Skip to content

Commit 29fc485

Browse files
jdahmubedjdahmubed
committed
X509
1 parent 050e87d commit 29fc485

53 files changed

Lines changed: 679 additions & 1012 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

lib/src/main/java/com/auth0/jwt/JWTDecoder.java

Lines changed: 29 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -19,22 +19,28 @@
1919

2020
package com.auth0.jwt;
2121

22-
import com.auth0.jwt.creators.*;
23-
import com.auth0.jwt.impl.JWTParser;
22+
import com.auth0.jwt.creators.EncodeType;
23+
import com.auth0.jwt.creators.FbJwtCreator;
24+
import com.auth0.jwt.creators.GoogleJwtCreator;
25+
import com.auth0.jwt.creators.GoogleOrFbJwtCreator;
2426
import com.auth0.jwt.impl.Claims;
27+
import com.auth0.jwt.impl.JWTParser;
2528
import com.auth0.jwt.interfaces.Claim;
2629
import com.auth0.jwt.interfaces.DecodedJWT;
2730
import com.auth0.jwt.interfaces.Header;
2831
import com.auth0.jwt.interfaces.Payload;
2932
import com.auth0.jwt.utils.TokenUtils;
33+
import com.google.common.base.Strings;
34+
import java.net.URLDecoder;
35+
import java.nio.charset.StandardCharsets;
36+
import java.util.Date;
37+
import java.util.List;
38+
import java.util.Map;
3039
import org.apache.commons.codec.binary.Base32;
3140
import org.apache.commons.codec.binary.Base64;
3241
import org.apache.commons.codec.binary.Hex;
3342
import org.apache.commons.codec.binary.StringUtils;
3443

35-
import java.net.URLDecoder;
36-
import java.util.*;
37-
3844
/**
3945
* The JWTDecoder class holds the decode method to parse a given JWT token into it's JWT representation.
4046
*/
@@ -44,9 +50,8 @@ public final class JWTDecoder implements DecodedJWT {
4450
private final String[] parts;
4551
private final Header header;
4652
private final Payload payload;
47-
48-
private static final String FACEBOOK = "facebook";
49-
private static final String GOOGLE = "google";
53+
private static final String ISSUER_FACEBOOK = "facebook";
54+
private static final String ISSUER_GOOGLE = "google";
5055

5156
public JWTDecoder(String jwt, EncodeType encodeType) throws Exception {
5257
parts = TokenUtils.splitToken(jwt);
@@ -55,13 +60,13 @@ public JWTDecoder(String jwt, EncodeType encodeType) throws Exception {
5560
String payloadJson = null;
5661
switch (encodeType) {
5762
case Base16:
58-
headerJson = URLDecoder.decode(new String(Hex.decodeHex(parts[0])), "UTF-8");
59-
payloadJson = URLDecoder.decode(new String(Hex.decodeHex(parts[1])), "UTF-8");
63+
headerJson = URLDecoder.decode(new String(Hex.decodeHex(parts[0])), StandardCharsets.UTF_8.name());
64+
payloadJson = URLDecoder.decode(new String(Hex.decodeHex(parts[1])), StandardCharsets.UTF_8.name());
6065
break;
6166
case Base32:
6267
Base32 base32 = new Base32();
63-
headerJson = URLDecoder.decode(new String(base32.decode(parts[0]), "UTF-8"));
64-
payloadJson = URLDecoder.decode(new String(base32.decode(parts[1]), "UTF-8"));
68+
headerJson = URLDecoder.decode(new String(base32.decode(parts[0]), StandardCharsets.UTF_8.name()));
69+
payloadJson = URLDecoder.decode(new String(base32.decode(parts[1]), StandardCharsets.UTF_8.name()));
6570
break;
6671
case Base64:
6772
headerJson = StringUtils.newStringUtf8(Base64.decodeBase64(parts[0]));
@@ -162,17 +167,24 @@ public String getToken() {
162167
return String.format("%s.%s.%s", parts[0], parts[1], parts[2]);
163168
}
164169

165-
public static GoogleOrFbJwtCreator decodeJWT(DecodedJWT jwt) {
170+
public GoogleOrFbJwtCreator decodeJWT(DecodedJWT jwt) {
166171
Map<String, Claim> claims = jwt.getClaims();
167-
String issuer = claims.get(Claims.ISSUER).asString();
172+
Claim issuerClaim = claims.get(Claims.ISSUER);
173+
if(issuerClaim == null) {
174+
throw new IllegalArgumentException("null issuer claim");
175+
}
176+
String issuer = issuerClaim.asString();
168177
GoogleOrFbJwtCreator googleOrFbJwtCreator = null;
169-
if(issuer.contains(FACEBOOK)) {
178+
if(Strings.isNullOrEmpty(issuer)) {
179+
throw new IllegalArgumentException("null or empty issuer");
180+
}
181+
if(ISSUER_FACEBOOK.contains(issuer)) {
170182
googleOrFbJwtCreator = FbJwtCreator.build()
171183
.withExp(claims.get(Claims.EXPIRES_AT).asDate())
172184
.withIat(claims.get(Claims.ISSUED_AT).asDate())
173185
.withAppId(claims.get(Claims.APP_ID).asString())
174186
.withUserId(claims.get(Claims.USER_ID).asString());
175-
} else if(issuer.contains(GOOGLE)) {
187+
} else if(ISSUER_GOOGLE.contains(issuer)) {
176188
googleOrFbJwtCreator = GoogleJwtCreator.build()
177189
.withPicture(claims.get(Claims.PICTURE).asString())
178190
.withEmail(claims.get(Claims.EMAIL).asString())
@@ -188,4 +200,5 @@ public static GoogleOrFbJwtCreator decodeJWT(DecodedJWT jwt) {
188200

189201
return googleOrFbJwtCreator;
190202
}
203+
191204
}

lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,14 @@
2525
import com.auth0.jwt.interfaces.DecodedJWT;
2626
import com.auth0.jwt.interfaces.ECDSAKeyProvider;
2727
import com.auth0.jwt.interfaces.RSAKeyProvider;
28-
2928
import java.io.UnsupportedEncodingException;
30-
import java.security.interfaces.*;
29+
import java.security.interfaces.ECKey;
30+
import java.security.interfaces.ECPrivateKey;
31+
import java.security.interfaces.ECPublicKey;
32+
import java.security.interfaces.RSAKey;
33+
import java.security.interfaces.RSAPrivateKey;
34+
import java.security.interfaces.RSAPublicKey;
35+
3136

3237
/**
3338
* The Algorithm class represents an algorithm to be used in the Signing or Verification process of a Token.
@@ -385,6 +390,13 @@ public String toString() {
385390
*/
386391
public abstract void verify(DecodedJWT jwt, EncodeType encodeType) throws Exception;
387392

393+
/**
394+
* Verify the given token including x509 functionality
395+
* @param jwt the already decoded JWT that it's going to be verified.
396+
* @param jwksFile
397+
* @param pemFile
398+
* @throws Exception
399+
*/
388400
public abstract void verifyWithX509(DecodedJWT jwt, String jwksFile, String pemFile) throws Exception;
389401

390402
/**

lib/src/main/java/com/auth0/jwt/algorithms/CryptoHelper.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,9 +19,15 @@
1919

2020
package com.auth0.jwt.algorithms;
2121

22+
import java.security.InvalidKeyException;
23+
import java.security.MessageDigest;
24+
import java.security.NoSuchAlgorithmException;
25+
import java.security.PrivateKey;
26+
import java.security.PublicKey;
27+
import java.security.Signature;
28+
import java.security.SignatureException;
2229
import javax.crypto.Mac;
2330
import javax.crypto.spec.SecretKeySpec;
24-
import java.security.*;
2531

2632
class CryptoHelper {
2733

lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java

Lines changed: 9 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -19,43 +19,21 @@
1919

2020
package com.auth0.jwt.algorithms;
2121

22-
import com.auth0.jwk.Jwk;
23-
import com.auth0.jwk.JwkProvider;
24-
import com.auth0.jwk.UrlJwkProvider;
2522
import com.auth0.jwt.creators.EncodeType;
2623
import com.auth0.jwt.exceptions.SignatureGenerationException;
2724
import com.auth0.jwt.exceptions.SignatureVerificationException;
2825
import com.auth0.jwt.interfaces.DecodedJWT;
2926
import com.auth0.jwt.interfaces.ECDSAKeyProvider;
30-
import com.auth0.jwt.interfaces.Payload;
31-
import com.google.gson.JsonElement;
32-
import com.google.gson.JsonObject;
33-
import com.google.gson.JsonParser;
34-
import com.nimbusds.jose.JWSAlgorithm;
35-
import com.nimbusds.jose.JWSHeader;
36-
import com.nimbusds.jose.JWSObject;
37-
import com.nimbusds.jose.crypto.RSASSASigner;
38-
import com.nimbusds.jose.crypto.RSASSAVerifier;
39-
import com.nimbusds.jose.jwk.JWK;
40-
import net.minidev.json.JSONArray;
41-
import net.minidev.json.JSONObject;
42-
import net.minidev.json.parser.JSONParser;
43-
import org.apache.commons.codec.binary.Base32;
44-
import org.apache.commons.codec.binary.Base64;
45-
import org.apache.commons.codec.binary.Hex;
46-
import org.apache.commons.codec.binary.StringUtils;
47-
48-
import java.io.File;
49-
import java.io.FileReader;
50-
import java.net.URL;
5127
import java.net.URLDecoder;
5228
import java.nio.charset.StandardCharsets;
53-
import java.security.*;
29+
import java.security.InvalidKeyException;
30+
import java.security.NoSuchAlgorithmException;
31+
import java.security.SignatureException;
5432
import java.security.interfaces.ECPrivateKey;
5533
import java.security.interfaces.ECPublicKey;
56-
import java.security.interfaces.RSAPrivateKey;
57-
import java.security.interfaces.RSAPublicKey;
58-
import java.util.List;
34+
import org.apache.commons.codec.binary.Base32;
35+
import org.apache.commons.codec.binary.Base64;
36+
import org.apache.commons.codec.binary.Hex;
5937

6038
class ECDSAAlgorithm extends Algorithm {
6139

@@ -86,12 +64,12 @@ public void verify(DecodedJWT jwt, EncodeType encodeType) throws Exception {
8664
String urlDecoded = null;
8765
switch (encodeType) {
8866
case Base16:
89-
urlDecoded = URLDecoder.decode(signature, "UTF-8");
67+
urlDecoded = URLDecoder.decode(signature, StandardCharsets.UTF_8.name());
9068
signatureBytes = Hex.decodeHex(urlDecoded);
9169
break;
9270
case Base32:
9371
Base32 base32 = new Base32();
94-
urlDecoded = URLDecoder.decode(signature, "UTF-8");
72+
urlDecoded = URLDecoder.decode(signature, StandardCharsets.UTF_8.name());
9573
signatureBytes = base32.decode(urlDecoded);
9674
break;
9775
case Base64:
@@ -116,7 +94,7 @@ public void verify(DecodedJWT jwt, EncodeType encodeType) throws Exception {
11694

11795
@Override
11896
public void verifyWithX509(DecodedJWT jwt, String jwksFile, String pemFile) throws Exception {
119-
throw new UnsupportedOperationException("X509 is not supported for ECDSA");
97+
throw new UnsupportedOperationException("X509 is not supported for ECDSA algorithm");
12098
}
12199

122100
@Override

lib/src/main/java/com/auth0/jwt/algorithms/HMACAlgorithm.java

Lines changed: 8 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -20,22 +20,18 @@
2020
package com.auth0.jwt.algorithms;
2121

2222
import com.auth0.jwt.creators.EncodeType;
23-
import com.auth0.jwt.creators.JWTCreator;
2423
import com.auth0.jwt.exceptions.SignatureGenerationException;
2524
import com.auth0.jwt.exceptions.SignatureVerificationException;
2625
import com.auth0.jwt.interfaces.DecodedJWT;
27-
import org.apache.commons.codec.CharEncoding;
28-
import org.apache.commons.codec.binary.Base32;
29-
import org.apache.commons.codec.binary.Base64;
30-
import org.apache.commons.codec.binary.Hex;
31-
import org.apache.commons.codec.binary.StringUtils;
32-
33-
import java.io.*;
26+
import java.io.UnsupportedEncodingException;
3427
import java.net.URLDecoder;
35-
import java.nio.charset.Charset;
3628
import java.nio.charset.StandardCharsets;
3729
import java.security.InvalidKeyException;
3830
import java.security.NoSuchAlgorithmException;
31+
import org.apache.commons.codec.CharEncoding;
32+
import org.apache.commons.codec.binary.Base32;
33+
import org.apache.commons.codec.binary.Base64;
34+
import org.apache.commons.codec.binary.Hex;
3935

4036
class HMACAlgorithm extends Algorithm {
4137

@@ -76,12 +72,12 @@ public void verify(DecodedJWT jwt, EncodeType encodeType) throws Exception {
7672
String urlDecoded = null;
7773
switch (encodeType) {
7874
case Base16:
79-
urlDecoded = URLDecoder.decode(signature, "UTF-8");
75+
urlDecoded = URLDecoder.decode(signature, StandardCharsets.UTF_8.name());
8076
signatureBytes = Hex.decodeHex(urlDecoded);
8177
break;
8278
case Base32:
8379
Base32 base32 = new Base32();
84-
urlDecoded = URLDecoder.decode(signature, "UTF-8");
80+
urlDecoded = URLDecoder.decode(signature, StandardCharsets.UTF_8.name());
8581
signatureBytes = base32.decode(urlDecoded);
8682
break;
8783
case Base64:
@@ -101,7 +97,7 @@ public void verify(DecodedJWT jwt, EncodeType encodeType) throws Exception {
10197

10298
@Override
10399
public void verifyWithX509(DecodedJWT jwt, String jwksFile, String pemFile) throws Exception {
104-
throw new UnsupportedOperationException("X509 is not supported for HMAC");
100+
throw new UnsupportedOperationException("X509 is not supported for HMAC algorithm");
105101
}
106102

107103
@Override

lib/src/main/java/com/auth0/jwt/algorithms/NoneAlgorithm.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,12 +23,12 @@
2323
import com.auth0.jwt.exceptions.SignatureGenerationException;
2424
import com.auth0.jwt.exceptions.SignatureVerificationException;
2525
import com.auth0.jwt.interfaces.DecodedJWT;
26+
import java.net.URLDecoder;
27+
import java.nio.charset.StandardCharsets;
2628
import org.apache.commons.codec.binary.Base32;
2729
import org.apache.commons.codec.binary.Base64;
2830
import org.apache.commons.codec.binary.Hex;
2931

30-
import java.net.URLDecoder;
31-
3232
class NoneAlgorithm extends Algorithm {
3333

3434
NoneAlgorithm() {
@@ -42,12 +42,12 @@ public void verify(DecodedJWT jwt, EncodeType encodeType) throws Exception {
4242
String urlDecoded = null;
4343
switch (encodeType) {
4444
case Base16:
45-
urlDecoded = URLDecoder.decode(signature, "UTF-8");
45+
urlDecoded = URLDecoder.decode(signature, StandardCharsets.UTF_8.name());
4646
signatureBytes = Hex.decodeHex(urlDecoded);
4747
break;
4848
case Base32:
4949
Base32 base32 = new Base32();
50-
urlDecoded = URLDecoder.decode(signature, "UTF-8");
50+
urlDecoded = URLDecoder.decode(signature, StandardCharsets.UTF_8.name());
5151
signatureBytes = base32.decode(urlDecoded);
5252
break;
5353
case Base64:

lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java

Lines changed: 20 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -28,21 +28,28 @@
2828
import com.auth0.jwt.exceptions.SignatureVerificationException;
2929
import com.auth0.jwt.interfaces.DecodedJWT;
3030
import com.auth0.jwt.interfaces.RSAKeyProvider;
31-
import org.apache.commons.codec.binary.Base32;
32-
import org.apache.commons.codec.binary.Base64;
33-
import org.apache.commons.codec.binary.Hex;
34-
import org.bouncycastle.util.io.pem.PemReader;
35-
36-
import java.io.*;
31+
import java.io.BufferedWriter;
32+
import java.io.File;
33+
import java.io.FileOutputStream;
34+
import java.io.FileReader;
35+
import java.io.OutputStreamWriter;
36+
import java.io.Writer;
3737
import java.net.URLDecoder;
3838
import java.nio.charset.StandardCharsets;
39-
import java.security.*;
39+
import java.security.InvalidKeyException;
40+
import java.security.KeyFactory;
41+
import java.security.NoSuchAlgorithmException;
42+
import java.security.PublicKey;
43+
import java.security.SignatureException;
4044
import java.security.interfaces.RSAPrivateKey;
4145
import java.security.interfaces.RSAPublicKey;
4246
import java.security.spec.X509EncodedKeySpec;
43-
import java.util.ArrayList;
4447
import java.util.Arrays;
4548
import java.util.List;
49+
import org.apache.commons.codec.binary.Base32;
50+
import org.apache.commons.codec.binary.Base64;
51+
import org.apache.commons.codec.binary.Hex;
52+
import org.bouncycastle.util.io.pem.PemReader;
4653

4754
class RSAAlgorithm extends Algorithm {
4855

@@ -76,7 +83,7 @@ public void verifyWithX509(DecodedJWT jwt, String jwksFile, String pemFile) thro
7683
Jwk jwk = provider.get(kid);
7784
String cert = jwk.getCertificateChain().get(0);
7885
try (Writer writer = new BufferedWriter(new OutputStreamWriter(
79-
new FileOutputStream("./jwks.cert"), "utf-8"))) {
86+
new FileOutputStream("./jwks.cert"), StandardCharsets.UTF_8.name()))) {
8087
writer.write("-----BEGIN CERTIFICATE-----");
8188
writer.append("\n" + cert + "\n");
8289
writer.append("-----END CERTIFICATE-----");
@@ -122,26 +129,26 @@ public void verify(DecodedJWT jwt, EncodeType encodeType) throws Exception {
122129
}
123130

124131
private List<byte[]> fetchContentAndSignatureByteArrays(DecodedJWT jwt, EncodeType encodeType) throws Exception{
125-
byte[] contentBytes = String.format("%s.%s", jwt.getHeader(), jwt.getPayload()).getBytes(StandardCharsets.UTF_8);
132+
byte[] contentBytes = String.format("%s.%s", jwt.getHeader(), jwt.getPayload()).getBytes(StandardCharsets.UTF_8.name());
126133
byte[] signatureBytes = null;
127134
String signature = jwt.getSignature();
128135
String urlDecoded = null;
129136
switch (encodeType) {
130137
case Base16:
131-
urlDecoded = URLDecoder.decode(signature, "UTF-8");
138+
urlDecoded = URLDecoder.decode(signature, StandardCharsets.UTF_8.name());
132139
signatureBytes = Hex.decodeHex(urlDecoded);
133140
break;
134141
case Base32:
135142
Base32 base32 = new Base32();
136-
urlDecoded = URLDecoder.decode(signature, "UTF-8");
143+
urlDecoded = URLDecoder.decode(signature, StandardCharsets.UTF_8.name());
137144
signatureBytes = base32.decode(urlDecoded);
138145
break;
139146
case Base64:
140147
signatureBytes = Base64.decodeBase64(signature);
141148
break;
142149
}
143150

144-
return new ArrayList<>(Arrays.asList(contentBytes, signatureBytes));
151+
return Arrays.asList(contentBytes, signatureBytes);
145152
}
146153

147154
@Override

0 commit comments

Comments
 (0)