parseClaimsJwt(compact) Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJwt(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
String msg = 'Signed JWTs are not supported: the JwtParser has not been configured with a signature ' + assertEquals 'Signed Claims JWTs are not supported.', e.getMessage()
'verification key or a KeyResolver. Consider configuring the JwtParserBuilder with one of ' +
'these to ensure it can use the necessary key to verify JWS signatures.'
assertEquals msg, e.getMessage()
} }
} }
@ -476,7 +466,7 @@ class JwtParserTest {
Jwts.parserBuilder().setSigningKey(key).build().parsePlaintextJws(compact) Jwts.parserBuilder().setSigningKey(key).build().parsePlaintextJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unsigned plaintext JWTs are not supported.' assertEquals 'Unsigned plaintext JWTs are not supported.', e.getMessage()
} }
} }
@ -493,7 +483,7 @@ class JwtParserTest {
Jwts.parserBuilder().setSigningKey(key).build().parsePlaintextJws(compact) Jwts.parserBuilder().setSigningKey(key).build().parsePlaintextJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unsigned Claims JWTs are not supported.' assertEquals 'Unsigned Claims JWTs are not supported.', e.getMessage()
} }
} }
@ -510,7 +500,7 @@ class JwtParserTest {
Jwts.parserBuilder().setSigningKey(key).build().parsePlaintextJws(compact) Jwts.parserBuilder().setSigningKey(key).build().parsePlaintextJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Signed Claims JWSs are not supported.' assertEquals 'Signed Claims JWTs are not supported.', e.getMessage()
} }
} }
@ -589,7 +579,7 @@ class JwtParserTest {
Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(compact) Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unsigned plaintext JWTs are not supported.' assertEquals 'Unsigned plaintext JWTs are not supported.', e.getMessage()
} }
} }
@ -608,7 +598,7 @@ class JwtParserTest {
parseClaimsJws(compact) parseClaimsJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unsigned Claims JWTs are not supported.' assertEquals 'Unsigned Claims JWTs are not supported.', e.getMessage()
} }
} }
@ -625,7 +615,7 @@ class JwtParserTest {
Jwts.parserBuilder().setSigningKey(key).build().parsePlaintextJws(compact) Jwts.parserBuilder().setSigningKey(key).build().parsePlaintextJws(compact)
fail() fail()
} catch (UnsupportedJwtException e) { } catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Signed Claims JWSs are not supported.' assertEquals 'Signed Claims JWTs are not supported.', e.getMessage()
} }
} }
@ -674,7 +664,7 @@ class JwtParserTest {
Jwts.parserBuilder().setSigningKeyResolver(signingKeyResolver).build().parseClaimsJws(compact) Jwts.parserBuilder().setSigningKeyResolver(signingKeyResolver).build().parseClaimsJws(compact)
fail() fail()
} catch (SignatureException se) { } catch (SignatureException se) {
assertEquals se.getMessage(), 'JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.' assertEquals 'JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.', se.getMessage()
} }
} }
@ -691,7 +681,7 @@ class JwtParserTest {
Jwts.parserBuilder().setSigningKeyResolver(null).build().parseClaimsJws(compact) Jwts.parserBuilder().setSigningKeyResolver(null).build().parseClaimsJws(compact)
fail() fail()
} catch (IllegalArgumentException iae) { } catch (IllegalArgumentException iae) {
assertEquals iae.getMessage(), 'SigningKeyResolver cannot be null.' assertEquals 'SigningKeyResolver cannot be null.', iae.getMessage()
} }
} }
@ -710,9 +700,9 @@ class JwtParserTest {
Jwts.parserBuilder().setSigningKeyResolver(signingKeyResolver).build().parseClaimsJws(compact) Jwts.parserBuilder().setSigningKeyResolver(signingKeyResolver).build().parseClaimsJws(compact)
fail() fail()
} catch (UnsupportedJwtException ex) { } catch (UnsupportedJwtException ex) {
assertEquals ex.getMessage(), 'The specified SigningKeyResolver implementation does not support ' + assertEquals 'The specified SigningKeyResolver implementation does not support ' +
'Claims JWS signing key resolution. Consider overriding either the resolveSigningKey(JwsHeader, Claims) method ' + 'Claims JWS signing key resolution. Consider overriding either the resolveSigningKey(JwsHeader, Claims) method ' +
'or, for HMAC algorithms, the resolveSigningKeyBytes(JwsHeader, Claims) method.' 'or, for HMAC algorithms, the resolveSigningKeyBytes(JwsHeader, Claims) method.', ex.getMessage()
} }
} }
@ -791,7 +781,7 @@ class JwtParserTest {
Jwts.parserBuilder().setSigningKeyResolver(signingKeyResolver).build().parsePlaintextJws(compact) Jwts.parserBuilder().setSigningKeyResolver(signingKeyResolver).build().parsePlaintextJws(compact)
fail() fail()
} catch (SignatureException se) { } catch (SignatureException se) {
assertEquals se.getMessage(), 'JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.' assertEquals 'JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted.', se.getMessage()
} }
} }

6
impl/src/test/groovy/io/jsonwebtoken/impl/security/JwksTest.groovy
View File

@ -153,6 +153,9 @@ class JwksTest {
PublicJwk privPubJwk = privJwk.toPublicJwk() PublicJwk privPubJwk = privJwk.toPublicJwk()
assertEquals pubJwk, privPubJwk assertEquals pubJwk, privPubJwk
assertEquals pub, pubJwk.toKey() assertEquals pub, pubJwk.toKey()
def jwkPair = privJwk.toKeyPair()
assertEquals pub, jwkPair.getPublic()
assertEquals priv, jwkPair.getPrivate()
// test pair // test pair
privJwk = pub instanceof ECKey ? privJwk = pub instanceof ECKey ?
@ -162,6 +165,9 @@ class JwksTest {
privPubJwk = privJwk.toPublicJwk() privPubJwk = privJwk.toPublicJwk()
assertEquals pubJwk, privPubJwk assertEquals pubJwk, privPubJwk
assertEquals pub, pubJwk.toKey() assertEquals pub, pubJwk.toKey()
jwkPair = privJwk.toKeyPair()
assertEquals pub, jwkPair.getPublic()
assertEquals priv, jwkPair.getPrivate()
} }
} }
} }

10
impl/src/test/groovy/io/jsonwebtoken/security/KeyAlgorithmsTest.groovy
View File

@ -19,14 +19,20 @@ class KeyAlgorithmsTest {
@Test @Test
void testValues() { void testValues() {
assertEquals 7, KeyAlgorithms.values().size() assertEquals 13, KeyAlgorithms.values().size()
assertTrue(contains(KeyAlgorithms.DIRECT) && assertTrue(contains(KeyAlgorithms.DIRECT) &&
contains(KeyAlgorithms.A128KW) && contains(KeyAlgorithms.A128KW) &&
contains(KeyAlgorithms.A192KW) && contains(KeyAlgorithms.A192KW) &&
contains(KeyAlgorithms.A256KW) && contains(KeyAlgorithms.A256KW) &&
contains(KeyAlgorithms.A128GCMKW) && contains(KeyAlgorithms.A128GCMKW) &&
contains(KeyAlgorithms.A192GCMKW) && contains(KeyAlgorithms.A192GCMKW) &&
contains(KeyAlgorithms.A256GCMKW) contains(KeyAlgorithms.A256GCMKW) &&
contains(KeyAlgorithms.PBES2_HS256_A128KW) &&
contains(KeyAlgorithms.PBES2_HS384_A192KW) &&
contains(KeyAlgorithms.PBES2_HS512_A256KW) &&
contains(KeyAlgorithms.RSA1_5) &&
contains(KeyAlgorithms.RSA_OAEP) &&
contains(KeyAlgorithms.RSA_OAEP_256)
) )
} }

2
impl/src/test/groovy/io/jsonwebtoken/security/SignatureAlgorithmsTest.groovy
View File

@ -13,7 +13,7 @@ class SignatureAlgorithmsTest {
@Test @Test
void testForNameCaseInsensitive() { void testForNameCaseInsensitive() {
for(SignatureAlgorithm alg : SignatureAlgorithms.STANDARD_ALGORITHMS.values()) { for(SignatureAlgorithm alg : SignatureAlgorithms.values()) {
assertSame alg, SignatureAlgorithms.forId(alg.getId().toLowerCase()) assertSame alg, SignatureAlgorithms.forId(alg.getId().toLowerCase())
} }
} }