From 319568d971957b1ae57d386a5a6d72537b3bc87a Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Mon, 23 Jul 2012 20:21:31 -0400 Subject: [PATCH] refactored JWA algorithm markers to use enum instead of string as stored class --- .../java/org/mitre/jwt/signer/AbstractJwtSigner.java | 9 ++++----- .../main/java/org/mitre/jwt/signer/JwsAlgorithm.java | 9 +++++++++ .../src/main/java/org/mitre/jwt/signer/JwtSigner.java | 2 +- .../java/org/mitre/jwt/signer/impl/HmacSigner.java | 11 +++++------ .../org/mitre/jwt/signer/impl/PlaintextSigner.java | 2 +- .../java/org/mitre/jwt/signer/impl/RsaSigner.java | 10 +++++----- .../impl/JwtSigningAndValidationServiceDefault.java | 2 +- .../java/org/mitre/jwt/signer/impl/Rsa256Test.java | 2 +- .../java/org/mitre/jwt/signer/impl/Rsa384Test.java | 2 +- .../java/org/mitre/jwt/signer/impl/Rsa512Test.java | 2 +- .../src/test/java/org/mitre/jwt/JwtTest.java | 4 ++-- 11 files changed, 31 insertions(+), 24 deletions(-) diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java index 8bec7d563..8bb96aee3 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java @@ -25,24 +25,23 @@ import com.google.common.collect.Lists; public abstract class AbstractJwtSigner implements JwtSigner { - // TODO: make this a JwsAlgorithm enum value? - private String algorithm; + private JwsAlgorithm algorithm; - public AbstractJwtSigner(String algorithm) { + public AbstractJwtSigner(JwsAlgorithm algorithm) { this.algorithm = algorithm; } /** * @return the algorithm */ - public String getAlgorithm() { + public JwsAlgorithm getAlgorithm() { return algorithm; } /** * @param algorithm the algorithm to set */ - public void setAlgorithm(String algorithm) { + public void setAlgorithm(JwsAlgorithm algorithm) { this.algorithm = algorithm; } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwsAlgorithm.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwsAlgorithm.java index 5c847cdb9..2fa2b36a2 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwsAlgorithm.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwsAlgorithm.java @@ -76,4 +76,13 @@ public enum JwsAlgorithm { public String getStandardName() { return standardName; } + + /** + * Return the JWA Standard name + * @return + */ + public String getJwaName() { + return jwaName; + } + } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java index c6f470e04..a119371ab 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java @@ -21,7 +21,7 @@ import org.mitre.jwt.model.Jwt; public interface JwtSigner { - public String getAlgorithm(); + public JwsAlgorithm getAlgorithm(); public Jwt sign(Jwt jwt) throws NoSuchAlgorithmException; diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java index 249a7f21f..fdb82ade6 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java @@ -47,8 +47,7 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean { public static final String DEFAULT_PASSPHRASE = "changeit"; - public static final String DEFAULT_ALGORITHM = JwsAlgorithm.HS256 - .toString(); + public static final JwsAlgorithm DEFAULT_ALGORITHM = JwsAlgorithm.HS256; private static Log logger = LogFactory.getLog(HmacSigner.class); @@ -71,7 +70,7 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean { */ public HmacSigner(byte[] passphraseAsRawBytes) throws NoSuchAlgorithmException { - this(DEFAULT_ALGORITHM, new String(passphraseAsRawBytes, + this(DEFAULT_ALGORITHM.getJwaName(), new String(passphraseAsRawBytes, Charset.forName("UTF-8"))); } @@ -82,7 +81,7 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean { * The passphrase as raw bytes */ public HmacSigner(String passphrase) throws NoSuchAlgorithmException { - this(DEFAULT_ALGORITHM, passphrase); + this(DEFAULT_ALGORITHM.getJwaName(), passphrase); } /** @@ -108,7 +107,7 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean { * the passphrase */ public HmacSigner(String algorithmName, String passphrase) { - super(algorithmName); + super(JwsAlgorithm.getByName(algorithmName)); Assert.notNull(passphrase, "A passphrase must be supplied"); @@ -179,7 +178,7 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean { private void initializeMac() { if (mac == null) { try { - mac = Mac.getInstance(JwsAlgorithm.getByName(super.getAlgorithm()).getStandardName()); + mac = Mac.getInstance(getAlgorithm().getStandardName()); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java index 906ced9a1..6de6f1428 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java @@ -21,7 +21,7 @@ import org.mitre.jwt.signer.JwsAlgorithm; public class PlaintextSigner extends AbstractJwtSigner { public PlaintextSigner() { - super(JwsAlgorithm.NONE.toString()); + super(JwsAlgorithm.NONE); } @Override diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java index fc00b54e7..ea6fdad5d 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java @@ -50,7 +50,7 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { public static final String KEYPAIR_ALGORITHM = "RSA"; public static final String DEFAULT_PASSWORD = "changeit"; - public static final String DEFAULT_ALGORITHM = JwsAlgorithm.RS256.toString(); + public static final JwsAlgorithm DEFAULT_ALGORITHM = JwsAlgorithm.RS256; private KeyStore keystore; private String alias; @@ -101,7 +101,7 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { * @throws GeneralSecurityException */ public RsaSigner(String algorithmName, KeyStore keystore, String alias, String password) throws GeneralSecurityException { - super(algorithmName); + super(JwsAlgorithm.getByName(algorithmName)); setKeystore(keystore); setAlias(alias); @@ -115,14 +115,14 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { * created with larger bit sizes obviously create larger signatures. * * @param algorithmName - * The algorithm name + * The JWA algorithm name * @param publicKey * The public key * @param privateKey * The private key */ public RsaSigner(String algorithmName, PublicKey publicKey, PrivateKey privateKey) { - super(algorithmName); + super(JwsAlgorithm.getByName(algorithmName)); this.publicKey = publicKey; this.privateKey = privateKey; @@ -235,7 +235,7 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { } if (signer == null) { - signer = Signature.getInstance(JwsAlgorithm.getByName(super.getAlgorithm()).getStandardName()); + signer = Signature.getInstance(getAlgorithm().getStandardName()); } } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java index 2631dbfac..ca3f1e61b 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java @@ -136,7 +136,7 @@ public class JwtSigningAndValidationServiceDefault extends AbstractJwtSigningAnd JwtSigner signer = getSigners().get(signerId); // set the signing algorithm in the JWT - jwt.getHeader().setAlgorithm(signer.getAlgorithm()); + jwt.getHeader().setAlgorithm(signer.getAlgorithm().getJwaName()); signer.sign(jwt); diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa256Test.java b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa256Test.java index 1d9ac0f97..9451a1afd 100644 --- a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa256Test.java +++ b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa256Test.java @@ -73,7 +73,7 @@ public class Rsa256Test{ keyPair = keyGen.generateKeyPair(); publicKey = keyPair.getPublic(); privateKey = keyPair.getPrivate(); - RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS256.toString(), publicKey, privateKey); + RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS256.getJwaName(), publicKey, privateKey); jwt = rsa.sign(jwt); assertEquals(rsa.verify(jwt.toString()), true); diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa384Test.java b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa384Test.java index c3039ac90..cd93f669c 100644 --- a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa384Test.java +++ b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa384Test.java @@ -72,7 +72,7 @@ public class Rsa384Test { keyPair = keyGen.generateKeyPair(); publicKey = keyPair.getPublic(); privateKey = keyPair.getPrivate(); - RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS384.toString(), publicKey, privateKey); + RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS384.getJwaName(), publicKey, privateKey); jwt = rsa.sign(jwt); assertEquals(rsa.verify(jwt.toString()), true); diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa512Test.java b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa512Test.java index 8da0a4b1f..2b7219521 100644 --- a/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa512Test.java +++ b/openid-connect-common/src/test/java/org/mitre/jwt/signer/impl/Rsa512Test.java @@ -72,7 +72,7 @@ public class Rsa512Test { keyPair = keyGen.generateKeyPair(); publicKey = keyPair.getPublic(); privateKey = keyPair.getPrivate(); - RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS512.toString(), publicKey, privateKey); + RsaSigner rsa = new RsaSigner(JwsAlgorithm.RS512.getJwaName(), publicKey, privateKey); jwt = rsa.sign(jwt); assertEquals(rsa.verify(jwt.toString()), true); diff --git a/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java b/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java index 257f2d2e7..208e28e57 100644 --- a/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java +++ b/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java @@ -153,7 +153,7 @@ public class JwtTest { jwt.getClaims().setIssuer("joe"); jwt.getClaims().setClaim("http://example.com/is_root", Boolean.TRUE); - JwtSigner signer = new RsaSigner(JwsAlgorithm.RS256.toString(), keystore, "testGenerateRsaSignature", RsaSigner.DEFAULT_PASSWORD); + JwtSigner signer = new RsaSigner(JwsAlgorithm.RS256.getJwaName(), keystore, "testGenerateRsaSignature", RsaSigner.DEFAULT_PASSWORD); ((RsaSigner) signer).afterPropertiesSet(); /* @@ -191,7 +191,7 @@ public class JwtTest { Jwt jwt = Jwt.parse(source); - assertThat(jwt.getHeader().getAlgorithm(), equalTo(JwsAlgorithm.NONE.toString())); + assertThat(jwt.getHeader().getAlgorithm(), equalTo(JwsAlgorithm.NONE.getJwaName())); assertThat(jwt.getClaims().getIssuer(), equalTo("joe")); assertThat(jwt.getClaims().getExpiration(), equalTo(new Date(1300819380L * 1000L))); assertThat((Boolean) jwt.getClaims().getClaim("http://example.com/is_root"), equalTo(Boolean.TRUE));