You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oltu.apache.org by as...@apache.org on 2016/08/01 16:03:10 UTC
svn commit: r1754770 - in /oltu/trunk/jose/jws/src:
main/java/org/apache/oltu/jose/jws/JWS.java
main/java/org/apache/oltu/jose/jws/io/JWSReader.java
test/java/org/apache/oltu/jose/jws/JWSTest.java
Author: asanso
Date: Mon Aug 1 16:03:10 2016
New Revision: 1754770
URL: http://svn.apache.org/viewvc?rev=1754770&view=rev
Log:
OLTU-201 - Issue in JWS validation
Modified:
oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JWS.java
oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/io/JWSReader.java
oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/JWSTest.java
Modified: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JWS.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JWS.java?rev=1754770&r1=1754769&r2=1754770&view=diff
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JWS.java (original)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/JWS.java Mon Aug 1 16:03:10 2016
@@ -24,6 +24,11 @@ import org.apache.oltu.jose.jws.signatur
import org.apache.oltu.jose.jws.signature.VerifyingKey;
public class JWS {
+
+ /**
+ * The raw JWS String
+ */
+ private String rawString;
/**
* The JWS Header.
@@ -41,6 +46,11 @@ public class JWS {
private final String signature;
JWS(Header header, String payload, String signature) {
+ this(null, header, payload, signature);
+ }
+
+ JWS(String rawString, Header header, String payload, String signature) {
+ this.rawString = rawString;
this.header = header;
this.payload = payload;
this.signature = signature;
@@ -89,11 +99,27 @@ public class JWS {
if (signature == null) {
throw new IllegalStateException("JWS token must have a signature to be verified.");
}
-
- return method.verify(signature, TokenDecoder.base64Encode(new JWSHeaderWriter().write(header)), TokenDecoder.base64Encode(payload), verifyingKey);
+
+ if (rawString == null) {
+ return method.verify(signature, TokenDecoder.base64Encode(new JWSHeaderWriter().write(header)), TokenDecoder.base64Encode(payload), verifyingKey);
+ } else {
+ String jwt[] = rawString.split("\\.");
+ return method.verify(jwt[2], jwt[0], jwt[1], verifyingKey);
+ }
}
public static final class Builder extends CustomizableBuilder<JWS> {
+
+ public Builder(){}
+
+ public Builder(String rawString) {
+ this.rawString = rawString;
+ }
+
+ /**
+ * The raw JWS String
+ */
+ private String rawString;
/**
* The {@code alg} JWS Header parameter.
@@ -243,7 +269,7 @@ public class JWS {
}
public JWS build() {
- return new JWS(new Header(algorithm,
+ return new JWS(rawString, new Header(algorithm,
jwkSetUrl,
jsonWebKey,
x509url,
Modified: oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/io/JWSReader.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/io/JWSReader.java?rev=1754770&r1=1754769&r2=1754770&view=diff
==============================================================================
--- oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/io/JWSReader.java (original)
+++ oltu/trunk/jose/jws/src/main/java/org/apache/oltu/jose/jws/io/JWSReader.java Mon Aug 1 16:03:10 2016
@@ -28,7 +28,7 @@ public final class JWSReader extends Tok
@Override
protected JWS build(String rawString, String decodedHeader, String decodedBody, String encodedSignature) {
- final JWS.Builder jwsBuilder = new JWS.Builder();
+ final JWS.Builder jwsBuilder = new JWS.Builder(rawString);
new JWSHeaderParser(jwsBuilder).read(decodedHeader);
Modified: oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/JWSTest.java
URL: http://svn.apache.org/viewvc/oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/JWSTest.java?rev=1754770&r1=1754769&r2=1754770&view=diff
==============================================================================
--- oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/JWSTest.java (original)
+++ oltu/trunk/jose/jws/src/test/java/org/apache/oltu/jose/jws/JWSTest.java Mon Aug 1 16:03:10 2016
@@ -33,7 +33,6 @@ import org.junit.Assert;
import org.junit.Test;
public class JWSTest {
-
@Test
public void testValidate() throws InvalidKeySpecException, NoSuchAlgorithmException {
@@ -195,7 +194,7 @@ public class JWSTest {
Assert.assertFalse(jws.validate(signatureMethod, new PublicKey(rsaPublicKey)));
}
- //@Test
+ @Test
public void testValidate3() throws InvalidKeySpecException, NoSuchAlgorithmException {
final byte[] n = TokenDecoder.base64DecodeToByte("n4EPtAOCc9AlkeQHPzHStgAbgs7bTZLwUBZdR8_KuKPEHLd4rHVTeT-O-XV2jRojdNhxJWTDvNd7nqQ0VEiZQHz_AJmSCpMaJMRBSFKrKb2wqVwGU_NsYOYL-QtiWN2lbzcEe6XC0dApr5ydQLrHqkHHig3RBordaZ6Aj-oBHqFEHYpPe7Tpe-OfVfHd1E6cS6M1FZcD1NNLYD5lFHpPI9bTwJlsde3uhGqC0ZCuEHg8lhzwOHrtIQbS0FVbb9k3-tVTU4fg_3L_vniUFAKwuCLqKnS2BYwdq_mzSnbLY7h_qixoR7jig3__kRhuaxwUkRz5iaiQkqgc5gHdrNP5zw");
@@ -229,7 +228,6 @@ public class JWSTest {
SignatureMethod signatureMethod = new SignatureMethodRSAImpl("RS256");
-
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
Assert.assertTrue(jws.validate(signatureMethod, new PublicKey(rsaPublicKey)));