the signature base created in the verify method of the AbstractJwtSigner did not match how the Jwt.getSignatureBase creates the signature base. also, modified the testGenerateHmacSignature to exercise

2012-04-02 22:12:03 -04:00 · 2012-04-02 22:12:03 -04:00 · 6c8661f3ad
parent 267f1b2de3
commit 6c8661f3ad
3 changed files with 18 additions and 12 deletions
--- a/openid-connect-server/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java
+++ b/openid-connect-server/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java
@ -70,7 +70,7 @@ public abstract class AbstractJwtSigner implements JwtSigner {
 		String c64 = parts.get(1);
 		String s64 = parts.get(2);
    	
-		String expectedSignature = generateSignature(h64 + "." + c64 + ".");
+		String expectedSignature = generateSignature(h64 + "." + c64);
 		
 		return Strings.nullToEmpty(s64).equals(Strings.nullToEmpty(expectedSignature));
    	
--- a/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java
+++ b/openid-connect-server/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java
@ -26,7 +26,8 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {

 	public static final String DEFAULT_PASSPHRASE = "changeit";

-	public static final String DEFAULT_ALGORITHM = JwsAlgorithm.HS256.toString();
+	public static final String DEFAULT_ALGORITHM = JwsAlgorithm.HS256
+			.toString();

 	private static Log logger = LogFactory.getLog(HmacSigner.class);

@ -49,7 +50,8 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
 	 */
 	public HmacSigner(byte[] passphraseAsRawBytes)
 			throws NoSuchAlgorithmException {
-		this(DEFAULT_ALGORITHM, new String(passphraseAsRawBytes, Charset.forName("UTF-8")));
+		this(DEFAULT_ALGORITHM, new String(passphraseAsRawBytes,
+				Charset.forName("UTF-8")));
 	}

 	/**
@ -72,7 +74,8 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
 	 */
 	public HmacSigner(String algorithmName, byte[] passphraseAsRawBytes)
 			throws NoSuchAlgorithmException {
-		this(algorithmName, new String(passphraseAsRawBytes, Charset.forName("UTF-8")));
+		this(algorithmName, new String(passphraseAsRawBytes,
+				Charset.forName("UTF-8")));
 	}

 	/**
@ -101,12 +104,13 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
 	@Override
 	public void afterPropertiesSet() throws Exception {

-		mac = Mac.getInstance(JwsAlgorithm.getByName(super.getAlgorithm()).getStandardName());
+		mac = Mac.getInstance(JwsAlgorithm.getByName(super.getAlgorithm())
+				.getStandardName());

-		logger.debug(JwsAlgorithm.getByName(getAlgorithm()).getStandardName() + " ECDSA Signer ready for business");
+		logger.debug(JwsAlgorithm.getByName(getAlgorithm()).getStandardName()
+				+ " ECDSA Signer ready for business");
 	}

-	
 	/*
 	 * (non-Javadoc)
 	 * 
@ -121,7 +125,8 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
 		}

 		try {
-			mac.init(new SecretKeySpec(getPassphrase().getBytes(), mac.getAlgorithm()));
+			mac.init(new SecretKeySpec(getPassphrase().getBytes(), mac
+					.getAlgorithm()));

 			mac.update(signatureBase.getBytes("UTF-8"));
 		} catch (GeneralSecurityException e) {
--- a/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java
+++ b/openid-connect-server/src/test/java/org/mitre/jwt/JwtTest.java
@ -76,6 +76,7 @@ public class JwtTest {
 	
 			assertThat(actual, equalTo(expected));
 			assertThat(jwt.getSignature(), equalTo(signature));
+			assertThat(signer.verify(actual), equalTo(true));

 		} catch (UnsupportedEncodingException e) {
 			e.printStackTrace();