William Kim
11 years ago
parent
da915d8b35
commit
30d7aaa66a
@ -0,0 +1,58 @@
|
|||||||
|
/*******************************************************************************
|
||||||
|
* Copyright 2013 The MITRE Corporation
|
||||||
|
* and the MIT Kerberos and Internet Trust Consortium
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
******************************************************************************/
|
||||||
|
package org.mitre.jwt.signer;
|
||||||
|
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import com.google.common.collect.Sets;
|
||||||
|
import com.nimbusds.jose.JOSEException;
|
||||||
|
import com.nimbusds.jose.JWSAlgorithm;
|
||||||
|
import com.nimbusds.jose.JWSSigner;
|
||||||
|
import com.nimbusds.jose.PlainHeader;
|
||||||
|
import com.nimbusds.jose.ReadOnlyJWSHeader;
|
||||||
|
import com.nimbusds.jose.Requirement;
|
||||||
|
import com.nimbusds.jose.util.Base64URL;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Signer to support "alg:none" JWS signing option (no signature).
|
||||||
|
*
|
||||||
|
* @author wkim
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public class PlainSigner implements JWSSigner {
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Set<JWSAlgorithm> supportedAlgorithms() {
|
||||||
|
return Sets.newHashSet(new JWSAlgorithm("none", Requirement.REQUIRED));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Base64URL sign(ReadOnlyJWSHeader header, byte[] signingInput) throws JOSEException {
|
||||||
|
|
||||||
|
if (header instanceof PlainHeader) {
|
||||||
|
|
||||||
|
return new Base64URL("");
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
throw new JOSEException("Invalid header. This signer is for use with Plain JWTs only.");
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -0,0 +1,81 @@
|
|||||||
|
/*******************************************************************************
|
||||||
|
* Copyright 2013 The MITRE Corporation
|
||||||
|
* and the MIT Kerberos and Internet Trust Consortium
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
******************************************************************************/
|
||||||
|
package org.mitre.jwt.signer;
|
||||||
|
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import com.google.common.collect.Sets;
|
||||||
|
import com.nimbusds.jose.DefaultJWSHeaderFilter;
|
||||||
|
import com.nimbusds.jose.JOSEException;
|
||||||
|
import com.nimbusds.jose.JWSAlgorithm;
|
||||||
|
import com.nimbusds.jose.JWSHeaderFilter;
|
||||||
|
import com.nimbusds.jose.JWSVerifier;
|
||||||
|
import com.nimbusds.jose.PlainHeader;
|
||||||
|
import com.nimbusds.jose.ReadOnlyJWSHeader;
|
||||||
|
import com.nimbusds.jose.Requirement;
|
||||||
|
import com.nimbusds.jose.util.Base64URL;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Verifier to support "alg:none" JWS signing option (no signature).
|
||||||
|
*
|
||||||
|
* @author wkim
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public class PlainVerifier implements JWSVerifier {
|
||||||
|
|
||||||
|
// the NONE alg constant lives in the Algorithm superclass of JWSAlgorithm, not allowing its use as a JWSAlgorithm object.
|
||||||
|
// redefining the constant here for convenience.
|
||||||
|
private static final JWSAlgorithm NONE = new JWSAlgorithm("none", Requirement.REQUIRED);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The JWS header filter.
|
||||||
|
*/
|
||||||
|
private final DefaultJWSHeaderFilter headerFilter;
|
||||||
|
|
||||||
|
public PlainVerifier() {
|
||||||
|
|
||||||
|
headerFilter = new DefaultJWSHeaderFilter(Sets.newHashSet(NONE));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Set<JWSAlgorithm> supportedAlgorithms() {
|
||||||
|
return Sets.newHashSet(NONE);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public JWSHeaderFilter getJWSHeaderFilter() {
|
||||||
|
return headerFilter;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean verify(ReadOnlyJWSHeader header, byte[] signingInput, Base64URL signature) throws JOSEException {
|
||||||
|
|
||||||
|
if (header instanceof PlainHeader) {
|
||||||
|
// XXX NOT POSSIBLE--Interface does not allow this.
|
||||||
|
return signature.decode().length == 0;
|
||||||
|
|
||||||
|
} else { // not a plain (unsigned) JWS
|
||||||
|
|
||||||
|
throw new JOSEException("Not a plain JWT header.");
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
Loading…
Reference in new issue