From 861beeba640511cbff2c5db22958491393808c96 Mon Sep 17 00:00:00 2001
From: Amanda Anganes <aanganes@mitre.org>
Date: Wed, 24 Jul 2013 17:48:26 -0400
Subject: [PATCH] Added c_hash function, added stub of unit test for JWSUtils
---
.../mitre/openid/connect/util/JWSUtils.java | 33 ++++++++++++++--
.../openid/connect/util/TestJWSUtils.java | 39 +++++++++++++++++++
2 files changed, 68 insertions(+), 4 deletions(-)
create mode 100644 openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestJWSUtils.java
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/util/JWSUtils.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/util/JWSUtils.java
index 52f636f7d..f515db52c 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/util/JWSUtils.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/util/JWSUtils.java
@@ -7,6 +7,7 @@ import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
+import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -23,11 +24,36 @@ public class JWSUtils {
private static Logger logger = LoggerFactory.getLogger(JWSUtils.class);
- public static Base64URL getAccessTokenHash(JWSAlgorithm signingAlg, byte[] tokenBytes) {
+ /**
+ * Compute the HMAC hash of an authorization code
+ *
+ * @param signingAlg
+ * @param code
+ * @return
+ */
+ public static Base64URL getCodeHash(JWSAlgorithm signingAlg, String code) {
+ return getHash(signingAlg, code.getBytes());
+ }
+
+ /**
+ * Compute the HMAC hash of a token
+ *
+ * @param signingAlg
+ * @param token
+ * @return
+ */
+ public static Base64URL getAccessTokenHash(JWSAlgorithm signingAlg, OAuth2AccessTokenEntity token) {
+
+ byte[] tokenBytes = token.getJwt().serialize().getBytes();
+
+ return getHash(signingAlg, tokenBytes);
+
+ }
+
+ public static Base64URL getHash(JWSAlgorithm signingAlg, byte[] bytes) {
//Switch based on the given signing algorithm - use HMAC with the same bitnumber
//as the JWSAlgorithm to hash the token.
-
String hashAlg = null;
if (signingAlg.equals(JWSAlgorithm.HS256) || signingAlg.equals(JWSAlgorithm.ES256) || signingAlg.equals(JWSAlgorithm.RS256)) {
@@ -46,7 +72,7 @@ public class JWSUtils {
try {
Mac mac = Mac.getInstance(hashAlg);
- mac.init(new SecretKeySpec(tokenBytes, hashAlg));
+ mac.init(new SecretKeySpec(bytes, hashAlg));
byte[] at_hash_bytes = mac.doFinal();
byte[] at_hash_bytes_left = Arrays.copyOf(at_hash_bytes, at_hash_bytes.length / 2);
@@ -66,7 +92,6 @@ public class JWSUtils {
}
return null;
-
}
}
diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestJWSUtils.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestJWSUtils.java
new file mode 100644
index 000000000..fe2fc1bc4
--- /dev/null
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestJWSUtils.java
@@ -0,0 +1,39 @@
+package org.mitre.openid.connect.util;
+
+
+import net.minidev.json.JSONObject;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.runners.MockitoJUnitRunner;
+
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.util.Base64URL;
+import com.nimbusds.jwt.JWTClaimsSet;
+
+@RunWith(MockitoJUnitRunner.class)
+public class TestJWSUtils {
+
+ @Before
+ public void prepare() {
+
+ }
+
+ @Test
+ public void compute_hs256_at_hash() {
+ JWTClaimsSet jwt = new JWTClaimsSet();
+ jwt.setType("JWT");
+ jwt.setClaim("alg", "HS256");
+ JSONObject jwtObj = jwt.toJSONObject();
+ String jwtString = jwtObj.toJSONString();
+ byte[] jwtBytes = jwtString.getBytes();
+
+ Base64URL signedJwt = JWSUtils.getHash(JWSAlgorithm.HS256, jwtBytes);
+
+
+ }
+
+
+
+}