Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Copy and alter Spring JWT Helper for "kid" header
[#107773584] https://www.pivotaltracker.com/story/show/107773584 Signed-off-by: Jonathan Lo <jlo@us.ibm.com>
- Loading branch information
Showing
24 changed files
with
538 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
server/src/main/java/org/cloudfoundry/identity/uaa/oauth/jwt/HeaderParameters.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
package org.cloudfoundry.identity.uaa.oauth.jwt; | ||
|
||
/******************************************************************************* | ||
* Cloud Foundry | ||
* Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved. | ||
* <p> | ||
* This product is licensed to you under the Apache License, Version 2.0 (the "License"). | ||
* You may not use this product except in compliance with the License. | ||
* <p> | ||
* This product includes a number of subcomponents with | ||
* separate copyright notices and license terms. Your use of these | ||
* subcomponents is subject to the terms and conditions of the | ||
* subcomponent's license, as noted in the LICENSE file. | ||
*******************************************************************************/ | ||
public interface HeaderParameters { | ||
String getAlg(); | ||
|
||
String getEnc(); | ||
|
||
String getIv(); | ||
|
||
String getTyp(); | ||
|
||
String getKid(); | ||
} |
26 changes: 26 additions & 0 deletions
26
server/src/main/java/org/cloudfoundry/identity/uaa/oauth/jwt/IdentifiedSigner.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
package org.cloudfoundry.identity.uaa.oauth.jwt; | ||
|
||
public class IdentifiedSigner implements Signer { | ||
private final String id; | ||
private final org.springframework.security.jwt.crypto.sign.Signer signer; | ||
|
||
public IdentifiedSigner(String id, org.springframework.security.jwt.crypto.sign.Signer signer) { | ||
this.id = id; | ||
this.signer = signer; | ||
} | ||
|
||
@Override | ||
public String keyId() { | ||
return id; | ||
} | ||
|
||
@Override | ||
public byte[] sign(byte[] bytes) { | ||
return signer.sign(bytes); | ||
} | ||
|
||
@Override | ||
public String algorithm() { | ||
return signer.algorithm(); | ||
} | ||
} |
19 changes: 19 additions & 0 deletions
19
server/src/main/java/org/cloudfoundry/identity/uaa/oauth/jwt/Jwt.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
/* | ||
* Copyright 2006-2011 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with | ||
* the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on | ||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations under the License. | ||
*/ | ||
package org.cloudfoundry.identity.uaa.oauth.jwt; | ||
|
||
import org.springframework.security.jwt.crypto.sign.SignatureVerifier; | ||
|
||
public interface Jwt extends org.springframework.security.jwt.Jwt { | ||
HeaderParameters getHeader(); | ||
} |
79 changes: 79 additions & 0 deletions
79
server/src/main/java/org/cloudfoundry/identity/uaa/oauth/jwt/JwtAlgorithms.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
/* | ||
* Copyright 2006-2011 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with | ||
* the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on | ||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations under the License. | ||
*/ | ||
package org.cloudfoundry.identity.uaa.oauth.jwt; | ||
|
||
import java.util.HashMap; | ||
import java.util.Map; | ||
|
||
import org.springframework.security.jwt.crypto.cipher.CipherMetadata; | ||
|
||
/** | ||
* @author Luke Taylor | ||
*/ | ||
public class JwtAlgorithms { | ||
private static final Map<String,String> sigAlgs = new HashMap<String,String>(); | ||
private static final Map<String,String> javaToSigAlgs = new HashMap<String,String>(); | ||
private static final Map<String,String> keyAlgs = new HashMap<String,String>(); | ||
private static final Map<String,String> javaToKeyAlgs = new HashMap<String,String>(); | ||
|
||
static { | ||
sigAlgs.put("HS256", "HMACSHA256"); | ||
sigAlgs.put("HS384" , "HMACSHA384"); | ||
sigAlgs.put("HS512" , "HMACSHA512"); | ||
sigAlgs.put("RS256" , "SHA256withRSA"); | ||
sigAlgs.put("RS512" , "SHA512withRSA"); | ||
|
||
keyAlgs.put("RSA1_5" , "RSA/ECB/PKCS1Padding"); | ||
|
||
for(Map.Entry<String,String> e: sigAlgs.entrySet()) { | ||
javaToSigAlgs.put(e.getValue(), e.getKey()); | ||
} | ||
for(Map.Entry<String,String> e: keyAlgs.entrySet()) { | ||
javaToKeyAlgs.put(e.getValue(), e.getKey()); | ||
} | ||
|
||
} | ||
|
||
static String sigAlg(String javaName){ | ||
String alg = javaToSigAlgs.get(javaName); | ||
|
||
if (alg == null) { | ||
throw new IllegalArgumentException("Invalid or unsupported signature algorithm: " + javaName); | ||
} | ||
|
||
return alg; | ||
} | ||
|
||
static String keyEncryptionAlg(String javaName) { | ||
String alg = javaToKeyAlgs.get(javaName); | ||
|
||
if (alg == null) { | ||
throw new IllegalArgumentException("Invalid or unsupported key encryption algorithm: " + javaName); | ||
} | ||
|
||
return alg; | ||
} | ||
|
||
static String enc(CipherMetadata cipher) { | ||
if (!cipher.algorithm().equalsIgnoreCase("AES/CBC/PKCS5Padding")) { | ||
throw new IllegalArgumentException("Unknown or unsupported algorithm"); | ||
} | ||
if (cipher.keySize() == 128) { | ||
return "A128CBC"; | ||
} else if (cipher.keySize() == 256) { | ||
return "A256CBC"; | ||
} else { | ||
throw new IllegalArgumentException("Unsupported key size"); | ||
} | ||
} | ||
} |
Oops, something went wrong.