Skip to content

Commit

Permalink
rename and cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
robotdan committed Jul 4, 2020
1 parent 8bd1fd8 commit c3ddb54
Show file tree
Hide file tree
Showing 9 changed files with 48 additions and 33 deletions.
4 changes: 4 additions & 0 deletions CHANGES
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
FusionAuth JWT Changes

Changes in 3.5.0

* Initial support for RSA Probabilistic Signature Schema (RSASSA-PSS) algorithms PS256, PS384 and PS512.

Changes in 3.4.1

* Modify JSONWebKeyBuilder.build when taking a PEM to prefer a certificate over a public key to ensure we get the x5t in the output.
Expand Down
2 changes: 2 additions & 0 deletions fusionauth-jwt.ipr
Original file line number Diff line number Diff line change
Expand Up @@ -617,8 +617,10 @@
<component name="ProjectDictionaryState">
<dictionary name="degroff">
<words>
<w>aand</w>
<w>jwks</w>
<w>rsassa</w>
<w>secp</w>
</words>
</dictionary>
</component>
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/io/fusionauth/jwt/rsa/RSAPSSSigner.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2016-2020, FusionAuth, All Rights Reserved
* Copyright (c) 2020, FusionAuth, All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2016-2020, FusionAuth, All Rights Reserved
* Copyright (c) 2020, FusionAuth, All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -44,12 +44,12 @@
*
* @author Daniel DeGroff
*/
public class RSAPSAVerifier implements Verifier {
public class RSAPSSVerifier implements Verifier {
private final RSAPublicKey publicKey;

private final CryptoProvider cryptoProvider;

private RSAPSAVerifier(RSAPublicKey publicKey, CryptoProvider cryptoProvider) {
private RSAPSSVerifier(RSAPublicKey publicKey, CryptoProvider cryptoProvider) {
Objects.requireNonNull(publicKey);
Objects.requireNonNull(cryptoProvider);

Expand All @@ -58,7 +58,7 @@ private RSAPSAVerifier(RSAPublicKey publicKey, CryptoProvider cryptoProvider) {
assertValidKeyLength();
}

private RSAPSAVerifier(String publicKey, CryptoProvider cryptoProvider) {
private RSAPSSVerifier(String publicKey, CryptoProvider cryptoProvider) {
Objects.requireNonNull(publicKey);
Objects.requireNonNull(cryptoProvider);

Expand All @@ -78,7 +78,7 @@ private RSAPSAVerifier(String publicKey, CryptoProvider cryptoProvider) {
* @param publicKey The RSA public key object.
* @return a new instance of the RSA verifier.
*/
public static RSAPSAVerifier newVerifier(RSAPublicKey publicKey) {
public static RSAPSSVerifier newVerifier(RSAPublicKey publicKey) {
return newVerifier(publicKey, new DefaultCryptoProvider());
}

Expand All @@ -89,9 +89,9 @@ public static RSAPSAVerifier newVerifier(RSAPublicKey publicKey) {
* @param cryptoProvider The crypto provider used to get the RSA signature Algorithm.
* @return a new instance of the RSA verifier.
*/
public static RSAPSAVerifier newVerifier(RSAPublicKey publicKey, CryptoProvider cryptoProvider) {
public static RSAPSSVerifier newVerifier(RSAPublicKey publicKey, CryptoProvider cryptoProvider) {
Objects.requireNonNull(publicKey);
return new RSAPSAVerifier(publicKey, cryptoProvider);
return new RSAPSSVerifier(publicKey, cryptoProvider);
}

/**
Expand All @@ -100,7 +100,7 @@ public static RSAPSAVerifier newVerifier(RSAPublicKey publicKey, CryptoProvider
* @param publicKey The RSA public key PEM.
* @return a new instance of the RSA verifier.
*/
public static RSAPSAVerifier newVerifier(String publicKey) {
public static RSAPSSVerifier newVerifier(String publicKey) {
return newVerifier(publicKey, new DefaultCryptoProvider());
}

Expand All @@ -111,9 +111,9 @@ public static RSAPSAVerifier newVerifier(String publicKey) {
* @param cryptoProvider The crypto provider used to get the RSA signature Algorithm.
* @return a new instance of the RSA verifier.
*/
public static RSAPSAVerifier newVerifier(String publicKey, CryptoProvider cryptoProvider) {
public static RSAPSSVerifier newVerifier(String publicKey, CryptoProvider cryptoProvider) {
Objects.requireNonNull(publicKey);
return new RSAPSAVerifier(publicKey, cryptoProvider);
return new RSAPSSVerifier(publicKey, cryptoProvider);
}

/**
Expand All @@ -122,7 +122,7 @@ public static RSAPSAVerifier newVerifier(String publicKey, CryptoProvider crypto
* @param path The path to the RSA public key PEM.
* @return a new instance of the RSA verifier.
*/
public static RSAPSAVerifier newVerifier(Path path) {
public static RSAPSSVerifier newVerifier(Path path) {
return newVerifier(path, new DefaultCryptoProvider());
}

Expand All @@ -133,11 +133,11 @@ public static RSAPSAVerifier newVerifier(Path path) {
* @param cryptoProvider The crypto provider used to get the RSA signature Algorithm.
* @return a new instance of the RSA verifier.
*/
public static RSAPSAVerifier newVerifier(Path path, CryptoProvider cryptoProvider) {
public static RSAPSSVerifier newVerifier(Path path, CryptoProvider cryptoProvider) {
Objects.requireNonNull(path);

try {
return new RSAPSAVerifier(new String(Files.readAllBytes(path)), cryptoProvider);
return new RSAPSSVerifier(new String(Files.readAllBytes(path)), cryptoProvider);
} catch (IOException e) {
throw new JWTVerifierException("Unable to read the file from path [" + path.toAbsolutePath().toString() + "]", e);
}
Expand All @@ -149,9 +149,9 @@ public static RSAPSAVerifier newVerifier(Path path, CryptoProvider cryptoProvide
* @param bytes The bytes of the RSA public key PEM.
* @return a new instance of the RSA verifier.
*/
public static RSAPSAVerifier newVerifier(byte[] bytes) {
public static RSAPSSVerifier newVerifier(byte[] bytes) {
Objects.requireNonNull(bytes);
return new RSAPSAVerifier((new String(bytes)), new DefaultCryptoProvider());
return new RSAPSSVerifier((new String(bytes)), new DefaultCryptoProvider());
}

@Override
Expand Down
8 changes: 4 additions & 4 deletions src/test/java/io/fusionauth/jwt/JWTTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
import io.fusionauth.jwt.ec.ECVerifier;
import io.fusionauth.jwt.hmac.HMACSigner;
import io.fusionauth.jwt.hmac.HMACVerifier;
import io.fusionauth.jwt.rsa.RSAPSAVerifier;
import io.fusionauth.jwt.rsa.RSAPSSVerifier;
import io.fusionauth.jwt.rsa.RSAPSSSigner;
import io.fusionauth.jwt.rsa.RSASigner;
import io.fusionauth.jwt.rsa.RSAVerifier;
Expand Down Expand Up @@ -437,7 +437,7 @@ public void test_PS256() throws IOException {
String encodedJWT = JWT.getEncoder().encode(jwt, signer);

// Verify the JWT
Verifier verifier = RSAPSAVerifier.newVerifier(Paths.get("src/test/resources/rsa_public_key_2048.pem"));
Verifier verifier = RSAPSSVerifier.newVerifier(Paths.get("src/test/resources/rsa_public_key_2048.pem"));
JWT actual = JWT.getDecoder().decode(encodedJWT, verifier);

assertEquals(actual.subject, jwt.subject);
Expand All @@ -453,7 +453,7 @@ public void test_PS384() throws IOException {
String encodedJWT = JWT.getEncoder().encode(jwt, signer);

// Verify the JWT
Verifier verifier = RSAPSAVerifier.newVerifier(Paths.get("src/test/resources/rsa_public_key_2048.pem"));
Verifier verifier = RSAPSSVerifier.newVerifier(Paths.get("src/test/resources/rsa_public_key_2048.pem"));
JWT actual = JWT.getDecoder().decode(encodedJWT, verifier);

assertEquals(actual.subject, jwt.subject);
Expand All @@ -469,7 +469,7 @@ public void test_PS512() throws IOException {
String encodedJWT = JWT.getEncoder().encode(jwt, signer);

// Verify the JWT
Verifier verifier = RSAPSAVerifier.newVerifier(Paths.get("src/test/resources/rsa_public_key_3072.pem"));
Verifier verifier = RSAPSSVerifier.newVerifier(Paths.get("src/test/resources/rsa_public_key_3072.pem"));
JWT actual = JWT.getDecoder().decode(encodedJWT, verifier);

assertEquals(actual.subject, jwt.subject);
Expand Down
6 changes: 5 additions & 1 deletion src/test/java/io/fusionauth/jwt/RequiresAlgorithm.java
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,18 @@
* language governing permissions and limitations under the License.
*/


package io.fusionauth.jwt;

import java.lang.annotation.Retention;
import java.lang.annotation.Target;

import static java.lang.annotation.ElementType.METHOD;

/**
* Test marker annotation to indicate the test should be only be run when a particular algorithm is available.
*
* @author Daniel DeGroff
*/
@Retention(java.lang.annotation.RetentionPolicy.RUNTIME)
@Target({METHOD})
public @interface RequiresAlgorithm {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,11 @@
import java.lang.reflect.Method;
import java.security.Signature;

/**
* Test NG transformer used to disable tests at runtime.
*
* @author Daniel DeGroff
*/
@SuppressWarnings("unused")
public class TestNGAnnotationTransformer implements IAnnotationTransformer {
private static boolean RSAProbabilisticSignatureSchemaAvailable;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
/**
* @author Daniel DeGroff
*/
public class RSAPSASignerTest extends BaseTest {
public class RSAPSSSignerTest extends BaseTest {
@Test
public void test_private_pem_parsing() {
// No kid
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
/**
* @author Daniel DeGroff
*/
public class RSAPSAVerifierTest extends BaseTest {
public class RSAPSSVerifierTest extends BaseTest {
@Test
public void test_public_pem_parsing() {
Arrays.asList(
Expand All @@ -51,13 +51,13 @@ public void test_public_pem_parsing() {
"rsa_public_key_4096.pem")
.forEach(fileName -> {
// Take a String arg
assertRSAPSAVerifier(RSAPSAVerifier.newVerifier(getPath(fileName)));
assertRSAPSAVerifier(RSAPSSVerifier.newVerifier(getPath(fileName)));
// Take a Path arg
assertRSAPSAVerifier(RSAPSAVerifier.newVerifier(readFile(fileName)));
assertRSAPSAVerifier(RSAPSSVerifier.newVerifier(readFile(fileName)));
// Take a byte[] arg
assertRSAPSAVerifier(RSAPSAVerifier.newVerifier(readFile(fileName).getBytes(StandardCharsets.UTF_8)));
assertRSAPSAVerifier(RSAPSSVerifier.newVerifier(readFile(fileName).getBytes(StandardCharsets.UTF_8)));
// Take a public key arg
assertRSAPSAVerifier(RSAPSAVerifier.newVerifier((RSAPublicKey) PEM.decode(readFile(fileName)).getPublicKey()));
assertRSAPSAVerifier(RSAPSSVerifier.newVerifier((RSAPublicKey) PEM.decode(readFile(fileName)).getPublicKey()));
});

// Public key parsing also works with private keys since the public key is encoded in the private
Expand All @@ -68,20 +68,20 @@ public void test_public_pem_parsing() {
"rsa_private_key_4096.pem")
.forEach((fileName -> {
// Take a String arg
assertRSAPSAVerifier(RSAPSAVerifier.newVerifier(getPath(fileName)));
assertRSAPSAVerifier(RSAPSSVerifier.newVerifier(getPath(fileName)));
// Take a Path arg
assertRSAPSAVerifier(RSAPSAVerifier.newVerifier(readFile(fileName)));
assertRSAPSAVerifier(RSAPSSVerifier.newVerifier(readFile(fileName)));
// Take a byte[] arg
assertRSAPSAVerifier(RSAPSAVerifier.newVerifier(readFile(fileName).getBytes(StandardCharsets.UTF_8)));
assertRSAPSAVerifier(RSAPSSVerifier.newVerifier(readFile(fileName).getBytes(StandardCharsets.UTF_8)));
// Take a public key arg
assertRSAPSAVerifier(RSAPSAVerifier.newVerifier((RSAPublicKey) PEM.decode(readFile(fileName)).getPublicKey()));
assertRSAPSAVerifier(RSAPSSVerifier.newVerifier((RSAPublicKey) PEM.decode(readFile(fileName)).getPublicKey()));
}));
}

@Test
public void test_rsa_1024_pem() {
try {
RSAPSAVerifier.newVerifier(new String(Files.readAllBytes(Paths.get("src/test/resources/rsa_public_key_1024.pem"))));
RSAPSSVerifier.newVerifier(new String(Files.readAllBytes(Paths.get("src/test/resources/rsa_public_key_1024.pem"))));
Assert.fail("Expected [InvalidKeyLengthException] exception");
} catch (InvalidKeyLengthException ignore) {
} catch (Exception e) {
Expand All @@ -104,7 +104,7 @@ public void control() {
"-----END PUBLIC KEY-----";


Verifier verifier = RSAPSAVerifier.newVerifier(publicKeyPEM);
Verifier verifier = RSAPSSVerifier.newVerifier(publicKeyPEM);
JWT jwt = JWT.getDecoder().decode(encodedJWT, verifier);
assertNotNull(jwt);
assertEquals(jwt.subject, "1234567890");
Expand Down

0 comments on commit c3ddb54

Please sign in to comment.