github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added signature validator

pull/59/head
Justin Richer 2011-12-22 13:15:56 -05:00
parent f44f22cf80
commit 8998d22369
5 changed files with 70 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/main/java/org/mitre/jwt/AbstractJwtSigner.java
View File

@ -1,8 +1,13 @@
package org.mitre.jwt; package org.mitre.jwt;
import com.google.common.base.Objects; import java.util.List;
public class AbstractJwtSigner implements JwtSigner { import com.google.common.base.Objects;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
public abstract class AbstractJwtSigner implements JwtSigner {
public static final String PLAINTEXT = "none"; public static final String PLAINTEXT = "none";
public static final String HS256 = "HS256"; public static final String HS256 = "HS256";
@ -40,8 +45,36 @@ public class AbstractJwtSigner implements JwtSigner {
// for now, we fix the Jwt // for now, we fix the Jwt
jwt.getHeader().setAlgorithm(algorithm); jwt.getHeader().setAlgorithm(algorithm);
} }
String sig = generateSignature(jwt.getSignatureBase());
jwt.setSignature(sig);
} }
/* (non-Javadoc)
* @see org.mitre.jwt.JwtSigner#verify(java.lang.String)
*/
@Override
public boolean verify(String jwtString) {
// split on the dots
List<String> parts = Lists.newArrayList(Splitter.on(".").split(jwtString));
if (parts.size() != 3) {
throw new IllegalArgumentException("Invalid JWT format.");
}
String h64 = parts.get(0);
String c64 = parts.get(1);
String s64 = parts.get(2);
String expectedSignature = generateSignature(h64 + "." + c64 + ".");
return Strings.nullToEmpty(s64).equals(Strings.nullToEmpty(expectedSignature));
}
protected abstract String generateSignature(String signatureBase);
} }

19
src/main/java/org/mitre/jwt/Hmac256Signer.java
View File

@ -34,15 +34,10 @@ public class Hmac256Signer extends AbstractJwtSigner {
} }
/* (non-Javadoc) @Override
* @see org.mitre.jwt.AbstractJwtSigner#sign(org.mitre.jwt.Jwt) protected String generateSignature(String signatureBase) {
*/
@Override
public void sign(Jwt jwt) {
super.sign(jwt);
if (passphrase == null) { if (passphrase == null) {
return; // TODO: probably throw some kind of exception return null; // TODO: probably throw some kind of exception
} }
try { try {
@ -53,7 +48,7 @@ public class Hmac256Signer extends AbstractJwtSigner {
} }
try { try {
mac.update(jwt.getSignatureBase().getBytes("UTF-8")); mac.update(signatureBase.getBytes("UTF-8"));
} catch (IllegalStateException e) { } catch (IllegalStateException e) {
// TODO Auto-generated catch block // TODO Auto-generated catch block
e.printStackTrace(); e.printStackTrace();
@ -68,8 +63,7 @@ public class Hmac256Signer extends AbstractJwtSigner {
// strip off any padding // strip off any padding
sig = sig.replace("=", ""); sig = sig.replace("=", "");
return sig;
jwt.setSignature(sig);
} }
/** /**
@ -85,7 +79,8 @@ public class Hmac256Signer extends AbstractJwtSigner {
public void setPassphrase(byte[] passphrase) { public void setPassphrase(byte[] passphrase) {
this.passphrase = passphrase; this.passphrase = passphrase;
} }
} }

2
src/main/java/org/mitre/jwt/JwtSigner.java
View File

@ -4,4 +4,6 @@ public interface JwtSigner {
public void sign(Jwt jwt); public void sign(Jwt jwt);
public boolean verify(String jwtString);
} }

9
src/main/java/org/mitre/jwt/PlaintextSigner.java
View File

@ -7,11 +7,8 @@ public class PlaintextSigner extends AbstractJwtSigner {
} }
@Override @Override
public void sign(Jwt jwt) { protected String generateSignature(String signatureBase) {
super.sign(jwt); return null;
}
jwt.setSignature("");
}
} }

23
src/test/java/org/mitre/jwt/JwtTest.java
View File

@ -39,7 +39,7 @@ public class JwtTest {
} }
@Test @Test
public void testHmacSignature() { public void testGenerateHmacSignature() {
Jwt jwt = new Jwt(); Jwt jwt = new Jwt();
jwt.getHeader().setType("JWT"); jwt.getHeader().setType("JWT");
jwt.getHeader().setAlgorithm("HS256"); jwt.getHeader().setAlgorithm("HS256");
@ -79,6 +79,27 @@ public class JwtTest {
} }
@Test
public void testValidateHmacSignature() {
// sign it
byte[] key = null;
try {
key = "secret".getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
JwtSigner signer = new Hmac256Signer(key);
String jwtString = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.iGBPJj47S5q_HAhSoQqAdcS6A_1CFj3zrLaImqNbt9E";
boolean valid = signer.verify(jwtString);
assertThat(valid, equalTo(Boolean.TRUE));
}
@Test @Test
public void testParse() { public void testParse() {
String source = "eyJhbGciOiJub25lIn0.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ."; String source = "eyJhbGciOiJub25lIn0.eyJleHAiOjEzMDA4MTkzODAsImlzcyI6ImpvZSIsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.";