Do not use compact JWS serialization

pull/55/head
Richard Körber 2017-08-17 22:38:56 +02:00
parent 514b67bb70
commit 2eb59ef364
2 changed files with 22 additions and 19 deletions

View File

@ -190,6 +190,7 @@ public class DefaultConnection implements Connection {
jws.setAlgorithmHeaderValue(keyAlgorithm(jwk));
jws.setKey(keypair.getPrivate());
jws.sign();
if (LOG.isDebugEnabled()) {
LOG.debug("POST {}", url);
@ -197,7 +198,11 @@ public class DefaultConnection implements Connection {
LOG.debug(" JWS Header: {}", jws.getHeaders().getFullHeaderAsJsonString());
}
byte[] outputData = jws.getCompactSerialization().getBytes(DEFAULT_CHARSET);
JSONBuilder jb = new JSONBuilder();
jb.put("protected", jws.getHeaders().getEncodedHeader());
jb.put("payload", jws.getEncodedPayload());
jb.put("signature", jws.getEncodedSignature());
byte[] outputData = jb.toString().getBytes(DEFAULT_CHARSET);
conn.setFixedLengthStreamingMode(outputData.length);
conn.connect();

View File

@ -689,11 +689,10 @@ public class DefaultConnectionTest {
verify(mockUrlConnection, atLeast(0)).getHeaderFields();
verifyNoMoreInteractions(mockUrlConnection);
String serialized = new String(outputStream.toByteArray(), "utf-8");
String[] written = CompactSerializer.deserialize(serialized);
String header = Base64Url.decodeToUtf8String(written[0]);
String claims = Base64Url.decodeToUtf8String(written[1]);
String signature = written[2];
JSON data = JSON.parse(new String(outputStream.toByteArray(), "utf-8"));
String encodedHeader = data.get("protected").asString();
String encodedSignature = data.get("signature").asString();
String encodedPayload = data.get("payload").asString();
StringBuilder expectedHeader = new StringBuilder();
expectedHeader.append('{');
@ -703,12 +702,12 @@ public class DefaultConnectionTest {
expectedHeader.append("\"kid\":\"").append(keyIdentifier).append('"');
expectedHeader.append('}');
assertThat(header, sameJSONAs(expectedHeader.toString()));
assertThat(claims, sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}"));
assertThat(signature, not(isEmptyOrNullString()));
assertThat(Base64Url.decodeToUtf8String(encodedHeader), sameJSONAs(expectedHeader.toString()));
assertThat(Base64Url.decodeToUtf8String(encodedPayload), sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}"));
assertThat(encodedSignature, not(isEmptyOrNullString()));
JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(serialized);
jws.setCompactSerialization(CompactSerializer.serialize(encodedHeader, encodedPayload, encodedSignature));
jws.setKey(session.getKeyPair().getPublic());
assertThat(jws.verifySignature(), is(true));
}
@ -762,11 +761,10 @@ public class DefaultConnectionTest {
verify(mockUrlConnection, atLeast(0)).getHeaderFields();
verifyNoMoreInteractions(mockUrlConnection);
String serialized = new String(outputStream.toByteArray(), "utf-8");
String[] written = CompactSerializer.deserialize(serialized);
String header = Base64Url.decodeToUtf8String(written[0]);
String claims = Base64Url.decodeToUtf8String(written[1]);
String signature = written[2];
JSON data = JSON.parse(new String(outputStream.toByteArray(), "utf-8"));
String encodedHeader = data.get("protected").asString();
String encodedSignature = data.get("signature").asString();
String encodedPayload = data.get("payload").asString();
StringBuilder expectedHeader = new StringBuilder();
expectedHeader.append('{');
@ -779,12 +777,12 @@ public class DefaultConnectionTest {
expectedHeader.append("\"n\":\"").append(TestUtils.N).append("\"");
expectedHeader.append("}}");
assertThat(header, sameJSONAs(expectedHeader.toString()));
assertThat(claims, sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}"));
assertThat(signature, not(isEmptyOrNullString()));
assertThat(Base64Url.decodeToUtf8String(encodedHeader), sameJSONAs(expectedHeader.toString()));
assertThat(Base64Url.decodeToUtf8String(encodedPayload), sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}"));
assertThat(encodedSignature, not(isEmptyOrNullString()));
JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(serialized);
jws.setCompactSerialization(CompactSerializer.serialize(encodedHeader, encodedPayload, encodedSignature));
jws.setKey(session.getKeyPair().getPublic());
assertThat(jws.verifySignature(), is(true));
}