You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oltu.apache.org by as...@apache.org on 2013/12/20 15:58:05 UTC
svn commit: r1552694 - in /oltu/trunk/jose/jws/src:
main/java/org/apache/oltu/jose/jws/ main/java/org/apache/oltu/jose/jws/io/
main/java/org/apache/oltu/jose/jws/signature/
test/java/org/apache/oltu/jose/jws/signature/
Author: asanso
Date: Fri Dec 20 14:58:05 2013
New Revision: 1552694
URL: http://svn.apache.org/r1552694
Log:
OLTU-132 - SignatureMethod should take in consideration also the header
* revised method signatures and implementation
Added:
oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/TestDummySignatureMethod.java
- copied, changed from r1538515, oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/TestSignatureMethod.java
Modified:
oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JWS.java
oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/io/JWSHeaderWriter.java
oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/SignatureMethod.java
oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/SignatureMethodTestCase.java
Modified: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JWS.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JWS.java?rev=1552694&r1=1552693&r2=1552694&view=diff
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JWS.java (original)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JWS.java Fri Dec 20 14:58:05 2013
@@ -16,7 +16,9 @@
*/
package org.apache.oltu.jose.jws;
+import org.apache.oltu.commons.encodedtoken.TokenDecoder;
import org.apache.oltu.commons.json.CustomizableBuilder;
+import org.apache.oltu.jose.jws.io.JWSHeaderWriter;
import org.apache.oltu.jose.jws.signature.SignatureMethod;
import org.apache.oltu.jose.jws.signature.SigningKey;
import org.apache.oltu.jose.jws.signature.VerifyingKey;
@@ -88,7 +90,7 @@ public class JWS {
throw new IllegalStateException("JWS token must have a signature to be verified.");
}
- return method.verify(signature, payload, verifyingKey);
+ return method.verify(signature, TokenDecoder.base64Encode(new JWSHeaderWriter().write(header)), TokenDecoder.base64Encode(payload), verifyingKey);
}
public static final class Builder extends CustomizableBuilder<JWS> {
@@ -225,7 +227,19 @@ public class JWS {
throw new IllegalStateException("Payload needs to be set in order to sign the current JWT");
}
setAlgorithm(method.getAlgorithm());
- return setSignature(method.calculate(payload, signingKey));
+
+ String header = new JWSHeaderWriter().write(new Header(algorithm,
+ jwkSetUrl,
+ jsonWebKey,
+ x509url,
+ x509CertificateThumbprint,
+ x509CertificateChain,
+ keyId, type,
+ contentType,
+ critical,
+ getCustomFields()));
+
+ return setSignature(method.calculate(TokenDecoder.base64Encode(header), TokenDecoder.base64Encode(payload), signingKey));
}
public JWS build() {
Modified: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/io/JWSHeaderWriter.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/io/JWSHeaderWriter.java?rev=1552694&r1=1552693&r2=1552694&view=diff
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/io/JWSHeaderWriter.java (original)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/io/JWSHeaderWriter.java Fri Dec 20 14:58:05 2013
@@ -19,7 +19,7 @@ package org.apache.oltu.jose.jws.io;
import org.apache.oltu.commons.json.CustomizableEntityWriter;
import org.apache.oltu.jose.jws.Header;
-final class JWSHeaderWriter extends CustomizableEntityWriter<Header> implements JWSConstants {
+public final class JWSHeaderWriter extends CustomizableEntityWriter<Header> implements JWSConstants {
@Override
protected void handleProperties(Header header) {
Modified: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/SignatureMethod.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/SignatureMethod.java?rev=1552694&r1=1552693&r2=1552694&view=diff
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/SignatureMethod.java (original)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/signature/SignatureMethod.java Fri Dec 20 14:58:05 2013
@@ -24,9 +24,9 @@ package org.apache.oltu.jose.jws.signatu
*/
public interface SignatureMethod<S extends SigningKey, V extends VerifyingKey> {
- String calculate(String payload, S signingKey);
+ String calculate(String header, String payload, S signingKey);
- boolean verify(String signature, String payload, V verifyingKey);
+ boolean verify(String signature, String header, String payload, V verifyingKey);
String getAlgorithm();
Modified: oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/SignatureMethodTestCase.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/SignatureMethodTestCase.java?rev=1552694&r1=1552693&r2=1552694&view=diff
==============================================================================
--- oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/SignatureMethodTestCase.java (original)
+++ oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/SignatureMethodTestCase.java Fri Dec 20 14:58:05 2013
@@ -18,6 +18,7 @@ package org.apache.oltu.jose.jws.signatu
import static org.junit.Assert.*;
+import org.apache.oltu.commons.encodedtoken.TokenDecoder;
import org.apache.oltu.jose.jws.JWS;
import org.junit.After;
import org.junit.Before;
@@ -25,20 +26,25 @@ import org.junit.Test;
public final class SignatureMethodTestCase {
+ private String hs256;
+
private String payload;
private TestSymetricKey key;
private String signature;
- private TestSignatureMethod method;
+ private TestDummySignatureMethod method;
@Before
public void setUp() {
payload = "{\"iss\":\"joe\",\r\n \"exp\":1300819380,\r\n \"http://example.com/is_root\":true}";
+ hs256 = "{\"alg\":\"TEST\",\"typ\":\"JWT\"}";
+
key = new TestSymetricKey("supercalifragilistichespiralidoso1234567890");
- signature = payload + key.getValue();
- method = new TestSignatureMethod();
+ signature = TokenDecoder.base64Encode(hs256) + TokenDecoder.base64Encode(payload) + key.getValue();
+
+ method = new TestDummySignatureMethod();
}
@After
@@ -51,14 +57,15 @@ public final class SignatureMethodTestCa
@Test
public void simpleSignatureVerification() {
- assertEquals(signature, method.calculate(payload, key));
- assertTrue(method.verify(signature, payload, key));
+ assertEquals(hs256 + payload + key.getValue(), method.calculate(hs256, payload, key));
+ assertTrue(method.verify(hs256 + payload + key.getValue(), hs256, payload, key));
}
@Test
public void signJWS() {
JWS jws = new JWS.Builder()
- .setType("JWT")
+ .setType("JWT").
+ setAlgorithm("TEST")
.setPayload(payload)
.sign(method, key)
.build();
@@ -71,6 +78,7 @@ public final class SignatureMethodTestCa
public void validateJWS() {
JWS jws = new JWS.Builder()
.setType("JWT")
+ .setAlgorithm("TEST")
.setPayload(payload)
.sign(method, key)
.build();
Copied: oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/TestDummySignatureMethod.java (from r1538515, oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/TestSignatureMethod.java)
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/TestDummySignatureMethod.java?p2=oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/TestDummySignatureMethod.java&p1=oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/TestSignatureMethod.java&r1=1538515&r2=1552694&rev=1552694&view=diff
==============================================================================
--- oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/TestSignatureMethod.java (original)
+++ oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/signature/TestDummySignatureMethod.java Fri Dec 20 14:58:05 2013
@@ -16,16 +16,16 @@
*/
package org.apache.oltu.jose.jws.signature;
-final class TestSignatureMethod implements SignatureMethod<TestSymetricKey, TestSymetricKey> {
+final class TestDummySignatureMethod implements SignatureMethod<TestSymetricKey, TestSymetricKey> {
@Override
- public String calculate(String payload, TestSymetricKey signingKey) {
- return payload + signingKey.getValue();
+ public String calculate(String header, String payload, TestSymetricKey signingKey) {
+ return header + payload + signingKey.getValue();
}
@Override
- public boolean verify(String signature, String payload, TestSymetricKey verifyingKey) {
- return signature.equals(payload + verifyingKey.getValue());
+ public boolean verify(String signature, String header, String payload, TestSymetricKey verifyingKey) {
+ return signature.equals(calculate(header, payload, verifyingKey));
}
@Override