honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Name cleanup (#840) 

- Renamed X509Mutator#x509CertificateSha1Thumbprint to x509Sha1Thumbprint
- Renamed X509Mutator#x509CertificateSha256Thumbprint to x509Sha256Thumbprint
- Renamed X509Builder#withX509Sha1Thumbprint to x509Sha1Thumbprint
- Renamed X509Builder#withX509Sha256Thumbprint to x509Sha256Thumbprint
- Renamed X509Builder#x509CertificateChain to x509Chain
- Renamed X509Accessor#getX509CertificateChain to getX509Chain
- Renamed X509Accessor#getX509CertificateSha1Thumbprint getX509Sha1Thumbprint
- Renamed X509Accessor#getX509CertificateSha256Thumbprint to getX509Sha256Thumbprint

- Renamed JwtParserBuilder#enableUnsecured() to unsecured()
- Renamed JwtParserBuilder#enableUnsecuredDecompression() to unsecuredDecompression()

- Renamed KeyOperationPolicyBuilder#allowUnrelated(boolean) to unrelated() (removed boolean argument also to be consistent with JwtParserBuilder#unsecured())
This commit is contained in:
lhazlewood 2023-09-27 18:36:55 -07:00 committed by GitHub
parent b687ca5c72
commit 20b2fa9d50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
38 changed files with 249 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/src/main/java/io/jsonwebtoken/JwsHeader.java
View File

@ -65,7 +65,7 @@ public interface JwsHeader extends ProtectedHeader {
/**
* JWS <a href="https://tools.ietf.org/html/rfc7516#section-4.1.6">X.509 Certificate Chain Header</a> name: the string literal <b><code>x5c</code></b>
*
* @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509CertificateChain()}
* @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509Chain()}
*/
@Deprecated
String X509_CERT_CHAIN = "x5c";
@ -73,7 +73,7 @@ public interface JwsHeader extends ProtectedHeader {
/**
* JWS <a href="https://tools.ietf.org/html/rfc7516#section-4.1.7">X.509 Certificate SHA-1 Thumbprint Header</a> name: the string literal <b><code>x5t</code></b>
*
* @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509CertificateSha1Thumbprint()}
* @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509Sha1Thumbprint()}
*/
@Deprecated
String X509_CERT_SHA1_THUMBPRINT = "x5t";
@ -81,7 +81,7 @@ public interface JwsHeader extends ProtectedHeader {
/**
* JWS <a href="https://tools.ietf.org/html/rfc7516#section-4.1.8">X.509 Certificate SHA-256 Thumbprint Header</a> name: the string literal <b><code>x5t#S256</code></b>
*
* @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509CertificateSha256Thumbprint()}
* @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509Sha256Thumbprint()}
*/
@Deprecated
String X509_CERT_SHA256_THUMBPRINT = "x5t#S256";

16
api/src/main/java/io/jsonwebtoken/JwtParserBuilder.java
View File

@ -62,13 +62,13 @@ public interface JwtParserBuilder extends Builder<JwtParser> {
* @see <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-8.5">Unsecured JWS Security Considerations</a>
* @see <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-3.6">Using the Algorithm &quot;none&quot;</a>
* @see Jwts.SIG#NONE
* @see #enableUnsecuredDecompression()
* @see #unsecuredDecompression()
* @since JJWT_RELEASE_VERSION
*/
JwtParserBuilder enableUnsecured();
JwtParserBuilder unsecured();
/**
* If {@link #enableUnsecured() enabledUnsecuredJws} is enabled, calling this method additionally enables
* If the parser is {@link #unsecured()}, calling this method additionally enables
* payload decompression of Unsecured JWTs (JWTs with an 'alg' (Algorithm) header value of 'none') that also have
* a 'zip' (Compression) header. This behavior is disabled by default because using compression
* algorithms with data from unverified (unauthenticated) parties can be susceptible to Denial of Service attacks
@ -76,12 +76,12 @@ public interface JwtParserBuilder extends Builder<JwtParser> {
* <a href="https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-pellegrino.pdf">In the
* Compression Hornets Nest: A Security Study of Data Compression in Network Services</a>.
*
* <p>Because this behavior is only relevant if {@link #enableUnsecured() enabledUnsecured} is specified,
* calling this method without also calling {@code enableUnsecured()} will result in a build exception, as the
* <p>Because this behavior is only relevant if the parser is unsecured,
* calling this method without also calling {@link #unsecured()} will result in a build exception, as the
* incongruent state could reflect a misunderstanding of both behaviors which should be remedied by the
* application developer.</p>
*
* <b>As is the case for {@link #enableUnsecured()}, be careful when calling this method - one should fully
* <b>As is the case for {@link #unsecured()}, be careful when calling this method - one should fully
* understand
* <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-8.5">Unsecured JWS Security Considerations</a>
* before enabling this feature.</b>
@ -91,10 +91,10 @@ public interface JwtParserBuilder extends Builder<JwtParser> {
* @see <a href="https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-pellegrino.pdf">In the
* Compression Hornets Nest: A Security Study of Data Compression in Network Services</a>
* @see Jwts.SIG#NONE
* @see #enableUnsecured()
* @see #unsecured()
* @since JJWT_RELEASE_VERSION
*/
JwtParserBuilder enableUnsecuredDecompression();
JwtParserBuilder unsecuredDecompression();
JwtParserBuilder critical(String crit);

2
api/src/main/java/io/jsonwebtoken/security/KeyOperationBuilder.java
View File

@ -61,7 +61,7 @@ public interface KeyOperationBuilder extends Builder<KeyOperation> {
* assert built.isRelated(other);</pre></blockquote>
*
* <p>A {@link JwkBuilder}'s key operation {@link JwkBuilder#operationPolicy(KeyOperationPolicy) policy} is likely
* to {@link KeyOperationPolicyBuilder#allowUnrelated(boolean) reject} any <em>un</em>related operations specified
* to {@link KeyOperationPolicyBuilder#unrelated() reject} any <em>un</em>related operations specified
* together due to the potential security vulnerabilities that could occur.</p>
*
* <p>This method may be called multiple times to add/append a related {@code id} to the constructed

22
api/src/main/java/io/jsonwebtoken/security/KeyOperationPolicyBuilder.java
View File

@ -35,25 +35,21 @@ import java.util.Collection;
public interface KeyOperationPolicyBuilder extends Builder<KeyOperationPolicy> {
/**
* Sets if a JWK is allowed to have unrelated {@link KeyOperation}s in its {@code key_ops} parameter values.
* The default value is {@code false} per the JWK
* <a href="https://www.rfc-editor.org/rfc/rfc7517.html#section-4.3">RFC 7517, Section 4.3</a> recommendation:
*
* Allows a JWK to have unrelated {@link KeyOperation}s in its {@code key_ops} parameter values. <b>Be careful
* when calling this method - one should fully understand the security implications of using the same key
* with multiple algorithms in your application.</b>
* <p>If this method is not called, unrelated key operations are disabled by default per the recommendations in
* <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.3">RFC 7517, Section 4.3</a>:</p>
* <blockquote><pre>
* Multiple unrelated key operations SHOULD NOT be specified for a key
* because of the potential vulnerabilities associated with using the
* same key with multiple algorithms.
* </pre></blockquote>
* same key with multiple algorithms.</pre></blockquote>
*
* <p>Only set this value to {@code true} if you fully understand the security implications of using the same key
* with multiple algorithms in your application. Otherwise it is best not to use this builder method, or
* explicitly set it to {@code false}.</p>
*
* @param allow if a JWK is allowed to have unrelated key {@link KeyOperation}s in its {@code key_ops}
* parameter values.
* @return the builder for method chaining
* @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.3">&quot;key_ops&quot; (Key Operations)
* Parameter</a>
*/
KeyOperationPolicyBuilder allowUnrelated(boolean allow);
KeyOperationPolicyBuilder unrelated();
/**
* Adds the specified key operation to the policy's total set of supported key operations

6
api/src/main/java/io/jsonwebtoken/security/X509Accessor.java
View File

@ -86,7 +86,7 @@ public interface X509Accessor {
* @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6">JWS <code>x5c</code> (X.509 Certificate Chain) Header Parameter</a>
* @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.8">JWE <code>x5c</code> (X.509 Certificate Chain) Header Parameter</a>
*/
List<X509Certificate> getX509CertificateChain();
List<X509Certificate> getX509Chain();
/**
* Returns the {@code x5t} (X.509 Certificate SHA-1 Thumbprint) (a.k.a. digest) of the DER-encoding of the
@ -110,7 +110,7 @@ public interface X509Accessor {
* @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7">JWS <code>x5t</code> (X.509 Certificate SHA-1 Thumbprint) Header Parameter</a>
* @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.9">JWE <code>x5t</code> (X.509 Certificate SHA-1 Thumbprint) Header Parameter</a>
*/
byte[] getX509CertificateSha1Thumbprint();
byte[] getX509Sha1Thumbprint();
/**
* Returns the {@code x5t#S256} (X.509 Certificate SHA-256 Thumbprint) (a.k.a. digest) of the DER-encoding of the
@ -134,5 +134,5 @@ public interface X509Accessor {
* @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8">JWS <code>x5t#S256</code> (X.509 Certificate SHA-256 Thumbprint) Header Parameter</a>
* @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.10">JWE <code>x5t#S256</code> (X.509 Certificate SHA-256 Thumbprint) Header Parameter</a>
*/
byte[] getX509CertificateSha256Thumbprint();
byte[] getX509Sha256Thumbprint();
}

12
api/src/main/java/io/jsonwebtoken/security/X509Builder.java
View File

@ -28,8 +28,8 @@ public interface X509Builder<T extends X509Builder<T>> extends X509Mutator<T> {
/**
* If the {@code enable} argument is {@code true}, compute the SHA-1 thumbprint of the first
* {@link X509Certificate} in the configured {@link #x509CertificateChain(List) x509CertificateChain}, and set
* the resulting value as the {@link #x509CertificateSha1Thumbprint(byte[])} parameter.
* {@link X509Certificate} in the configured {@link #x509Chain(List) x509CertificateChain}, and set
* the resulting value as the {@link #x509Sha1Thumbprint(byte[])} parameter.
*
* <p>If no chain has been configured, or {@code enable} is {@code false}, the builder will not compute nor add a
* {@code x5t} value.</p>
@ -38,12 +38,12 @@ public interface X509Builder<T extends X509Builder<T>> extends X509Mutator<T> {
* the resulting value as the {@code x5t} value.
* @return the builder for method chaining.
*/
T withX509Sha1Thumbprint(boolean enable);
T x509Sha1Thumbprint(boolean enable);
/**
* If the {@code enable} argument is {@code true}, compute the SHA-256 thumbprint of the first
* {@link X509Certificate} in the configured {@link #x509CertificateChain(List) x509CertificateChain}, and set
* the resulting value as the {@link #x509CertificateSha256Thumbprint(byte[])} parameter.
* {@link X509Certificate} in the configured {@link #x509Chain(List) x509CertificateChain}, and set
* the resulting value as the {@link #x509Sha256Thumbprint(byte[])} parameter.
*
* <p>If no chain has been configured, or {@code enable} is {@code false}, the builder will not compute nor add a
* {@code x5t#S256} value.</p>
@ -52,5 +52,5 @@ public interface X509Builder<T extends X509Builder<T>> extends X509Mutator<T> {
* the resulting value as the {@code x5t#S256} value.
* @return the builder for method chaining.
*/
T withX509Sha256Thumbprint(boolean enable);
T x509Sha256Thumbprint(boolean enable);
}

6
api/src/main/java/io/jsonwebtoken/security/X509Mutator.java
View File

@ -85,7 +85,7 @@ public interface X509Mutator<T extends X509Mutator<T>> {
* @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6">JWS <code>x5c</code> (X.509 Certificate Chain) Header Parameter</a>
* @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.8">JWE <code>x5c</code> (X.509 Certificate Chain) Header Parameter</a>
*/
T x509CertificateChain(List<X509Certificate> chain);
T x509Chain(List<X509Certificate> chain);
/**
* Sets the {@code x5t} (X.509 Certificate SHA-1 Thumbprint) (a.k.a. digest) of the DER-encoding of the
@ -111,7 +111,7 @@ public interface X509Mutator<T extends X509Mutator<T>> {
* @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7">JWS <code>x5t</code> (X.509 Certificate SHA-1 Thumbprint) Header Parameter</a>
* @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.9">JWE <code>x5t</code> (X.509 Certificate SHA-1 Thumbprint) Header Parameter</a>
*/
T x509CertificateSha1Thumbprint(byte[] thumbprint);
T x509Sha1Thumbprint(byte[] thumbprint);
/**
* Sets the {@code x5t#S256} (X.509 Certificate SHA-256 Thumbprint) (a.k.a. digest) of the DER-encoding of the
@ -137,5 +137,5 @@ public interface X509Mutator<T extends X509Mutator<T>> {
* @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8">JWS <code>x5t#S256</code> (X.509 Certificate SHA-256 Thumbprint) Header Parameter</a>
* @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.10">JWE <code>x5t#S256</code> (X.509 Certificate SHA-256 Thumbprint) Header Parameter</a>
*/
T x509CertificateSha256Thumbprint(byte[] thumbprint);
T x509Sha256Thumbprint(byte[] thumbprint);
}

12
impl/src/main/java/io/jsonwebtoken/impl/AbstractX509Context.java
View File

@ -47,34 +47,34 @@ public class AbstractX509Context<T extends X509Mutator<T>> extends ParameterMap
}
@Override
public List<X509Certificate> getX509CertificateChain() {
public List<X509Certificate> getX509Chain() {
return get(AbstractAsymmetricJwk.X5C);
}
@Override
public T x509CertificateChain(List<X509Certificate> chain) {
public T x509Chain(List<X509Certificate> chain) {
put(AbstractAsymmetricJwk.X5C, chain);
return self();
}
@Override
public byte[] getX509CertificateSha1Thumbprint() {
public byte[] getX509Sha1Thumbprint() {
return get(AbstractAsymmetricJwk.X5T);
}
@Override
public T x509CertificateSha1Thumbprint(byte[] thumbprint) {
public T x509Sha1Thumbprint(byte[] thumbprint) {
put(AbstractAsymmetricJwk.X5T, thumbprint);
return self();
}
@Override
public byte[] getX509CertificateSha256Thumbprint() {
public byte[] getX509Sha256Thumbprint() {
return get(AbstractAsymmetricJwk.X5T_S256);
}
@Override
public T x509CertificateSha256Thumbprint(byte[] thumbprint) {
public T x509Sha256Thumbprint(byte[] thumbprint) {
put(AbstractAsymmetricJwk.X5T_S256, thumbprint);
return self();
}

8
impl/src/main/java/io/jsonwebtoken/impl/DefaultJweHeaderBuilder.java
View File

@ -34,14 +34,14 @@ public class DefaultJweHeaderBuilder<T extends JweHeaderMutator<T> & X509Builder
}
@Override
public T withX509Sha1Thumbprint(boolean enable) {
this.x509.withX509Sha1Thumbprint(enable);
public T x509Sha1Thumbprint(boolean enable) {
this.x509.x509Sha1Thumbprint(enable);
return self();
}
@Override
public T withX509Sha256Thumbprint(boolean enable) {
this.x509.withX509Sha256Thumbprint(enable);
public T x509Sha256Thumbprint(boolean enable) {
this.x509.x509Sha256Thumbprint(enable);
return self();
}
}

12
impl/src/main/java/io/jsonwebtoken/impl/DefaultJweHeaderMutator.java
View File

@ -166,20 +166,20 @@ public class DefaultJweHeaderMutator<T extends JweHeaderMutator<T>>
}
@Override
public T x509CertificateChain(List<X509Certificate> chain) {
this.x509.x509CertificateChain(chain);
public T x509Chain(List<X509Certificate> chain) {
this.x509.x509Chain(chain);
return self();
}
@Override
public T x509CertificateSha1Thumbprint(byte[] thumbprint) {
this.x509.x509CertificateSha1Thumbprint(thumbprint);
public T x509Sha1Thumbprint(byte[] thumbprint) {
this.x509.x509Sha1Thumbprint(thumbprint);
return self();
}
@Override
public T x509CertificateSha256Thumbprint(byte[] thumbprint) {
this.x509.x509CertificateSha256Thumbprint(thumbprint);
public T x509Sha256Thumbprint(byte[] thumbprint) {
this.x509.x509Sha256Thumbprint(thumbprint);
return self();
}

20
impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java
View File

@ -128,7 +128,7 @@ public class DefaultJwtParser implements JwtParser {
private static final String UNSECURED_DISABLED_MSG_PREFIX = "Unsecured JWSs (those with an " +
DefaultHeader.ALGORITHM + " header value of '" + Jwts.SIG.NONE.getId() + "') are disallowed by " +
"default as mandated by https://www.rfc-editor.org/rfc/rfc7518.html#section-3.6. If you wish to " +
"allow them to be parsed, call the JwtParserBuilder.enableUnsecured() method, but please read the " +
"allow them to be parsed, call the JwtParserBuilder.unsecured() method, but please read the " +
"security considerations covered in that method's JavaDoc before doing so. Header: ";
private static final String CRIT_UNSECURED_MSG = "Unsecured JWSs (those with an " + DefaultHeader.ALGORITHM +
@ -176,7 +176,7 @@ public class DefaultJwtParser implements JwtParser {
"by default to protect against [Denial of Service attacks](" +
"https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-pellegrino.pdf). If you " +
"wish to enable Unsecure JWS or Unencoded JWS payload decompression, call the JwtParserBuilder." +
"enableUnsecuredDecompression() method, but please read the security considerations covered in that " +
"unsecuredDecompression() method, but please read the security considerations covered in that " +
"method's JavaDoc before doing so.";
private final Provider provider;
@ -184,9 +184,9 @@ public class DefaultJwtParser implements JwtParser {
@SuppressWarnings("deprecation")
private final SigningKeyResolver signingKeyResolver;
private final boolean enableUnsecured;
private final boolean unsecured;
private final boolean enableUnsecuredDecompression;
private final boolean unsecuredDecompression;
private final Function<JwsHeader, SecureDigestAlgorithm<?, ?>> sigAlgFn;
@ -214,8 +214,8 @@ public class DefaultJwtParser implements JwtParser {
@SuppressWarnings("deprecation")
DefaultJwtParser(Provider provider,
SigningKeyResolver signingKeyResolver,
boolean enableUnsecured,
boolean enableUnsecuredDecompression,
boolean unsecured,
boolean unsecuredDecompression,
Locator<? extends Key> keyLocator,
Clock clock,
Set<String> critical,
@ -229,8 +229,8 @@ public class DefaultJwtParser implements JwtParser {
Collection<KeyAlgorithm<?, ?>> extraKeyAlgs,
Collection<AeadAlgorithm> extraEncAlgs) {
this.provider = provider;
this.enableUnsecured = enableUnsecured;
this.enableUnsecuredDecompression = enableUnsecuredDecompression;
this.unsecured = unsecured;
this.unsecuredDecompression = unsecuredDecompression;
this.signingKeyResolver = signingKeyResolver;
this.keyLocator = Assert.notNull(keyLocator, "Key Locator cannot be null.");
this.clock = Assert.notNull(clock, "Clock cannot be null.");
@ -406,7 +406,7 @@ public class DefaultJwtParser implements JwtParser {
throw new MalformedJwtException(JWE_NONE_MSG);
}
// Unsecured JWTs are disabled by default per the RFC:
if (!enableUnsecured) {
if (!this.unsecured) {
String msg = UNSECURED_DISABLED_MSG_PREFIX + header;
throw new UnsupportedJwtException(msg);
}
@ -584,7 +584,7 @@ public class DefaultJwtParser implements JwtParser {
if (!payloadBase64UrlEncoded) {
String msg = String.format(B64_DECOMPRESSION_MSG, compressionAlgorithm.getId());
throw new UnsupportedJwtException(msg);
} else if (!enableUnsecuredDecompression) {
} else if (!unsecuredDecompression) {
String msg = String.format(UNPROTECTED_DECOMPRESSION_MSG, compressionAlgorithm.getId());
throw new UnsupportedJwtException(msg);
}

20
impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtParserBuilder.java
View File

@ -70,9 +70,9 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
private Provider provider;
private boolean enableUnsecured = false;
private boolean unsecured = false;
private boolean enableUnsecuredDecompression = false;
private boolean unsecuredDecompression = false;
private Locator<? extends Key> keyLocator;
@ -106,14 +106,14 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
private Key decryptionKey;
@Override
public JwtParserBuilder enableUnsecured() {
this.enableUnsecured = true;
public JwtParserBuilder unsecured() {
this.unsecured = true;
return this;
}
@Override
public JwtParserBuilder enableUnsecuredDecompression() {
this.enableUnsecuredDecompression = true;
public JwtParserBuilder unsecuredDecompression() {
this.unsecuredDecompression = true;
return this;
}
@ -379,8 +379,8 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
keyLocator = new ConstantKeyLocator(this.signatureVerificationKey, this.decryptionKey);
}
if (!enableUnsecured && enableUnsecuredDecompression) {
String msg = "'enableUnsecuredDecompression' is only relevant if 'enableUnsecured' is also " +
if (!unsecured && unsecuredDecompression) {
String msg = "'unsecuredDecompression' is only relevant if 'unsecured' is also " +
"configured. Please read the JavaDoc of both features before enabling either " +
"due to their security implications.";
throw new IllegalStateException(msg);
@ -399,8 +399,8 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
return new DefaultJwtParser(
provider,
signingKeyResolver,
enableUnsecured,
enableUnsecuredDecompression,
unsecured,
unsecuredDecompression,
keyLocator,
clock,
critical,

6
impl/src/main/java/io/jsonwebtoken/impl/DefaultMutableJweHeader.java
View File

@ -92,17 +92,17 @@ public class DefaultMutableJweHeader extends DefaultJweHeaderMutator<DefaultMuta
}
@Override
public List<X509Certificate> getX509CertificateChain() {
public List<X509Certificate> getX509Chain() {
return get(DefaultProtectedHeader.X5C);
}
@Override
public byte[] getX509CertificateSha1Thumbprint() {
public byte[] getX509Sha1Thumbprint() {
return get(DefaultProtectedHeader.X5T);
}
@Override
public byte[] getX509CertificateSha256Thumbprint() {
public byte[] getX509Sha256Thumbprint() {
return get(DefaultProtectedHeader.X5T_S256);
}

6
impl/src/main/java/io/jsonwebtoken/impl/DefaultProtectedHeader.java
View File

@ -99,17 +99,17 @@ public class DefaultProtectedHeader extends DefaultHeader implements ProtectedHe
}
@Override
public List<X509Certificate> getX509CertificateChain() {
public List<X509Certificate> getX509Chain() {
return get(X5C);
}
@Override
public byte[] getX509CertificateSha1Thumbprint() {
public byte[] getX509Sha1Thumbprint() {
return get(X5T);
}
@Override
public byte[] getX509CertificateSha256Thumbprint() {
public byte[] getX509Sha256Thumbprint() {
return get(X5T_S256);
}

12
impl/src/main/java/io/jsonwebtoken/impl/security/AbstractAsymmetricJwk.java
View File

@ -51,17 +51,17 @@ public abstract class AbstractAsymmetricJwk<K extends Key> extends AbstractJwk<K
}
@Override
public List<X509Certificate> getX509CertificateChain() {
return Collections.immutable(this.context.getX509CertificateChain());
public List<X509Certificate> getX509Chain() {
return Collections.immutable(this.context.getX509Chain());
}
@Override
public byte[] getX509CertificateSha1Thumbprint() {
return (byte[])Arrays.copy(this.context.getX509CertificateSha1Thumbprint());
public byte[] getX509Sha1Thumbprint() {
return (byte[])Arrays.copy(this.context.getX509Sha1Thumbprint());
}
@Override
public byte[] getX509CertificateSha256Thumbprint() {
return (byte[])Arrays.copy(this.context.getX509CertificateSha256Thumbprint());
public byte[] getX509Sha256Thumbprint() {
return (byte[])Arrays.copy(this.context.getX509Sha256Thumbprint());
}
}

20
impl/src/main/java/io/jsonwebtoken/impl/security/AbstractAsymmetricJwkBuilder.java
View File

@ -83,9 +83,9 @@ abstract class AbstractAsymmetricJwkBuilder<K extends Key, J extends AsymmetricJ
*/
@Override
public T x509CertificateChain(List<X509Certificate> chain) {
public T x509Chain(List<X509Certificate> chain) {
Assert.notEmpty(chain, "X509Certificate chain cannot be null or empty.");
this.x509.x509CertificateChain(chain);
this.x509.x509Chain(chain);
return self();
}
@ -105,26 +105,26 @@ abstract class AbstractAsymmetricJwkBuilder<K extends Key, J extends AsymmetricJ
*/
@Override
public T x509CertificateSha1Thumbprint(byte[] thumbprint) {
this.x509.x509CertificateSha1Thumbprint(thumbprint);
public T x509Sha1Thumbprint(byte[] thumbprint) {
this.x509.x509Sha1Thumbprint(thumbprint);
return self();
}
@Override
public T x509CertificateSha256Thumbprint(byte[] thumbprint) {
this.x509.x509CertificateSha256Thumbprint(thumbprint);
public T x509Sha256Thumbprint(byte[] thumbprint) {
this.x509.x509Sha256Thumbprint(thumbprint);
return self();
}
@Override
public T withX509Sha1Thumbprint(boolean enable) {
this.x509.withX509Sha1Thumbprint(enable);
public T x509Sha1Thumbprint(boolean enable) {
this.x509.x509Sha1Thumbprint(enable);
return self();
}
@Override
public T withX509Sha256Thumbprint(boolean enable) {
this.x509.withX509Sha256Thumbprint(enable);
public T x509Sha256Thumbprint(boolean enable) {
this.x509.x509Sha256Thumbprint(enable);
return self();
}

8
impl/src/main/java/io/jsonwebtoken/impl/security/DefaultDynamicJwkBuilder.java
View File

@ -134,7 +134,7 @@ public class DefaultDynamicJwkBuilder<K extends Key, J extends Jwk<K>>
Assert.notEmpty(chain, "chain cannot be null or empty.");
X509Certificate cert = Assert.notNull(chain.get(0), "The first X509Certificate cannot be null.");
PublicKey key = Assert.notNull(cert.getPublicKey(), "The first X509Certificate's PublicKey cannot be null.");
return this.<A, B>key((A) key).x509CertificateChain(chain);
return this.<A, B>key((A) key).x509Chain(chain);
}
@Override
@ -143,7 +143,7 @@ public class DefaultDynamicJwkBuilder<K extends Key, J extends Jwk<K>>
X509Certificate cert = chain.get(0);
PublicKey key = cert.getPublicKey();
RSAPublicKey pubKey = KeyPairs.assertKey(key, RSAPublicKey.class, "The first X509Certificate's ");
return key(pubKey).x509CertificateChain(chain);
return key(pubKey).x509Chain(chain);
}
@Override
@ -152,7 +152,7 @@ public class DefaultDynamicJwkBuilder<K extends Key, J extends Jwk<K>>
X509Certificate cert = chain.get(0);
PublicKey key = cert.getPublicKey();
ECPublicKey pubKey = KeyPairs.assertKey(key, ECPublicKey.class, "The first X509Certificate's ");
return key(pubKey).x509CertificateChain(chain);
return key(pubKey).x509Chain(chain);
}
@SuppressWarnings("unchecked") // ok because of the EdwardsCurve.assertEdwards calls
@ -173,7 +173,7 @@ public class DefaultDynamicJwkBuilder<K extends Key, J extends Jwk<K>>
PublicKey key = cert.getPublicKey();
Assert.notNull(key, "The first X509Certificate's PublicKey cannot be null.");
EdwardsCurve.assertEdwards(key);
return this.<A, B>octetKey((A) key).x509CertificateChain(chain);
return this.<A, B>octetKey((A) key).x509Chain(chain);
}
@Override

8
impl/src/main/java/io/jsonwebtoken/impl/security/DefaultKeyOperationPolicyBuilder.java
View File

@ -29,15 +29,15 @@ import java.util.Map;
public class DefaultKeyOperationPolicyBuilder implements KeyOperationPolicyBuilder {
private final Map<String, KeyOperation> ops;
private boolean allowUnrelated = false;
private boolean unrelated = false;
public DefaultKeyOperationPolicyBuilder() {
this.ops = new LinkedHashMap<>(Jwks.OP.get());
}
@Override
public KeyOperationPolicyBuilder allowUnrelated(boolean allow) {
this.allowUnrelated = allow;
public KeyOperationPolicyBuilder unrelated() {
this.unrelated = true;
return this;
}
@ -63,6 +63,6 @@ public class DefaultKeyOperationPolicyBuilder implements KeyOperationPolicyBuild
@Override
public KeyOperationPolicy build() {
return new DefaultKeyOperationPolicy(Collections.immutable(this.ops.values()), this.allowUnrelated);
return new DefaultKeyOperationPolicy(Collections.immutable(this.ops.values()), this.unrelated);
}
}

34
impl/src/main/java/io/jsonwebtoken/impl/security/X509BuilderSupport.java
View File

@ -61,18 +61,6 @@ public class X509BuilderSupport implements X509Builder<X509BuilderSupport> {
this.GET_X509_BYTES = createGetBytesFunction(getBytesFailedException);
}
@Override
public X509BuilderSupport withX509Sha1Thumbprint(boolean enable) {
this.computeX509Sha1Thumbprint = enable;
return this;
}
@Override
public X509BuilderSupport withX509Sha256Thumbprint(boolean enable) {
this.computeX509Sha256Thumbprint = enable;
return this;
}
@Override
public X509BuilderSupport x509Url(URI uri) {
this.map.put(AbstractAsymmetricJwk.X5U.getId(), uri);
@ -80,23 +68,35 @@ public class X509BuilderSupport implements X509Builder<X509BuilderSupport> {
}
@Override
public X509BuilderSupport x509CertificateChain(List<X509Certificate> chain) {
public X509BuilderSupport x509Chain(List<X509Certificate> chain) {
this.map.put(AbstractAsymmetricJwk.X5C.getId(), chain);
return this;
}
@Override
public X509BuilderSupport x509CertificateSha1Thumbprint(byte[] thumbprint) {
public X509BuilderSupport x509Sha1Thumbprint(byte[] thumbprint) {
this.map.put(AbstractAsymmetricJwk.X5T.getId(), thumbprint);
return this;
}
@Override
public X509BuilderSupport x509CertificateSha256Thumbprint(byte[] thumbprint) {
public X509BuilderSupport x509Sha1Thumbprint(boolean enable) {
this.computeX509Sha1Thumbprint = enable;
return this;
}
@Override
public X509BuilderSupport x509Sha256Thumbprint(byte[] thumbprint) {
this.map.put(AbstractAsymmetricJwk.X5T_S256.getId(), thumbprint);
return this;
}
@Override
public X509BuilderSupport x509Sha256Thumbprint(boolean enable) {
this.computeX509Sha256Thumbprint = enable;
return this;
}
private byte[] computeThumbprint(final X509Certificate cert, HashAlgorithm alg) {
byte[] encoded = GET_X509_BYTES.apply(cert);
InputStream in = new ByteArrayInputStream(encoded);
@ -121,11 +121,11 @@ public class X509BuilderSupport implements X509Builder<X509BuilderSupport> {
if (firstCert != null) {
if (computeX509Sha1Thumbprint) {
byte[] thumbprint = computeThumbprint(firstCert, DefaultHashAlgorithm.SHA1);
x509CertificateSha1Thumbprint(thumbprint);
x509Sha1Thumbprint(thumbprint);
}
if (computeX509Sha256) {
byte[] thumbprint = computeThumbprint(firstCert, Jwks.HASH.SHA256);
x509CertificateSha256Thumbprint(thumbprint);
x509Sha256Thumbprint(thumbprint);
}
}
}

4
impl/src/test/groovy/io/jsonwebtoken/CustomObjectDeserializationTest.groovy
View File

@ -36,13 +36,13 @@ class CustomObjectDeserializationTest {
String jwtString = Jwts.builder().claim("cust", customBean).compact()
// no custom deserialization, object is a map
Jwt<Header, Claims> jwt = Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwtString)
Jwt<Header, Claims> jwt = Jwts.parser().unsecured().build().parseClaimsJwt(jwtString)
assertNotNull jwt
assertEquals jwt.getPayload().get('cust'), [key1: 'value1', key2: 42]
// custom type for 'cust' claim
def des = new JacksonDeserializer([cust: CustomBean])
jwt = Jwts.parser().enableUnsecured().json(des).build().parseClaimsJwt(jwtString)
jwt = Jwts.parser().unsecured().json(des).build().parseClaimsJwt(jwtString)
assertNotNull jwt
CustomBean result = jwt.getPayload().get("cust", CustomBean)
assertEquals customBean, result

48
impl/src/test/groovy/io/jsonwebtoken/JwtParserTest.groovy
View File

@ -71,7 +71,7 @@ class JwtParserTest {
String bad = base64Url('{"alg":"none"}') + '.' + base64Url(junkPayload) + '.'
// Can't be treated as claims, so payload must be treated as a byte array:
assertArrayEquals bytes, Jwts.parser().enableUnsecured().build().parse(bad).getPayload() as byte[]
assertArrayEquals bytes, Jwts.parser().unsecured().build().parse(bad).getPayload() as byte[]
}
@Test
@ -82,7 +82,7 @@ class JwtParserTest {
String bad = base64Url('{"alg":"none"}') + '.' + base64Url(junkPayload) + '.'
try {
Jwts.parser().enableUnsecured().build().parseClaimsJwt(bad)
Jwts.parser().unsecured().build().parseClaimsJwt(bad)
fail()
} catch (UnsupportedJwtException expected) {
String msg = 'Unprotected content JWTs are not supported.'
@ -143,7 +143,7 @@ class JwtParserTest {
String bad = base64Url(header) + '.' + base64Url(payload) + '.' + base64Url(badSig)
try {
Jwts.parser().enableUnsecured().setSigningKey(randomKey()).build().parse(bad)
Jwts.parser().unsecured().setSigningKey(randomKey()).build().parse(bad)
fail()
} catch (MalformedJwtException se) {
assertEquals 'The JWS header references signature algorithm \'none\' yet the compact JWS string contains a signature. This is not permitted per https://tools.ietf.org/html/rfc7518#section-3.6.', se.getMessage()
@ -216,7 +216,7 @@ class JwtParserTest {
@Test
void testParseNullPayloadWithoutKey() {
String compact = Jwts.builder().compact()
def jwt = Jwts.parser().enableUnsecured().build().parse(compact)
def jwt = Jwts.parser().unsecured().build().parse(compact)
assertEquals 'none', jwt.header.alg
assertEquals '', new String(jwt.payload as byte[], StandardCharsets.UTF_8)
}
@ -233,7 +233,7 @@ class JwtParserTest {
String compact = Jwts.builder().setSubject('Joe').setExpiration(exp).compact()
try {
Jwts.parser().enableUnsecured().setClock(fixedClock).build().parse(compact)
Jwts.parser().unsecured().setClock(fixedClock).build().parse(compact)
fail()
} catch (ExpiredJwtException e) {
// https://github.com/jwtk/jjwt/issues/107 (the Z designator at the end of the timestamp):
@ -254,7 +254,7 @@ class JwtParserTest {
String compact = Jwts.builder().subject('Joe').notBefore(nbf).compact()
try {
Jwts.parser().enableUnsecured().clock(new FixedClock(earlier)).build().parse(compact)
Jwts.parser().unsecured().clock(new FixedClock(earlier)).build().parse(compact)
fail()
} catch (PrematureJwtException e) {
def nbf8601 = DateFormats.formatIso8601(nbf, true)
@ -285,7 +285,7 @@ class JwtParserTest {
String subject = 'Joe'
String compact = Jwts.builder().subject(subject).expiration(exp).compact()
Jwt<Header, Claims> jwt = Jwts.parser().enableUnsecured().setAllowedClockSkewSeconds(10)
Jwt<Header, Claims> jwt = Jwts.parser().unsecured().setAllowedClockSkewSeconds(10)
.clock(new FixedClock(later)).build().parse(compact)
assertEquals jwt.getPayload().getSubject(), subject
@ -303,7 +303,7 @@ class JwtParserTest {
def skewSeconds = 1
try {
Jwts.parser().enableUnsecured().setAllowedClockSkewSeconds(skewSeconds)
Jwts.parser().unsecured().setAllowedClockSkewSeconds(skewSeconds)
.clock(new FixedClock(later)).build().parse(s)
fail()
} catch (ExpiredJwtException e) {
@ -322,7 +322,7 @@ class JwtParserTest {
String subject = 'Joe'
String compact = Jwts.builder().setSubject(subject).setNotBefore(exp).compact()
Jwt<Header, Claims> jwt = Jwts.parser().enableUnsecured().setAllowedClockSkewSeconds(10).build().parse(compact)
Jwt<Header, Claims> jwt = Jwts.parser().unsecured().setAllowedClockSkewSeconds(10).build().parse(compact)
assertEquals jwt.getPayload().getSubject(), subject
}
@ -339,7 +339,7 @@ class JwtParserTest {
def skewSeconds = 1
try {
Jwts.parser().enableUnsecured()
Jwts.parser().unsecured()
.setAllowedClockSkewSeconds(skewSeconds).clock(new FixedClock(earlier))
.build().parse(compact)
fail()
@ -363,7 +363,7 @@ class JwtParserTest {
String compact = Jwts.builder().setPayload(payload).compact()
def jwt = Jwts.parser().enableUnsecured().build().parseContentJwt(compact)
def jwt = Jwts.parser().unsecured().build().parseContentJwt(compact)
assertEquals payload, new String(jwt.payload, StandardCharsets.UTF_8)
}
@ -374,7 +374,7 @@ class JwtParserTest {
String compact = Jwts.builder().setSubject('Joe').compact()
try {
Jwts.parser().enableUnsecured().build().parseContentJwt(compact)
Jwts.parser().unsecured().build().parseContentJwt(compact)
fail()
} catch (UnsupportedJwtException e) {
assertEquals e.getMessage(), 'Unprotected Claims JWTs are not supported.'
@ -421,7 +421,7 @@ class JwtParserTest {
String compact = Jwts.builder().setSubject(subject).compact()
Jwt<Header, Claims> jwt = Jwts.parser().enableUnsecured().build().parseClaimsJwt(compact)
Jwt<Header, Claims> jwt = Jwts.parser().unsecured().build().parseClaimsJwt(compact)
assertEquals jwt.getPayload().getSubject(), subject
}
@ -434,7 +434,7 @@ class JwtParserTest {
String compact = Jwts.builder().setPayload(payload).compact()
try {
Jwts.parser().enableUnsecured().build().parseClaimsJwt(compact)
Jwts.parser().unsecured().build().parseClaimsJwt(compact)
fail()
} catch (UnsupportedJwtException e) {
assertEquals 'Unprotected content JWTs are not supported.', e.getMessage()
@ -501,7 +501,7 @@ class JwtParserTest {
String compact = Jwts.builder().setPayload(payload).compact()
try {
Jwts.parser().enableUnsecured().setSigningKey(key).build().parseContentJws(compact)
Jwts.parser().unsecured().setSigningKey(key).build().parseContentJws(compact)
fail()
} catch (UnsupportedJwtException e) {
assertEquals 'Unprotected content JWTs are not supported.', e.getMessage()
@ -518,7 +518,7 @@ class JwtParserTest {
String compact = Jwts.builder().setSubject(subject).compact()
try {
Jwts.parser().enableUnsecured().setSigningKey(key).build().parseContentJws(compact)
Jwts.parser().unsecured().setSigningKey(key).build().parseContentJws(compact)
fail()
} catch (UnsupportedJwtException e) {
assertEquals 'Unprotected Claims JWTs are not supported.', e.getMessage()
@ -621,7 +621,7 @@ class JwtParserTest {
String compact = Jwts.builder().setPayload(payload).compact()
try {
Jwts.parser().enableUnsecured().setSigningKey(key).build().parseClaimsJws(compact)
Jwts.parser().unsecured().setSigningKey(key).build().parseClaimsJws(compact)
fail()
} catch (UnsupportedJwtException e) {
assertEquals 'Unprotected content JWTs are not supported.', e.getMessage()
@ -638,7 +638,7 @@ class JwtParserTest {
String compact = Jwts.builder().setSubject(subject).compact()
try {
Jwts.parser().enableUnsecured().setSigningKey(key).
Jwts.parser().unsecured().setSigningKey(key).
build().
parseClaimsJws(compact)
fail()
@ -1132,7 +1132,7 @@ class JwtParserTest {
def two = 'two'
def expected = [one, two]
String jwt = Jwts.builder().audience(one).audience(two).compact()
def aud = Jwts.parser().enableUnsecured().requireAudience(one).requireAudience(two).build()
def aud = Jwts.parser().unsecured().requireAudience(one).requireAudience(two).build()
.parseClaimsJwt(jwt).getPayload().getAudience()
assertEquals expected.size(), aud.size()
assertTrue aud.containsAll(expected)
@ -1144,7 +1144,7 @@ class JwtParserTest {
String jwt = Jwts.builder().audience(one).audience('two').compact() // more audiences than required
def aud = Jwts.parser().enableUnsecured().requireAudience(one) // require only one
def aud = Jwts.parser().unsecured().requireAudience(one) // require only one
.build().parseClaimsJwt(jwt).getPayload().getAudience()
assertNotNull aud
@ -1157,7 +1157,7 @@ class JwtParserTest {
def two = 'two'
String jwt = Jwts.builder().id('foo').compact()
try {
Jwts.parser().enableUnsecured().requireAudience(one).requireAudience(two).build().parseClaimsJwt(jwt)
Jwts.parser().unsecured().requireAudience(one).requireAudience(two).build().parseClaimsJwt(jwt)
fail()
} catch (MissingClaimException expected) {
String msg = "Missing 'aud' claim. Expected values: [$one, $two]"
@ -1172,7 +1172,7 @@ class JwtParserTest {
def expected = [one, two]
String jwt = Jwts.builder().claim('custom', one).compact()
try {
Jwts.parser().enableUnsecured().require('custom', expected).build().parseClaimsJwt(jwt)
Jwts.parser().unsecured().require('custom', expected).build().parseClaimsJwt(jwt)
} catch (IncorrectClaimException e) {
String msg = "Missing expected '$two' value in 'custom' claim [$one]."
assertEquals msg, e.message
@ -1560,7 +1560,7 @@ class JwtParserTest {
String compact = Jwts.builder().setSubject('Joe').setExpiration(expiry).compact()
Jwts.parser().enableUnsecured().setClock(new FixedClock(beforeExpiry)).build().parse(compact)
Jwts.parser().unsecured().setClock(new FixedClock(beforeExpiry)).build().parse(compact)
}
@Test
@ -1639,7 +1639,7 @@ class JwtParserTest {
String jwtStr = base64Url(header) + '.' + base64Url(payload) + '.' + base64Url(sig)
try {
Jwts.parser().enableUnsecured().build().parse(jwtStr)
Jwts.parser().unsecured().build().parse(jwtStr)
fail()
} catch (MalformedJwtException se) {
assertEquals 'The JWS header references signature algorithm \'none\' yet the compact JWS string contains a signature. This is not permitted per https://tools.ietf.org/html/rfc7518#section-3.6.', se.message

56
impl/src/test/groovy/io/jsonwebtoken/JwtsTest.groovy
View File

@ -172,7 +172,7 @@ class JwtsTest {
String s = 'Hello JJWT'
String cty = 'text/plain'
String compact = Jwts.builder().content(s, cty).compact()
def jwt = Jwts.parser().enableUnsecured().build().parseContentJwt(compact)
def jwt = Jwts.parser().unsecured().build().parseContentJwt(compact)
assertEquals cty, jwt.header.getContentType()
assertEquals s, new String(jwt.payload, StandardCharsets.UTF_8)
}
@ -183,7 +183,7 @@ class JwtsTest {
byte[] content = Strings.utf8(s)
String cty = 'text/plain'
String compact = Jwts.builder().content(content, cty).compact()
def jwt = Jwts.parser().enableUnsecured().build().parseContentJwt(compact)
def jwt = Jwts.parser().unsecured().build().parseContentJwt(compact)
assertEquals cty, jwt.header.getContentType()
assertEquals s, new String(jwt.payload, StandardCharsets.UTF_8)
}
@ -194,7 +194,7 @@ class JwtsTest {
InputStream content = new ByteArrayInputStream(Strings.utf8(s))
String cty = 'text/plain'
String compact = Jwts.builder().content(content, cty).compact()
def jwt = Jwts.parser().enableUnsecured().build().parseContentJwt(compact)
def jwt = Jwts.parser().unsecured().build().parseContentJwt(compact)
assertEquals cty, jwt.header.getContentType()
assertEquals s, new String(jwt.payload, StandardCharsets.UTF_8)
}
@ -204,7 +204,7 @@ class JwtsTest {
String s = 'Hello JJWT'
InputStream content = new ByteArrayInputStream(Strings.utf8(s))
String compact = Jwts.builder().content(content).compact()
def jwt = Jwts.parser().enableUnsecured().build().parseContentJwt(compact)
def jwt = Jwts.parser().unsecured().build().parseContentJwt(compact)
assertNull jwt.header.getContentType()
assertEquals s, new String(jwt.payload, StandardCharsets.UTF_8)
}
@ -212,7 +212,7 @@ class JwtsTest {
@Test
void testContentStreamNull() {
String compact = Jwts.builder().content((InputStream) null).compact()
def jwt = Jwts.parser().enableUnsecured().build().parseContentJwt(compact)
def jwt = Jwts.parser().unsecured().build().parseContentJwt(compact)
assertEquals 'none', jwt.header.getAlgorithm()
assertTrue Bytes.isEmpty(jwt.getPayload())
}
@ -223,7 +223,7 @@ class JwtsTest {
String subtype = 'foo'
String cty = "application/$subtype"
String compact = Jwts.builder().content(s, cty).compact()
def jwt = Jwts.parser().enableUnsecured().build().parseContentJwt(compact)
def jwt = Jwts.parser().unsecured().build().parseContentJwt(compact)
// assert raw value is compact form:
assertEquals subtype, jwt.header.get('cty')
// assert getter reflects normalized form per https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10:
@ -237,7 +237,7 @@ class JwtsTest {
String subtype = 'foo'
String cty = "application/$subtype;part=1/2"
String compact = Jwts.builder().content(s, cty).compact()
def jwt = Jwts.parser().enableUnsecured().build().parseContentJwt(compact)
def jwt = Jwts.parser().unsecured().build().parseContentJwt(compact)
assertEquals cty, jwt.header.getContentType() // two slashes, can't compact
assertEquals s, new String(jwt.payload, StandardCharsets.UTF_8)
}
@ -249,7 +249,7 @@ class JwtsTest {
String jwt = Jwts.builder().claims().add(claims).and().compact()
def token = Jwts.parser().enableUnsecured().build().parse(jwt)
def token = Jwts.parser().unsecured().build().parse(jwt)
//noinspection GrEqualsBetweenInconvertibleTypes
assert token.payload == claims
@ -279,7 +279,7 @@ class JwtsTest {
String claims = Encoders.BASE64URL.encode(claimsJson.getBytes(StandardCharsets.UTF_8))
String compact = header + '.' + claims + '.'
def jwt = Jwts.parser().enableUnsecured().build().parseClaimsJwt(compact)
def jwt = Jwts.parser().unsecured().build().parseClaimsJwt(compact)
assertEquals 'none', jwt.header.getAlgorithm()
assertEquals 'joe', jwt.payload.getSubject()
}
@ -323,7 +323,7 @@ class JwtsTest {
@Test
void testParseWithHeaderOnly() {
String unsecuredJwt = base64Url("{\"alg\":\"none\"}") + ".."
Jwt jwt = Jwts.parser().enableUnsecured().build().parse(unsecuredJwt)
Jwt jwt = Jwts.parser().unsecured().build().parse(unsecuredJwt)
assertEquals "none", jwt.getHeader().get("alg")
}
@ -344,7 +344,7 @@ class JwtsTest {
int i = compact.lastIndexOf('.')
String missingSig = compact.substring(0, i + 1)
try {
Jwts.parser().enableUnsecured().setSigningKey(key).build().parseClaimsJws(missingSig)
Jwts.parser().unsecured().setSigningKey(key).build().parseClaimsJws(missingSig)
fail()
} catch (MalformedJwtException expected) {
String s = String.format(DefaultJwtParser.MISSING_JWS_DIGEST_MSG_FMT, 'HS256')
@ -364,7 +364,7 @@ class JwtsTest {
@Test
void testConvenienceIssuer() {
String compact = Jwts.builder().setIssuer("Me").compact()
Claims claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
Claims claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertEquals 'Me', claims.getIssuer()
compact = Jwts.builder().setSubject("Joe")
@ -372,14 +372,14 @@ class JwtsTest {
.setIssuer(null) //null should remove it
.compact()
claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertNull claims.getIssuer()
}
@Test
void testConvenienceSubject() {
String compact = Jwts.builder().setSubject("Joe").compact()
Claims claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
Claims claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertEquals 'Joe', claims.getSubject()
compact = Jwts.builder().setIssuer("Me")
@ -387,14 +387,14 @@ class JwtsTest {
.setSubject(null) //null should remove it
.compact()
claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertNull claims.getSubject()
}
@Test
void testConvenienceAudience() {
String compact = Jwts.builder().setAudience("You").compact()
Claims claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
Claims claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertEquals 'You', claims.getAudience().iterator().next()
compact = Jwts.builder().setIssuer("Me")
@ -402,7 +402,7 @@ class JwtsTest {
.setAudience(null) //null should remove it
.compact()
claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertNull claims.getAudience()
}
@ -410,7 +410,7 @@ class JwtsTest {
void testConvenienceExpiration() {
Date then = laterDate(10000)
String compact = Jwts.builder().setExpiration(then).compact()
Claims claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
Claims claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
def claimedDate = claims.getExpiration()
assertEquals then, claimedDate
@ -419,7 +419,7 @@ class JwtsTest {
.setExpiration(null) //null should remove it
.compact()
claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertNull claims.getExpiration()
}
@ -427,7 +427,7 @@ class JwtsTest {
void testConvenienceNotBefore() {
Date now = now() //jwt exp only supports *seconds* since epoch:
String compact = Jwts.builder().setNotBefore(now).compact()
Claims claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
Claims claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
def claimedDate = claims.getNotBefore()
assertEquals now, claimedDate
@ -436,7 +436,7 @@ class JwtsTest {
.setNotBefore(null) //null should remove it
.compact()
claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertNull claims.getNotBefore()
}
@ -444,7 +444,7 @@ class JwtsTest {
void testConvenienceIssuedAt() {
Date now = now() //jwt exp only supports *seconds* since epoch:
String compact = Jwts.builder().setIssuedAt(now).compact()
Claims claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
Claims claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
def claimedDate = claims.getIssuedAt()
assertEquals now, claimedDate
@ -453,7 +453,7 @@ class JwtsTest {
.setIssuedAt(null) //null should remove it
.compact()
claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertNull claims.getIssuedAt()
}
@ -461,7 +461,7 @@ class JwtsTest {
void testConvenienceId() {
String id = UUID.randomUUID().toString()
String compact = Jwts.builder().setId(id).compact()
Claims claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
Claims claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertEquals id, claims.getId()
compact = Jwts.builder().setIssuer("Me")
@ -469,7 +469,7 @@ class JwtsTest {
.setId(null) //null should remove it
.compact()
claims = Jwts.parser().enableUnsecured().build().parse(compact).payload as Claims
claims = Jwts.parser().unsecured().build().parse(compact).payload as Claims
assertNull claims.getId()
}
@ -791,7 +791,7 @@ class JwtsTest {
String notSigned = Jwts.builder().setSubject("Foo").compact()
try {
Jwts.parser().enableUnsecured().setSigningKey(key).build().parseClaimsJws(notSigned)
Jwts.parser().unsecured().setSigningKey(key).build().parseClaimsJws(notSigned)
fail('parseClaimsJws must fail for unsigned JWTs')
} catch (UnsupportedJwtException expected) {
assertEquals 'Unprotected Claims JWTs are not supported.', expected.message
@ -1210,14 +1210,14 @@ class JwtsTest {
String forged = Jwts.builder().setSubject("Not Joe").compact()
//assert that our forged header has a 'NONE' algorithm:
assertEquals 'none', Jwts.parser().enableUnsecured().build().parseClaimsJwt(forged).getHeader().get('alg')
assertEquals 'none', Jwts.parser().unsecured().build().parseClaimsJwt(forged).getHeader().get('alg')
//now let's forge it by appending the signature the server expects:
forged += signature
//now assert that, when the server tries to parse the forged token, parsing fails:
try {
Jwts.parser().enableUnsecured().setSigningKey(key).build().parse(forged)
Jwts.parser().unsecured().setSigningKey(key).build().parse(forged)
fail("Parsing must fail for a forged token.")
} catch (MalformedJwtException expected) {
assertEquals 'The JWS header references signature algorithm \'none\' yet the compact JWS string contains a signature. This is not permitted per https://tools.ietf.org/html/rfc7518#section-3.6.', expected.message

4
impl/src/test/groovy/io/jsonwebtoken/RFC7515AppendixETest.groovy
View File

@ -57,7 +57,7 @@ class RFC7515AppendixETest {
String jws = b64url + '.RkFJTA.'
try {
Jwts.parser().enableUnsecured().build().parse(jws)
Jwts.parser().unsecured().build().parse(jws)
fail()
} catch (MalformedJwtException expected) {
String msg = String.format(DefaultJwtParser.CRIT_UNSECURED_MSG, header)
@ -88,7 +88,7 @@ class RFC7515AppendixETest {
String jws = b64url + '.RkFJTA.fakesignature' // needed to parse a JWS properly
try {
Jwts.parser().enableUnsecured().build().parse(jws)
Jwts.parser().unsecured().build().parse(jws)
fail()
} catch (UnsupportedJwtException expected) {
String msg = String.format(DefaultJwtParser.CRIT_UNSUPPORTED_MSG, critVal, critVal, header)

6
impl/src/test/groovy/io/jsonwebtoken/impl/AbstractProtectedHeaderTest.groovy
View File

@ -186,7 +186,7 @@ class AbstractProtectedHeaderTest {
def bundle = TestKeys.RS256
List<String> encodedCerts = Collections.of(Encoders.BASE64.encode(bundle.cert.getEncoded()))
def header = h([x5c: bundle.chain])
assertEquals bundle.chain, header.getX509CertificateChain()
assertEquals bundle.chain, header.getX509Chain()
assertEquals encodedCerts, header.get('x5c')
}
@ -196,7 +196,7 @@ class AbstractProtectedHeaderTest {
Randoms.secureRandom().nextBytes(thumbprint)
String encoded = Encoders.BASE64URL.encode(thumbprint)
def header = h([x5t: thumbprint])
assertArrayEquals thumbprint, header.getX509CertificateSha1Thumbprint()
assertArrayEquals thumbprint, header.getX509Sha1Thumbprint()
assertEquals encoded, header.get('x5t')
}
@ -206,7 +206,7 @@ class AbstractProtectedHeaderTest {
Randoms.secureRandom().nextBytes(thumbprint)
String encoded = Encoders.BASE64URL.encode(thumbprint)
def header = h(['x5t#S256': thumbprint])
assertArrayEquals thumbprint, header.getX509CertificateSha256Thumbprint()
assertArrayEquals thumbprint, header.getX509Sha256Thumbprint()
assertEquals encoded, header.get('x5t#S256')
}

24
impl/src/test/groovy/io/jsonwebtoken/impl/DefaultJwtBuilderTest.groovy
View File

@ -634,7 +634,7 @@ class DefaultJwtBuilderTest {
.compact()
// shouldn't be an audience at all:
assertNull Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience()
assertNull Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience()
}
/**
@ -651,7 +651,7 @@ class DefaultJwtBuilderTest {
.audience([first, second]) // sets collection
.compact()
def aud = Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience()
def aud = Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience()
assertEquals expected, aud
}
@ -665,7 +665,7 @@ class DefaultJwtBuilderTest {
String audienceSingleString = 'test'
def jwt = builder.audienceSingle(audienceSingleString).compact()
assertEquals audienceSingleString, Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload
assertEquals audienceSingleString, Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload
.getAudience().iterator().next() // a collection, not a single string
}
@ -673,19 +673,19 @@ class DefaultJwtBuilderTest {
void testAudience() {
def aud = 'fubar'
def jwt = Jwts.builder().audience(aud).compact()
assertEquals aud, Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience().iterator().next()
assertEquals aud, Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience().iterator().next()
}
@Test
void testAudienceNullString() {
def jwt = Jwts.builder().subject('me').audience(null).compact()
assertNull Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience()
assertNull Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience()
}
@Test
void testAudienceEmptyString() {
def jwt = Jwts.builder().subject('me').audience(' ').compact()
assertNull Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience()
assertNull Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience()
}
@Test
@ -693,7 +693,7 @@ class DefaultJwtBuilderTest {
def one = 'one'
def two = 'two'
def jwt = Jwts.builder().audience(one).audience(two).compact()
def aud = Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience()
def aud = Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience()
assertTrue aud.contains(one)
assertTrue aud.contains(two)
}
@ -702,14 +702,14 @@ class DefaultJwtBuilderTest {
void testAudienceNullCollection() {
Collection c = null
def jwt = Jwts.builder().subject('me').audience(c).compact()
assertNull Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience()
assertNull Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience()
}
@Test
void testAudienceEmptyCollection() {
Collection c = new ArrayList()
def jwt = Jwts.builder().subject('me').audience(c).compact()
assertNull Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience()
assertNull Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience()
}
@Test
@ -717,7 +717,7 @@ class DefaultJwtBuilderTest {
Collection c = new ArrayList()
c.add(null)
def jwt = Jwts.builder().subject('me').audience(c).compact()
assertNull Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience()
assertNull Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience()
}
/**
@ -729,7 +729,7 @@ class DefaultJwtBuilderTest {
def one = 'one'
def two = 'two'
def jwt = Jwts.builder().audienceSingle(one).audience(two).compact()
def aud = Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience()
def aud = Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience()
assertTrue aud.contains(one)
assertTrue aud.contains(two)
}
@ -764,7 +764,7 @@ class DefaultJwtBuilderTest {
def collection = ['two', 'three'] as Set<String>
def expected = ['one', 'two', 'three'] as Set<String>
def jwt = Jwts.builder().audienceSingle(single).audience(collection).compact()
def aud = Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt).payload.getAudience()
def aud = Jwts.parser().unsecured().build().parseClaimsJwt(jwt).payload.getAudience()
assertEquals expected.size(), aud.size()
assertTrue aud.contains(single) && aud.containsAll(collection)
}

20
impl/src/test/groovy/io/jsonwebtoken/impl/DefaultJwtHeaderBuilderTest.groovy
View File

@ -351,8 +351,8 @@ class DefaultJwtHeaderBuilderTest {
@Test
void testX509CertificateChain() {
def chain = TestKeys.RS256.chain
header = jws().x509CertificateChain(chain).build() as JwsHeader
assertEquals chain, header.getX509CertificateChain()
header = jws().x509Chain(chain).build() as JwsHeader
assertEquals chain, header.getX509Chain()
}
/**
@ -366,8 +366,8 @@ class DefaultJwtHeaderBuilderTest {
def x5t = DefaultHashAlgorithm.SHA1.digest(request)
String encoded = Encoders.BASE64URL.encode(x5t)
header = jws().x509CertificateSha1Thumbprint(x5t).build() as JwsHeader
assertArrayEquals x5t, header.getX509CertificateSha1Thumbprint()
header = jws().x509Sha1Thumbprint(x5t).build() as JwsHeader
assertArrayEquals x5t, header.getX509Sha1Thumbprint()
assertEquals encoded, header.get('x5t')
}
@ -378,8 +378,8 @@ class DefaultJwtHeaderBuilderTest {
def request = new DefaultRequest(payload, null, null)
def x5t = DefaultHashAlgorithm.SHA1.digest(request)
String encoded = Encoders.BASE64URL.encode(x5t)
header = jws().x509CertificateChain(chain).withX509Sha1Thumbprint(true).build() as JwsHeader
assertArrayEquals x5t, header.getX509CertificateSha1Thumbprint()
header = jws().x509Chain(chain).x509Sha1Thumbprint(true).build() as JwsHeader
assertArrayEquals x5t, header.getX509Sha1Thumbprint()
assertEquals encoded, header.get('x5t')
}
@ -393,8 +393,8 @@ class DefaultJwtHeaderBuilderTest {
def request = new DefaultRequest(payload, null, null)
def x5tS256 = Jwks.HASH.@SHA256.digest(request)
String encoded = Encoders.BASE64URL.encode(x5tS256)
header = jws().x509CertificateSha256Thumbprint(x5tS256).build() as JwsHeader
assertArrayEquals x5tS256, header.getX509CertificateSha256Thumbprint()
header = jws().x509Sha256Thumbprint(x5tS256).build() as JwsHeader
assertArrayEquals x5tS256, header.getX509Sha256Thumbprint()
assertEquals encoded, header.get('x5t#S256')
}
@ -405,8 +405,8 @@ class DefaultJwtHeaderBuilderTest {
def request = new DefaultRequest(payload, null, null)
def x5tS256 = Jwks.HASH.SHA256.digest(request)
String encoded = Encoders.BASE64URL.encode(x5tS256)
header = jws().x509CertificateChain(chain).withX509Sha256Thumbprint(true).build() as JwsHeader
assertArrayEquals x5tS256, header.getX509CertificateSha256Thumbprint()
header = jws().x509Chain(chain).x509Sha256Thumbprint(true).build() as JwsHeader
assertArrayEquals x5tS256, header.getX509Sha256Thumbprint()
assertEquals encoded, header.get('x5t#S256')
}

10
impl/src/test/groovy/io/jsonwebtoken/impl/DefaultJwtParserBuilderTest.groovy
View File

@ -108,7 +108,7 @@ class DefaultJwtParserBuilderTest {
return Decoders.BASE64URL.decode(s)
}
}
def parser = builder.base64UrlDecodeWith(decoder).enableUnsecured().build()
def parser = builder.base64UrlDecodeWith(decoder).unsecured().build()
assertFalse invoked
assertEquals 'bar', parser.parseClaimsJwt(jwt).getPayload().get('foo')
@ -309,10 +309,10 @@ class DefaultJwtParserBuilderTest {
@Test
void testEnableUnsecuredDecompressionWithoutEnablingUnsecuredJws() {
try {
builder.enableUnsecuredDecompression().build()
builder.unsecuredDecompression().build()
fail()
} catch (IllegalStateException ise) {
String expected = "'enableUnsecuredDecompression' is only relevant if 'enableUnsecured' " + "is also configured. Please read the JavaDoc of both features before enabling either " + "due to their security implications."
String expected = "'unsecuredDecompression' is only relevant if 'unsecured' " + "is also configured. Please read the JavaDoc of both features before enabling either " + "due to their security implications."
assertEquals expected, ise.getMessage()
}
}
@ -322,7 +322,7 @@ class DefaultJwtParserBuilderTest {
def codec = Jwts.ZIP.GZIP
String jwt = Jwts.builder().compressWith(codec).setSubject('joe').compact()
try {
builder.enableUnsecured().build().parse(jwt)
builder.unsecured().build().parse(jwt)
fail()
} catch (UnsupportedJwtException e) {
String expected = String.format(DefaultJwtParser.UNPROTECTED_DECOMPRESSION_MSG, codec.getId())
@ -334,7 +334,7 @@ class DefaultJwtParserBuilderTest {
void testDecompressUnprotectedJwtEnabled() {
def codec = Jwts.ZIP.GZIP
String jws = Jwts.builder().compressWith(codec).setSubject('joe').compact()
def jwt = builder.enableUnsecured().enableUnsecuredDecompression().build().parse(jws)
def jwt = builder.unsecured().unsecuredDecompression().build().parse(jws)
assertEquals 'joe', ((Claims) jwt.getPayload()).getSubject()
}

12
impl/src/test/groovy/io/jsonwebtoken/impl/DefaultJwtParserTest.groovy
View File

@ -204,7 +204,7 @@ class DefaultJwtParserTest {
def header = b64Url(serialize(map))
String compact = header + '.doesntMatter.'
try {
Jwts.parser().enableUnsecured().build().parse(compact)
Jwts.parser().unsecured().build().parse(compact)
fail()
} catch (MalformedJwtException expected) {
String msg = String.format(DefaultJwtParser.CRIT_UNSECURED_MSG, map)
@ -218,7 +218,7 @@ class DefaultJwtParserTest {
def header = b64Url(serialize(map))
String compact = header + '.a.b'
try {
Jwts.parser().enableUnsecured().build().parse(compact)
Jwts.parser().unsecured().build().parse(compact)
fail()
} catch (MalformedJwtException expected) {
String msg = String.format(DefaultJwtParser.CRIT_MISSING_MSG, 'whatever', 'whatever', map)
@ -232,7 +232,7 @@ class DefaultJwtParserTest {
def header = b64Url(serialize(map))
String compact = header + '.a.b'
try {
Jwts.parser().enableUnsecured().build().parse(compact)
Jwts.parser().unsecured().build().parse(compact)
fail()
} catch (UnsupportedJwtException expected) {
String msg = String.format(DefaultJwtParser.CRIT_UNSUPPORTED_MSG, 'whatever', 'whatever', map)
@ -267,7 +267,7 @@ class DefaultJwtParserTest {
def s = Jwts.builder().expiration(exp).compact()
try {
Jwts.parser().enableUnsecured().clock(new FixedClock(later)).build().parseClaimsJwt(s)
Jwts.parser().unsecured().clock(new FixedClock(later)).build().parseClaimsJwt(s)
} catch (ExpiredJwtException expected) {
def exp8601 = DateFormats.formatIso8601(exp, true)
def later8601 = DateFormats.formatIso8601(later, true)
@ -286,7 +286,7 @@ class DefaultJwtParserTest {
def s = Jwts.builder().notBefore(nbf).compact()
try {
Jwts.parser().enableUnsecured().clock(new FixedClock(earlier)).build().parseClaimsJwt(s)
Jwts.parser().unsecured().clock(new FixedClock(earlier)).build().parseClaimsJwt(s)
} catch (PrematureJwtException expected) {
def nbf8601 = DateFormats.formatIso8601(nbf, true)
def earlier8601 = DateFormats.formatIso8601(earlier, true)
@ -301,7 +301,7 @@ class DefaultJwtParserTest {
def jwt = Encoders.BASE64URL.encode(Strings.utf8('{"alg":"none"}'))
jwt += ".F!3!#." // <-- invalid Base64URL payload
try {
Jwts.parser().enableUnsecured().build().parseClaimsJwt(jwt)
Jwts.parser().unsecured().build().parseClaimsJwt(jwt)
fail()
} catch (MalformedJwtException expected) {
String msg = 'Invalid Base64Url payload: <redacted>'

8
impl/src/test/groovy/io/jsonwebtoken/impl/DefaultJwtTest.groovy
View File

@ -30,7 +30,7 @@ class DefaultJwtTest {
@Test
void testToString() {
String compact = Jwts.builder().header().add('foo', 'bar').and().audience('jsmith').compact()
Jwt jwt = Jwts.parser().enableUnsecured().build().parseClaimsJwt(compact)
Jwt jwt = Jwts.parser().unsecured().build().parseClaimsJwt(compact)
assertEquals 'header={foo=bar, alg=none},payload={aud=[jsmith]}', jwt.toString()
}
@ -39,14 +39,14 @@ class DefaultJwtTest {
byte[] bytes = 'hello JJWT'.getBytes(StandardCharsets.UTF_8)
String encoded = Encoders.BASE64URL.encode(bytes)
String compact = Jwts.builder().header().add('foo', 'bar').and().content(bytes).compact()
Jwt jwt = Jwts.parser().enableUnsecured().build().parseContentJwt(compact)
Jwt jwt = Jwts.parser().unsecured().build().parseContentJwt(compact)
assertEquals "header={foo=bar, alg=none},payload=$encoded" as String, jwt.toString()
}
@Test
void testEqualsAndHashCode() {
String compact = Jwts.builder().claim('foo', 'bar').compact()
def parser = Jwts.parser().enableUnsecured().build()
def parser = Jwts.parser().unsecured().build()
def jwt1 = parser.parseClaimsJwt(compact)
def jwt2 = parser.parseClaimsJwt(compact)
assertNotEquals jwt1, 'hello' as String
@ -60,7 +60,7 @@ class DefaultJwtTest {
@Test
void testBodyAndPayloadSame() {
String compact = Jwts.builder().claim('foo', 'bar').compact()
def parser = Jwts.parser().enableUnsecured().build()
def parser = Jwts.parser().unsecured().build()
def jwt1 = parser.parseClaimsJwt(compact)
def jwt2 = parser.parseClaimsJwt(compact)
assertEquals jwt1.getBody(), jwt1.getPayload()

16
impl/src/test/groovy/io/jsonwebtoken/impl/DefaultMutableJweHeaderTest.groovy
View File

@ -257,9 +257,9 @@ class DefaultMutableJweHeaderTest {
* JwsHeader is created.
*/
@Test
void testX509CertificateChain() {
void testX509Chain() {
def chain = TestKeys.RS256.chain
assertSymmetry('x509CertificateChain', chain)
assertSymmetry('x509Chain', chain)
}
/**
@ -267,14 +267,14 @@ class DefaultMutableJweHeaderTest {
* JwsHeader is created.
*/
@Test
void testX509CertificateSha1Thumbprint() {
void testX509Sha1Thumbprint() {
def payload = new ByteArrayInputStream(TestKeys.RS256.cert.getEncoded())
def request = new DefaultRequest(payload, null, null)
def x5t = DefaultHashAlgorithm.SHA1.digest(request)
String encoded = Encoders.BASE64URL.encode(x5t)
header.x509CertificateSha1Thumbprint(x5t)
assertArrayEquals x5t, header.getX509CertificateSha1Thumbprint()
header.x509Sha1Thumbprint(x5t)
assertArrayEquals x5t, header.getX509Sha1Thumbprint()
assertEquals encoded, header.get('x5t')
}
@ -283,14 +283,14 @@ class DefaultMutableJweHeaderTest {
* JwsHeader is created.
*/
@Test
void testX509CertificateSha256Thumbprint() {
void testX509Sha256Thumbprint() {
def payload = new ByteArrayInputStream(TestKeys.RS256.cert.getEncoded())
def request = new DefaultRequest(payload, null, null)
def x5tS256 = Jwks.HASH.@SHA256.digest(request)
String encoded = Encoders.BASE64URL.encode(x5tS256)
header.x509CertificateSha256Thumbprint(x5tS256)
assertArrayEquals x5tS256, header.getX509CertificateSha256Thumbprint()
header.x509Sha256Thumbprint(x5tS256)
assertArrayEquals x5tS256, header.getX509Sha256Thumbprint()
assertEquals encoded, header.get('x5t#S256')
}

2
impl/src/test/groovy/io/jsonwebtoken/impl/compression/DeflateCompressionCodecTest.groovy
View File

@ -33,7 +33,7 @@ class DeflateCompressionCodecTest {
@Test
void testBackwardsCompatibility_0_10_6() {
final String jwtFrom0106 = 'eyJhbGciOiJub25lIiwiemlwIjoiREVGIn0.eNqqVsosLlayUspNVdJRKi5NAjJLi1OLgJzMxBIlK0sTMzMLEwsDAx2l1IoCJSsTQwMjExOQQC0AAAD__w.'
Jwts.parser().enableUnsecured().enableUnsecuredDecompression().build().parseClaimsJwt(jwtFrom0106) // no exception should be thrown
Jwts.parser().unsecured().unsecuredDecompression().build().parseClaimsJwt(jwtFrom0106) // no exception should be thrown
}
/**

18
impl/src/test/groovy/io/jsonwebtoken/impl/security/AbstractAsymmetricJwkBuilderTest.groovy
View File

@ -59,7 +59,7 @@ class AbstractAsymmetricJwkBuilderTest {
@Test
void testX509CertificateChain() {
assertEquals CHAIN, builder().x509CertificateChain(CHAIN).build().getX509CertificateChain()
assertEquals CHAIN, builder().x509Chain(CHAIN).build().getX509Chain()
}
@Test
@ -68,8 +68,8 @@ class AbstractAsymmetricJwkBuilderTest {
Request<byte[]> request = new DefaultRequest(payload, null, null)
def x5t = DefaultHashAlgorithm.SHA1.digest(request)
def encoded = Encoders.BASE64URL.encode(x5t)
def jwk = builder().x509CertificateSha1Thumbprint(x5t).build()
assertArrayEquals x5t, jwk.getX509CertificateSha1Thumbprint()
def jwk = builder().x509Sha1Thumbprint(x5t).build()
assertArrayEquals x5t, jwk.getX509Sha1Thumbprint()
assertEquals encoded, jwk.get(AbstractAsymmetricJwk.X5T.getId())
}
@ -79,8 +79,8 @@ class AbstractAsymmetricJwkBuilderTest {
Request<byte[]> request = new DefaultRequest(payload, null, null)
def x5t = DefaultHashAlgorithm.SHA1.digest(request)
def encoded = Encoders.BASE64URL.encode(x5t)
def jwk = builder().x509CertificateChain(CHAIN).withX509Sha1Thumbprint(true).build()
assertArrayEquals x5t, jwk.getX509CertificateSha1Thumbprint()
def jwk = builder().x509Chain(CHAIN).x509Sha1Thumbprint(true).build()
assertArrayEquals x5t, jwk.getX509Sha1Thumbprint()
assertEquals encoded, jwk.get(AbstractAsymmetricJwk.X5T.getId())
}
@ -90,8 +90,8 @@ class AbstractAsymmetricJwkBuilderTest {
Request<byte[]> request = new DefaultRequest(payload, null, null)
def x5tS256 = Jwks.HASH.SHA256.digest(request)
def encoded = Encoders.BASE64URL.encode(x5tS256)
def jwk = builder().x509CertificateSha256Thumbprint(x5tS256).build()
assertArrayEquals x5tS256, jwk.getX509CertificateSha256Thumbprint()
def jwk = builder().x509Sha256Thumbprint(x5tS256).build()
assertArrayEquals x5tS256, jwk.getX509Sha256Thumbprint()
assertEquals encoded, jwk.get(AbstractAsymmetricJwk.X5T_S256.getId())
}
@ -101,8 +101,8 @@ class AbstractAsymmetricJwkBuilderTest {
Request<InputStream> request = new DefaultRequest(payload, null, null)
def x5tS256 = Jwks.HASH.SHA256.digest(request)
def encoded = Encoders.BASE64URL.encode(x5tS256)
def jwk = builder().x509CertificateChain(CHAIN).withX509Sha256Thumbprint(true).build()
assertArrayEquals x5tS256, jwk.getX509CertificateSha256Thumbprint()
def jwk = builder().x509Chain(CHAIN).x509Sha256Thumbprint(true).build()
assertArrayEquals x5tS256, jwk.getX509Sha256Thumbprint()
assertEquals encoded, jwk.get(AbstractAsymmetricJwk.X5T_S256.getId())
}

12
impl/src/test/groovy/io/jsonwebtoken/impl/security/DefaultJwkContextTest.groovy
View File

@ -38,16 +38,16 @@ class DefaultJwkContextTest {
void testX509CertificateChain() {
def chain = TestKeys.RS256.chain
def ctx = new DefaultJwkContext()
ctx.x509CertificateChain(chain)
assertEquals chain, ctx.getX509CertificateChain()
ctx.x509Chain(chain)
assertEquals chain, ctx.getX509Chain()
}
@Test
void testX509CertificateSha1Thumbprint() {
def thumbprint = Bytes.randomBits(128)
def ctx = new DefaultJwkContext()
ctx.x509CertificateSha1Thumbprint(thumbprint)
assertArrayEquals thumbprint, ctx.getX509CertificateSha1Thumbprint()
ctx.x509Sha1Thumbprint(thumbprint)
assertArrayEquals thumbprint, ctx.getX509Sha1Thumbprint()
assertEquals Encoders.BASE64URL.encode(thumbprint), ctx.get('x5t')
}
@ -55,8 +55,8 @@ class DefaultJwkContextTest {
void testX509CertificateSha256Thumbprint() {
def thumbprint = Bytes.randomBits(256)
def ctx = new DefaultJwkContext()
ctx.x509CertificateSha256Thumbprint(thumbprint)
assertArrayEquals thumbprint, ctx.getX509CertificateSha256Thumbprint()
ctx.x509Sha256Thumbprint(thumbprint)
assertArrayEquals thumbprint, ctx.getX509Sha256Thumbprint()
assertEquals Encoders.BASE64URL.encode(thumbprint), ctx.get('x5t#S256')
}

4
impl/src/test/groovy/io/jsonwebtoken/impl/security/DefaultJwkParserBuilderTest.groovy
View File

@ -56,7 +56,7 @@ class DefaultJwkParserBuilderTest {
@Test
void testProvider() {
def provider = createMock(Provider)
Provider provider = createMock(Provider)
def parser = Jwks.parser().provider(provider).build() as ConvertingParser
assertSame provider, parser.converter.supplier.provider
}
@ -91,7 +91,7 @@ class DefaultJwkParserBuilderTest {
@Test
void testOperationPolicyOverride() {
def policy = Jwks.OP.policy().allowUnrelated(true).build()
def policy = Jwks.OP.policy().unrelated().build()
def parser = Jwks.parser().operationPolicy(policy).build()
assertNotNull parser.parse(UNRELATED_OPS_JSON) // no exception because policy allows it
}

2
impl/src/test/groovy/io/jsonwebtoken/impl/security/DefaultJwkSetBuilderTest.groovy
View File

@ -316,7 +316,7 @@ class DefaultJwkSetBuilderTest {
k : Encoders.BASE64URL.encode(key.getEncoded()),
key_ops: ['sign', 'encrypt'] // unrelated, but we'll allow next:
]
KeyOperationPolicy policy = Jwks.OP.policy().allowUnrelated(true).build()
KeyOperationPolicy policy = Jwks.OP.policy().unrelated().build()
def jwk = Jwks.builder().operationPolicy(policy).add(badMap).build()
builder.operationPolicy(policy)

2
impl/src/test/groovy/io/jsonwebtoken/impl/security/DefaultKeyOperationPolicyBuilderTest.groovy
View File

@ -80,7 +80,7 @@ class DefaultKeyOperationPolicyBuilderTest {
@Test
void testAllowUnrelatedTrue() { // testDefault has it false as expected
def foo = Jwks.OP.builder().id('foo').build()
def policy = builder.allowUnrelated(true).build()
def policy = builder.unrelated().build()
policy.validate([foo, Jwks.OP.SIGN]) // no exception thrown since unrelated == true
}

16
impl/src/test/groovy/io/jsonwebtoken/impl/security/JwksTest.groovy
View File

@ -51,7 +51,7 @@ class JwksTest {
static void testProperty(String name, String id, def val, def expectedFieldValue = val) {
String cap = "${name.capitalize()}"
def key = name == 'publicKeyUse' || name == 'x509CertificateChain' ? EC_PAIR.public : SKEY
def key = name == 'publicKeyUse' || name == 'x509Chain' ? EC_PAIR.public : SKEY
//test non-null value:
//noinspection GroovyAssignabilityCheck
@ -198,7 +198,7 @@ class JwksTest {
//get a test cert:
X509Certificate cert = TestKeys.forAlgorithm(Jwts.SIG.RS256).cert
def sval = JwtX509StringConverter.INSTANCE.applyTo(cert)
testProperty('x509CertificateChain', 'x5c', [cert], [sval])
testProperty('x509Chain', 'x5c', [cert], [sval])
}
@Test
@ -232,16 +232,16 @@ class JwksTest {
def builder = Jwks.builder().chain(Arrays.asList(cert))
if (number == 1) {
builder.withX509Sha1Thumbprint(true)
builder.x509Sha1Thumbprint(true)
} // otherwise, when a chain is present, a sha256 thumbprint is calculated automatically
def jwkFromKey = builder.build() as PublicJwk
byte[] thumbprint = jwkFromKey."getX509CertificateSha${number}Thumbprint"()
byte[] thumbprint = jwkFromKey."getX509Sha${number}Thumbprint"()
assertNotNull thumbprint
//ensure base64url encoding/decoding of the thumbprint works:
def jwkFromValues = Jwks.builder().add(jwkFromKey).build() as PublicJwk
assertArrayEquals thumbprint, jwkFromValues."getX509CertificateSha${number}Thumbprint"() as byte[]
assertArrayEquals thumbprint, jwkFromValues."getX509Sha${number}Thumbprint"() as byte[]
}
}
@ -455,7 +455,7 @@ class JwksTest {
ECPublicKey key = it.pair.public as ECPublicKey
def jwk = Jwks.builder().ecChain(it.chain).build()
assertEquals key, jwk.toKey()
assertEquals it.chain, jwk.getX509CertificateChain()
assertEquals it.chain, jwk.getX509Chain()
}
}
@ -465,7 +465,7 @@ class JwksTest {
RSAPublicKey key = it.pair.public as RSAPublicKey
def jwk = Jwks.builder().rsaChain(it.chain).build()
assertEquals key, jwk.toKey()
assertEquals it.chain, jwk.getX509CertificateChain()
assertEquals it.chain, jwk.getX509Chain()
}
}
@ -475,7 +475,7 @@ class JwksTest {
PublicKey key = it.pair.public
def jwk = Jwks.builder().octetChain(it.chain).build()
assertEquals key, jwk.toKey()
assertEquals it.chain, jwk.getX509CertificateChain()
assertEquals it.chain, jwk.getX509Chain()
}
}

2
impl/src/test/groovy/io/jsonwebtoken/impl/security/RFC7517AppendixBTest.groovy
View File

@ -75,7 +75,7 @@ class RFC7517AppendixBTest {
assertEquals m.kid, jwk.getId()
assertEquals m.n, Converters.BIGINT.applyTo(key.getModulus())
assertEquals m.e, Converters.BIGINT.applyTo(key.getPublicExponent())
def chain = jwk.getX509CertificateChain()
def chain = jwk.getX509Chain()
assertNotNull chain
assertFalse chain.isEmpty()
assertEquals 1, chain.size()