cleaned up signer initialization calls and algorithm-setting code, cleaned up algorithm names, renamed encrypter/decrypter classes

13 years ago · 8b848af0fb
parent d204ff1e69
commit 8b848af0fb
12 changed files with 52 additions and 36 deletions
--- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java
@ -3,7 +3,7 @@ package org.mitre.jwt.encryption;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;

-public abstract class AbstractJweDecrypter implements JwtDecrypter {
+public abstract class AbstractJweDecrypter implements JweDecrypter {
 	
 	long MAX_HASH_INPUTLEN = Long.MAX_VALUE;
 	long UNSIGNED_INT_MAX_VALUE = 4294967395L;
--- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java
@ -3,7 +3,7 @@ package org.mitre.jwt.encryption;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;

-public abstract class AbstractJweEncrypter implements JwtEncrypter {
+public abstract class AbstractJweEncrypter implements JweEncrypter {
 	
 	public MessageDigest md;
 	
@ -45,7 +45,8 @@ public abstract class AbstractJweEncrypter implements JwtEncrypter {
    
 	}
 	
-    public byte[] intToFourBytes(int i) {
+	// this is a utility function, shouldn't be in the public interface for this class
+    protected byte[] intToFourBytes(int i) {
        byte[] res = new byte[4];
        res[0] = (byte) (i >>> 24);
        res[1] = (byte) ((i >>> 16) & 0xFF);
--- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweDecrypter.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweDecrypter.java
@ -11,7 +11,7 @@ import javax.crypto.NoSuchPaddingException;

 import org.mitre.jwe.model.Jwe;

-public interface JwtDecrypter {
+public interface JweDecrypter {
 	
 	public Jwe decrypt(String encryptedJwe, Key privateKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException;
 	
--- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweEncrypter.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweEncrypter.java
@ -17,7 +17,7 @@ import com.google.gson.JsonIOException;
 import com.google.gson.JsonSyntaxException;


-public interface JwtEncrypter {
+public interface JweEncrypter {
 	
 	public byte[] encryptKey(Jwe jwe, byte[] cmk, Key publicKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException;
 	
@ -27,6 +27,4 @@ public interface JwtEncrypter {
 	
 	public byte[] generateContentKey(byte[] cmk, int keyDataLen, byte[] type) throws NoSuchAlgorithmException;
 	
-	public byte[] intToFourBytes(int i);
-
 }
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java
@ -25,6 +25,7 @@ import com.google.common.collect.Lists;

 public abstract class AbstractJwtSigner implements JwtSigner {
 		
+	// TODO: make this a JwsAlgorithm enum value?
 	private String algorithm;

 	public AbstractJwtSigner(String algorithm) {
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwsAlgorithm.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwsAlgorithm.java
@ -24,6 +24,9 @@ import org.apache.commons.lang.StringUtils;
 *
 */
 public enum JwsAlgorithm {
+	
+	// PLAINTEXT
+	NONE("plaintext"),

 	// HMAC
 	HS256("HMACSHA256"), 
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java
@ -21,6 +21,8 @@ import org.mitre.jwt.model.Jwt;

 public interface JwtSigner {

+	public String getAlgorithm();
+	
 	public Jwt sign(Jwt jwt) throws NoSuchAlgorithmException;
 	
 	public boolean verify(String jwtString) throws NoSuchAlgorithmException;
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java
@ -137,7 +137,7 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
 	@Override
 	public String generateSignature(String signatureBase) throws NoSuchAlgorithmException {
 		
-		afterPropertiesSet();
+		initializeMac();
 		
 		if (passphrase == null) {
 			throw new IllegalArgumentException("Passphrase cannot be null");
@ -176,7 +176,7 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
 		this.passphrase = passphrase;
 	}
 	
-	public void initializeMac() {
+	private void initializeMac() {
 		// TODO: check if it's already been done
 		try {
 			mac = Mac.getInstance(JwsAlgorithm.getByName(super.getAlgorithm()).getStandardName());
@ -185,21 +185,22 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean {
 			e.printStackTrace();
 		}
 	}
+	
 	// TODO: nuke and clean up
-	public void initializeMacJwe(String signatureBase) {
-		List<String> parts = Lists.newArrayList(Splitter.on(".").split(signatureBase));
-		String header = parts.get(0);
-		JsonParser parser = new JsonParser();
-		JsonObject object = (JsonObject) parser.parse(header);
-		
-		try {
-			mac = Mac.getInstance(JwsAlgorithm.getByName(object.get("int").getAsString())
-					.getStandardName());
-		} catch (NoSuchAlgorithmException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-	}
+//	public void initializeMacJwe(String signatureBase) {
+//		List<String> parts = Lists.newArrayList(Splitter.on(".").split(signatureBase));
+//		String header = parts.get(0);
+//		JsonParser parser = new JsonParser();
+//		JsonObject object = (JsonObject) parser.parse(header);
+//		
+//		try {
+//			mac = Mac.getInstance(JwsAlgorithm.getByName(object.get("int").getAsString())
+//					.getStandardName());
+//		} catch (NoSuchAlgorithmException e) {
+//			// TODO Auto-generated catch block
+//			e.printStackTrace();
+//		}
+//	}


 	/*
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java
@ -16,14 +16,12 @@
 package org.mitre.jwt.signer.impl;

 import org.mitre.jwt.signer.AbstractJwtSigner;
+import org.mitre.jwt.signer.JwsAlgorithm;

 public class PlaintextSigner extends AbstractJwtSigner {

-	// Todo: should this be a JwsAlgorithm?
-	public static final String PLAINTEXT = "none";
-	
 	public PlaintextSigner() {
-	    super(PLAINTEXT);
+	    super(JwsAlgorithm.NONE.toString());
    }

 	@Override
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java
@ -143,12 +143,18 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean {
 	 * Load the public and private keys from the keystore, identified with the configured alias and accessed with the configured password.
 	 * @throws GeneralSecurityException
 	 */
-	private void loadKeysFromKeystore() throws GeneralSecurityException {
+	private void loadKeysFromKeystore() {
 		Assert.notNull(keystore, "An keystore must be supplied");
 		Assert.notNull(alias, "A alias must be supplied");
 		Assert.notNull(password, "A password must be supplied");

-	    KeyPair keyPair = keystore.getKeyPairForAlias(alias, password);
+	    KeyPair keyPair = null;
+		try {
+			keyPair = keystore.getKeyPairForAlias(alias, password);
+		} catch (GeneralSecurityException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}

 		Assert.notNull(keyPair, "Either alias and/or password is not correct for keystore");
 		
@ -167,12 +173,8 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean {
 	public String generateSignature(String signatureBase) throws NoSuchAlgorithmException {

 		String sig = null;
-		try {
-			afterPropertiesSet();
-		} catch (GeneralSecurityException e1) {
-			// TODO Auto-generated catch block
-			e1.printStackTrace();
-		}
+		
+		initializeSigner();
 		
 		try {
 			signer.initSign(privateKey);
@ -226,7 +228,12 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean {
 		this.privateKey = privateKey;
 	}
 	
-	public void initializeSigner() throws NoSuchAlgorithmException{
+	private void initializeSigner() throws NoSuchAlgorithmException{
+		if (this.keystore != null && this.alias != null && this.password != null) {
+			// if it looks like we're configured with a keystore, load it here
+			loadKeysFromKeystore();
+		}
+		
 		signer = Signature.getInstance(JwsAlgorithm.getByName(super.getAlgorithm()).getStandardName());
 	}

--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java
@ -135,6 +135,9 @@ public class JwtSigningAndValidationServiceDefault extends AbstractJwtSigningAnd
 		
 		JwtSigner signer = getSigners().get(signerId);
 		
+		// set the signing algorithm in the JWT
+		jwt.getHeader().setAlgorithm(signer.getAlgorithm());
+		
 		signer.sign(jwt);
 	
 	}
--- a/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java
+++ b/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java
@ -82,4 +82,6 @@ public class RsaEncrypterDecrypterTest {
 		
 	}

+	// TODO: add independent unit test for encryption and decryption
+	
 }