This reverts commit 30d7aaa66a
.
pull/485/merge
parent
2108311d65
commit
6276ec8e66
@ -1,58 +0,0 @@
|
|||||||
/*******************************************************************************
|
|
||||||
* Copyright 2013 The MITRE Corporation
|
|
||||||
* and the MIT Kerberos and Internet Trust Consortium
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
package org.mitre.jwt.signer;
|
|
||||||
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import com.google.common.collect.Sets;
|
|
||||||
import com.nimbusds.jose.JOSEException;
|
|
||||||
import com.nimbusds.jose.JWSAlgorithm;
|
|
||||||
import com.nimbusds.jose.JWSSigner;
|
|
||||||
import com.nimbusds.jose.PlainHeader;
|
|
||||||
import com.nimbusds.jose.ReadOnlyJWSHeader;
|
|
||||||
import com.nimbusds.jose.Requirement;
|
|
||||||
import com.nimbusds.jose.util.Base64URL;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Signer to support "alg:none" JWS signing option (no signature).
|
|
||||||
*
|
|
||||||
* @author wkim
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public class PlainSigner implements JWSSigner {
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Set<JWSAlgorithm> supportedAlgorithms() {
|
|
||||||
return Sets.newHashSet(new JWSAlgorithm("none", Requirement.REQUIRED));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Base64URL sign(ReadOnlyJWSHeader header, byte[] signingInput) throws JOSEException {
|
|
||||||
|
|
||||||
if (header instanceof PlainHeader) {
|
|
||||||
|
|
||||||
return new Base64URL("");
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
throw new JOSEException("Invalid header. This signer is for use with Plain JWTs only.");
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,81 +0,0 @@
|
|||||||
/*******************************************************************************
|
|
||||||
* Copyright 2013 The MITRE Corporation
|
|
||||||
* and the MIT Kerberos and Internet Trust Consortium
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
package org.mitre.jwt.signer;
|
|
||||||
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import com.google.common.collect.Sets;
|
|
||||||
import com.nimbusds.jose.DefaultJWSHeaderFilter;
|
|
||||||
import com.nimbusds.jose.JOSEException;
|
|
||||||
import com.nimbusds.jose.JWSAlgorithm;
|
|
||||||
import com.nimbusds.jose.JWSHeaderFilter;
|
|
||||||
import com.nimbusds.jose.JWSVerifier;
|
|
||||||
import com.nimbusds.jose.PlainHeader;
|
|
||||||
import com.nimbusds.jose.ReadOnlyJWSHeader;
|
|
||||||
import com.nimbusds.jose.Requirement;
|
|
||||||
import com.nimbusds.jose.util.Base64URL;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Verifier to support "alg:none" JWS signing option (no signature).
|
|
||||||
*
|
|
||||||
* @author wkim
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public class PlainVerifier implements JWSVerifier {
|
|
||||||
|
|
||||||
// the NONE alg constant lives in the Algorithm superclass of JWSAlgorithm, not allowing its use as a JWSAlgorithm object.
|
|
||||||
// redefining the constant here for convenience.
|
|
||||||
private static final JWSAlgorithm NONE = new JWSAlgorithm("none", Requirement.REQUIRED);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The JWS header filter.
|
|
||||||
*/
|
|
||||||
private final DefaultJWSHeaderFilter headerFilter;
|
|
||||||
|
|
||||||
public PlainVerifier() {
|
|
||||||
|
|
||||||
headerFilter = new DefaultJWSHeaderFilter(Sets.newHashSet(NONE));
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Set<JWSAlgorithm> supportedAlgorithms() {
|
|
||||||
return Sets.newHashSet(NONE);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public JWSHeaderFilter getJWSHeaderFilter() {
|
|
||||||
return headerFilter;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean verify(ReadOnlyJWSHeader header, byte[] signingInput, Base64URL signature) throws JOSEException {
|
|
||||||
|
|
||||||
if (header instanceof PlainHeader) {
|
|
||||||
// XXX NOT POSSIBLE--Interface does not allow this.
|
|
||||||
return signature.decode().length == 0;
|
|
||||||
|
|
||||||
} else { // not a plain (unsigned) JWS
|
|
||||||
|
|
||||||
throw new JOSEException("Not a plain JWT header.");
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
Loading…
Reference in new issue