mirror of https://github.com/jwtk/jjwt.git
UnsupportedKeyException changes (#826)
* Changed usages of UnsupportedKeyException to only those where a given key is actually not understood. Cases where the key is not valid for the current use case was changed to throw InvalidKeyException instead to better indicate validation failure. * Changed superclass of UnsupportedKeyException to KeyException instead of InvalidKeyException (unsupported means 'I don't know what this key is', whereas InvalidKeyExceptions mean 'the key failed validation'). An unsupported key is not necessarily invalid, it just means we don't know how to handle it.
This commit is contained in:
parent
b55f26175c
commit
d0d80fe849
|
@ -20,7 +20,7 @@ package io.jsonwebtoken.security;
|
|||
*
|
||||
* @since JJWT_RELEASE_VERSION
|
||||
*/
|
||||
public class UnsupportedKeyException extends InvalidKeyException {
|
||||
public class UnsupportedKeyException extends KeyException {
|
||||
|
||||
/**
|
||||
* Creates a new instance with the specified explanation message.
|
||||
|
|
|
@ -32,10 +32,10 @@ import io.jsonwebtoken.io.Deserializer;
|
|||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.lang.Collections;
|
||||
import io.jsonwebtoken.security.AeadAlgorithm;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
import io.jsonwebtoken.security.KeyAlgorithm;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
import io.jsonwebtoken.security.SecureDigestAlgorithm;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
|
||||
import javax.crypto.SecretKey;
|
||||
import java.security.Key;
|
||||
|
@ -237,7 +237,7 @@ public class DefaultJwtParserBuilder implements JwtParserBuilder {
|
|||
}
|
||||
String msg = "JWS verification key must be either a SecretKey (for MAC algorithms) or a PublicKey " +
|
||||
"(for Signature algorithms).";
|
||||
throw new UnsupportedKeyException(msg);
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -80,8 +80,7 @@ public class DefaultDynamicJwkBuilder<K extends Key, J extends Jwk<K>>
|
|||
}
|
||||
|
||||
private static UnsupportedKeyException unsupportedKey(Key key, Exception e) {
|
||||
String msg = "There is no builder that supports specified key of type " +
|
||||
key.getClass().getName() + " with algorithm '" + key.getAlgorithm() + "'.";
|
||||
String msg = "There is no builder that supports specified key [" + KeysBridge.toString(key) + "].";
|
||||
return new UnsupportedKeyException(msg, e);
|
||||
}
|
||||
|
||||
|
|
|
@ -20,11 +20,11 @@ import io.jsonwebtoken.impl.lang.CheckedFunction;
|
|||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.lang.Collections;
|
||||
import io.jsonwebtoken.lang.Strings;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
import io.jsonwebtoken.security.MacAlgorithm;
|
||||
import io.jsonwebtoken.security.Password;
|
||||
import io.jsonwebtoken.security.SecretKeyBuilder;
|
||||
import io.jsonwebtoken.security.SecureRequest;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
import io.jsonwebtoken.security.VerifySecureDigestRequest;
|
||||
import io.jsonwebtoken.security.WeakKeyException;
|
||||
|
||||
|
@ -131,7 +131,7 @@ final class DefaultMacAlgorithm extends AbstractSecureDigestAlgorithm<SecretKey,
|
|||
String name = key.getAlgorithm();
|
||||
if (!Strings.hasText(name)) {
|
||||
String msg = "The " + keyType(signing) + " key's algorithm cannot be null or empty.";
|
||||
throw new UnsupportedKeyException(msg);
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
|
||||
// We can ignore PKCS11 key name assertions for two reasons:
|
||||
|
@ -141,7 +141,7 @@ final class DefaultMacAlgorithm extends AbstractSecureDigestAlgorithm<SecretKey,
|
|||
|
||||
//assert key's jca name is valid if it's a JWA standard algorithm:
|
||||
if (!pkcs11Key && isJwaStandard() && !isJwaStandardJcaName(name)) {
|
||||
throw new UnsupportedKeyException("The " + keyType(signing) + " key's algorithm '" + name +
|
||||
throw new InvalidKeyException("The " + keyType(signing) + " key's algorithm '" + name +
|
||||
"' does not equal a valid HmacSHA* algorithm name or PKCS12 OID and cannot be used with " +
|
||||
getId() + ".");
|
||||
}
|
||||
|
@ -151,7 +151,6 @@ final class DefaultMacAlgorithm extends AbstractSecureDigestAlgorithm<SecretKey,
|
|||
protected void validateKey(Key k, boolean signing) {
|
||||
|
||||
final String keyType = keyType(signing);
|
||||
|
||||
if (k == null) {
|
||||
throw new IllegalArgumentException("MAC " + keyType + " key cannot be null.");
|
||||
}
|
||||
|
@ -159,12 +158,12 @@ final class DefaultMacAlgorithm extends AbstractSecureDigestAlgorithm<SecretKey,
|
|||
if (!(k instanceof SecretKey)) {
|
||||
String msg = "MAC " + keyType + " keys must be SecretKey instances. Specified key is of type " +
|
||||
k.getClass().getName();
|
||||
throw new UnsupportedKeyException(msg);
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
|
||||
if (k instanceof Password) {
|
||||
String msg = "Passwords are intended for use with key derivation algorithms only.";
|
||||
throw new UnsupportedKeyException(msg);
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
|
||||
final SecretKey key = (SecretKey) k;
|
||||
|
|
|
@ -18,11 +18,11 @@ package io.jsonwebtoken.impl.security;
|
|||
import io.jsonwebtoken.impl.lang.CheckedFunction;
|
||||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.security.DecryptionKeyRequest;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
import io.jsonwebtoken.security.KeyAlgorithm;
|
||||
import io.jsonwebtoken.security.KeyRequest;
|
||||
import io.jsonwebtoken.security.KeyResult;
|
||||
import io.jsonwebtoken.security.SecurityException;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
import io.jsonwebtoken.security.WeakKeyException;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
|
@ -57,13 +57,13 @@ public class DefaultRsaKeyAlgorithm extends CryptoAlgorithm implements KeyAlgori
|
|||
protected void validate(Key key, boolean encryption) { // true = encryption, false = decryption
|
||||
|
||||
if (!RsaSignatureAlgorithm.isRsaAlgorithmName(key)) {
|
||||
throw new UnsupportedKeyException("Unsupported RSA key algorithm name.");
|
||||
throw new InvalidKeyException("Invalid RSA key algorithm name.");
|
||||
}
|
||||
|
||||
if (RsaSignatureAlgorithm.isPss(key)) {
|
||||
String msg = "RSASSA-PSS keys may not be used for " + keyType(encryption) +
|
||||
", only digital signature algorithms.";
|
||||
throw new UnsupportedKeyException(msg);
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
|
||||
int size = KeysBridge.findBitLength(key);
|
||||
|
|
|
@ -22,7 +22,7 @@ import io.jsonwebtoken.lang.Assert;
|
|||
import io.jsonwebtoken.lang.Strings;
|
||||
import io.jsonwebtoken.security.EcPrivateJwk;
|
||||
import io.jsonwebtoken.security.EcPublicJwk;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import java.security.KeyFactory;
|
||||
|
@ -63,7 +63,7 @@ class EcPrivateJwkFactory extends AbstractEcJwkFactory<ECPrivateKey, EcPrivateJw
|
|||
return derivePublic(kf, spec);
|
||||
} catch (Exception e) {
|
||||
String msg = "Unable to derive ECPublicKey from ECPrivateKey: " + e.getMessage();
|
||||
throw new UnsupportedKeyException(msg, e);
|
||||
throw new InvalidKeyException(msg, e);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
|
|
@ -21,7 +21,6 @@ import io.jsonwebtoken.impl.lang.RequiredFieldReader;
|
|||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.security.EcPublicJwk;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import java.security.KeyFactory;
|
||||
|
@ -60,7 +59,7 @@ class EcPublicJwkFactory extends AbstractEcJwkFactory<ECPublicKey, EcPublicJwk>
|
|||
protected static String getJwaIdByCurve(EllipticCurve curve) {
|
||||
ECCurve c = ECCurve.findByJcaCurve(curve);
|
||||
if (c == null) {
|
||||
throw new UnsupportedKeyException(UNSUPPORTED_CURVE_MSG);
|
||||
throw new InvalidKeyException(UNSUPPORTED_CURVE_MSG);
|
||||
}
|
||||
return c.getId();
|
||||
}
|
||||
|
|
|
@ -26,7 +26,6 @@ import io.jsonwebtoken.security.KeyPairBuilder;
|
|||
import io.jsonwebtoken.security.SecureRequest;
|
||||
import io.jsonwebtoken.security.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.security.SignatureException;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
import io.jsonwebtoken.security.VerifySecureDigestRequest;
|
||||
|
||||
import java.math.BigInteger;
|
||||
|
@ -144,7 +143,7 @@ final class EcSignatureAlgorithm extends AbstractSignatureAlgorithm {
|
|||
protected void validateKey(Key key, boolean signing) {
|
||||
super.validateKey(key, signing);
|
||||
if (!KEY_ALG_NAMES.contains(KeysBridge.findAlgorithm(key))) {
|
||||
throw new UnsupportedKeyException("Unsupported EC key algorithm name.");
|
||||
throw new InvalidKeyException("Unrecognized EC key algorithm name.");
|
||||
}
|
||||
int size = KeysBridge.findBitLength(key);
|
||||
if (size < 0) return; // likely PKCS11 or HSM key, can't get the data we need
|
||||
|
|
|
@ -39,7 +39,6 @@ import io.jsonwebtoken.security.PublicJwk;
|
|||
import io.jsonwebtoken.security.Request;
|
||||
import io.jsonwebtoken.security.SecureRequest;
|
||||
import io.jsonwebtoken.security.SecurityException;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
|
||||
import javax.crypto.KeyAgreement;
|
||||
import javax.crypto.SecretKey;
|
||||
|
@ -158,12 +157,12 @@ class EcdhKeyAlgorithm extends CryptoAlgorithm implements KeyAlgorithm<PublicKey
|
|||
String type = key instanceof PublicKey ? "encryption " : "decryption ";
|
||||
String msg = "Unable to determine JWA-standard Elliptic Curve for " + type + "key [" +
|
||||
KeysBridge.toString(key) + "]";
|
||||
throw new UnsupportedKeyException(msg);
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
if (curve instanceof EdwardsCurve && ((EdwardsCurve) curve).isSignatureCurve()) {
|
||||
String msg = curve.getId() + " keys may not be used with ECDH-ES key agreement algorithms per " +
|
||||
"https://www.rfc-editor.org/rfc/rfc8037#section-3.1";
|
||||
throw new UnsupportedKeyException(msg);
|
||||
"https://www.rfc-editor.org/rfc/rfc8037#section-3.1.";
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
return Assert.isInstanceOf(AbstractCurve.class, curve, "AbstractCurve instance expected.");
|
||||
}
|
||||
|
@ -213,9 +212,9 @@ class EcdhKeyAlgorithm extends CryptoAlgorithm implements KeyAlgorithm<PublicKey
|
|||
Assert.stateNotNull(curve, "Internal implementation state: Curve cannot be null.");
|
||||
Class<?> epkClass = curve instanceof ECCurve ? EcPublicJwk.class : OctetPublicJwk.class;
|
||||
if (!epkClass.isInstance(epk)) {
|
||||
String msg = "JWE Header " + DefaultJweHeader.EPK + " value is not a supported Elliptic Curve " +
|
||||
String msg = "JWE Header " + DefaultJweHeader.EPK + " value is not an Elliptic Curve " +
|
||||
"Public JWK. Value: " + epk;
|
||||
throw new UnsupportedKeyException(msg);
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
if (!curve.contains(epk.toKey())) {
|
||||
String msg = "JWE Header " + DefaultJweHeader.EPK + " value does not represent " +
|
||||
|
|
|
@ -16,10 +16,10 @@
|
|||
package io.jsonwebtoken.impl.security;
|
||||
|
||||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
import io.jsonwebtoken.security.KeyPairBuilder;
|
||||
import io.jsonwebtoken.security.Request;
|
||||
import io.jsonwebtoken.security.SecureRequest;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
import io.jsonwebtoken.security.VerifyDigestRequest;
|
||||
|
||||
import java.security.Key;
|
||||
|
@ -71,7 +71,7 @@ final class EdSignatureAlgorithm extends AbstractSignatureAlgorithm {
|
|||
if (!curve.isSignatureCurve()) {
|
||||
String msg = curve.getId() + " keys may not be used with " + getId() + " digital signatures per " +
|
||||
"https://www.rfc-editor.org/rfc/rfc8037.html#section-3.2";
|
||||
throw new UnsupportedKeyException(msg);
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -24,7 +24,6 @@ import io.jsonwebtoken.security.InvalidKeyException;
|
|||
import io.jsonwebtoken.security.KeyException;
|
||||
import io.jsonwebtoken.security.KeyLengthSupplier;
|
||||
import io.jsonwebtoken.security.KeyPairBuilder;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
|
||||
import java.security.Key;
|
||||
import java.security.PrivateKey;
|
||||
|
@ -365,9 +364,8 @@ public class EdwardsCurve extends AbstractCurve implements KeyLengthSupplier {
|
|||
Assert.notNull(key, "Key cannot be null.");
|
||||
EdwardsCurve curve = findByKey(key);
|
||||
if (curve == null) {
|
||||
String msg = key.getClass().getName() + " with algorithm '" + key.getAlgorithm() +
|
||||
"' is not a recognized Edwards Curve key.";
|
||||
throw new UnsupportedKeyException(msg);
|
||||
String msg = "Unrecognized Edwards Curve key: [" + KeysBridge.toString(key) + "]";
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
//TODO: assert key exists on discovered curve via equation
|
||||
return curve;
|
||||
|
|
|
@ -17,7 +17,7 @@ package io.jsonwebtoken.impl.security;
|
|||
|
||||
import io.jsonwebtoken.impl.lang.Function;
|
||||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
|
||||
import java.security.KeyPair;
|
||||
import java.security.PrivateKey;
|
||||
|
@ -41,7 +41,7 @@ final class EdwardsPublicKeyDeriver implements Function<PrivateKey, PublicKey> {
|
|||
EdwardsCurve curve = EdwardsCurve.findByKey(privateKey);
|
||||
if (curve == null) {
|
||||
String msg = "Unable to derive Edwards-curve PublicKey for specified PrivateKey: " + KeysBridge.toString(privateKey);
|
||||
throw new UnsupportedKeyException(msg);
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
|
||||
byte[] pkBytes = curve.getKeyMaterial(privateKey);
|
||||
|
|
|
@ -19,11 +19,11 @@ import io.jsonwebtoken.impl.lang.Bytes;
|
|||
import io.jsonwebtoken.impl.lang.OptionalMethodInvoker;
|
||||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.lang.Strings;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
import io.jsonwebtoken.security.KeySupplier;
|
||||
import io.jsonwebtoken.security.Password;
|
||||
import io.jsonwebtoken.security.PrivateKeyBuilder;
|
||||
import io.jsonwebtoken.security.SecretKeyBuilder;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
|
||||
import javax.crypto.SecretKey;
|
||||
import java.security.Key;
|
||||
|
@ -136,10 +136,17 @@ public final class KeysBridge {
|
|||
|
||||
public static byte[] getEncoded(Key key) {
|
||||
Assert.notNull(key, "Key cannot be null.");
|
||||
byte[] encoded = findEncoded(key);
|
||||
byte[] encoded;
|
||||
try {
|
||||
encoded = key.getEncoded();
|
||||
} catch (Throwable t) {
|
||||
String msg = "Cannot obtain required encoded bytes from key [" + KeysBridge.toString(key) + "]: " +
|
||||
t.getMessage();
|
||||
throw new InvalidKeyException(msg, t);
|
||||
}
|
||||
if (Bytes.isEmpty(encoded)) {
|
||||
String msg = key.getClass().getName() + " encoded bytes cannot be null or empty.";
|
||||
throw new UnsupportedKeyException(msg);
|
||||
String msg = "Missing required encoded bytes for key [" + toString(key) + "].";
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
return encoded;
|
||||
}
|
||||
|
|
|
@ -34,7 +34,7 @@ public abstract class OctetJwkFactory<K extends Key, J extends Jwk<K>> extends A
|
|||
return super.supports(key) && EdwardsCurve.isEdwards(key);
|
||||
}
|
||||
|
||||
protected EdwardsCurve getCurve(final FieldReadable reader) throws UnsupportedKeyException {
|
||||
protected static EdwardsCurve getCurve(final FieldReadable reader) throws UnsupportedKeyException {
|
||||
Field<String> field = DefaultOctetPublicJwk.CRV;
|
||||
String crvId = reader.get(field);
|
||||
EdwardsCurve curve = EdwardsCurve.findById(crvId);
|
||||
|
|
|
@ -23,6 +23,7 @@ import io.jsonwebtoken.lang.Arrays;
|
|||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.lang.Collections;
|
||||
import io.jsonwebtoken.lang.Strings;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
import io.jsonwebtoken.security.RsaPrivateJwk;
|
||||
import io.jsonwebtoken.security.RsaPublicJwk;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
|
@ -53,6 +54,13 @@ class RsaPrivateJwkFactory extends AbstractFamilyJwkFactory<RSAPrivateKey, RsaPr
|
|||
);
|
||||
|
||||
private static final String PUBKEY_ERR_MSG = "JwkContext publicKey must be an " + RSAPublicKey.class.getName() + " instance.";
|
||||
private static final String PUB_EXPONENT_EX_MSG =
|
||||
"Unable to derive RSAPublicKey from RSAPrivateKey [%s]. Supported keys implement the " +
|
||||
RSAPrivateCrtKey.class.getName() + " or " + RSAMultiPrimePrivateCrtKey.class.getName() +
|
||||
" interfaces. If the specified RSAPrivateKey cannot be one of these two, you must explicitly " +
|
||||
"provide an RSAPublicKey in addition to the RSAPrivateKey, as the " +
|
||||
"[JWA RFC, Section 6.3.2](https://www.rfc-editor.org/rfc/rfc7518.html#section-6.3.2) " +
|
||||
"requires public values to be present in private RSA JWKs.";
|
||||
|
||||
RsaPrivateJwkFactory() {
|
||||
super(DefaultRsaPublicJwk.TYPE_VALUE, RSAPrivateKey.class, DefaultRsaPrivateJwk.FIELDS);
|
||||
|
@ -70,13 +78,7 @@ class RsaPrivateJwkFactory extends AbstractFamilyJwkFactory<RSAPrivateKey, RsaPr
|
|||
return ((RSAMultiPrimePrivateCrtKey) key).getPublicExponent();
|
||||
}
|
||||
|
||||
String msg = "Unable to derive RSAPublicKey from RSAPrivateKey implementation [" +
|
||||
key.getClass().getName() + "]. Supported keys implement the " +
|
||||
RSAPrivateCrtKey.class.getName() + " or " + RSAMultiPrimePrivateCrtKey.class.getName() +
|
||||
" interfaces. If the specified RSAPrivateKey cannot be one of these two, you must explicitly " +
|
||||
"provide an RSAPublicKey in addition to the RSAPrivateKey, as the " +
|
||||
"[JWA RFC, Section 6.3.2](https://www.rfc-editor.org/rfc/rfc7518.html#section-6.3.2) " +
|
||||
"requires public values to be present in private RSA JWKs.";
|
||||
String msg = String.format(PUB_EXPONENT_EX_MSG, KeysBridge.toString(key));
|
||||
throw new UnsupportedKeyException(msg);
|
||||
}
|
||||
|
||||
|
@ -91,9 +93,8 @@ class RsaPrivateJwkFactory extends AbstractFamilyJwkFactory<RSAPrivateKey, RsaPr
|
|||
try {
|
||||
return (RSAPublicKey) kf.generatePublic(spec);
|
||||
} catch (Exception e) {
|
||||
String msg = "Unable to derive RSAPublicKey from RSAPrivateKey " + ctx +
|
||||
". Cause: " + e.getMessage();
|
||||
throw new UnsupportedKeyException(msg);
|
||||
String msg = "Unable to derive RSAPublicKey from RSAPrivateKey " + ctx + ". Cause: " + e.getMessage();
|
||||
throw new InvalidKeyException(msg);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
|
|
@ -19,10 +19,10 @@ import io.jsonwebtoken.impl.lang.CheckedFunction;
|
|||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.lang.Collections;
|
||||
import io.jsonwebtoken.lang.Strings;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
import io.jsonwebtoken.security.KeyPairBuilder;
|
||||
import io.jsonwebtoken.security.SecureRequest;
|
||||
import io.jsonwebtoken.security.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
import io.jsonwebtoken.security.VerifySecureDigestRequest;
|
||||
import io.jsonwebtoken.security.WeakKeyException;
|
||||
|
||||
|
@ -180,7 +180,7 @@ final class RsaSignatureAlgorithm extends AbstractSignatureAlgorithm {
|
|||
protected void validateKey(Key key, boolean signing) {
|
||||
super.validateKey(key, signing);
|
||||
if (!isRsaAlgorithmName(key)) {
|
||||
throw new UnsupportedKeyException("Unsupported RSA or RSASSA-PSS key algorithm name.");
|
||||
throw new InvalidKeyException("Unrecognized RSA or RSASSA-PSS key algorithm name.");
|
||||
}
|
||||
int size = KeysBridge.findBitLength(key);
|
||||
if (size < 0) return; // https://github.com/jwtk/jjwt/issues/68
|
||||
|
|
|
@ -20,14 +20,13 @@ import io.jsonwebtoken.impl.lang.Bytes;
|
|||
import io.jsonwebtoken.impl.lang.FieldReadable;
|
||||
import io.jsonwebtoken.impl.lang.RequiredFieldReader;
|
||||
import io.jsonwebtoken.io.Encoders;
|
||||
import io.jsonwebtoken.lang.Arrays;
|
||||
import io.jsonwebtoken.lang.Assert;
|
||||
import io.jsonwebtoken.lang.Strings;
|
||||
import io.jsonwebtoken.security.InvalidKeyException;
|
||||
import io.jsonwebtoken.security.MacAlgorithm;
|
||||
import io.jsonwebtoken.security.MalformedKeyException;
|
||||
import io.jsonwebtoken.security.SecretJwk;
|
||||
import io.jsonwebtoken.security.SecureDigestAlgorithm;
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException;
|
||||
|
||||
import javax.crypto.SecretKey;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
@ -37,42 +36,21 @@ import javax.crypto.spec.SecretKeySpec;
|
|||
*/
|
||||
class SecretJwkFactory extends AbstractFamilyJwkFactory<SecretKey, SecretJwk> {
|
||||
|
||||
private static final String ENCODED_UNAVAILABLE_MSG = "SecretKey argument does not have any encoded bytes, or " +
|
||||
"the key's backing JCA Provider is preventing key.getEncoded() from returning any bytes. It is not " +
|
||||
"possible to represent the SecretKey instance as a JWK.";
|
||||
|
||||
SecretJwkFactory() {
|
||||
super(DefaultSecretJwk.TYPE_VALUE, SecretKey.class, DefaultSecretJwk.FIELDS);
|
||||
}
|
||||
|
||||
static byte[] getRequiredEncoded(SecretKey key) {
|
||||
Assert.notNull(key, "SecretKey argument cannot be null.");
|
||||
byte[] encoded = null;
|
||||
Exception cause = null;
|
||||
try {
|
||||
encoded = key.getEncoded();
|
||||
} catch (Exception e) {
|
||||
cause = e;
|
||||
}
|
||||
|
||||
if (Arrays.length(encoded) == 0) {
|
||||
throw new IllegalArgumentException(ENCODED_UNAVAILABLE_MSG, cause);
|
||||
}
|
||||
|
||||
return encoded;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected SecretJwk createJwkFromKey(JwkContext<SecretKey> ctx) {
|
||||
SecretKey key = Assert.notNull(ctx.getKey(), "JwkContext key cannot be null.");
|
||||
String k;
|
||||
try {
|
||||
byte[] encoded = getRequiredEncoded(key);
|
||||
byte[] encoded = KeysBridge.getEncoded(key);
|
||||
k = Encoders.BASE64URL.encode(encoded);
|
||||
Assert.hasText(k, "k value cannot be null or empty.");
|
||||
} catch (Exception e) {
|
||||
String msg = "Unable to encode SecretKey to JWK: " + e.getMessage();
|
||||
throw new UnsupportedKeyException(msg, e);
|
||||
} catch (Throwable t) {
|
||||
String msg = "Unable to encode SecretKey to JWK: " + t.getMessage();
|
||||
throw new InvalidKeyException(msg, t);
|
||||
}
|
||||
|
||||
ctx.put(DefaultSecretJwk.K.getId(), k);
|
||||
|
|
|
@ -1509,10 +1509,10 @@ class JwtsTest {
|
|||
try {
|
||||
encrypt(pubKey, alg, enc)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
} catch (InvalidKeyException expected) {
|
||||
String id = EdwardsCurve.forKey(pubKey).getId()
|
||||
String msg = id + " keys may not be used with ECDH-ES key " +
|
||||
"agreement algorithms per https://www.rfc-editor.org/rfc/rfc8037#section-3.1"
|
||||
"agreement algorithms per https://www.rfc-editor.org/rfc/rfc8037#section-3.1."
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
}
|
||||
|
@ -1544,10 +1544,10 @@ class JwtsTest {
|
|||
try {
|
||||
decrypt(jwe, key) // invalid signing key
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
} catch (InvalidKeyException expected) {
|
||||
String id = EdwardsCurve.forKey(key).getId()
|
||||
String msg = id + " keys may not be used with ECDH-ES key " +
|
||||
"agreement algorithms per https://www.rfc-editor.org/rfc/rfc8037#section-3.1"
|
||||
"agreement algorithms per https://www.rfc-editor.org/rfc/rfc8037#section-3.1."
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
}
|
||||
|
|
|
@ -362,7 +362,7 @@ class DefaultJwtParserBuilderTest {
|
|||
try {
|
||||
builder.setSigningKey(TestKeys.RS256.pair.private)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException e) {
|
||||
} catch (InvalidKeyException e) {
|
||||
String msg = 'JWS verification key must be either a SecretKey (for MAC algorithms) or a PublicKey (for Signature algorithms).'
|
||||
assertEquals msg, e.getMessage()
|
||||
}
|
||||
|
|
|
@ -64,7 +64,7 @@ class DefaultMacAlgorithmTest {
|
|||
}
|
||||
try {
|
||||
newAlg().digest(request(password))
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
} catch (InvalidKeyException expected) {
|
||||
String msg = 'Passwords are intended for use with key derivation algorithms only.'
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
|
@ -89,7 +89,7 @@ class DefaultMacAlgorithmTest {
|
|||
|
||||
try {
|
||||
newAlg().digest(request(password))
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
} catch (InvalidKeyException expected) {
|
||||
String msg = 'Passwords are intended for use with key derivation algorithms only.'
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
package io.jsonwebtoken.impl.security
|
||||
|
||||
import io.jsonwebtoken.Jwts
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException
|
||||
import io.jsonwebtoken.security.InvalidKeyException
|
||||
import io.jsonwebtoken.security.WeakKeyException
|
||||
import org.junit.Test
|
||||
|
||||
|
@ -37,13 +37,13 @@ class DefaultRsaKeyAlgorithmTest {
|
|||
for (DefaultRsaKeyAlgorithm alg : algs) {
|
||||
try {
|
||||
alg.validate(key, true)
|
||||
} catch (UnsupportedKeyException e) {
|
||||
assertEquals 'Unsupported RSA key algorithm name.', e.getMessage()
|
||||
} catch (InvalidKeyException e) {
|
||||
assertEquals 'Invalid RSA key algorithm name.', e.getMessage()
|
||||
}
|
||||
try {
|
||||
alg.validate(key, false)
|
||||
} catch (UnsupportedKeyException e) {
|
||||
assertEquals 'Unsupported RSA key algorithm name.', e.getMessage()
|
||||
} catch (InvalidKeyException e) {
|
||||
assertEquals 'Invalid RSA key algorithm name.', e.getMessage()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -65,7 +65,7 @@ class DefaultRsaKeyAlgorithmTest {
|
|||
replay(key)
|
||||
try {
|
||||
alg.validate(key, true)
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
} catch (InvalidKeyException expected) {
|
||||
String msg = 'RSASSA-PSS keys may not be used for encryption, only digital signature algorithms.'
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
|
@ -81,7 +81,7 @@ class DefaultRsaKeyAlgorithmTest {
|
|||
replay(key)
|
||||
try {
|
||||
alg.validate(key, true)
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
} catch (InvalidKeyException expected) {
|
||||
String msg = 'RSASSA-PSS keys may not be used for encryption, only digital signature algorithms.'
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
|
|
|
@ -16,8 +16,8 @@
|
|||
package io.jsonwebtoken.impl.security
|
||||
|
||||
import io.jsonwebtoken.Jwts
|
||||
import io.jsonwebtoken.security.InvalidKeyException
|
||||
import io.jsonwebtoken.security.MalformedKeyException
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException
|
||||
import org.junit.Test
|
||||
|
||||
import java.security.KeyFactory
|
||||
|
@ -66,7 +66,7 @@ class EcPrivateJwkFactoryTest {
|
|||
try {
|
||||
factory.derivePublic(context)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
} catch (InvalidKeyException expected) {
|
||||
String msg = 'Unable to derive ECPublicKey from ECPrivateKey: invalid'
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
|
|
|
@ -18,7 +18,6 @@ package io.jsonwebtoken.impl.security
|
|||
import io.jsonwebtoken.security.InvalidKeyException
|
||||
import io.jsonwebtoken.security.Jwks
|
||||
import io.jsonwebtoken.security.MalformedKeyException
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException
|
||||
import org.junit.Test
|
||||
|
||||
import java.security.spec.EllipticCurve
|
||||
|
@ -82,7 +81,7 @@ class EcPublicJwkFactoryTest {
|
|||
try {
|
||||
EcPublicJwkFactory.getJwaIdByCurve(curve)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException e) {
|
||||
} catch (InvalidKeyException e) {
|
||||
assertEquals EcPublicJwkFactory.UNSUPPORTED_CURVE_MSG, e.getMessage()
|
||||
}
|
||||
}
|
||||
|
|
|
@ -89,8 +89,8 @@ class EcSignatureAlgorithmTest {
|
|||
algs().each {
|
||||
try {
|
||||
it.validateKey(key, false)
|
||||
} catch (Exception e) {
|
||||
String msg = 'Unsupported EC key algorithm name.'
|
||||
} catch (InvalidKeyException e) {
|
||||
String msg = 'Unrecognized EC key algorithm name.'
|
||||
assertEquals msg, e.getMessage()
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,6 @@ import io.jsonwebtoken.impl.DefaultMutableJweHeader
|
|||
import io.jsonwebtoken.security.DecryptionKeyRequest
|
||||
import io.jsonwebtoken.security.InvalidKeyException
|
||||
import io.jsonwebtoken.security.Jwks
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException
|
||||
import org.junit.Test
|
||||
|
||||
import java.security.PrivateKey
|
||||
|
@ -125,9 +124,8 @@ class EcdhKeyAlgorithmTest {
|
|||
try {
|
||||
alg.getEncryptionKey(request)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
String msg = "Unable to determine JWA-standard Elliptic Curve for encryption key " +
|
||||
"[${KeysBridge.toString(encKey)}]"
|
||||
} catch (InvalidKeyException expected) {
|
||||
String msg = "Unable to determine JWA-standard Elliptic Curve for encryption key [${KeysBridge.toString(encKey)}]"
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
}
|
||||
|
@ -142,7 +140,7 @@ class EcdhKeyAlgorithmTest {
|
|||
try {
|
||||
alg.getDecryptionKey(request)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
} catch (InvalidKeyException expected) {
|
||||
String msg = "Unable to determine JWA-standard Elliptic Curve for decryption key [${KeysBridge.toString(key)}]"
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
|
@ -173,12 +171,8 @@ class EcdhKeyAlgorithmTest {
|
|||
try {
|
||||
alg.getDecryptionKey(request)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
String msg = 'JWE Header \'epk\' (Ephemeral Public Key) value is not a supported Elliptic Curve Public ' +
|
||||
'JWK. Value: {kty=RSA, n=vPYf1VSy58i6ic93goenzF5UO9oLxyiTSF64lGFUJ6_MBDydAvY9PS76ymvhUcSrsDUHgb' +
|
||||
'0arsp6MDXOfZxYHn2C7o39n8-bQ7yS4hQm6kkl8KB5OiOkJFkFjEHrwnqykXygx1VFpcVpbBvxDn640ODEScWyoUUPd4sO' +
|
||||
'K-esTt4D9-q0PXsXzfRT4eOrnpXHJTan_KK_a-UYmfWPr-xIEPUxnLPCD68mIHoSPAaJiv37SkAWHJ9-fm_DfnYTwTi0rx' +
|
||||
'e2FRQ1-vkOxe6C2-n1ebsqCZPKr0J_2MfwqP0raxLfyGicxM5ee5RSTTRMCA4UyX5dubZvh2pLoaS8PCZajw, e=AQAB}'
|
||||
} catch (InvalidKeyException expected) {
|
||||
String msg = "JWE Header ${DefaultJweHeader.EPK} value is not an Elliptic Curve Public JWK. Value: ${jwk.toString()}"
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
}
|
||||
|
@ -193,12 +187,8 @@ class EcdhKeyAlgorithmTest {
|
|||
try {
|
||||
alg.getDecryptionKey(request)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
String msg = 'JWE Header \'epk\' (Ephemeral Public Key) value is not a supported Elliptic Curve Public ' +
|
||||
'JWK. Value: {kty=RSA, n=vPYf1VSy58i6ic93goenzF5UO9oLxyiTSF64lGFUJ6_MBDydAvY9PS76ymvhUcSrsDUHgb' +
|
||||
'0arsp6MDXOfZxYHn2C7o39n8-bQ7yS4hQm6kkl8KB5OiOkJFkFjEHrwnqykXygx1VFpcVpbBvxDn640ODEScWyoUUPd4sO' +
|
||||
'K-esTt4D9-q0PXsXzfRT4eOrnpXHJTan_KK_a-UYmfWPr-xIEPUxnLPCD68mIHoSPAaJiv37SkAWHJ9-fm_DfnYTwTi0rx' +
|
||||
'e2FRQ1-vkOxe6C2-n1ebsqCZPKr0J_2MfwqP0raxLfyGicxM5ee5RSTTRMCA4UyX5dubZvh2pLoaS8PCZajw, e=AQAB}'
|
||||
} catch (InvalidKeyException expected) {
|
||||
String msg = "JWE Header ${DefaultJweHeader.EPK} value is not an Elliptic Curve Public JWK. Value: ${jwk.toString()}"
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
}
|
||||
|
@ -227,7 +217,7 @@ class EcdhKeyAlgorithmTest {
|
|||
try {
|
||||
EcdhKeyAlgorithm.assertCurve(key)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
} catch (InvalidKeyException expected) {
|
||||
String msg = "Unable to determine JWA-standard Elliptic Curve for decryption key [${KeysBridge.toString(key)}]"
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
|
|
|
@ -17,7 +17,6 @@ package io.jsonwebtoken.impl.security
|
|||
|
||||
import io.jsonwebtoken.impl.lang.Bytes
|
||||
import io.jsonwebtoken.security.InvalidKeyException
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException
|
||||
import org.junit.Test
|
||||
|
||||
import java.security.spec.PKCS8EncodedKeySpec
|
||||
|
@ -78,8 +77,8 @@ class EdwardsCurveTest {
|
|||
def key = new TestKey(algorithm: alg)
|
||||
try {
|
||||
EdwardsCurve.forKey(key)
|
||||
} catch (UnsupportedKeyException uke) {
|
||||
String msg = "${key.getClass().getName()} with algorithm '${alg}' is not a recognized Edwards Curve key."
|
||||
} catch (InvalidKeyException uke) {
|
||||
String msg = "Unrecognized Edwards Curve key: [${KeysBridge.toString(key)}]"
|
||||
assertEquals msg, uke.getMessage()
|
||||
}
|
||||
}
|
||||
|
@ -251,9 +250,9 @@ class EdwardsCurveTest {
|
|||
try {
|
||||
it.getKeyMaterial(key)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException uke) {
|
||||
String msg = "${key.getClass().getName()} encoded bytes cannot be null or empty."
|
||||
assertEquals msg, uke.getMessage()
|
||||
} catch (InvalidKeyException e) {
|
||||
String msg = "Missing required encoded bytes for key [${KeysBridge.toString(key)}]."
|
||||
assertEquals msg, e.getMessage()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
package io.jsonwebtoken.impl.security
|
||||
|
||||
import io.jsonwebtoken.Jwts
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException
|
||||
import io.jsonwebtoken.security.InvalidKeyException
|
||||
import org.junit.Test
|
||||
|
||||
import static org.junit.Assert.assertEquals
|
||||
|
@ -30,7 +30,7 @@ class EdwardsPublicKeyDeriverTest {
|
|||
try {
|
||||
EdwardsPublicKeyDeriver.INSTANCE.apply(rsaPrivKey)
|
||||
fail()
|
||||
} catch (UnsupportedKeyException uke) {
|
||||
} catch (InvalidKeyException uke) {
|
||||
String expectedMsg = "Unable to derive Edwards-curve PublicKey for specified PrivateKey: ${KeysBridge.toString(rsaPrivKey)}"
|
||||
assertEquals(expectedMsg, uke.getMessage())
|
||||
}
|
||||
|
|
|
@ -225,11 +225,12 @@ class JwksTest {
|
|||
try {
|
||||
Jwks.builder().key(key).build()
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
String expectedMsg = 'Unable to encode SecretKey to JWK: ' + SecretJwkFactory.ENCODED_UNAVAILABLE_MSG
|
||||
assertEquals expectedMsg, expected.getMessage()
|
||||
assertTrue expected.getCause() instanceof IllegalArgumentException
|
||||
assertEquals SecretJwkFactory.ENCODED_UNAVAILABLE_MSG, expected.getCause().getMessage()
|
||||
} catch (InvalidKeyException expected) {
|
||||
String causeMsg = "Missing required encoded bytes for key [${KeysBridge.toString(key)}]."
|
||||
String msg = "Unable to encode SecretKey to JWK: $causeMsg"
|
||||
assertEquals msg, expected.message
|
||||
assertTrue expected.getCause() instanceof InvalidKeyException
|
||||
assertEquals causeMsg, expected.getCause().getMessage()
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -246,11 +247,12 @@ class JwksTest {
|
|||
try {
|
||||
Jwks.builder().key(key).build()
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
String expectedMsg = 'Unable to encode SecretKey to JWK: ' + SecretJwkFactory.ENCODED_UNAVAILABLE_MSG
|
||||
assertEquals expectedMsg, expected.getMessage()
|
||||
assertTrue expected.getCause() instanceof IllegalArgumentException
|
||||
assertEquals SecretJwkFactory.ENCODED_UNAVAILABLE_MSG, expected.getCause().getMessage()
|
||||
} catch (InvalidKeyException expected) {
|
||||
String causeMsg = "Cannot obtain required encoded bytes from key [${KeysBridge.toString(key)}]: $encodedMsg"
|
||||
String msg = "Unable to encode SecretKey to JWK: $causeMsg"
|
||||
assertEquals msg, expected.message
|
||||
assertTrue expected.getCause() instanceof InvalidKeyException
|
||||
assertEquals causeMsg, expected.cause.message
|
||||
assertSame encodedEx, expected.getCause().getCause()
|
||||
}
|
||||
}
|
||||
|
@ -372,7 +374,7 @@ class JwksTest {
|
|||
try {
|
||||
Jwks.builder().key((PublicKey) key)
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
String msg = 'There is no builder that supports specified key of type io.jsonwebtoken.impl.security.TestPublicKey with algorithm \'null\'.'
|
||||
String msg = "There is no builder that supports specified key [${KeysBridge.toString(key)}]."
|
||||
assertEquals(msg, expected.getMessage())
|
||||
assertNotNull expected.getCause() // ensure we always retain a cause
|
||||
}
|
||||
|
@ -402,7 +404,7 @@ class JwksTest {
|
|||
try {
|
||||
Jwks.builder().key((PrivateKey) key)
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
String msg = 'There is no builder that supports specified key of type io.jsonwebtoken.impl.security.TestPrivateKey with algorithm \'null\'.'
|
||||
String msg = "There is no builder that supports specified key [${KeysBridge.toString(key)}]."
|
||||
assertEquals(msg, expected.getMessage())
|
||||
assertNotNull expected.getCause() // ensure we always retain a cause
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
package io.jsonwebtoken.impl.security
|
||||
|
||||
import io.jsonwebtoken.impl.lang.Converters
|
||||
import io.jsonwebtoken.security.InvalidKeyException
|
||||
import io.jsonwebtoken.security.Jwks
|
||||
import io.jsonwebtoken.security.RsaPrivateJwk
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException
|
||||
|
@ -47,14 +48,7 @@ class RsaPrivateJwkFactoryTest {
|
|||
Jwks.builder().key(key).build()
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
String msg = 'Unable to derive RSAPublicKey from RSAPrivateKey implementation ' +
|
||||
'[io.jsonwebtoken.impl.security.RsaPrivateJwkFactoryTest$1]. Supported keys implement the ' +
|
||||
'java.security.interfaces.RSAPrivateCrtKey or ' +
|
||||
'java.security.interfaces.RSAMultiPrimePrivateCrtKey interfaces. If the specified RSAPrivateKey ' +
|
||||
'cannot be one of these two, you must explicitly provide an RSAPublicKey in addition to the ' +
|
||||
'RSAPrivateKey, as the [JWA RFC, Section 6.3.2]' +
|
||||
'(https://www.rfc-editor.org/rfc/rfc7518.html#section-6.3.2) requires public values to be ' +
|
||||
'present in private RSA JWKs.'
|
||||
String msg = String.format(RsaPrivateJwkFactory.PUB_EXPONENT_EX_MSG, KeysBridge.toString(key))
|
||||
assertEquals msg, expected.getMessage()
|
||||
}
|
||||
}
|
||||
|
@ -121,7 +115,7 @@ class RsaPrivateJwkFactoryTest {
|
|||
try {
|
||||
Jwks.builder().key(key).build()
|
||||
fail()
|
||||
} catch (UnsupportedKeyException expected) {
|
||||
} catch (InvalidKeyException expected) {
|
||||
String prefix = 'Unable to derive RSAPublicKey from RSAPrivateKey {kty=RSA}. Cause: '
|
||||
assertTrue expected.getMessage().startsWith(prefix)
|
||||
}
|
||||
|
|
|
@ -20,7 +20,6 @@ import io.jsonwebtoken.impl.lang.Bytes
|
|||
import io.jsonwebtoken.impl.lang.CheckedFunction
|
||||
import io.jsonwebtoken.lang.Assert
|
||||
import io.jsonwebtoken.security.InvalidKeyException
|
||||
import io.jsonwebtoken.security.UnsupportedKeyException
|
||||
import io.jsonwebtoken.security.WeakKeyException
|
||||
import org.junit.Test
|
||||
|
||||
|
@ -57,8 +56,8 @@ class RsaSignatureAlgorithmTest {
|
|||
algs.each {
|
||||
try {
|
||||
it.validateKey(key, false)
|
||||
} catch (Exception e) {
|
||||
String msg = 'Unsupported RSA or RSASSA-PSS key algorithm name.'
|
||||
} catch (InvalidKeyException e) {
|
||||
String msg = 'Unrecognized RSA or RSASSA-PSS key algorithm name.'
|
||||
assertEquals msg, e.getMessage()
|
||||
}
|
||||
}
|
||||
|
@ -78,8 +77,8 @@ class RsaSignatureAlgorithmTest {
|
|||
algs.each {
|
||||
try {
|
||||
it.validateKey(key, false)
|
||||
} catch (UnsupportedKeyException e) {
|
||||
String msg = 'Unsupported RSA or RSASSA-PSS key algorithm name.'
|
||||
} catch (InvalidKeyException e) {
|
||||
String msg = 'Unrecognized RSA or RSASSA-PSS key algorithm name.'
|
||||
assertEquals msg, e.getMessage()
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue