diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtHeader.java b/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtHeader.java index 26f56f7db..80969a199 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtHeader.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/model/JwtHeader.java @@ -15,6 +15,7 @@ ******************************************************************************/ package org.mitre.jwt.model; +import java.text.ParseException; import java.util.Map.Entry; import com.google.gson.JsonElement; @@ -59,7 +60,12 @@ public class JwtHeader extends ClaimSet { if (element.getValue().isJsonNull()) { pass.add(element.getKey(), element.getValue()); } else if (element.getKey().equals(TYPE)) { - this.setType(element.getValue().getAsString()); + try { + this.setType(element.getValue().getAsString()); + } catch (ParseException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } } else if (element.getKey().equals(ALGORITHM)) { this.setAlgorithm(element.getValue().getAsString()); } else if (element.getKey().equals(ENCRYPTION_METHOD)) { @@ -85,9 +91,13 @@ public class JwtHeader extends ClaimSet { /** * @param type the type to set + * @throws ParseException */ - public void setType(String type) { - setClaim(TYPE, type); + public void setType(String type) throws ParseException { + if(type == null) { + throw new NullPointerException("JWT header type value must not be null"); + } + setClaim(TYPE, Type.parse(type)); } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/model/Type.java b/openid-connect-common/src/main/java/org/mitre/jwt/model/Type.java new file mode 100644 index 000000000..c5efdb0e4 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/jwt/model/Type.java @@ -0,0 +1,72 @@ +package org.mitre.jwt.model; + +public enum Type { + + /** + * Type ({@code typ}) parameter indicating a JWT. + * + *

Corresponds to the follwoing {@code typ} values: + * + *

+ */ + JWT, + + + /** + * Type ({@code typ}) parameter indicating a nested JWS. + * + *

Corresponds to the following {@code typ} value: + * + *

+ */ + JWS, + + + /** + * Type ({@code typ}) parameter indicating a nested JWE. + * + *

Corresponds to the follwoing {@code typ} value: + * + *

+ */ + JWE; + + + /** + * Parses the specified type string (case sensitive). + * + *

Note that both "JWT" and + * "urn:ietf:params:oauth:token-type:jwt" resolve to + * {@link #JWT}. + * + * @param s The string to parse. + * + * @throws java.text.ParseException If the string couldn't be + * parsed to a supported JWT + * header type. + */ + public static Type parse(final String s) + throws java.text.ParseException { + + if (s == null) + throw new NullPointerException("The parsed JWT header \"typ\" value must not be null"); + + if (s.equals("JWT") || s.equals("urn:ietf:params:oauth:token-type:jwt")) + return JWT; + + if (s.equals("JWS")) + return JWS; + + if (s.equals("JWE")) + return JWE; + + throw new java.text.ParseException("Unsupported JWT header \"typ\" value: " + s, 0); + } +} diff --git a/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java b/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java index b20195904..6630f1c45 100644 --- a/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java +++ b/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java @@ -27,6 +27,7 @@ import java.security.PublicKey; import java.security.cert.X509Certificate; import java.security.spec.RSAPrivateKeySpec; import java.security.spec.RSAPublicKeySpec; +import java.text.ParseException; import java.util.Date; import org.bouncycastle.jce.X509Principal; @@ -57,7 +58,12 @@ public class JwtTest { @Test public void testGenerateHmacSignature() { Jwt jwt = new Jwt(); - jwt.getHeader().setType("JWT"); + try { + jwt.getHeader().setType("JWT"); + } catch (ParseException e1) { + // TODO Auto-generated catch block + e1.printStackTrace(); + } jwt.getHeader().setAlgorithm("HS256"); jwt.getClaims().setExpiration(new Date(1300819380L * 1000L)); jwt.getClaims().setIssuer("joe");