From 06311233471445d2b31a3534881ff0bd23b8b598 Mon Sep 17 00:00:00 2001 From: Luciano Balmaceda Date: Mon, 13 Mar 2017 12:39:26 -0300 Subject: [PATCH 1/3] add algorithm key provider interface --- .../com/auth0/jwt/algorithms/Algorithm.java | 70 ++++++++++++++++++- .../auth0/jwt/algorithms/ECDSAAlgorithm.java | 50 +++++++++---- .../auth0/jwt/algorithms/RSAAlgorithm.java | 47 +++++++++---- .../auth0/jwt/interfaces/ECKeyProvider.java | 10 +++ .../com/auth0/jwt/interfaces/KeyProvider.java | 27 +++++++ .../auth0/jwt/interfaces/RSAKeyProvider.java | 10 +++ .../auth0/jwt/algorithms/AlgorithmTest.java | 68 ++++++++++++++++-- .../jwt/algorithms/ECDSAAlgorithmTest.java | 19 +++-- .../jwt/algorithms/RSAAlgorithmTest.java | 19 +++-- 9 files changed, 274 insertions(+), 46 deletions(-) create mode 100644 lib/src/main/java/com/auth0/jwt/interfaces/ECKeyProvider.java create mode 100644 lib/src/main/java/com/auth0/jwt/interfaces/KeyProvider.java create mode 100644 lib/src/main/java/com/auth0/jwt/interfaces/RSAKeyProvider.java diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java index 508e10a5..fc05b924 100644 --- a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java +++ b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java @@ -2,6 +2,8 @@ import com.auth0.jwt.exceptions.SignatureGenerationException; import com.auth0.jwt.exceptions.SignatureVerificationException; +import com.auth0.jwt.interfaces.ECKeyProvider; +import com.auth0.jwt.interfaces.RSAKeyProvider; import java.io.UnsupportedEncodingException; import java.security.interfaces.*; @@ -18,9 +20,20 @@ public abstract class Algorithm { /** * Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256". * - * @param key the key to use in the verify or signing instance. + * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. * @return a valid RSA256 Algorithm. * @throws IllegalArgumentException if the provided Key is null. + */ + public static Algorithm RSA256(RSAKeyProvider keyProvider) throws IllegalArgumentException { + return new RSAAlgorithm("RS256", "SHA256withRSA", keyProvider); + } + + /** + * Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256". + * + * @param key the key to use in the verify or signing instance. + * @return a valid RSA256 Algorithm. + * @throws IllegalArgumentException if the Key Provider is null. * @deprecated use {@link #RSA256(RSAPublicKey, RSAPrivateKey)} */ @Deprecated @@ -45,6 +58,17 @@ public static Algorithm RSA384(RSAKey key) throws IllegalArgumentException { return RSA384(publicKey, privateKey); } + /** + * Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384". + * + * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @return a valid RSA384 Algorithm. + * @throws IllegalArgumentException if the Key Provider is null. + */ + public static Algorithm RSA384(RSAKeyProvider keyProvider) throws IllegalArgumentException { + return new RSAAlgorithm("RS384", "SHA384withRSA", keyProvider); + } + /** * Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512". * @@ -96,6 +120,17 @@ public static Algorithm RSA512(RSAPublicKey publicKey, RSAPrivateKey privateKey) return new RSAAlgorithm("RS512", "SHA512withRSA", publicKey, privateKey); } + /** + * Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512". + * + * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @return a valid RSA512 Algorithm. + * @throws IllegalArgumentException if the Key Provider is null. + */ + public static Algorithm RSA512(RSAKeyProvider keyProvider) throws IllegalArgumentException { + return new RSAAlgorithm("RS512", "SHA512withRSA", keyProvider); + } + /** * Creates a new Algorithm instance using HmacSHA256. Tokens specify this as "HS256". * @@ -180,6 +215,17 @@ public static Algorithm ECDSA256(ECKey key) throws IllegalArgumentException { return ECDSA256(publicKey, privateKey); } + /** + * Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". + * + * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @return a valid ECDSA256 Algorithm. + * @throws IllegalArgumentException if the Key Provider is null. + */ + public static Algorithm ECDSA256(ECKeyProvider keyProvider) throws IllegalArgumentException { + return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, keyProvider); + } + /** * Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". * @@ -195,6 +241,17 @@ public static Algorithm ECDSA384(ECKey key) throws IllegalArgumentException { return ECDSA384(publicKey, privateKey); } + /** + * Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". + * + * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @return a valid ECDSA384 Algorithm. + * @throws IllegalArgumentException if the Key Provider is null. + */ + public static Algorithm ECDSA384(ECKeyProvider keyProvider) throws IllegalArgumentException { + return new ECDSAAlgorithm("ES384", "SHA384withECDSA", 48, keyProvider); + } + /** * Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512". * @@ -246,6 +303,17 @@ public static Algorithm ECDSA512(ECPublicKey publicKey, ECPrivateKey privateKey) return new ECDSAAlgorithm("ES512", "SHA512withECDSA", 66, publicKey, privateKey); } + /** + * Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512". + * + * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @return a valid ECDSA512 Algorithm. + * @throws IllegalArgumentException if the Key Provider is null. + */ + public static Algorithm ECDSA512(ECKeyProvider keyProvider) throws IllegalArgumentException { + return new ECDSAAlgorithm("ES512", "SHA512withECDSA", 66, keyProvider); + } + public static Algorithm none() { return new NoneAlgorithm(); } diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java index 135387bd..04c95599 100644 --- a/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java +++ b/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java @@ -2,6 +2,7 @@ import com.auth0.jwt.exceptions.SignatureGenerationException; import com.auth0.jwt.exceptions.SignatureVerificationException; +import com.auth0.jwt.interfaces.ECKeyProvider; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -11,45 +12,50 @@ class ECDSAAlgorithm extends Algorithm { - private final ECPublicKey publicKey; - private final ECPrivateKey privateKey; + private final ECKeyProvider keyProvider; private final CryptoHelper crypto; private final int ecNumberSize; //Visible for testing - ECDSAAlgorithm(CryptoHelper crypto, String id, String algorithm, int ecNumberSize, ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { + ECDSAAlgorithm(CryptoHelper crypto, String id, String algorithm, int ecNumberSize, ECKeyProvider keyProvider) throws IllegalArgumentException { super(id, algorithm); - if (publicKey == null && privateKey == null) { + if (keyProvider == null) { + throw new IllegalArgumentException("The Key Provider cannot be null."); + } + if (keyProvider.getPublicKey() == null && keyProvider.getPrivateKey() == null) { throw new IllegalArgumentException("Both provided Keys cannot be null."); } - this.publicKey = publicKey; - this.privateKey = privateKey; - this.ecNumberSize = ecNumberSize; + this.keyProvider = keyProvider; this.crypto = crypto; + this.ecNumberSize = ecNumberSize; } ECDSAAlgorithm(String id, String algorithm, int ecNumberSize, ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { - this(new CryptoHelper(), id, algorithm, ecNumberSize, publicKey, privateKey); + this(new CryptoHelper(), id, algorithm, ecNumberSize, providerForKeys(publicKey, privateKey)); + } + + ECDSAAlgorithm(String id, String algorithm, int ecNumberSize, ECKeyProvider keyProvider) throws IllegalArgumentException { + this(new CryptoHelper(), id, algorithm, ecNumberSize, keyProvider); } ECPublicKey getPublicKey() { - return publicKey; + return keyProvider.getPublicKey(); } ECPrivateKey getPrivateKey() { - return privateKey; + return keyProvider.getPrivateKey(); } @Override public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException { try { - if (publicKey == null) { + if (keyProvider.getPublicKey() == null) { throw new IllegalStateException("The given Public Key is null."); } if (!isDERSignature(signatureBytes)) { signatureBytes = JOSEToDER(signatureBytes); } - boolean valid = crypto.verifySignatureFor(getDescription(), publicKey, contentBytes, signatureBytes); + boolean valid = crypto.verifySignatureFor(getDescription(), keyProvider.getPublicKey(), contentBytes, signatureBytes); if (!valid) { throw new SignatureVerificationException(this); @@ -62,15 +68,16 @@ public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureV @Override public byte[] sign(byte[] contentBytes) throws SignatureGenerationException { try { - if (privateKey == null) { + if (keyProvider.getPrivateKey() == null) { throw new IllegalStateException("The given Private Key is null."); } - return crypto.createSignatureFor(getDescription(), privateKey, contentBytes); + return crypto.createSignatureFor(getDescription(), keyProvider.getPrivateKey(), contentBytes); } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalStateException e) { throw new SignatureGenerationException(this, e); } } + private boolean isDERSignature(byte[] signature) { // DER Structure: http://crypto.stackexchange.com/a/1797 // Should begin with 0x30 and have exactly the expected length @@ -132,4 +139,19 @@ private int countPadding(byte[] bytes, int fromIndex, int toIndex) { } return bytes[fromIndex + padding] > 0x7f ? padding : padding - 1; } + + //Visible for testing + static ECKeyProvider providerForKeys(final ECPublicKey publicKey, final ECPrivateKey privateKey) { + return new ECKeyProvider() { + @Override + public ECPublicKey getPublicKey() { + return publicKey; + } + + @Override + public ECPrivateKey getPrivateKey() { + return privateKey; + } + }; + } } diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java index 83b3658f..c9f708d6 100644 --- a/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java +++ b/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java @@ -2,6 +2,7 @@ import com.auth0.jwt.exceptions.SignatureGenerationException; import com.auth0.jwt.exceptions.SignatureVerificationException; +import com.auth0.jwt.interfaces.RSAKeyProvider; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -11,40 +12,45 @@ class RSAAlgorithm extends Algorithm { - private final RSAPublicKey publicKey; - private final RSAPrivateKey privateKey; + private final RSAKeyProvider keyProvider; private final CryptoHelper crypto; //Visible for testing - RSAAlgorithm(CryptoHelper crypto, String id, String algorithm, RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException { + RSAAlgorithm(CryptoHelper crypto, String id, String algorithm, RSAKeyProvider keyProvider) throws IllegalArgumentException { super(id, algorithm); - if (publicKey == null && privateKey == null) { + if (keyProvider == null) { + throw new IllegalArgumentException("The Key Provider cannot be null."); + } + if (keyProvider.getPublicKey() == null && keyProvider.getPrivateKey() == null) { throw new IllegalArgumentException("Both provided Keys cannot be null."); } - this.publicKey = publicKey; - this.privateKey = privateKey; + this.keyProvider = keyProvider; this.crypto = crypto; } RSAAlgorithm(String id, String algorithm, RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException { - this(new CryptoHelper(), id, algorithm, publicKey, privateKey); + this(new CryptoHelper(), id, algorithm, providerForKeys(publicKey, privateKey)); + } + + RSAAlgorithm(String id, String algorithm, RSAKeyProvider keyProvider) throws IllegalArgumentException { + this(new CryptoHelper(), id, algorithm, keyProvider); } RSAPublicKey getPublicKey() { - return publicKey; + return keyProvider.getPublicKey(); } RSAPrivateKey getPrivateKey() { - return privateKey; + return keyProvider.getPrivateKey(); } @Override public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException { try { - if (publicKey == null) { + if (keyProvider.getPublicKey() == null) { throw new IllegalStateException("The given Public Key is null."); } - boolean valid = crypto.verifySignatureFor(getDescription(), publicKey, contentBytes, signatureBytes); + boolean valid = crypto.verifySignatureFor(getDescription(), keyProvider.getPublicKey(), contentBytes, signatureBytes); if (!valid) { throw new SignatureVerificationException(this); } @@ -56,12 +62,27 @@ public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureV @Override public byte[] sign(byte[] contentBytes) throws SignatureGenerationException { try { - if (privateKey == null) { + if (keyProvider.getPrivateKey() == null) { throw new IllegalStateException("The given Private Key is null."); } - return crypto.createSignatureFor(getDescription(), privateKey, contentBytes); + return crypto.createSignatureFor(getDescription(), keyProvider.getPrivateKey(), contentBytes); } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalStateException e) { throw new SignatureGenerationException(this, e); } } + + //Visible for testing + static RSAKeyProvider providerForKeys(final RSAPublicKey publicKey, final RSAPrivateKey privateKey) { + return new RSAKeyProvider() { + @Override + public RSAPublicKey getPublicKey() { + return publicKey; + } + + @Override + public RSAPrivateKey getPrivateKey() { + return privateKey; + } + }; + } } diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/ECKeyProvider.java b/lib/src/main/java/com/auth0/jwt/interfaces/ECKeyProvider.java new file mode 100644 index 00000000..ff14f9e8 --- /dev/null +++ b/lib/src/main/java/com/auth0/jwt/interfaces/ECKeyProvider.java @@ -0,0 +1,10 @@ +package com.auth0.jwt.interfaces; + +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; + +/** + * Elliptic Curve (EC) Public/Private Key provider. + */ +public interface ECKeyProvider extends KeyProvider { +} diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/KeyProvider.java b/lib/src/main/java/com/auth0/jwt/interfaces/KeyProvider.java new file mode 100644 index 00000000..10f419fe --- /dev/null +++ b/lib/src/main/java/com/auth0/jwt/interfaces/KeyProvider.java @@ -0,0 +1,27 @@ +package com.auth0.jwt.interfaces; + +import java.security.PrivateKey; +import java.security.PublicKey; + +/** + * Generic Public/Private Key provider. + * + * @param the class that represents the Public Key + * @param the class that represents the Private Key + */ +interface KeyProvider { + + /** + * Getter for the Public Key instance, used to verify the signature. + * + * @return the Public Key instance + */ + U getPublicKey(); + + /** + * Getter for the Private Key instance, used to sign the content. + * + * @return the Private Key instance + */ + R getPrivateKey(); +} diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/RSAKeyProvider.java b/lib/src/main/java/com/auth0/jwt/interfaces/RSAKeyProvider.java new file mode 100644 index 00000000..55376f4d --- /dev/null +++ b/lib/src/main/java/com/auth0/jwt/interfaces/RSAKeyProvider.java @@ -0,0 +1,10 @@ +package com.auth0.jwt.interfaces; + +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; + +/** + * RSA Public/Private Key provider. + */ +public interface RSAKeyProvider extends KeyProvider { +} diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java index 0b0c6249..7fa463be 100644 --- a/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java +++ b/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java @@ -1,5 +1,7 @@ package com.auth0.jwt.algorithms; +import com.auth0.jwt.interfaces.ECKeyProvider; +import com.auth0.jwt.interfaces.RSAKeyProvider; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; @@ -70,7 +72,8 @@ public void shouldThrowHMAC512InstanceWithNullSecret() throws Exception { public void shouldThrowRSA256InstanceWithNullKey() throws Exception { exception.expect(IllegalArgumentException.class); exception.expectMessage("Both provided Keys cannot be null."); - Algorithm.RSA256(null); + RSAKey key = null; + Algorithm.RSA256(key); } @Test @@ -80,11 +83,20 @@ public void shouldThrowRSA256InstanceWithNullKeys() throws Exception { Algorithm.RSA256(null, null); } + @Test + public void shouldThrowRSA256InstanceWithNullKeyProvider() throws Exception { + exception.expect(IllegalArgumentException.class); + exception.expectMessage("The Key Provider cannot be null."); + RSAKeyProvider provider = null; + Algorithm.RSA256(provider); + } + @Test public void shouldThrowRSA384InstanceWithNullKey() throws Exception { exception.expect(IllegalArgumentException.class); exception.expectMessage("Both provided Keys cannot be null."); - Algorithm.RSA384(null); + RSAKey key = null; + Algorithm.RSA384(key); } @Test @@ -94,11 +106,20 @@ public void shouldThrowRSA384InstanceWithNullKeys() throws Exception { Algorithm.RSA384(null, null); } + @Test + public void shouldThrowRSA384InstanceWithNullKeyProvider() throws Exception { + exception.expect(IllegalArgumentException.class); + exception.expectMessage("The Key Provider cannot be null."); + RSAKeyProvider provider = null; + Algorithm.RSA384(provider); + } + @Test public void shouldThrowRSA512InstanceWithNullKey() throws Exception { exception.expect(IllegalArgumentException.class); exception.expectMessage("Both provided Keys cannot be null."); - Algorithm.RSA512(null); + RSAKey key = null; + Algorithm.RSA512(key); } @Test @@ -108,11 +129,20 @@ public void shouldThrowRSA512InstanceWithNullKeys() throws Exception { Algorithm.RSA512(null, null); } + @Test + public void shouldThrowRSA512InstanceWithNullKeyProvider() throws Exception { + exception.expect(IllegalArgumentException.class); + exception.expectMessage("The Key Provider cannot be null."); + RSAKeyProvider provider = null; + Algorithm.RSA512(provider); + } + @Test public void shouldThrowECDSA256InstanceWithNullKey() throws Exception { exception.expect(IllegalArgumentException.class); exception.expectMessage("Both provided Keys cannot be null."); - Algorithm.ECDSA256(null); + ECKey key = null; + Algorithm.ECDSA256(key); } @Test @@ -122,11 +152,20 @@ public void shouldThrowECDSA256InstanceWithNullKeys() throws Exception { Algorithm.ECDSA256(null, null); } + @Test + public void shouldThrowECDSA256InstanceWithNullKeyProvider() throws Exception { + exception.expect(IllegalArgumentException.class); + exception.expectMessage("The Key Provider cannot be null."); + ECKeyProvider provider = null; + Algorithm.ECDSA256(provider); + } + @Test public void shouldThrowECDSA384InstanceWithNullKey() throws Exception { exception.expect(IllegalArgumentException.class); exception.expectMessage("Both provided Keys cannot be null."); - Algorithm.ECDSA384(null); + ECKey key = null; + Algorithm.ECDSA384(key); } @Test @@ -136,11 +175,20 @@ public void shouldThrowECDSA384InstanceWithNullKeys() throws Exception { Algorithm.ECDSA384(null, null); } + @Test + public void shouldThrowECDSA384InstanceWithNullKeyProvider() throws Exception { + exception.expect(IllegalArgumentException.class); + exception.expectMessage("The Key Provider cannot be null."); + ECKeyProvider provider = null; + Algorithm.ECDSA384(provider); + } + @Test public void shouldThrowECDSA512InstanceWithNullKey() throws Exception { exception.expect(IllegalArgumentException.class); exception.expectMessage("Both provided Keys cannot be null."); - Algorithm.ECDSA512(null); + ECKey key = null; + Algorithm.ECDSA512(key); } @Test @@ -150,6 +198,14 @@ public void shouldThrowECDSA512InstanceWithNullKeys() throws Exception { Algorithm.ECDSA512(null, null); } + @Test + public void shouldThrowECDSA512InstanceWithNullKeyProvider() throws Exception { + exception.expect(IllegalArgumentException.class); + exception.expectMessage("The Key Provider cannot be null."); + ECKeyProvider provider = null; + Algorithm.ECDSA512(provider); + } + @Test public void shouldCreateHMAC256AlgorithmWithBytes() throws Exception { Algorithm algorithm = Algorithm.HMAC256("secret".getBytes(StandardCharsets.UTF_8)); diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java index 71383744..40f484b2 100644 --- a/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java +++ b/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java @@ -2,6 +2,7 @@ import com.auth0.jwt.exceptions.SignatureGenerationException; import com.auth0.jwt.exceptions.SignatureVerificationException; +import com.auth0.jwt.interfaces.ECKeyProvider; import org.apache.commons.codec.binary.Base64; import org.junit.Rule; import org.junit.Test; @@ -351,7 +352,8 @@ public void shouldThrowOnVerifyWhenSignatureAlgorithmDoesNotExists() throws Exce ECPublicKey publicKey = mock(ECPublicKey.class); ECPrivateKey privateKey = mock(ECPrivateKey.class); - Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, publicKey, privateKey); + ECKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider); String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g"; AlgorithmUtils.verify(algorithm, jwt); } @@ -368,7 +370,8 @@ public void shouldThrowOnVerifyWhenThePublicKeyIsInvalid() throws Exception { ECPublicKey publicKey = mock(ECPublicKey.class); ECPrivateKey privateKey = mock(ECPrivateKey.class); - Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, publicKey, privateKey); + ECKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider); String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g"; AlgorithmUtils.verify(algorithm, jwt); } @@ -385,7 +388,8 @@ public void shouldThrowOnVerifyWhenTheSignatureIsNotPrepared() throws Exception ECPublicKey publicKey = mock(ECPublicKey.class); ECPrivateKey privateKey = mock(ECPrivateKey.class); - Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, publicKey, privateKey); + ECKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider); String jwt = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.4iVk3-Y0v4RT4_9IaQlp-8dZ_4fsTzIylgrPTDLrEvTHBTyVS3tgPbr2_IZfLETtiKRqCg0aQ5sh9eIsTTwB1g"; AlgorithmUtils.verify(algorithm, jwt); } @@ -504,7 +508,8 @@ public void shouldThrowOnSignWhenSignatureAlgorithmDoesNotExists() throws Except ECPublicKey publicKey = mock(ECPublicKey.class); ECPrivateKey privateKey = mock(ECPrivateKey.class); - Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, publicKey, privateKey); + ECKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider); algorithm.sign(ES256Header.getBytes(StandardCharsets.UTF_8)); } @@ -520,7 +525,8 @@ public void shouldThrowOnSignWhenThePrivateKeyIsInvalid() throws Exception { ECPublicKey publicKey = mock(ECPublicKey.class); ECPrivateKey privateKey = mock(ECPrivateKey.class); - Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, publicKey, privateKey); + ECKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider); algorithm.sign(ES256Header.getBytes(StandardCharsets.UTF_8)); } @@ -536,7 +542,8 @@ public void shouldThrowOnSignWhenTheSignatureIsNotPrepared() throws Exception { ECPublicKey publicKey = mock(ECPublicKey.class); ECPrivateKey privateKey = mock(ECPrivateKey.class); - Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, publicKey, privateKey); + ECKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, provider); algorithm.sign(ES256Header.getBytes(StandardCharsets.UTF_8)); } } \ No newline at end of file diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java index e7f638db..951d83f0 100644 --- a/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java +++ b/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java @@ -2,6 +2,7 @@ import com.auth0.jwt.exceptions.SignatureGenerationException; import com.auth0.jwt.exceptions.SignatureVerificationException; +import com.auth0.jwt.interfaces.RSAKeyProvider; import org.apache.commons.codec.binary.Base64; import org.junit.Rule; import org.junit.Test; @@ -148,7 +149,8 @@ public void shouldThrowWhenMacAlgorithmDoesNotExists() throws Exception { RSAPublicKey publicKey = mock(RSAPublicKey.class); RSAPrivateKey privateKey = mock(RSAPrivateKey.class); - Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", publicKey, privateKey); + RSAKeyProvider provider = RSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", provider); String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.dxXF3MdsyW-AuvwJpaQtrZ33fAde9xWxpLIg9cO2tMLH2GSRNuLAe61KsJusZhqZB9Iy7DvflcmRz-9OZndm6cj_ThGeJH2LLc90K83UEvvRPo8l85RrQb8PcanxCgIs2RcZOLygERizB3pr5icGkzR7R2y6zgNCjKJ5_NJ6EiZsGN6_nc2PRK_DbyY-Wn0QDxIxKoA5YgQJ9qafe7IN980pXvQv2Z62c3XR8dYuaXBqhthBj-AbaFHEpZapN-V-TmuLNzR2MCB6Xr7BYMuCaqWf_XU8og4XNe8f_8w9Wv5vvgqMM1KhqVpG5VdMJv4o_L4NoCROHhtUQSLRh2M9cA"; AlgorithmUtils.verify(algorithm, jwt); } @@ -165,7 +167,8 @@ public void shouldThrowWhenThePublicKeyIsInvalid() throws Exception { RSAPublicKey publicKey = mock(RSAPublicKey.class); RSAPrivateKey privateKey = mock(RSAPrivateKey.class); - Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", publicKey, privateKey); + RSAKeyProvider provider = RSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", provider); String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.dxXF3MdsyW-AuvwJpaQtrZ33fAde9xWxpLIg9cO2tMLH2GSRNuLAe61KsJusZhqZB9Iy7DvflcmRz-9OZndm6cj_ThGeJH2LLc90K83UEvvRPo8l85RrQb8PcanxCgIs2RcZOLygERizB3pr5icGkzR7R2y6zgNCjKJ5_NJ6EiZsGN6_nc2PRK_DbyY-Wn0QDxIxKoA5YgQJ9qafe7IN980pXvQv2Z62c3XR8dYuaXBqhthBj-AbaFHEpZapN-V-TmuLNzR2MCB6Xr7BYMuCaqWf_XU8og4XNe8f_8w9Wv5vvgqMM1KhqVpG5VdMJv4o_L4NoCROHhtUQSLRh2M9cA"; AlgorithmUtils.verify(algorithm, jwt); } @@ -182,7 +185,8 @@ public void shouldThrowWhenTheSignatureIsNotPrepared() throws Exception { RSAPublicKey publicKey = mock(RSAPublicKey.class); RSAPrivateKey privateKey = mock(RSAPrivateKey.class); - Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", publicKey, privateKey); + RSAKeyProvider provider = RSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", provider); String jwt = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.dxXF3MdsyW-AuvwJpaQtrZ33fAde9xWxpLIg9cO2tMLH2GSRNuLAe61KsJusZhqZB9Iy7DvflcmRz-9OZndm6cj_ThGeJH2LLc90K83UEvvRPo8l85RrQb8PcanxCgIs2RcZOLygERizB3pr5icGkzR7R2y6zgNCjKJ5_NJ6EiZsGN6_nc2PRK_DbyY-Wn0QDxIxKoA5YgQJ9qafe7IN980pXvQv2Z62c3XR8dYuaXBqhthBj-AbaFHEpZapN-V-TmuLNzR2MCB6Xr7BYMuCaqWf_XU8og4XNe8f_8w9Wv5vvgqMM1KhqVpG5VdMJv4o_L4NoCROHhtUQSLRh2M9cA"; AlgorithmUtils.verify(algorithm, jwt); } @@ -326,7 +330,8 @@ public void shouldThrowOnSignWhenSignatureAlgorithmDoesNotExists() throws Except RSAPublicKey publicKey = mock(RSAPublicKey.class); RSAPrivateKey privateKey = mock(RSAPrivateKey.class); - Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", publicKey, privateKey); + RSAKeyProvider provider = RSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", provider); algorithm.sign(RS256Header.getBytes(StandardCharsets.UTF_8)); } @@ -342,7 +347,8 @@ public void shouldThrowOnSignWhenThePrivateKeyIsInvalid() throws Exception { RSAPublicKey publicKey = mock(RSAPublicKey.class); RSAPrivateKey privateKey = mock(RSAPrivateKey.class); - Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", publicKey, privateKey); + RSAKeyProvider provider = RSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", provider); algorithm.sign(RS256Header.getBytes(StandardCharsets.UTF_8)); } @@ -358,7 +364,8 @@ public void shouldThrowOnSignWhenTheSignatureIsNotPrepared() throws Exception { RSAPublicKey publicKey = mock(RSAPublicKey.class); RSAPrivateKey privateKey = mock(RSAPrivateKey.class); - Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", publicKey, privateKey); + RSAKeyProvider provider = RSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", provider); algorithm.sign(RS256Header.getBytes(StandardCharsets.UTF_8)); } } \ No newline at end of file From f27584ec49c9d93b39c6f71a95429d0b2a04f065 Mon Sep 17 00:00:00 2001 From: Luciano Balmaceda Date: Mon, 13 Mar 2017 12:48:50 -0300 Subject: [PATCH 2/3] reorder methods in the Algorithm class --- .../com/auth0/jwt/algorithms/Algorithm.java | 167 +++++++++--------- 1 file changed, 84 insertions(+), 83 deletions(-) diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java index fc05b924..ec4ab405 100644 --- a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java +++ b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java @@ -28,6 +28,18 @@ public static Algorithm RSA256(RSAKeyProvider keyProvider) throws IllegalArgumen return new RSAAlgorithm("RS256", "SHA256withRSA", keyProvider); } + /** + * Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256". + * + * @param publicKey the key to use in the verify instance. + * @param privateKey the key to use in the signing instance. + * @return a valid RSA256 Algorithm. + * @throws IllegalArgumentException if both provided Keys are null. + */ + public static Algorithm RSA256(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException { + return new RSAAlgorithm("RS256", "SHA256withRSA", publicKey, privateKey); + } + /** * Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256". * @@ -46,66 +58,50 @@ public static Algorithm RSA256(RSAKey key) throws IllegalArgumentException { /** * Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384". * - * @param key the key to use in the verify or signing instance. + * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. * @return a valid RSA384 Algorithm. - * @throws IllegalArgumentException if the provided Key is null. - * @deprecated use {@link #RSA384(RSAPublicKey, RSAPrivateKey)} + * @throws IllegalArgumentException if the Key Provider is null. */ - @Deprecated - public static Algorithm RSA384(RSAKey key) throws IllegalArgumentException { - RSAPublicKey publicKey = key instanceof RSAPublicKey ? (RSAPublicKey) key : null; - RSAPrivateKey privateKey = key instanceof RSAPrivateKey ? (RSAPrivateKey) key : null; - return RSA384(publicKey, privateKey); + public static Algorithm RSA384(RSAKeyProvider keyProvider) throws IllegalArgumentException { + return new RSAAlgorithm("RS384", "SHA384withRSA", keyProvider); } /** * Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384". * - * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @param publicKey the key to use in the verify instance. + * @param privateKey the key to use in the signing instance. * @return a valid RSA384 Algorithm. - * @throws IllegalArgumentException if the Key Provider is null. + * @throws IllegalArgumentException if both provided Keys are null. */ - public static Algorithm RSA384(RSAKeyProvider keyProvider) throws IllegalArgumentException { - return new RSAAlgorithm("RS384", "SHA384withRSA", keyProvider); + public static Algorithm RSA384(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException { + return new RSAAlgorithm("RS384", "SHA384withRSA", publicKey, privateKey); } /** - * Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512". + * Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384". * * @param key the key to use in the verify or signing instance. - * @return a valid RSA512 Algorithm. + * @return a valid RSA384 Algorithm. * @throws IllegalArgumentException if the provided Key is null. - * @deprecated use {@link #RSA512(RSAPublicKey, RSAPrivateKey)} + * @deprecated use {@link #RSA384(RSAPublicKey, RSAPrivateKey)} */ @Deprecated - public static Algorithm RSA512(RSAKey key) throws IllegalArgumentException { + public static Algorithm RSA384(RSAKey key) throws IllegalArgumentException { RSAPublicKey publicKey = key instanceof RSAPublicKey ? (RSAPublicKey) key : null; RSAPrivateKey privateKey = key instanceof RSAPrivateKey ? (RSAPrivateKey) key : null; - return RSA512(publicKey, privateKey); - } - - /** - * Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256". - * - * @param publicKey the key to use in the verify instance. - * @param privateKey the key to use in the signing instance. - * @return a valid RSA256 Algorithm. - * @throws IllegalArgumentException if both provided Keys are null. - */ - public static Algorithm RSA256(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException { - return new RSAAlgorithm("RS256", "SHA256withRSA", publicKey, privateKey); + return RSA384(publicKey, privateKey); } /** - * Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384". + * Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512". * - * @param publicKey the key to use in the verify instance. - * @param privateKey the key to use in the signing instance. - * @return a valid RSA384 Algorithm. - * @throws IllegalArgumentException if both provided Keys are null. + * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @return a valid RSA512 Algorithm. + * @throws IllegalArgumentException if the Key Provider is null. */ - public static Algorithm RSA384(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException { - return new RSAAlgorithm("RS384", "SHA384withRSA", publicKey, privateKey); + public static Algorithm RSA512(RSAKeyProvider keyProvider) throws IllegalArgumentException { + return new RSAAlgorithm("RS512", "SHA512withRSA", keyProvider); } /** @@ -123,12 +119,16 @@ public static Algorithm RSA512(RSAPublicKey publicKey, RSAPrivateKey privateKey) /** * Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512". * - * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @param key the key to use in the verify or signing instance. * @return a valid RSA512 Algorithm. - * @throws IllegalArgumentException if the Key Provider is null. + * @throws IllegalArgumentException if the provided Key is null. + * @deprecated use {@link #RSA512(RSAPublicKey, RSAPrivateKey)} */ - public static Algorithm RSA512(RSAKeyProvider keyProvider) throws IllegalArgumentException { - return new RSAAlgorithm("RS512", "SHA512withRSA", keyProvider); + @Deprecated + public static Algorithm RSA512(RSAKey key) throws IllegalArgumentException { + RSAPublicKey publicKey = key instanceof RSAPublicKey ? (RSAPublicKey) key : null; + RSAPrivateKey privateKey = key instanceof RSAPrivateKey ? (RSAPrivateKey) key : null; + return RSA512(publicKey, privateKey); } /** @@ -203,42 +203,39 @@ public static Algorithm HMAC512(byte[] secret) throws IllegalArgumentException { /** * Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". * - * @param key the key to use in the verify or signing instance. + * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. * @return a valid ECDSA256 Algorithm. - * @throws IllegalArgumentException if the provided Key is null. - * @deprecated use {@link #ECDSA256(ECPublicKey, ECPrivateKey)} + * @throws IllegalArgumentException if the Key Provider is null. */ - @Deprecated - public static Algorithm ECDSA256(ECKey key) throws IllegalArgumentException { - ECPublicKey publicKey = key instanceof ECPublicKey ? (ECPublicKey) key : null; - ECPrivateKey privateKey = key instanceof ECPrivateKey ? (ECPrivateKey) key : null; - return ECDSA256(publicKey, privateKey); + public static Algorithm ECDSA256(ECKeyProvider keyProvider) throws IllegalArgumentException { + return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, keyProvider); } /** * Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". * - * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @param publicKey the key to use in the verify instance. + * @param privateKey the key to use in the signing instance. * @return a valid ECDSA256 Algorithm. - * @throws IllegalArgumentException if the Key Provider is null. + * @throws IllegalArgumentException if the provided Key is null. */ - public static Algorithm ECDSA256(ECKeyProvider keyProvider) throws IllegalArgumentException { - return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, keyProvider); + public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { + return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, publicKey, privateKey); } /** - * Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". + * Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". * * @param key the key to use in the verify or signing instance. - * @return a valid ECDSA384 Algorithm. + * @return a valid ECDSA256 Algorithm. * @throws IllegalArgumentException if the provided Key is null. - * @deprecated use {@link #ECDSA384(ECPublicKey, ECPrivateKey)} + * @deprecated use {@link #ECDSA256(ECPublicKey, ECPrivateKey)} */ @Deprecated - public static Algorithm ECDSA384(ECKey key) throws IllegalArgumentException { + public static Algorithm ECDSA256(ECKey key) throws IllegalArgumentException { ECPublicKey publicKey = key instanceof ECPublicKey ? (ECPublicKey) key : null; ECPrivateKey privateKey = key instanceof ECPrivateKey ? (ECPrivateKey) key : null; - return ECDSA384(publicKey, privateKey); + return ECDSA256(publicKey, privateKey); } /** @@ -253,42 +250,41 @@ public static Algorithm ECDSA384(ECKeyProvider keyProvider) throws IllegalArgume } /** - * Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512". + * Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". * - * @param key the key to use in the verify or signing instance. - * @return a valid ECDSA512 Algorithm. + * @param publicKey the key to use in the verify instance. + * @param privateKey the key to use in the signing instance. + * @return a valid ECDSA384 Algorithm. * @throws IllegalArgumentException if the provided Key is null. - * @deprecated use {@link #ECDSA512(ECPublicKey, ECPrivateKey)} */ - @Deprecated - public static Algorithm ECDSA512(ECKey key) throws IllegalArgumentException { - ECPublicKey publicKey = key instanceof ECPublicKey ? (ECPublicKey) key : null; - ECPrivateKey privateKey = key instanceof ECPrivateKey ? (ECPrivateKey) key : null; - return ECDSA512(publicKey, privateKey); + public static Algorithm ECDSA384(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { + return new ECDSAAlgorithm("ES384", "SHA384withECDSA", 48, publicKey, privateKey); } /** - * Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". + * Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". * - * @param publicKey the key to use in the verify instance. - * @param privateKey the key to use in the signing instance. - * @return a valid ECDSA256 Algorithm. + * @param key the key to use in the verify or signing instance. + * @return a valid ECDSA384 Algorithm. * @throws IllegalArgumentException if the provided Key is null. + * @deprecated use {@link #ECDSA384(ECPublicKey, ECPrivateKey)} */ - public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { - return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, publicKey, privateKey); + @Deprecated + public static Algorithm ECDSA384(ECKey key) throws IllegalArgumentException { + ECPublicKey publicKey = key instanceof ECPublicKey ? (ECPublicKey) key : null; + ECPrivateKey privateKey = key instanceof ECPrivateKey ? (ECPrivateKey) key : null; + return ECDSA384(publicKey, privateKey); } /** - * Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". + * Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512". * - * @param publicKey the key to use in the verify instance. - * @param privateKey the key to use in the signing instance. - * @return a valid ECDSA384 Algorithm. - * @throws IllegalArgumentException if the provided Key is null. + * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @return a valid ECDSA512 Algorithm. + * @throws IllegalArgumentException if the Key Provider is null. */ - public static Algorithm ECDSA384(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { - return new ECDSAAlgorithm("ES384", "SHA384withECDSA", 48, publicKey, privateKey); + public static Algorithm ECDSA512(ECKeyProvider keyProvider) throws IllegalArgumentException { + return new ECDSAAlgorithm("ES512", "SHA512withECDSA", 66, keyProvider); } /** @@ -306,14 +302,19 @@ public static Algorithm ECDSA512(ECPublicKey publicKey, ECPrivateKey privateKey) /** * Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512". * - * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. + * @param key the key to use in the verify or signing instance. * @return a valid ECDSA512 Algorithm. - * @throws IllegalArgumentException if the Key Provider is null. + * @throws IllegalArgumentException if the provided Key is null. + * @deprecated use {@link #ECDSA512(ECPublicKey, ECPrivateKey)} */ - public static Algorithm ECDSA512(ECKeyProvider keyProvider) throws IllegalArgumentException { - return new ECDSAAlgorithm("ES512", "SHA512withECDSA", 66, keyProvider); + @Deprecated + public static Algorithm ECDSA512(ECKey key) throws IllegalArgumentException { + ECPublicKey publicKey = key instanceof ECPublicKey ? (ECPublicKey) key : null; + ECPrivateKey privateKey = key instanceof ECPrivateKey ? (ECPrivateKey) key : null; + return ECDSA512(publicKey, privateKey); } + public static Algorithm none() { return new NoneAlgorithm(); } From 18c17109cd8a95f69a57c86cc04c0d0da68036e2 Mon Sep 17 00:00:00 2001 From: Luciano Balmaceda Date: Tue, 14 Mar 2017 11:45:36 -0300 Subject: [PATCH 3/3] remove constructor with 2 keys. Keep keyProvider signature --- .../com/auth0/jwt/algorithms/Algorithm.java | 24 +++++++++---------- .../auth0/jwt/algorithms/ECDSAAlgorithm.java | 4 ---- .../auth0/jwt/algorithms/RSAAlgorithm.java | 4 ---- .../jwt/algorithms/ECDSAAlgorithmTest.java | 3 ++- 4 files changed, 14 insertions(+), 21 deletions(-) diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java index ec4ab405..eb484478 100644 --- a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java +++ b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java @@ -37,7 +37,7 @@ public static Algorithm RSA256(RSAKeyProvider keyProvider) throws IllegalArgumen * @throws IllegalArgumentException if both provided Keys are null. */ public static Algorithm RSA256(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException { - return new RSAAlgorithm("RS256", "SHA256withRSA", publicKey, privateKey); + return RSA256(RSAAlgorithm.providerForKeys(publicKey, privateKey)); } /** @@ -46,7 +46,7 @@ public static Algorithm RSA256(RSAPublicKey publicKey, RSAPrivateKey privateKey) * @param key the key to use in the verify or signing instance. * @return a valid RSA256 Algorithm. * @throws IllegalArgumentException if the Key Provider is null. - * @deprecated use {@link #RSA256(RSAPublicKey, RSAPrivateKey)} + * @deprecated use {@link #RSA256(RSAPublicKey, RSAPrivateKey)} or {@link #RSA256(RSAKeyProvider)} */ @Deprecated public static Algorithm RSA256(RSAKey key) throws IllegalArgumentException { @@ -75,7 +75,7 @@ public static Algorithm RSA384(RSAKeyProvider keyProvider) throws IllegalArgumen * @throws IllegalArgumentException if both provided Keys are null. */ public static Algorithm RSA384(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException { - return new RSAAlgorithm("RS384", "SHA384withRSA", publicKey, privateKey); + return RSA384(RSAAlgorithm.providerForKeys(publicKey, privateKey)); } /** @@ -84,7 +84,7 @@ public static Algorithm RSA384(RSAPublicKey publicKey, RSAPrivateKey privateKey) * @param key the key to use in the verify or signing instance. * @return a valid RSA384 Algorithm. * @throws IllegalArgumentException if the provided Key is null. - * @deprecated use {@link #RSA384(RSAPublicKey, RSAPrivateKey)} + * @deprecated use {@link #RSA384(RSAPublicKey, RSAPrivateKey)} or {@link #RSA384(RSAKeyProvider)} */ @Deprecated public static Algorithm RSA384(RSAKey key) throws IllegalArgumentException { @@ -113,7 +113,7 @@ public static Algorithm RSA512(RSAKeyProvider keyProvider) throws IllegalArgumen * @throws IllegalArgumentException if both provided Keys are null. */ public static Algorithm RSA512(RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException { - return new RSAAlgorithm("RS512", "SHA512withRSA", publicKey, privateKey); + return RSA512(RSAAlgorithm.providerForKeys(publicKey, privateKey)); } /** @@ -122,7 +122,7 @@ public static Algorithm RSA512(RSAPublicKey publicKey, RSAPrivateKey privateKey) * @param key the key to use in the verify or signing instance. * @return a valid RSA512 Algorithm. * @throws IllegalArgumentException if the provided Key is null. - * @deprecated use {@link #RSA512(RSAPublicKey, RSAPrivateKey)} + * @deprecated use {@link #RSA512(RSAPublicKey, RSAPrivateKey)} or {@link #RSA512(RSAKeyProvider)} */ @Deprecated public static Algorithm RSA512(RSAKey key) throws IllegalArgumentException { @@ -220,7 +220,7 @@ public static Algorithm ECDSA256(ECKeyProvider keyProvider) throws IllegalArgume * @throws IllegalArgumentException if the provided Key is null. */ public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { - return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, publicKey, privateKey); + return ECDSA256(ECDSAAlgorithm.providerForKeys(publicKey, privateKey)); } /** @@ -229,7 +229,7 @@ public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey) * @param key the key to use in the verify or signing instance. * @return a valid ECDSA256 Algorithm. * @throws IllegalArgumentException if the provided Key is null. - * @deprecated use {@link #ECDSA256(ECPublicKey, ECPrivateKey)} + * @deprecated use {@link #ECDSA256(ECPublicKey, ECPrivateKey)} or {@link #ECDSA256(ECKeyProvider)} */ @Deprecated public static Algorithm ECDSA256(ECKey key) throws IllegalArgumentException { @@ -258,7 +258,7 @@ public static Algorithm ECDSA384(ECKeyProvider keyProvider) throws IllegalArgume * @throws IllegalArgumentException if the provided Key is null. */ public static Algorithm ECDSA384(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { - return new ECDSAAlgorithm("ES384", "SHA384withECDSA", 48, publicKey, privateKey); + return ECDSA384(ECDSAAlgorithm.providerForKeys(publicKey, privateKey)); } /** @@ -267,7 +267,7 @@ public static Algorithm ECDSA384(ECPublicKey publicKey, ECPrivateKey privateKey) * @param key the key to use in the verify or signing instance. * @return a valid ECDSA384 Algorithm. * @throws IllegalArgumentException if the provided Key is null. - * @deprecated use {@link #ECDSA384(ECPublicKey, ECPrivateKey)} + * @deprecated use {@link #ECDSA384(ECPublicKey, ECPrivateKey)} or {@link #ECDSA384(ECKeyProvider)} */ @Deprecated public static Algorithm ECDSA384(ECKey key) throws IllegalArgumentException { @@ -296,7 +296,7 @@ public static Algorithm ECDSA512(ECKeyProvider keyProvider) throws IllegalArgume * @throws IllegalArgumentException if the provided Key is null. */ public static Algorithm ECDSA512(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { - return new ECDSAAlgorithm("ES512", "SHA512withECDSA", 66, publicKey, privateKey); + return ECDSA512(ECDSAAlgorithm.providerForKeys(publicKey, privateKey)); } /** @@ -305,7 +305,7 @@ public static Algorithm ECDSA512(ECPublicKey publicKey, ECPrivateKey privateKey) * @param key the key to use in the verify or signing instance. * @return a valid ECDSA512 Algorithm. * @throws IllegalArgumentException if the provided Key is null. - * @deprecated use {@link #ECDSA512(ECPublicKey, ECPrivateKey)} + * @deprecated use {@link #ECDSA512(ECPublicKey, ECPrivateKey)} or {@link #ECDSA512(ECKeyProvider)} */ @Deprecated public static Algorithm ECDSA512(ECKey key) throws IllegalArgumentException { diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java index 04c95599..2b43c7e6 100644 --- a/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java +++ b/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java @@ -30,10 +30,6 @@ class ECDSAAlgorithm extends Algorithm { this.ecNumberSize = ecNumberSize; } - ECDSAAlgorithm(String id, String algorithm, int ecNumberSize, ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { - this(new CryptoHelper(), id, algorithm, ecNumberSize, providerForKeys(publicKey, privateKey)); - } - ECDSAAlgorithm(String id, String algorithm, int ecNumberSize, ECKeyProvider keyProvider) throws IllegalArgumentException { this(new CryptoHelper(), id, algorithm, ecNumberSize, keyProvider); } diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java index c9f708d6..a5d7d3f3 100644 --- a/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java +++ b/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java @@ -28,10 +28,6 @@ class RSAAlgorithm extends Algorithm { this.crypto = crypto; } - RSAAlgorithm(String id, String algorithm, RSAPublicKey publicKey, RSAPrivateKey privateKey) throws IllegalArgumentException { - this(new CryptoHelper(), id, algorithm, providerForKeys(publicKey, privateKey)); - } - RSAAlgorithm(String id, String algorithm, RSAKeyProvider keyProvider) throws IllegalArgumentException { this(new CryptoHelper(), id, algorithm, keyProvider); } diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java index 40f484b2..b169b554 100644 --- a/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java +++ b/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java @@ -336,7 +336,8 @@ public void shouldFailJOSEToDERConversionOnInvalidJOSESignatureLength() throws E ECPublicKey publicKey = (ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_256, "EC"); ECPrivateKey privateKey = mock(ECPrivateKey.class); - Algorithm algorithm = new ECDSAAlgorithm("ES256", "SHA256withECDSA", 128, publicKey, privateKey); + ECKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey); + Algorithm algorithm = new ECDSAAlgorithm("ES256", "SHA256withECDSA", 128, provider); AlgorithmUtils.verify(algorithm, jwt); }