-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue #4128 - test the decoding of OpenId Credentials #4166
Merged
lachlan-roberts
merged 11 commits into
jetty-9.4.x
from
jetty-9.4.x-4128-testDecoderPadding
Nov 20, 2019
Merged
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
153c404
Issue #4128 - test the decoding of OpenId Credentials
lachlan-roberts cee3552
add missing licence headers
lachlan-roberts 8b7c131
Merge remote-tracking branch 'eclipse/jetty-9.4.x' into jetty-9.4.x-4…
lachlan-roberts 218505b
changes from review
lachlan-roberts dd8914d
Merge remote-tracking branch 'eclipse/jetty-9.4.x' into jetty-9.4.x-4…
lachlan-roberts 0c73cac
changes from review
lachlan-roberts 06b7925
Merge remote-tracking branch 'eclipse/jetty-9.4.x' into jetty-9.4.x-4…
lachlan-roberts 2b0e1f5
remove file from merge
lachlan-roberts 7d94370
Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-9.4.x-41…
lachlan-roberts 67ec3d2
Add test using JWT example from #4128 which demonstrates the issue
lachlan-roberts f784135
Add javadoc for JwtEncoder
lachlan-roberts File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -53,7 +53,10 @@ public static Map<String, Object> decode(String jwt) | |
String jwtClaimString = new String(decoder.decode(padJWTSection(sections[1])), StandardCharsets.UTF_8); | ||
String jwtSignature = sections[2]; | ||
|
||
Map<String, Object> jwtHeader = (Map)JSON.parse(jwtHeaderString); | ||
Object parsedJwtHeader = JSON.parse(jwtHeaderString); | ||
if (!(parsedJwtHeader instanceof Map)) | ||
throw new IllegalStateException("Invalid JWT header"); | ||
Map<String, Object> jwtHeader = (Map)parsedJwtHeader; | ||
if (LOG.isDebugEnabled()) | ||
LOG.debug("JWT Header: {}", jwtHeader); | ||
|
||
|
@@ -63,7 +66,10 @@ and the Token Endpoint (which it is in this flow), the TLS server validation | |
if (LOG.isDebugEnabled()) | ||
LOG.debug("JWT signature not validated {}", jwtSignature); | ||
|
||
return (Map)JSON.parse(jwtClaimString); | ||
Object parsedClaims = JSON.parse(jwtClaimString); | ||
if (!(parsedClaims instanceof Map)) | ||
throw new IllegalStateException("Could not decode JSON for JWT claims."); | ||
return (Map)parsedClaims; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This method returns a typed map. These types should be checked as well before returning. |
||
} | ||
|
||
static byte[] padJWTSection(String unpaddedEncodedJwtSection) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
...d-cdi-webapp/overlays/org.eclipse.jetty.tests.test-cdi-common-webapp-9.4.22-SNAPSHOT.info
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
1573621109636 | ||
(?:[^/]+/)*?[^/]*? | ||
META-INF(?:$|/.+) |
You are viewing a condensed version of this merge commit. You can view the full changes here.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not the safest of casts. I'd check that the keys are strings using code like we've done in previous PRs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would a Map with keys that are not strings even be valid JSON. If our JSON parser is capable of returning invalid JSON then we should fix that in the parser rather than testing the return type is valid everywhere it is used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a fair point, and do not oppose this change given that argument. However, I still would do the conversion at run-time to a
Map<String, Object>
and not cast it to that. We're not in a high throughput case here. We can tolerate 250ms for the entire code flow + login (say 6 request/responses) in most cases I've seen. So, I'd err on the side of clean code that relies on the compiler for type checking. As I said though, your argument is hard to dispute.