Skip to content
This repository was archived by the owner on Apr 10, 2025. It is now read-only.

Issue#97338 #85

Merged
merged 3 commits into from
Sep 7, 2022
Merged

Issue#97338 #85

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e0d91da
Refactor JWTModule
sgrampone Aug 2, 2022
5afff08
Fix error codes and descriptions
sgrampone Aug 18, 2022
31da582
Fix version for v18
sgrampone Aug 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion GeneXusCryptography/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<parent>
<groupId>com.genexus</groupId>
<artifactId>SecurityAPIParent</artifactId>
<version>17.10.0</version>
<version>18.0.0</version>
</parent>


Expand Down
2 changes: 1 addition & 1 deletion GeneXusFtps/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<parent>
<groupId>com.genexus</groupId>
<artifactId>SecurityAPIParent</artifactId>
<version>17.10.0</version>
<version>18.0.0</version>
</parent>


Expand Down
4 changes: 2 additions & 2 deletions GeneXusJWT/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<parent>
<groupId>com.genexus</groupId>
<artifactId>SecurityAPIParent</artifactId>
<version>17.10.0</version>
<version>18.0.0</version>
</parent>


Expand All @@ -26,7 +26,7 @@
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
<version>4.0.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind -->
<dependency>
Expand Down
173 changes: 93 additions & 80 deletions GeneXusJWT/src/main/java/com/genexus/JWT/JWTCreator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,119 +43,134 @@ public JWTCreator() {
}

/******** EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/

public String doCreate(String algorithm, PrivateClaims privateClaims, JWTOptions options) {
this.error.cleanError();
if (options.hasError()) {
this.error = options.getError();
return "";
}
JWTAlgorithm alg = JWTAlgorithm.getJWTAlgorithm(algorithm, this.error);
if (this.hasError()) {
return "";
}
Builder tokenBuilder = JWT.create();
if (!options.getHeaderParameters().isEmpty()) {
HeaderParameters parameters = options.getHeaderParameters();
tokenBuilder.withHeader(parameters.getMap());
}
tokenBuilder = doBuildPayload(tokenBuilder, privateClaims, options);
if (this.hasError()) {
return "";
}
Algorithm algorithmType = null;
if (JWTAlgorithm.isPrivate(alg)) {

PrivateKeyManager key = options.getPrivateKey();
if (key.hasError()) {
this.error = key.getError();
return "";
}

algorithmType = JWTAlgorithm.getAsymmetricAlgorithm(alg, key, null, error);
if (this.hasError()) {
return "";
}

} else {

algorithmType = JWTAlgorithm.getSymmetricAlgorithm(alg, options.getSecret(), this.error);
if (this.hasError()) {
return "";
}
}
String signedJwt = "";
try {
signedJwt = tokenBuilder.sign(algorithmType);
} catch (Exception e) {
this.error.setError("JW003", e.getMessage());
return "";
}

return signedJwt;
return create_Aux(algorithm, privateClaims, options);
}

public boolean doVerify(String token, String expectedAlgorithm, PrivateClaims privateClaims, JWTOptions options) {
this.error.cleanError();
return doVerify(token, expectedAlgorithm, privateClaims, options, true, true);
}

public boolean doVerifyJustSignature(String token, String expectedAlgorithm, JWTOptions options) {
this.error.cleanError();
return doVerify(token, expectedAlgorithm, null, options, false, false);
}

public boolean doVerifySignature(String token, String expectedAlgorithm, JWTOptions options) {
this.error.cleanError();
return doVerify(token, expectedAlgorithm, null, options, false, true);
}

public String getPayload(String token) {
this.error.cleanError();
String res = "";
try {
res = getTokenPart(token, "payload");
} catch (Exception e) {
this.error.setError("JW009", e.getMessage());
this.error.setError("JW001", e.getMessage());
return "";
}
return res;

}

public String getHeader(String token) {
this.error.cleanError();
String res = "";
try {
res = getTokenPart(token, "header");
} catch (Exception e) {
this.error.setError("JW010", e.getMessage());
this.error.setError("JW002", e.getMessage());
return "";
}
return res;
}

public String getTokenID(String token) {
this.error.cleanError();
String res = "";
try {

res = getTokenPart(token, "id");
} catch (Exception e) {
this.error.setError("JW011", e.getMessage());
this.error.setError("JW003", e.getMessage());
return "";
}
return res;
}

/******** EXTERNAL OBJECT PUBLIC METHODS - END ********/

private String create_Aux(String algorithm, PrivateClaims privateClaims, JWTOptions options) {
if (options == null) {
this.error.setError("JW004", "Options parameter is null");
return "";
}
JWTAlgorithm alg = JWTAlgorithm.getJWTAlgorithm(algorithm, this.error);
if (this.hasError()) {
return "";
}
Builder tokenBuilder = JWT.create();
if (!options.getHeaderParameters().isEmpty()) {
HeaderParameters parameters = options.getHeaderParameters();
tokenBuilder.withHeader(parameters.getMap());
}
if (privateClaims == null) {
this.error.setError("JW005", "PrivateClaims parameter is null");
return "";
}
tokenBuilder = doBuildPayload(tokenBuilder, privateClaims, options);
if (this.hasError()) {
return "";
}
Algorithm algorithmType = null;
if (JWTAlgorithm.isPrivate(alg)) {

PrivateKeyManager key = options.getPrivateKey();
if (key.hasError()) {
this.error = key.getError();
return "";
}

algorithmType = JWTAlgorithm.getAsymmetricAlgorithm(alg, key, null, error);
if (this.hasError()) {
return "";
}

} else {

algorithmType = JWTAlgorithm.getSymmetricAlgorithm(alg, options.getSecret(), this.error);
if (this.hasError()) {
return "";
}
}
String signedJwt = "";
try {
signedJwt = tokenBuilder.sign(algorithmType);
} catch (Exception e) {
this.error.setError("JW006", e.getMessage());
return "";
}

return signedJwt;
}

private boolean doVerify(String token, String expectedAlgorithm, PrivateClaims privateClaims, JWTOptions options,
boolean verifyClaims, boolean verifyRegClaims) {
this.error.cleanError();
if (options.hasError()) {
this.error = options.getError();

if (options == null) {
this.error.setError("JW004", "Options parameter is null");
return false;
}
DecodedJWT decodedJWT = null;
try {
decodedJWT = JWT.decode(token);

} catch (Exception e) {
this.error.setError("JW005", e.getMessage());
this.error.setError("JW007", e.getMessage());
return false;
}
if (isRevoqued(decodedJWT, options)) {
Expand Down Expand Up @@ -199,14 +214,14 @@ private boolean doVerify(String token, String expectedAlgorithm, PrivateClaims p
if (this.hasError()) {
return false;
}

try {
JWTVerifier verifier = verification.build();
DecodedJWT decodedToken = JWT.decode(token);

verifier.verify(decodedToken);
} catch (Exception e) {
error.setError("JW006", e.getMessage());

error.setError("JW009", e.getMessage());
return false;
}

Expand All @@ -227,7 +242,7 @@ private String getTokenPart(String token, String part) throws Exception {
case "id":
return decodedToken.getId();
default:
error.setError("JW007", "Unknown token segment");
error.setError("JW010", "Unknown token segment");
return "";
}
byte[] base64Bytes = Base64.decodeBase64(base64Part);
Expand Down Expand Up @@ -268,7 +283,7 @@ private Verification buildVerification(Verification verification, JWTOptions opt
return null;
}
} else {
error.setError("JW002", registeredC.get(z).getKey() + " wrong registered claim key");
error.setError("JW011", String.format("%s wrong registered claim key", registeredC.get(z).getKey()));
return null;
}
}
Expand Down Expand Up @@ -298,12 +313,12 @@ private Builder doBuildPayload(Builder tokenBuilder, PrivateClaims privateClaims
} else if (obj instanceof Boolean) {
tokenBuilder.withClaim(privateC.get(i).getKey(), (boolean) privateC.get(i).getValue());
} else {
this.error.setError("JW012", "Unrecognized data type");
this.error.setError("JW016", "Unrecognized data type");
}
// tokenBuilder.withClaim(privateC.get(i).getKey(), privateC.get(i).getValue());
}
} catch (Exception e) {
this.error.setError("JW004", e.getMessage());
this.error.setError("JW012", e.getMessage());
return null;
}
}
Expand All @@ -315,7 +330,7 @@ private Builder doBuildPayload(Builder tokenBuilder, PrivateClaims privateClaims
try {
tokenBuilder.withClaim(publicC.get(j).getKey(), (String) publicC.get(j).getValue());
} catch (Exception e) {
this.error.setError("JW003", e.getMessage());
this.error.setError("JW013", e.getMessage());
return null;
}
}
Expand All @@ -332,7 +347,7 @@ private Builder doBuildPayload(Builder tokenBuilder, PrivateClaims privateClaims
return null;
}
} else {
error.setError("JW002", registeredC.get(z).getKey() + " wrong registered claim key");
error.setError("JW011", String.format("%s wrong registered claim key", registeredC.get(z).getKey()));
return null;
}
}
Expand All @@ -358,7 +373,7 @@ private boolean verifyPrivateClaims(DecodedJWT decodedJWT, PrivateClaims private
map = (HashMap<String, Object>) mapper.readValue(plainTextPart, new TypeReference<Map<String, Object>>() {
});
} catch (Exception e) {
this.error.setError("JW009", "Cannot parse JWT payload");
this.error.setError("JW014", e.getMessage());
return false;
}
this.counter = 0;
Expand Down Expand Up @@ -394,23 +409,21 @@ private boolean verifyNestedClaims(Map<String, Object> pclaimMap, Map<String, Ob
if (!SecurityUtils.compareStrings(((String) op).trim(), ((String) ot).trim())) {
return false;
}
} else if((op instanceof Integer || op instanceof Long) && (ot instanceof Integer || ot instanceof Long)) {
if((convertToLong(op)).compareTo(convertToLong(ot)) != 0)
{

} else if ((op instanceof Integer || op instanceof Long)
&& (ot instanceof Integer || ot instanceof Long)) {
if ((convertToLong(op)).compareTo(convertToLong(ot)) != 0) {
return false;
}
}else if((op instanceof Double && ot instanceof Double)) {
if((double)op != (double)ot)
{
} else if ((op instanceof Double && ot instanceof Double)) {
if ((double) op != (double) ot) {
return false;
}
}else if((op instanceof Boolean && ot instanceof Boolean)) {
if(Boolean.compare((boolean)op, (boolean)ot) != 0)
{
} else if ((op instanceof Boolean && ot instanceof Boolean)) {
if (Boolean.compare((boolean) op, (boolean) ot) != 0) {
return false;
}
}else if (op instanceof HashMap && ot instanceof HashMap) {
} else if (op instanceof HashMap && ot instanceof HashMap) {
@SuppressWarnings("unchecked")
boolean flag = verifyNestedClaims((HashMap<String, Object>) op, (HashMap<String, Object>) ot,
registeredClaims, publicClaims);
Expand Down Expand Up @@ -511,12 +524,12 @@ private int getHeaderClaimsNumber(DecodedJWT decodedJWT) {
return map.size();

}

private Long convertToLong(Object o){
String stringToConvert = String.valueOf(o);
Long convertedLong = Long.parseLong(stringToConvert);
return convertedLong;

}
private Long convertToLong(Object o) {
String stringToConvert = String.valueOf(o);
Long convertedLong = Long.parseLong(stringToConvert);
return convertedLong;

}

}
2 changes: 1 addition & 1 deletion GeneXusJWT/src/main/java/com/genexus/JWT/claims/Claims.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ public Object getClaimValue(String key, Error error) {
return claims.get(i).getValue();
}
}
error.setError("CL001", "Could not find a claim with" + key + " key value");
error.setError("CLA01", String.format("Could not find a claim with %s key value", key));
return "";
}

Expand Down
Loading