mirror of https://github.com/jwtk/jjwt.git
Les Hazlewood
commit
d1058b0933
|
|
@ -22,15 +22,17 @@ import java.security.InvalidKeyException;
|
||||||
import java.security.Key;
|
import java.security.Key;
|
||||||
import java.security.PrivateKey;
|
import java.security.PrivateKey;
|
||||||
import java.security.Signature;
|
import java.security.Signature;
|
||||||
import java.security.interfaces.RSAPrivateKey;
|
import java.security.interfaces.RSAKey;
|
||||||
|
|
||||||
public class RsaSigner extends RsaProvider implements Signer {
|
public class RsaSigner extends RsaProvider implements Signer {
|
||||||
|
|
||||||
public RsaSigner(SignatureAlgorithm alg, Key key) {
|
public RsaSigner(SignatureAlgorithm alg, Key key) {
|
||||||
super(alg, key);
|
super(alg, key);
|
||||||
if (!(key instanceof RSAPrivateKey)) {
|
// https://github.com/jwtk/jjwt/issues/68
|
||||||
String msg = "RSA signatures must be computed using an RSAPrivateKey. The specified key of type " +
|
// Instead of checking for an instance of RSAPrivateKey, check for PrivateKey and RSAKey:
|
||||||
key.getClass().getName() + " is not an RSAPrivateKey.";
|
if (!(key instanceof PrivateKey && key instanceof RSAKey)) {
|
||||||
|
String msg = "RSA signatures must be computed using an RSA PrivateKey. The specified key of type " +
|
||||||
|
key.getClass().getName() + " is not an RSA PrivateKey.";
|
||||||
throw new IllegalArgumentException(msg);
|
throw new IllegalArgumentException(msg);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ import javax.crypto.spec.SecretKeySpec
|
||||||
import java.security.InvalidKeyException
|
import java.security.InvalidKeyException
|
||||||
import java.security.KeyPair
|
import java.security.KeyPair
|
||||||
import java.security.KeyPairGenerator
|
import java.security.KeyPairGenerator
|
||||||
|
import java.security.MessageDigest
|
||||||
import java.security.PrivateKey
|
import java.security.PrivateKey
|
||||||
import java.security.PublicKey
|
import java.security.PublicKey
|
||||||
|
|
||||||
|
|
@ -48,18 +49,50 @@ class RsaSignerTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testConstructorWithoutRsaPrivateKey() {
|
void testConstructorWithoutPrivateKey() {
|
||||||
|
|
||||||
byte[] bytes = new byte[16]
|
byte[] bytes = new byte[16]
|
||||||
rng.nextBytes(bytes)
|
rng.nextBytes(bytes)
|
||||||
SecretKeySpec key = new SecretKeySpec(bytes, 'HmacSHA256')
|
SecretKeySpec key = new SecretKeySpec(bytes, 'HmacSHA256')
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
//noinspection GroovyResultOfObjectAllocationIgnored
|
||||||
new RsaSigner(SignatureAlgorithm.RS256, key);
|
new RsaSigner(SignatureAlgorithm.RS256, key);
|
||||||
fail('RsaSigner should reject non RSAPrivateKey instances.')
|
fail('RsaSigner should reject non RSAPrivateKey instances.')
|
||||||
} catch (IllegalArgumentException expected) {
|
} catch (IllegalArgumentException expected) {
|
||||||
assertEquals expected.message, "RSA signatures must be computed using an RSAPrivateKey. The specified key of type " +
|
assertEquals expected.message, "RSA signatures must be computed using an RSA PrivateKey. The specified key of type " +
|
||||||
key.getClass().getName() + " is not an RSAPrivateKey.";
|
key.getClass().getName() + " is not an RSA PrivateKey.";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void testConstructorWithoutRSAKey() {
|
||||||
|
|
||||||
|
//private key, but not an RSAKey instance:
|
||||||
|
PrivateKey key = new PrivateKey() {
|
||||||
|
@Override
|
||||||
|
String getAlgorithm() {
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
String getFormat() {
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
byte[] getEncoded() {
|
||||||
|
return new byte[0]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
//noinspection GroovyResultOfObjectAllocationIgnored
|
||||||
|
new RsaSigner(SignatureAlgorithm.RS256, key);
|
||||||
|
fail('RsaSigner should reject non RSAPrivateKey instances.')
|
||||||
|
} catch (IllegalArgumentException expected) {
|
||||||
|
assertEquals expected.message, "RSA signatures must be computed using an RSA PrivateKey. The specified key of type " +
|
||||||
|
key.getClass().getName() + " is not an RSA PrivateKey.";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -126,4 +159,24 @@ class RsaSignerTest {
|
||||||
assertSame se.cause, ex
|
assertSame se.cause, ex
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void testSignSuccessful() {
|
||||||
|
|
||||||
|
KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");
|
||||||
|
keyGenerator.initialize(1024);
|
||||||
|
|
||||||
|
KeyPair kp = keyGenerator.genKeyPair();
|
||||||
|
PrivateKey privateKey = kp.getPrivate();
|
||||||
|
|
||||||
|
byte[] bytes = new byte[16]
|
||||||
|
rng.nextBytes(bytes)
|
||||||
|
|
||||||
|
RsaSigner signer = new RsaSigner(SignatureAlgorithm.RS256, privateKey);
|
||||||
|
byte[] out1 = signer.sign(bytes)
|
||||||
|
|
||||||
|
byte[] out2 = signer.sign(bytes)
|
||||||
|
|
||||||
|
assertTrue(MessageDigest.isEqual(out1, out2))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue