/** * Creates a new Algorithm instance using HmacSHA512. Tokens specify this as "HS512". * * @param secret the secret bytes to use in the verify or signing instance. * @return a valid HMAC512 Algorithm. * @throws IllegalArgumentException if the provided Secret is null. */ public static Algorithm HMAC512(byte[] secret) throws IllegalArgumentException { return new HMACAlgorithm("HS512", "HmacSHA512", secret); }
HMACAlgorithm(String id, String algorithm, String secret) throws IllegalArgumentException { this(new CryptoHelper(), id, algorithm, getSecretBytes(secret)); }
@Override @Deprecated public byte[] sign(byte[] contentBytes) throws SignatureGenerationException { try { return crypto.createSignatureFor(getDescription(), secret, contentBytes); } catch (NoSuchAlgorithmException | InvalidKeyException e) { throw new SignatureGenerationException(this, e); } } }
/** * Creates a new Algorithm instance using HmacSHA384. Tokens specify this as "HS384". * * @param secret the secret bytes to use in the verify or signing instance. * @return a valid HMAC384 Algorithm. * @throws IllegalArgumentException if the provided Secret is null. */ public static Algorithm HMAC384(byte[] secret) throws IllegalArgumentException { return new HMACAlgorithm("HS384", "HmacSHA384", secret); }
@Test public void shouldGetStringBytes() throws Exception { String text = "abcdef123456!@#$%^"; byte[] expectedBytes = text.getBytes("UTF-8"); assertTrue(Arrays.equals(expectedBytes, HMACAlgorithm.getSecretBytes(text))); }
@Override public byte[] sign(byte[] headerBytes, byte[] payloadBytes) throws SignatureGenerationException { try { return crypto.createSignatureFor(getDescription(), secret, headerBytes, payloadBytes); } catch (NoSuchAlgorithmException | InvalidKeyException e) { throw new SignatureGenerationException(this, e); } }
/** * Creates a new Algorithm instance using HmacSHA256. Tokens specify this as "HS256". * * @param secret the secret bytes to use in the verify or signing instance. * @return a valid HMAC256 Algorithm. * @throws IllegalArgumentException if the provided Secret is null. */ public static Algorithm HMAC256(byte[] secret) throws IllegalArgumentException { return new HMACAlgorithm("HS256", "HmacSHA256", secret); }
HMACAlgorithm(String id, String algorithm, String secret) throws IllegalArgumentException { this(new CryptoHelper(), id, algorithm, getSecretBytes(secret)); }
@Override public void verify(DecodedJWT jwt) throws SignatureVerificationException { byte[] signatureBytes = Base64.decodeBase64(jwt.getSignature()); try { boolean valid = crypto.verifySignatureFor(getDescription(), secret, jwt.getHeader(), jwt.getPayload(), signatureBytes); if (!valid) { throw new SignatureVerificationException(this); } } catch (IllegalStateException | InvalidKeyException | NoSuchAlgorithmException e) { throw new SignatureVerificationException(this, e); } }
/** * Creates a new Algorithm instance using HmacSHA256. Tokens specify this as "HS256". * * @param secret the secret to use in the verify or signing instance. * @return a valid HMAC256 Algorithm. * @throws IllegalArgumentException if the provided Secret is null. */ public static Algorithm HMAC256(String secret) throws IllegalArgumentException { return new HMACAlgorithm("HS256", "HmacSHA256", secret); }
@Override @Deprecated public byte[] sign(byte[] contentBytes) throws SignatureGenerationException { try { return crypto.createSignatureFor(getDescription(), secret, contentBytes); } catch (NoSuchAlgorithmException | InvalidKeyException e) { throw new SignatureGenerationException(this, e); } } }
/** * Creates a new Algorithm instance using HmacSHA384. Tokens specify this as "HS384". * * @param secret the secret to use in the verify or signing instance. * @return a valid HMAC384 Algorithm. * @throws IllegalArgumentException if the provided Secret is null. */ public static Algorithm HMAC384(String secret) throws IllegalArgumentException { return new HMACAlgorithm("HS384", "HmacSHA384", secret); }
@Override public byte[] sign(byte[] headerBytes, byte[] payloadBytes) throws SignatureGenerationException { try { return crypto.createSignatureFor(getDescription(), secret, headerBytes, payloadBytes); } catch (NoSuchAlgorithmException | InvalidKeyException e) { throw new SignatureGenerationException(this, e); } }
/** * Creates a new Algorithm instance using HmacSHA512. Tokens specify this as "HS512". * * @param secret the secret to use in the verify or signing instance. * @return a valid HMAC512 Algorithm. * @throws IllegalArgumentException if the provided Secret is null. */ public static Algorithm HMAC512(String secret) throws IllegalArgumentException { return new HMACAlgorithm("HS512", "HmacSHA512", secret); }
@Override public void verify(DecodedJWT jwt) throws SignatureVerificationException { byte[] signatureBytes = Base64.decodeBase64(jwt.getSignature()); try { boolean valid = crypto.verifySignatureFor(getDescription(), secret, jwt.getHeader(), jwt.getPayload(), signatureBytes); if (!valid) { throw new SignatureVerificationException(this); } } catch (IllegalStateException | InvalidKeyException | NoSuchAlgorithmException e) { throw new SignatureVerificationException(this, e); } }
@Test public void shouldThrowOnSignWhenSignatureAlgorithmDoesNotExists() throws Exception { exception.expect(SignatureGenerationException.class); exception.expectMessage("The Token's Signature couldn't be generated when signing using the Algorithm: some-algorithm"); exception.expectCause(isA(NoSuchAlgorithmException.class)); CryptoHelper crypto = mock(CryptoHelper.class); when(crypto.createSignatureFor(anyString(), any(byte[].class), any(byte[].class), any(byte[].class))) .thenThrow(NoSuchAlgorithmException.class); Algorithm algorithm = new HMACAlgorithm(crypto, "some-alg", "some-algorithm", "secret".getBytes(StandardCharsets.UTF_8)); algorithm.sign(new byte[0], new byte[0]); }
@Test public void shouldThrowOnSignWhenTheSecretIsInvalid() throws Exception { exception.expect(SignatureGenerationException.class); exception.expectMessage("The Token's Signature couldn't be generated when signing using the Algorithm: some-algorithm"); exception.expectCause(isA(InvalidKeyException.class)); CryptoHelper crypto = mock(CryptoHelper.class); when(crypto.createSignatureFor(anyString(), any(byte[].class), any(byte[].class), any(byte[].class))) .thenThrow(InvalidKeyException.class); Algorithm algorithm = new HMACAlgorithm(crypto, "some-alg", "some-algorithm", "secret".getBytes(StandardCharsets.UTF_8)); algorithm.sign(new byte[0], new byte[0]); }
@Test public void shouldThrowOnVerifyWhenSignatureAlgorithmDoesNotExists() throws Exception { exception.expect(SignatureVerificationException.class); exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: some-alg"); exception.expectCause(isA(NoSuchAlgorithmException.class)); CryptoHelper crypto = mock(CryptoHelper.class); when(crypto.verifySignatureFor(anyString(), any(byte[].class), any(String.class), any(String.class), any(byte[].class))) .thenThrow(NoSuchAlgorithmException.class); Algorithm algorithm = new HMACAlgorithm(crypto, "some-alg", "some-algorithm", "secret".getBytes(StandardCharsets.UTF_8)); String jwt = "eyJhbGciOiJIUzI1NiIsImN0eSI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.mZ0m_N1J4PgeqWmi903JuUoDRZDBPB7HwkS4nVyWH1M"; algorithm.verify(JWT.decode(jwt)); }
@Test public void shouldThrowOnVerifyWhenTheSecretIsInvalid() throws Exception { exception.expect(SignatureVerificationException.class); exception.expectMessage("The Token's Signature resulted invalid when verified using the Algorithm: some-alg"); exception.expectCause(isA(InvalidKeyException.class)); CryptoHelper crypto = mock(CryptoHelper.class); when(crypto.verifySignatureFor(anyString(), any(byte[].class), any(String.class), any(String.class), any(byte[].class))) .thenThrow(InvalidKeyException.class); Algorithm algorithm = new HMACAlgorithm(crypto, "some-alg", "some-algorithm", "secret".getBytes(StandardCharsets.UTF_8)); String jwt = "eyJhbGciOiJIUzI1NiIsImN0eSI6IkpXVCJ9.eyJpc3MiOiJhdXRoMCJ9.mZ0m_N1J4PgeqWmi903JuUoDRZDBPB7HwkS4nVyWH1M"; algorithm.verify(JWT.decode(jwt)); }
/** * Creates a new Algorithm instance using HmacSHA256. Tokens specify this as "HS256". * * @param secret the secret to use in the verify or signing instance. * @return a valid HMAC256 Algorithm. * @throws IllegalArgumentException if the provided Secret is null. */ public static Algorithm HMAC256(String secret) throws IllegalArgumentException { return new HMACAlgorithm("HS256", "HmacSHA256", secret); }