From 8b848af0fb85147527459c244f30a217380ea00d Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Mon, 23 Jul 2012 18:17:16 -0400 Subject: [PATCH] cleaned up signer initialization calls and algorithm-setting code, cleaned up algorithm names, renamed encrypter/decrypter classes --- .../jwt/encryption/AbstractJweDecrypter.java | 2 +- .../jwt/encryption/AbstractJweEncrypter.java | 5 +-- .../{JwtDecrypter.java => JweDecrypter.java} | 2 +- .../{JwtEncrypter.java => JweEncrypter.java} | 4 +-- .../mitre/jwt/signer/AbstractJwtSigner.java | 1 + .../org/mitre/jwt/signer/JwsAlgorithm.java | 3 ++ .../java/org/mitre/jwt/signer/JwtSigner.java | 2 ++ .../org/mitre/jwt/signer/impl/HmacSigner.java | 33 ++++++++++--------- .../jwt/signer/impl/PlaintextSigner.java | 6 ++-- .../org/mitre/jwt/signer/impl/RsaSigner.java | 25 +++++++++----- ...JwtSigningAndValidationServiceDefault.java | 3 ++ .../impl/RsaEncrypterDecrypterTest.java | 2 ++ 12 files changed, 52 insertions(+), 36 deletions(-) rename openid-connect-common/src/main/java/org/mitre/jwt/encryption/{JwtDecrypter.java => JweDecrypter.java} (97%) rename openid-connect-common/src/main/java/org/mitre/jwt/encryption/{JwtEncrypter.java => JweEncrypter.java} (95%) diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java index 145768e3e..064c82bf4 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweDecrypter.java @@ -3,7 +3,7 @@ package org.mitre.jwt.encryption; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -public abstract class AbstractJweDecrypter implements JwtDecrypter { +public abstract class AbstractJweDecrypter implements JweDecrypter { long MAX_HASH_INPUTLEN = Long.MAX_VALUE; long UNSIGNED_INT_MAX_VALUE = 4294967395L; diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java index a71a4a9e0..43f6b2f94 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/AbstractJweEncrypter.java @@ -3,7 +3,7 @@ package org.mitre.jwt.encryption; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -public abstract class AbstractJweEncrypter implements JwtEncrypter { +public abstract class AbstractJweEncrypter implements JweEncrypter { public MessageDigest md; @@ -45,7 +45,8 @@ public abstract class AbstractJweEncrypter implements JwtEncrypter { } - public byte[] intToFourBytes(int i) { + // this is a utility function, shouldn't be in the public interface for this class + protected byte[] intToFourBytes(int i) { byte[] res = new byte[4]; res[0] = (byte) (i >>> 24); res[1] = (byte) ((i >>> 16) & 0xFF); diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtDecrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweDecrypter.java similarity index 97% rename from openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtDecrypter.java rename to openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweDecrypter.java index 564bd74ac..ec28cdd48 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtDecrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweDecrypter.java @@ -11,7 +11,7 @@ import javax.crypto.NoSuchPaddingException; import org.mitre.jwe.model.Jwe; -public interface JwtDecrypter { +public interface JweDecrypter { public Jwe decrypt(String encryptedJwe, Key privateKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException; diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweEncrypter.java similarity index 95% rename from openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java rename to openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweEncrypter.java index 6d2d2d1d0..0d80982e4 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JwtEncrypter.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/encryption/JweEncrypter.java @@ -17,7 +17,7 @@ import com.google.gson.JsonIOException; import com.google.gson.JsonSyntaxException; -public interface JwtEncrypter { +public interface JweEncrypter { public byte[] encryptKey(Jwe jwe, byte[] cmk, Key publicKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException; @@ -27,6 +27,4 @@ public interface JwtEncrypter { public byte[] generateContentKey(byte[] cmk, int keyDataLen, byte[] type) throws NoSuchAlgorithmException; - public byte[] intToFourBytes(int i); - } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java index 0ea795360..8bec7d563 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/AbstractJwtSigner.java @@ -25,6 +25,7 @@ import com.google.common.collect.Lists; public abstract class AbstractJwtSigner implements JwtSigner { + // TODO: make this a JwsAlgorithm enum value? private String algorithm; public AbstractJwtSigner(String algorithm) { diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwsAlgorithm.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwsAlgorithm.java index 32bd77573..7745442c2 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwsAlgorithm.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwsAlgorithm.java @@ -24,6 +24,9 @@ import org.apache.commons.lang.StringUtils; * */ public enum JwsAlgorithm { + + // PLAINTEXT + NONE("plaintext"), // HMAC HS256("HMACSHA256"), diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java index e2ab061b3..c6f470e04 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/JwtSigner.java @@ -21,6 +21,8 @@ import org.mitre.jwt.model.Jwt; public interface JwtSigner { + public String getAlgorithm(); + public Jwt sign(Jwt jwt) throws NoSuchAlgorithmException; public boolean verify(String jwtString) throws NoSuchAlgorithmException; diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java index ac80268ca..0b12ae3c9 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/HmacSigner.java @@ -137,7 +137,7 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean { @Override public String generateSignature(String signatureBase) throws NoSuchAlgorithmException { - afterPropertiesSet(); + initializeMac(); if (passphrase == null) { throw new IllegalArgumentException("Passphrase cannot be null"); @@ -176,7 +176,7 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean { this.passphrase = passphrase; } - public void initializeMac() { + private void initializeMac() { // TODO: check if it's already been done try { mac = Mac.getInstance(JwsAlgorithm.getByName(super.getAlgorithm()).getStandardName()); @@ -185,21 +185,22 @@ public class HmacSigner extends AbstractJwtSigner implements InitializingBean { e.printStackTrace(); } } + // TODO: nuke and clean up - public void initializeMacJwe(String signatureBase) { - List parts = Lists.newArrayList(Splitter.on(".").split(signatureBase)); - String header = parts.get(0); - JsonParser parser = new JsonParser(); - JsonObject object = (JsonObject) parser.parse(header); - - try { - mac = Mac.getInstance(JwsAlgorithm.getByName(object.get("int").getAsString()) - .getStandardName()); - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } +// public void initializeMacJwe(String signatureBase) { +// List parts = Lists.newArrayList(Splitter.on(".").split(signatureBase)); +// String header = parts.get(0); +// JsonParser parser = new JsonParser(); +// JsonObject object = (JsonObject) parser.parse(header); +// +// try { +// mac = Mac.getInstance(JwsAlgorithm.getByName(object.get("int").getAsString()) +// .getStandardName()); +// } catch (NoSuchAlgorithmException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } +// } /* diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java index 36f4da22e..906ced9a1 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/PlaintextSigner.java @@ -16,14 +16,12 @@ package org.mitre.jwt.signer.impl; import org.mitre.jwt.signer.AbstractJwtSigner; +import org.mitre.jwt.signer.JwsAlgorithm; public class PlaintextSigner extends AbstractJwtSigner { - // Todo: should this be a JwsAlgorithm? - public static final String PLAINTEXT = "none"; - public PlaintextSigner() { - super(PLAINTEXT); + super(JwsAlgorithm.NONE.toString()); } @Override diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java index 32e6da67a..ec3865534 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/impl/RsaSigner.java @@ -143,12 +143,18 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { * Load the public and private keys from the keystore, identified with the configured alias and accessed with the configured password. * @throws GeneralSecurityException */ - private void loadKeysFromKeystore() throws GeneralSecurityException { + private void loadKeysFromKeystore() { Assert.notNull(keystore, "An keystore must be supplied"); Assert.notNull(alias, "A alias must be supplied"); Assert.notNull(password, "A password must be supplied"); - KeyPair keyPair = keystore.getKeyPairForAlias(alias, password); + KeyPair keyPair = null; + try { + keyPair = keystore.getKeyPairForAlias(alias, password); + } catch (GeneralSecurityException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } Assert.notNull(keyPair, "Either alias and/or password is not correct for keystore"); @@ -167,12 +173,8 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { public String generateSignature(String signatureBase) throws NoSuchAlgorithmException { String sig = null; - try { - afterPropertiesSet(); - } catch (GeneralSecurityException e1) { - // TODO Auto-generated catch block - e1.printStackTrace(); - } + + initializeSigner(); try { signer.initSign(privateKey); @@ -226,7 +228,12 @@ public class RsaSigner extends AbstractJwtSigner implements InitializingBean { this.privateKey = privateKey; } - public void initializeSigner() throws NoSuchAlgorithmException{ + private void initializeSigner() throws NoSuchAlgorithmException{ + if (this.keystore != null && this.alias != null && this.password != null) { + // if it looks like we're configured with a keystore, load it here + loadKeysFromKeystore(); + } + signer = Signature.getInstance(JwsAlgorithm.getByName(super.getAlgorithm()).getStandardName()); } diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java index e408a3d4b..2631dbfac 100644 --- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java +++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java @@ -135,6 +135,9 @@ public class JwtSigningAndValidationServiceDefault extends AbstractJwtSigningAnd JwtSigner signer = getSigners().get(signerId); + // set the signing algorithm in the JWT + jwt.getHeader().setAlgorithm(signer.getAlgorithm()); + signer.sign(jwt); } diff --git a/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java b/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java index 0ec79840a..919cf8620 100644 --- a/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java +++ b/openid-connect-common/src/test/java/org/mitre/jwe/encryption/impl/RsaEncrypterDecrypterTest.java @@ -82,4 +82,6 @@ public class RsaEncrypterDecrypterTest { } + // TODO: add independent unit test for encryption and decryption + }