Add url to protected header, fix content type

pull/30/head
Richard Körber 2016-11-18 01:30:21 +01:00
parent 07beefdd15
commit 22961b3fba
2 changed files with 5 additions and 3 deletions

View File

@ -138,7 +138,7 @@ public class DefaultConnection implements Connection {
conn.setRequestProperty("Accept", "application/json");
conn.setRequestProperty("Accept-Charset", "utf-8");
conn.setRequestProperty("Accept-Language", session.getLocale().toLanguageTag());
conn.setRequestProperty("Content-Type", "application/json");
conn.setRequestProperty("Content-Type", "application/jose+json");
conn.setDoOutput(true);
final PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(keypair.getPublic());
@ -146,6 +146,7 @@ public class DefaultConnection implements Connection {
JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(claims.toString());
jws.getHeaders().setObjectHeaderValue("nonce", Base64Url.encode(session.getNonce()));
jws.getHeaders().setObjectHeaderValue("url", uri);
jws.getHeaders().setJwkHeaderValue("jwk", jwk);
jws.setAlgorithmHeaderValue(SignatureUtils.keyAlgorithm(jwk));
jws.setKey(keypair.getPrivate());

View File

@ -451,7 +451,7 @@ public class DefaultConnectionTest {
verify(mockUrlConnection).setRequestMethod("POST");
verify(mockUrlConnection).setRequestProperty("Accept", "application/json");
verify(mockUrlConnection).setRequestProperty("Accept-Charset", "utf-8");
verify(mockUrlConnection).setRequestProperty("Content-Type", "application/json");
verify(mockUrlConnection).setRequestProperty("Content-Type", "application/jose+json");
verify(mockUrlConnection).setDoOutput(true);
verify(mockUrlConnection).setFixedLengthStreamingMode(outputStream.toByteArray().length);
verify(mockUrlConnection).getOutputStream();
@ -467,6 +467,7 @@ public class DefaultConnectionTest {
StringBuilder expectedHeader = new StringBuilder();
expectedHeader.append('{');
expectedHeader.append("\"nonce\":\"").append(Base64Url.encode(nonce1)).append("\",");
expectedHeader.append("\"url\":\"").append(requestUri).append("\",");
expectedHeader.append("\"alg\":\"RS256\",");
expectedHeader.append("\"jwk\":{");
expectedHeader.append("\"kty\":\"").append(TestUtils.KTY).append("\",");
@ -474,7 +475,7 @@ public class DefaultConnectionTest {
expectedHeader.append("\"n\":\"").append(TestUtils.N).append("\"");
expectedHeader.append("}}");
assertThat(header, sameJSONAs(expectedHeader.toString()).allowingExtraUnexpectedFields());
assertThat(header, sameJSONAs(expectedHeader.toString()));
assertThat(claims, sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}"));
assertThat(signature, not(isEmptyOrNullString()));