├── .gitignore ├── CHANGELOG.txt ├── COPYRIGHT.txt ├── LICENSE.txt ├── README.md ├── SECURITY-CHANGELOG.txt ├── pom.xml └── src ├── main ├── java │ └── com │ │ └── nimbusds │ │ ├── jose │ │ ├── Algorithm.java │ │ ├── AlgorithmFamily.java │ │ ├── CommonSEHeader.java │ │ ├── CompressionAlgorithm.java │ │ ├── CriticalHeaderParamsAware.java │ │ ├── EncryptionMethod.java │ │ ├── Header.java │ │ ├── JOSEException.java │ │ ├── JOSEObject.java │ │ ├── JOSEObjectType.java │ │ ├── JOSEProvider.java │ │ ├── JWEAlgorithm.java │ │ ├── JWECryptoParts.java │ │ ├── JWEDecrypter.java │ │ ├── JWEEncrypter.java │ │ ├── JWEHeader.java │ │ ├── JWEObject.java │ │ ├── JWEProvider.java │ │ ├── JWSAlgorithm.java │ │ ├── JWSHeader.java │ │ ├── JWSObject.java │ │ ├── JWSProvider.java │ │ ├── JWSSigner.java │ │ ├── JWSVerifier.java │ │ ├── KeyException.java │ │ ├── KeyLengthException.java │ │ ├── KeySourceException.java │ │ ├── KeyTypeException.java │ │ ├── Payload.java │ │ ├── PayloadTransformer.java │ │ ├── PlainHeader.java │ │ ├── PlainObject.java │ │ ├── RemoteKeySourceException.java │ │ ├── Requirement.java │ │ ├── crypto │ │ │ ├── AAD.java │ │ │ ├── AESCBC.java │ │ │ ├── AESCryptoProvider.java │ │ │ ├── AESDecrypter.java │ │ │ ├── AESEncrypter.java │ │ │ ├── AESGCM.java │ │ │ ├── AESGCMKW.java │ │ │ ├── AESKW.java │ │ │ ├── AlgorithmParametersHelper.java │ │ │ ├── AlgorithmSupportMessage.java │ │ │ ├── AuthenticatedCipherText.java │ │ │ ├── BaseJWEProvider.java │ │ │ ├── BaseJWSProvider.java │ │ │ ├── CipherHelper.java │ │ │ ├── CompositeKey.java │ │ │ ├── ConcatKDF.java │ │ │ ├── ContentCryptoProvider.java │ │ │ ├── CriticalHeaderParamsDeferral.java │ │ │ ├── DeflateHelper.java │ │ │ ├── DirectCryptoProvider.java │ │ │ ├── DirectDecrypter.java │ │ │ ├── DirectEncrypter.java │ │ │ ├── ECDH.java │ │ │ ├── ECDHCryptoProvider.java │ │ │ ├── ECDHDecrypter.java │ │ │ ├── ECDHEncrypter.java │ │ │ ├── ECDSA.java │ │ │ ├── ECDSAProvider.java │ │ │ ├── ECDSASigner.java │ │ │ ├── ECDSAVerifier.java │ │ │ ├── HMAC.java │ │ │ ├── LegacyAESGCM.java │ │ │ ├── LegacyConcatKDF.java │ │ │ ├── MACProvider.java │ │ │ ├── MACSigner.java │ │ │ ├── MACVerifier.java │ │ │ ├── PBKDF2.java │ │ │ ├── PRFParams.java │ │ │ ├── PasswordBasedCryptoProvider.java │ │ │ ├── PasswordBasedDecrypter.java │ │ │ ├── PasswordBasedEncrypter.java │ │ │ ├── RSA1_5.java │ │ │ ├── RSACryptoProvider.java │ │ │ ├── RSADecrypter.java │ │ │ ├── RSAEncrypter.java │ │ │ ├── RSASSA.java │ │ │ ├── RSASSAProvider.java │ │ │ ├── RSASSASigner.java │ │ │ ├── RSASSAVerifier.java │ │ │ ├── RSA_OAEP.java │ │ │ ├── RSA_OAEP_256.java │ │ │ ├── bc │ │ │ │ ├── BouncyCastleProviderSingleton.java │ │ │ │ └── package-info.java │ │ │ ├── factories │ │ │ │ ├── DefaultJWEDecrypterFactory.java │ │ │ │ ├── DefaultJWSVerifierFactory.java │ │ │ │ └── package-info.java │ │ │ ├── package-info.java │ │ │ └── utils │ │ │ │ ├── ConstantTimeUtils.java │ │ │ │ ├── ECChecks.java │ │ │ │ └── package-info.java │ │ ├── jca │ │ │ ├── JCAAware.java │ │ │ ├── JCAContext.java │ │ │ ├── JCASupport.java │ │ │ ├── JWEJCAContext.java │ │ │ └── package-info.java │ │ ├── jwk │ │ │ ├── AssymetricJWK.java │ │ │ ├── Curve.java │ │ │ ├── CurveBasedJWK.java │ │ │ ├── ECKey.java │ │ │ ├── ECParameterTable.java │ │ │ ├── JWK.java │ │ │ ├── JWKMatcher.java │ │ │ ├── JWKMetadata.java │ │ │ ├── JWKSelector.java │ │ │ ├── JWKSet.java │ │ │ ├── KeyConverter.java │ │ │ ├── KeyOperation.java │ │ │ ├── KeyType.java │ │ │ ├── KeyUse.java │ │ │ ├── KeyUseAndOpsConsistency.java │ │ │ ├── OctetKeyPair.java │ │ │ ├── OctetSequenceKey.java │ │ │ ├── PasswordLookup.java │ │ │ ├── RSAKey.java │ │ │ ├── SecretJWK.java │ │ │ ├── ThumbprintUtils.java │ │ │ ├── package-info.java │ │ │ └── source │ │ │ │ ├── ImmutableJWKSet.java │ │ │ │ ├── ImmutableSecret.java │ │ │ │ ├── JWKSource.java │ │ │ │ ├── RemoteJWKSet.java │ │ │ │ └── package-info.java │ │ ├── package-info.java │ │ ├── proc │ │ │ ├── AbstractJWKSelectorWithSource.java │ │ │ ├── BadJOSEException.java │ │ │ ├── BadJWEException.java │ │ │ ├── BadJWSException.java │ │ │ ├── ConfigurableJOSEProcessor.java │ │ │ ├── DefaultJOSEProcessor.java │ │ │ ├── JOSEMatcher.java │ │ │ ├── JOSEProcessor.java │ │ │ ├── JOSEProcessorConfiguration.java │ │ │ ├── JWEDecrypterFactory.java │ │ │ ├── JWEDecryptionKeySelector.java │ │ │ ├── JWEKeySelector.java │ │ │ ├── JWSKeySelector.java │ │ │ ├── JWSVerificationKeySelector.java │ │ │ ├── JWSVerifierFactory.java │ │ │ ├── SecurityContext.java │ │ │ ├── SimpleSecurityContext.java │ │ │ └── package-info.java │ │ └── util │ │ │ ├── AbstractRestrictedResourceRetriever.java │ │ │ ├── ArrayUtils.java │ │ │ ├── Base64.java │ │ │ ├── Base64Codec.java │ │ │ ├── Base64URL.java │ │ │ ├── BigIntegerUtils.java │ │ │ ├── BoundedInputStream.java │ │ │ ├── ByteUtils.java │ │ │ ├── Container.java │ │ │ ├── DateUtils.java │ │ │ ├── DefaultResourceRetriever.java │ │ │ ├── DeflateUtils.java │ │ │ ├── IOUtils.java │ │ │ ├── IntegerOverflowException.java │ │ │ ├── IntegerUtils.java │ │ │ ├── JSONObjectUtils.java │ │ │ ├── Resource.java │ │ │ ├── ResourceRetriever.java │ │ │ ├── RestrictedResourceRetriever.java │ │ │ ├── StandardCharset.java │ │ │ ├── X509CertChainUtils.java │ │ │ ├── X509CertUtils.java │ │ │ └── package-info.java │ │ └── jwt │ │ ├── EncryptedJWT.java │ │ ├── JWT.java │ │ ├── JWTClaimsSet.java │ │ ├── JWTClaimsSetTransformer.java │ │ ├── JWTParser.java │ │ ├── PlainJWT.java │ │ ├── SignedJWT.java │ │ ├── package-info.java │ │ ├── proc │ │ ├── BadJWTException.java │ │ ├── ClockSkewAware.java │ │ ├── ConfigurableJWTProcessor.java │ │ ├── DefaultJWTClaimsVerifier.java │ │ ├── DefaultJWTProcessor.java │ │ ├── JWTClaimsSetVerifier.java │ │ ├── JWTClaimsVerifier.java │ │ ├── JWTProcessor.java │ │ ├── JWTProcessorConfiguration.java │ │ └── package-info.java │ │ └── util │ │ ├── DateUtils.java │ │ └── package-info.java └── javadoc │ └── overview.html └── test ├── certs ├── ietf.crt └── wikipedia.crt ├── java └── com │ └── nimbusds │ ├── jose │ ├── AlgorithmTest.java │ ├── EncryptionMethodTest.java │ ├── HeaderTest.java │ ├── JOSEObjectTest.java │ ├── JOSEObjectTypeTest.java │ ├── JWEAlgorithmTest.java │ ├── JWECryptoPartsTest.java │ ├── JWEHeaderTest.java │ ├── JWEObjectTest.java │ ├── JWSAlgorithmTest.java │ ├── JWSHeaderTest.java │ ├── JWSObjectTest.java │ ├── KeyLengthExceptionTest.java │ ├── PayloadTest.java │ ├── PlainHeaderTest.java │ ├── PlainObjectTest.java │ ├── UnencodedJWSPayloadTest.java │ ├── crypto │ │ ├── A128GCMKWTest.java │ │ ├── A128KWTest.java │ │ ├── A192GCMKWTest.java │ │ ├── A192KWTest.java │ │ ├── A256GCMKWTest.java │ │ ├── A256KWTest.java │ │ ├── AADTest.java │ │ ├── AESCBCTest.java │ │ ├── AESCryptoTest.java │ │ ├── AESKWTest.java │ │ ├── AGCMKWTest.java │ │ ├── AlgorithmSupportMessageTest.java │ │ ├── AuthenticatedCipherTextTest.java │ │ ├── CompositeKeyTest.java │ │ ├── ConcatKDFTest.java │ │ ├── ContentCryptoProviderTest.java │ │ ├── CriticalHeaderParamsDeferralTest.java │ │ ├── DirectCryptoTest.java │ │ ├── ECDHCryptoTest.java │ │ ├── ECDHCurveCheckTest.java │ │ ├── ECDHTest.java │ │ ├── ECDSACookbookTest.java │ │ ├── ECDSAJose4JTest.java │ │ ├── ECDSARoundTripTest.java │ │ ├── ECDSASpecVectorsTest.java │ │ ├── ECDSATest.java │ │ ├── HMACTest.java │ │ ├── HSMTest.java │ │ ├── LegacyAESGCMTest.java │ │ ├── LegacyConcatKDFTest.java │ │ ├── MACTest.java │ │ ├── OpenSSLWithECKeyTest.java │ │ ├── PBES2Test.java │ │ ├── PBKDF2Test.java │ │ ├── RSA1_5Test.java │ │ ├── RSASSATest.java │ │ ├── RSA_OAEPTest.java │ │ ├── RSA_OAEP_256_Test.java │ │ ├── SecureRandomTest.java │ │ ├── factories │ │ │ ├── DefaultJWEDecrypterFactoryTest.java │ │ │ └── DefaultJWSVerifierFactoryTest.java │ │ └── utils │ │ │ ├── ConstantTimeUtilsTest.java │ │ │ └── ECChecksTest.java │ ├── jca │ │ ├── DumpSupportedJCAAlgs.java │ │ ├── JCAContextTest.java │ │ ├── JCASupportTest.java │ │ └── JWEJCAContextTest.java │ ├── jwk │ │ ├── CurveTest.java │ │ ├── ECKeyTest.java │ │ ├── ECParameterTableTest.java │ │ ├── JWKMatcherTest.java │ │ ├── JWKSelectorTest.java │ │ ├── JWKSetTest.java │ │ ├── JWKTest.java │ │ ├── KeyConverterTest.java │ │ ├── KeyOperationTest.java │ │ ├── KeyTypeTest.java │ │ ├── KeyUseAndOpsConsistencyTest.java │ │ ├── KeyUseTest.java │ │ ├── OctetKeyPairTest.java │ │ ├── OctetSequenceKeyTest.java │ │ ├── RSAKeyTest.java │ │ └── source │ │ │ ├── ImmutableJWKSetTest.java │ │ │ ├── ImmutableSecretTest.java │ │ │ └── RemoteJWKSetTest.java │ ├── proc │ │ ├── DefaultJOSEProcessorTest.java │ │ ├── DefaultJWEDecrypterFactoryTest.java │ │ ├── DefaultJWSVerifierFactoryTest.java │ │ ├── JOSEMatcherTest.java │ │ ├── JWEDecryptionKeySelectorTest.java │ │ ├── JWSVerificationKeySelectorTest.java │ │ ├── KeyTypeExceptionTest.java │ │ └── SimpleSecurityContextTest.java │ └── util │ │ ├── ArrayUtilsTest.java │ │ ├── Base64CodecTest.java │ │ ├── Base64Test.java │ │ ├── Base64URLTest.java │ │ ├── BigIntegerUtilsTest.java │ │ ├── BoundedInputStreamTest.java │ │ ├── ByteUtilsTest.java │ │ ├── ContainerTest.java │ │ ├── DateUtilsTest.java │ │ ├── DefaultResourceRetrieverTest.java │ │ ├── DeflateUtilsTest.java │ │ ├── IntegerUtilsTest.java │ │ ├── JSONObjectUtilsTest.java │ │ ├── ResourceTest.java │ │ ├── StandardCharsetTest.java │ │ └── X509CertUtilsTest.java │ └── jwt │ ├── EncryptedJWTTest.java │ ├── JWTClaimsSetTest.java │ ├── JWTParserTest.java │ ├── PlainJWTTest.java │ ├── SignedJWTTest.java │ ├── proc │ ├── DefaultJWTClaimsVerifierTest.java │ └── DefaultJWTProcessorTest.java │ └── util │ └── DateUtilsTest.java └── keys ├── test-ec256-key.pem ├── test-ec384-key.pem └── test-ec512-key.pem /.gitignore: -------------------------------------------------------------------------------- 1 | /.idea 2 | /nimbus-jose-jwt.iml 3 | nimbus-jose-jwt-*.jar 4 | TEST* 5 | *.class 6 | *~ 7 | .classpath 8 | .pmd 9 | .project 10 | target 11 | *asc 12 | .settings 13 | release.properties 14 | 15 | 16 | -------------------------------------------------------------------------------- /COPYRIGHT.txt: -------------------------------------------------------------------------------- 1 | Nimbus JOSE + JWT 2 | 3 | Copyright 2012-2017, Connect2id Ltd. 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"); you may not use 6 | this file except in compliance with the License. You may obtain a copy of the 7 | License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software distributed 12 | under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 13 | CONDITIONS OF ANY KIND, either express or implied. See the License for the 14 | specific language governing permissions and limitations under the License. 15 | -------------------------------------------------------------------------------- /SECURITY-CHANGELOG.txt: -------------------------------------------------------------------------------- 1 | version 2.13.0 (2013-03-28) 2 | * Implements basic MMA attack protection for RSA1_5 JWE algorithm (issue 3 | #23). 4 | 5 | version 2.26.1 (2014-07-14) 6 | * Removes checked exception from RSA1_5.decryptCEK(...) to minimise 7 | exposure to timing attacks for JWE with RSA1_5 (issue #91). 8 | 9 | version 3.1.2 (2014-09-01) 10 | * Closes timing attack vulnerability in MACVerifier for JWS with HS256, 11 | HS384 and HS512 (issue #107). 12 | 13 | version 4.34.2 (2017-02-28) 14 | * Adds an explicit check during ECDH decryption to ensure the submitted 15 | ephemeral public EC key is on the same curve as the private EC key. 16 | Intended to prevent an "Invalid Curve Attack" with JCA providers that 17 | don't perform this check internally. See http://c2id.co/3n for details. 18 | Affected is the default Java SUN JCA provider that comes with Java prior 19 | to version 1.8.0_51. Later Java versions and the BouncyCastle JCA 20 | provider are not affected (issue #210). Allocated CVE-2017-12974. 21 | 22 | version 4.39 (2017-06-02) 23 | * Fixes authenticated AES/CBC decryption to prevent Padding Oracle attacks 24 | in JWE with A128CBC-HS256, A192CBC-HS384 and A256CBC-HS512 encryption 25 | method (issue #223). Allocated CVE-2017-12973. 26 | * Fixes authenticated AES/CBC decryption to prevent integer overflow 27 | attacks that can cause the HMAC check to be bypassed. Affected is JWE 28 | decryption with A128CBC-HS256, A192CBC-HS384 and A256CBC-HS512 encryption 29 | method (issue #224). Allocated CVE-2017-12972. -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/AlgorithmFamily.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import java.util.Collection; 22 | import java.util.LinkedHashSet; 23 | 24 | import net.jcip.annotations.Immutable; 25 | 26 | 27 | /** 28 | * Algorithm family. 29 | * 30 | * @author Vladimir Dzhuvinov 31 | * @version 2016-08-24 32 | */ 33 | @Immutable 34 | class AlgorithmFamily extends LinkedHashSet { 35 | 36 | 37 | private static final long serialVersionUID = 1L; 38 | 39 | 40 | /** 41 | * Creates a new algorithm family. 42 | * 43 | * @param algs The algorithms of the family. Must not be {@code null}. 44 | */ 45 | public AlgorithmFamily(final T ... algs) { 46 | for (T alg: algs) { 47 | super.add(alg); 48 | } 49 | } 50 | 51 | 52 | @Override 53 | public boolean add(final T alg) { 54 | throw new UnsupportedOperationException(); 55 | } 56 | 57 | 58 | @Override 59 | public boolean addAll(final Collection algs) { 60 | throw new UnsupportedOperationException(); 61 | } 62 | 63 | 64 | @Override 65 | public boolean remove(final Object o) { 66 | throw new UnsupportedOperationException(); 67 | } 68 | 69 | 70 | @Override 71 | public boolean removeAll(final Collection c) { 72 | throw new UnsupportedOperationException(); 73 | } 74 | 75 | 76 | @Override 77 | public boolean retainAll(final Collection c) { 78 | throw new UnsupportedOperationException(); 79 | } 80 | } 81 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/CriticalHeaderParamsAware.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import java.util.Set; 22 | 23 | 24 | /** 25 | * JSON Web Signature (JWS) verifier or JSON Web Encryption (JWE) decrypter 26 | * that supports processing and / or deferral of critical ({@code crit}) header 27 | * parameters. 28 | * 29 | *

JWS verification / JWE decryption will fail with a {@link JOSEException} 30 | * if a critical header is encountered that is neither processed by the 31 | * verifier / decrypter nor deferred to the application. 32 | * 33 | * @author Vladimir Dzhuvinov 34 | * @version 2015-04-21 35 | */ 36 | public interface CriticalHeaderParamsAware { 37 | 38 | 39 | /** 40 | * Returns the names of the critical ({@code crit}) header parameters 41 | * that are understood and processed by the JWS verifier / JWE 42 | * decrypter. 43 | * 44 | * @return The names of the critical header parameters that are 45 | * understood and processed, empty set if none. 46 | */ 47 | Set getProcessedCriticalHeaderParams(); 48 | 49 | 50 | /** 51 | * Returns the names of the critical ({@code crit}) header parameters 52 | * that are deferred to the application for processing and will be 53 | * ignored by the JWS verifier / JWE decrypter. 54 | * 55 | * @return The names of the critical header parameters that are 56 | * deferred to the application for processing, empty set if 57 | * none. 58 | */ 59 | Set getDeferredCriticalHeaderParams(); 60 | } 61 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/JOSEException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | /** 22 | * Javascript Object Signing and Encryption (JOSE) exception. 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 2012-09-15 26 | */ 27 | public class JOSEException extends Exception { 28 | 29 | 30 | private static final long serialVersionUID = 1L; 31 | 32 | 33 | /** 34 | * Creates a new JOSE exception with the specified message. 35 | * 36 | * @param message The exception message. 37 | */ 38 | public JOSEException(final String message) { 39 | 40 | super(message); 41 | } 42 | 43 | 44 | /** 45 | * Creates a new JOSE exception with the specified message and cause. 46 | * 47 | * @param message The exception message. 48 | * @param cause The exception cause. 49 | */ 50 | public JOSEException(final String message, final Throwable cause) { 51 | 52 | super(message, cause); 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/JOSEProvider.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | /** 22 | * JavaScript Object Signing and Encryption (JOSE) provider. 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 2015-05-26 26 | */ 27 | public interface JOSEProvider { } 28 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/JWEDecrypter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import com.nimbusds.jose.util.Base64URL; 22 | 23 | 24 | /** 25 | * JSON Web Encryption (JWE) decrypter. 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2015-04-21 29 | */ 30 | public interface JWEDecrypter extends JWEProvider { 31 | 32 | 33 | /** 34 | * Decrypts the specified cipher text of a {@link JWEObject JWE Object}. 35 | * 36 | * @param header The JSON Web Encryption (JWE) header. Must 37 | * specify a supported JWE algorithm and method. 38 | * Must not be {@code null}. 39 | * @param encryptedKey The encrypted key, {@code null} if not required 40 | * by the JWE algorithm. 41 | * @param iv The initialisation vector, {@code null} if not 42 | * required by the JWE algorithm. 43 | * @param cipherText The cipher text to decrypt. Must not be 44 | * {@code null}. 45 | * @param authTag The authentication tag, {@code null} if not 46 | * required. 47 | * 48 | * @return The clear text. 49 | * 50 | * @throws JOSEException If the JWE algorithm or method is not 51 | * supported, if a critical header parameter is 52 | * not supported or marked for deferral to the 53 | * application, or if decryption failed for some 54 | * other reason. 55 | */ 56 | byte[] decrypt(final JWEHeader header, 57 | final Base64URL encryptedKey, 58 | final Base64URL iv, 59 | final Base64URL cipherText, 60 | final Base64URL authTag) 61 | throws JOSEException; 62 | } 63 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/JWEEncrypter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | /** 22 | * JSON Web Encryption (JWE) encrypter. 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 2015-05-21 26 | */ 27 | public interface JWEEncrypter extends JWEProvider { 28 | 29 | 30 | /** 31 | * Encrypts the specified clear text of a {@link JWEObject JWE object}. 32 | * 33 | * @param header The JSON Web Encryption (JWE) header. Must specify 34 | * a supported JWE algorithm and method. Must not be 35 | * {@code null}. 36 | * @param clearText The clear text to encrypt. Must not be {@code null}. 37 | * 38 | * @return The resulting JWE crypto parts. 39 | * 40 | * @throws JOSEException If the JWE algorithm or method is not 41 | * supported or if encryption failed for some 42 | * other internal reason. 43 | */ 44 | JWECryptoParts encrypt(final JWEHeader header, final byte[] clearText) 45 | throws JOSEException; 46 | } 47 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/JWEProvider.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import java.util.Set; 22 | 23 | import com.nimbusds.jose.jca.JCAAware; 24 | import com.nimbusds.jose.jca.JWEJCAContext; 25 | 26 | 27 | /** 28 | * JSON Web Encryption (JWE) provider. 29 | * 30 | *

The JWE provider can be queried to determine its algorithm capabilities. 31 | * 32 | * @author Vladimir Dzhuvinov 33 | * @version 2015-05-26 34 | */ 35 | public interface JWEProvider extends JOSEProvider, JCAAware { 36 | 37 | 38 | /** 39 | * Returns the names of the supported algorithms by the JWE provider 40 | * instance. These correspond to the {@code alg} JWE header parameter. 41 | * 42 | * @return The supported JWE algorithms, empty set if none. 43 | */ 44 | Set supportedJWEAlgorithms(); 45 | 46 | 47 | /** 48 | * Returns the names of the supported encryption methods by the JWE 49 | * provier. These correspond to the {@code enc} JWE header parameter. 50 | * 51 | * @return The supported encryption methods, empty set if none. 52 | */ 53 | Set supportedEncryptionMethods(); 54 | } 55 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/JWSProvider.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import java.util.Set; 22 | 23 | import com.nimbusds.jose.jca.JCAAware; 24 | import com.nimbusds.jose.jca.JCAContext; 25 | 26 | 27 | /** 28 | * JSON Web Signature (JWS) provider 29 | * 30 | *

The JWS provider can be queried to determine its algorithm capabilities. 31 | * 32 | * @author Vladimir Dzhuvinov 33 | * @version 2015-11-16 34 | */ 35 | public interface JWSProvider extends JOSEProvider, JCAAware { 36 | 37 | 38 | /** 39 | * Returns the names of the supported algorithms by the JWS provider 40 | * instance. These correspond to the {@code alg} JWS header parameter. 41 | * 42 | * @return The supported JWS algorithms, empty set if none. 43 | */ 44 | Set supportedJWSAlgorithms(); 45 | } 46 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/JWSSigner.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import com.nimbusds.jose.util.Base64URL; 22 | 23 | 24 | /** 25 | * JSON Web Signature (JWS) signer. 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2015-04-21 29 | */ 30 | public interface JWSSigner extends JWSProvider { 31 | 32 | 33 | /** 34 | * Signs the specified {@link JWSObject#getSigningInput input} of a 35 | * {@link JWSObject JWS object}. 36 | * 37 | * @param header The JSON Web Signature (JWS) header. Must 38 | * specify a supported JWS algorithm and must not 39 | * be {@code null}. 40 | * @param signingInput The input to sign. Must not be {@code null}. 41 | * 42 | * @return The resulting signature part (third part) of the JWS object. 43 | * 44 | * @throws JOSEException If the JWS algorithm is not supported, if a 45 | * critical header parameter is not supported or 46 | * marked for deferral to the application, or if 47 | * signing failed for some other internal reason. 48 | */ 49 | Base64URL sign(final JWSHeader header, final byte[] signingInput) 50 | throws JOSEException; 51 | } 52 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/JWSVerifier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import com.nimbusds.jose.util.Base64URL; 22 | 23 | 24 | /** 25 | * JSON Web Signature (JWS) verifier. 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2015-04-21 29 | */ 30 | public interface JWSVerifier extends JWSProvider { 31 | 32 | 33 | /** 34 | * Verifies the specified {@link JWSObject#getSignature signature} of a 35 | * {@link JWSObject JWS object}. 36 | * 37 | * @param header The JSON Web Signature (JWS) header. Must 38 | * specify a supported JWS algorithm and must not 39 | * be {@code null}. 40 | * @param signingInput The signing input. Must not be {@code null}. 41 | * @param signature The signature part of the JWS object. Must not 42 | * be {@code null}. 43 | * 44 | * @return {@code true} if the signature was successfully verified, 45 | * {@code false} if the signature is invalid or if a critical 46 | * header is neither supported nor marked for deferral to the 47 | * application. 48 | * 49 | * @throws JOSEException If the JWS algorithm is not supported, or if 50 | * signature verification failed for some other 51 | * internal reason. 52 | */ 53 | boolean verify(final JWSHeader header, final byte[] signingInput, final Base64URL signature) 54 | throws JOSEException; 55 | } 56 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/KeyException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | /** 22 | * Key exception. 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 2015-06-29 26 | */ 27 | public class KeyException extends JOSEException { 28 | 29 | 30 | /** 31 | * Creates a new key exception with the specified message. 32 | * 33 | * @param message The exception message. 34 | */ 35 | public KeyException(final String message) { 36 | 37 | super(message); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/KeyLengthException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | /** 22 | * Key length exception. 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 205-06-29 26 | */ 27 | public class KeyLengthException extends KeyException { 28 | 29 | 30 | /** 31 | * The expected key length. 32 | */ 33 | private final int expectedLength; 34 | 35 | 36 | /** 37 | * The algorithm. 38 | */ 39 | private final Algorithm alg; 40 | 41 | 42 | /** 43 | * Creates a new key length exception. 44 | * 45 | * @param message The exception message. 46 | */ 47 | public KeyLengthException(final String message) { 48 | 49 | super(message); 50 | expectedLength = 0; 51 | alg = null; 52 | } 53 | 54 | 55 | /** 56 | * Creates a new key length exception. 57 | * 58 | * @param alg The JOSE algorithm, {@code null} if not specified. 59 | */ 60 | public KeyLengthException(final Algorithm alg) { 61 | 62 | this(0, alg); 63 | } 64 | 65 | 66 | /** 67 | * Creates a new key length exception. 68 | * 69 | * @param expectedLength The expected key length in bits, zero if not 70 | * specified. 71 | * @param alg The JOSE algorithm, {@code null} if not 72 | * specified. 73 | */ 74 | public KeyLengthException(final int expectedLength, final Algorithm alg) { 75 | 76 | super(( 77 | (expectedLength > 0) ? "The expected key length is " + expectedLength + " bits" : "Unexpected key length") + 78 | ((alg != null) ? " (for " + alg + " algorithm)" : "") 79 | ); 80 | 81 | this.expectedLength = expectedLength; 82 | this.alg = alg; 83 | } 84 | 85 | 86 | /** 87 | * Returns the expected key length. 88 | * 89 | * @return The expected key length in bits, zero if not specified. 90 | */ 91 | public int getExpectedKeyLength() { 92 | 93 | return expectedLength; 94 | } 95 | 96 | 97 | /** 98 | * Returns the algorithm. 99 | * 100 | * @return The JOSE algorithm, {@code null} if not specified. 101 | */ 102 | public Algorithm getAlgorithm() { 103 | 104 | return alg; 105 | } 106 | } 107 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/KeySourceException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | /** 22 | * Key source exception. 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 2016-06-21 26 | */ 27 | public class KeySourceException extends JOSEException { 28 | 29 | 30 | /** 31 | * Creates a new key source exception. 32 | * 33 | * @param message The message. 34 | */ 35 | public KeySourceException(final String message) { 36 | super(message); 37 | } 38 | 39 | 40 | /** 41 | * Creates a new key source exception. 42 | * 43 | * @param message The message. 44 | * @param cause The cause. 45 | */ 46 | public KeySourceException(final String message, final Throwable cause) { 47 | super(message, cause); 48 | } 49 | } 50 | 51 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/KeyTypeException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import java.security.Key; 22 | 23 | 24 | /** 25 | * Key type exception. 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2015-06-29 29 | */ 30 | public class KeyTypeException extends KeyException { 31 | 32 | 33 | /** 34 | * Creates a new key type exception. 35 | * 36 | * @param expectedKeyClass The expected key class. Should not be 37 | * {@code null}. 38 | */ 39 | public KeyTypeException(final Class expectedKeyClass) { 40 | 41 | super("Invalid key: Must be an instance of " + expectedKeyClass); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/PayloadTransformer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | /** 22 | * Generic payload type transformer. Implementations should be tread-safe. 23 | */ 24 | public interface PayloadTransformer { 25 | 26 | 27 | /** 28 | * Transforms the specified payload into the desired type. 29 | * 30 | * @param payload The payload. Not {@code null}. 31 | * 32 | * @return The desired type. 33 | */ 34 | T transform(final Payload payload); 35 | } 36 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/RemoteKeySourceException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | /** 22 | * Remote key source exception. 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 2016-06-21 26 | */ 27 | public class RemoteKeySourceException extends KeySourceException { 28 | 29 | 30 | /** 31 | * Creates a new remote key source exception. 32 | * 33 | * @param message The message. 34 | * @param cause The cause. 35 | */ 36 | public RemoteKeySourceException(final String message, final Throwable cause) { 37 | super(message, cause); 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/Requirement.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | /** 22 | * Enumeration of JOSE algorithm implementation requirements. Refers to the 23 | * requirement levels defined in RFC 2119. 24 | * 25 | * @author Vladimir Dzhuvinov 26 | * @version 2012-09-17 27 | */ 28 | public enum Requirement { 29 | 30 | 31 | /** 32 | * The implementation of the algorithm is required. 33 | */ 34 | REQUIRED, 35 | 36 | 37 | /** 38 | * The implementation of the algorithm is recommended. 39 | */ 40 | RECOMMENDED, 41 | 42 | 43 | /** 44 | * The implementation of the algorithm is optional. 45 | */ 46 | OPTIONAL 47 | } 48 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/AAD.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.nio.ByteBuffer; 22 | import java.nio.charset.Charset; 23 | 24 | import com.nimbusds.jose.JWEHeader; 25 | import com.nimbusds.jose.util.Base64URL; 26 | import com.nimbusds.jose.util.ByteUtils; 27 | import com.nimbusds.jose.util.IntegerOverflowException; 28 | 29 | 30 | /** 31 | * Additional authenticated data (AAD). 32 | * 33 | *

See RFC 7518 (JWA), section 5.1, point 14. 34 | * 35 | * @author Vladimir Dzhuvinov 36 | * @version 2017-06-01 37 | */ 38 | class AAD { 39 | 40 | 41 | /** 42 | * Computes the Additional Authenticated Data (AAD) for the specified 43 | * JWE header. 44 | * 45 | * @param jweHeader The JWE header. Must not be {@code null}. 46 | * 47 | * @return The AAD. 48 | */ 49 | public static byte[] compute(final JWEHeader jweHeader) { 50 | 51 | return compute(jweHeader.toBase64URL()); 52 | } 53 | 54 | 55 | /** 56 | * Computes the Additional Authenticated Data (AAD) for the specified 57 | * BASE64URL-encoded JWE header. 58 | * 59 | * @param encodedJWEHeader The BASE64URL-encoded JWE header. Must not 60 | * be {@code null}. 61 | * 62 | * @return The AAD. 63 | */ 64 | public static byte[] compute(final Base64URL encodedJWEHeader) { 65 | 66 | return encodedJWEHeader.toString().getBytes(Charset.forName("ASCII")); 67 | } 68 | 69 | 70 | /** 71 | * Computes the bit length of the specified Additional Authenticated 72 | * Data (AAD). Used in AES/CBC/PKCS5Padding/HMAC-SHA2 encryption. 73 | * 74 | * @param aad The Additional Authenticated Data (AAD). Must not be 75 | * {@code null}. 76 | * 77 | * @return The computed AAD bit length, as a 64 bit big-endian 78 | * representation (8 byte array). 79 | * 80 | * @throws IntegerOverflowException On a integer overflow. 81 | */ 82 | public static byte[] computeLength(final byte[] aad) 83 | throws IntegerOverflowException { 84 | 85 | final int bitLength = ByteUtils.safeBitLength(aad); 86 | return ByteBuffer.allocate(8).putLong(bitLength).array(); 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/AlgorithmParametersHelper.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.security.AlgorithmParameters; 22 | import java.security.NoSuchAlgorithmException; 23 | import java.security.Provider; 24 | 25 | 26 | /** 27 | * Utility for creating {@link java.security.AlgorithmParameters} objects with 28 | * an optional JCA provider. 29 | * 30 | * @author Justin Richer 31 | */ 32 | class AlgorithmParametersHelper { 33 | 34 | 35 | /** 36 | * Creates a new {@link java.security.AlgorithmParameters} instance. 37 | * 38 | * @param name The name of the requested algorithm. Must not be 39 | * {@code null}. 40 | * @param provider The JCA provider, or {@code null} to use the default 41 | * one. 42 | * 43 | * @return The AlgorithmParameters instance. 44 | * 45 | * @throws NoSuchAlgorithmException If an AlgorithmParameterGeneratorSpi 46 | * implementation for the specified 47 | * algorithm is not available from the 48 | * specified Provider object. 49 | */ 50 | public static AlgorithmParameters getInstance(final String name, final Provider provider) 51 | throws NoSuchAlgorithmException { 52 | 53 | if (provider == null) { 54 | return AlgorithmParameters.getInstance(name); 55 | } else { 56 | return AlgorithmParameters.getInstance(name, provider); 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/AuthenticatedCipherText.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import net.jcip.annotations.Immutable; 22 | 23 | 24 | /** 25 | * Authenticated cipher text. This class is immutable. 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2013-05-06 29 | */ 30 | @Immutable 31 | final class AuthenticatedCipherText { 32 | 33 | 34 | /** 35 | * The cipher text. 36 | */ 37 | private final byte[] cipherText; 38 | 39 | 40 | /** 41 | * The authentication tag. 42 | */ 43 | private final byte[] authenticationTag; 44 | 45 | 46 | /** 47 | * Creates a new authenticated cipher text. 48 | * 49 | * @param cipherText The cipher text. Must not be {@code null}. 50 | * @param authenticationTag The authentication tag. Must not be 51 | * {@code null}. 52 | */ 53 | public AuthenticatedCipherText(final byte[] cipherText, final byte[] authenticationTag) { 54 | 55 | if (cipherText == null) 56 | throw new IllegalArgumentException("The cipher text must not be null"); 57 | 58 | this.cipherText = cipherText; 59 | 60 | 61 | if (authenticationTag == null) 62 | throw new IllegalArgumentException("The authentication tag must not be null"); 63 | 64 | this.authenticationTag = authenticationTag; 65 | } 66 | 67 | 68 | /** 69 | * Gets the cipher text. 70 | * 71 | * @return The cipher text. 72 | */ 73 | public byte[] getCipherText() { 74 | 75 | return cipherText; 76 | } 77 | 78 | 79 | /** 80 | * Gets the authentication tag. 81 | * 82 | * @return The authentication tag. 83 | */ 84 | public byte[] getAuthenticationTag() { 85 | 86 | return authenticationTag; 87 | } 88 | } -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/BaseJWEProvider.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.util.Collections; 22 | import java.util.Set; 23 | 24 | import com.nimbusds.jose.EncryptionMethod; 25 | import com.nimbusds.jose.JWEAlgorithm; 26 | import com.nimbusds.jose.JWEProvider; 27 | import com.nimbusds.jose.jca.JWEJCAContext; 28 | 29 | 30 | /** 31 | * The base abstract class for JSON Web Encryption (JWE) encrypters and 32 | * decrypters. 33 | * 34 | * @author Vladimir Dzhuvinov 35 | * @version 2015-11-16 36 | */ 37 | abstract class BaseJWEProvider implements JWEProvider { 38 | 39 | 40 | /** 41 | * The supported algorithms by the JWE provider intance. 42 | */ 43 | private final Set algs; 44 | 45 | 46 | /** 47 | * The supported encryption methods by the JWE provider instance. 48 | */ 49 | private final Set encs; 50 | 51 | 52 | /** 53 | * The JWE JCA context. 54 | */ 55 | private final JWEJCAContext jcaContext = new JWEJCAContext(); 56 | 57 | 58 | /** 59 | * Creates a new base JWE provider. 60 | * 61 | * @param algs The supported algorithms by the JWE provider instance. 62 | * Must not be {@code null}. 63 | * @param encs The supported encryption methods by the JWE provider 64 | * instance. Must not be {@code null}. 65 | */ 66 | public BaseJWEProvider(final Set algs, 67 | final Set encs) { 68 | 69 | if (algs == null) { 70 | throw new IllegalArgumentException("The supported JWE algorithm set must not be null"); 71 | } 72 | 73 | this.algs = Collections.unmodifiableSet(algs); 74 | 75 | 76 | if (encs == null) { 77 | throw new IllegalArgumentException("The supported encryption methods must not be null"); 78 | } 79 | 80 | this.encs = encs; 81 | } 82 | 83 | 84 | @Override 85 | public Set supportedJWEAlgorithms() { 86 | 87 | return algs; 88 | } 89 | 90 | 91 | @Override 92 | public Set supportedEncryptionMethods() { 93 | 94 | return encs; 95 | } 96 | 97 | 98 | @Override 99 | public JWEJCAContext getJCAContext() { 100 | 101 | return jcaContext; 102 | } 103 | } 104 | 105 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/BaseJWSProvider.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.util.Collections; 22 | import java.util.Set; 23 | 24 | import com.nimbusds.jose.JWSAlgorithm; 25 | import com.nimbusds.jose.JWSProvider; 26 | import com.nimbusds.jose.jca.JCAContext; 27 | 28 | 29 | /** 30 | * The base abstract class for JSON Web Signature (JWS) signers and verifiers. 31 | * 32 | * @author Vladimir Dzhuvinov 33 | * @version 2015-11-16 34 | */ 35 | abstract class BaseJWSProvider implements JWSProvider { 36 | 37 | 38 | /** 39 | * The supported algorithms by the JWS provider instance. 40 | */ 41 | private final Set algs; 42 | 43 | 44 | /** 45 | * The JCA context. 46 | */ 47 | private final JCAContext jcaContext = new JCAContext(); 48 | 49 | 50 | /** 51 | * Creates a new base JWS provider. 52 | * 53 | * @param algs The supported algorithms by the JWS provider instance. 54 | * Must not be {@code null}. 55 | */ 56 | public BaseJWSProvider(final Set algs) { 57 | 58 | if (algs == null) { 59 | throw new IllegalArgumentException("The supported JWS algorithm set must not be null"); 60 | } 61 | 62 | this.algs = Collections.unmodifiableSet(algs); 63 | } 64 | 65 | 66 | @Override 67 | public Set supportedJWSAlgorithms() { 68 | 69 | return algs; 70 | } 71 | 72 | 73 | @Override 74 | public JCAContext getJCAContext() { 75 | 76 | return jcaContext; 77 | } 78 | } 79 | 80 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/CipherHelper.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import net.jcip.annotations.ThreadSafe; 22 | 23 | import javax.crypto.Cipher; 24 | import javax.crypto.NoSuchPaddingException; 25 | import java.security.NoSuchAlgorithmException; 26 | import java.security.Provider; 27 | 28 | 29 | /** 30 | * Helper utilities for instantiating ciphers. 31 | * 32 | * @author Cedric Staub 33 | * @version 2014-01-22 34 | */ 35 | @ThreadSafe 36 | class CipherHelper { 37 | 38 | 39 | /** 40 | * Instantiates a cipher with an (optional) JCA provider. 41 | * 42 | * @param name The name of the cipher. Must not be {@code null}. 43 | * @param provider The JCA provider, or {@code null} to use the default 44 | * one. 45 | */ 46 | public static Cipher getInstance(String name, Provider provider) 47 | throws NoSuchAlgorithmException, NoSuchPaddingException { 48 | 49 | if (provider == null) { 50 | return Cipher.getInstance(name); 51 | } else { 52 | return Cipher.getInstance(name, provider); 53 | } 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/ECDSAProvider.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.util.*; 22 | 23 | import com.nimbusds.jose.JOSEException; 24 | import com.nimbusds.jose.JWSAlgorithm; 25 | 26 | 27 | /** 28 | * The base abstract class for Elliptic Curve Digital Signature Algorithm 29 | * (ECDSA) signers and validators of {@link com.nimbusds.jose.JWSObject JWS 30 | * objects}. 31 | * 32 | *

Supports the following algorithms: 33 | * 34 | *

39 | * 40 | * @author Axel Nennker 41 | * @author Vladimir Dzhuvinov 42 | * @version 2017-05-13 43 | */ 44 | abstract class ECDSAProvider extends BaseJWSProvider { 45 | 46 | 47 | /** 48 | * The supported JWS algorithms by the EC-DSA provider class. 49 | */ 50 | public static final Set SUPPORTED_ALGORITHMS; 51 | 52 | 53 | static { 54 | Set algs = new LinkedHashSet<>(); 55 | algs.add(JWSAlgorithm.ES256); 56 | algs.add(JWSAlgorithm.ES384); 57 | algs.add(JWSAlgorithm.ES512); 58 | SUPPORTED_ALGORITHMS = Collections.unmodifiableSet(algs); 59 | } 60 | 61 | 62 | /** 63 | * Creates a new Elliptic Curve Digital Signature Algorithm (ECDSA) 64 | * provider. 65 | * 66 | * @param alg The EC-DSA algorithm. Must be supported and not 67 | * {@code null}. 68 | * 69 | * @throws JOSEException If JWS algorithm is not supported. 70 | */ 71 | protected ECDSAProvider(final JWSAlgorithm alg) 72 | throws JOSEException { 73 | 74 | super(new HashSet<>(Collections.singletonList(alg))); 75 | 76 | if (! SUPPORTED_ALGORITHMS.contains(alg)) { 77 | throw new JOSEException("Unsupported EC DSA algorithm: " + alg); 78 | } 79 | } 80 | 81 | 82 | /** 83 | * Returns the supported ECDSA algorithm. 84 | * 85 | * @see #supportedJWSAlgorithms() 86 | * 87 | * @return The supported ECDSA algorithm. 88 | */ 89 | public JWSAlgorithm supportedECDSAAlgorithm() { 90 | 91 | return supportedJWSAlgorithms().iterator().next(); 92 | } 93 | } 94 | 95 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/RSACryptoProvider.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.util.Collections; 22 | import java.util.LinkedHashSet; 23 | import java.util.Set; 24 | 25 | import com.nimbusds.jose.EncryptionMethod; 26 | import com.nimbusds.jose.JWEAlgorithm; 27 | 28 | 29 | /** 30 | * The base abstract class for RSA encrypters and decrypters of 31 | * {@link com.nimbusds.jose.JWEObject JWE objects}. 32 | * 33 | *

Supports the following key management algorithms: 34 | * 35 | *

    36 | *
  • {@link com.nimbusds.jose.JWEAlgorithm#RSA1_5} 37 | *
  • {@link com.nimbusds.jose.JWEAlgorithm#RSA_OAEP} 38 | *
  • {@link com.nimbusds.jose.JWEAlgorithm#RSA_OAEP_256} 39 | *
40 | * 41 | *

Supports the following content encryption algorithms: 42 | * 43 | *

    44 | *
  • {@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256} 45 | *
  • {@link com.nimbusds.jose.EncryptionMethod#A192CBC_HS384} 46 | *
  • {@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512} 47 | *
  • {@link com.nimbusds.jose.EncryptionMethod#A128GCM} 48 | *
  • {@link com.nimbusds.jose.EncryptionMethod#A192GCM} 49 | *
  • {@link com.nimbusds.jose.EncryptionMethod#A256GCM} 50 | *
  • {@link com.nimbusds.jose.EncryptionMethod#A128CBC_HS256_DEPRECATED} 51 | *
  • {@link com.nimbusds.jose.EncryptionMethod#A256CBC_HS512_DEPRECATED} 52 | *
53 | * 54 | * @author David Ortiz 55 | * @author Vladimir Dzhuvinov 56 | * @version 2015-05-26 57 | */ 58 | abstract class RSACryptoProvider extends BaseJWEProvider { 59 | 60 | 61 | /** 62 | * The supported JWE algorithms by the RSA crypto provider class. 63 | */ 64 | public static final Set SUPPORTED_ALGORITHMS; 65 | 66 | 67 | /** 68 | * The supported encryption methods by the RSA crypto provider class. 69 | */ 70 | public static final Set SUPPORTED_ENCRYPTION_METHODS = ContentCryptoProvider.SUPPORTED_ENCRYPTION_METHODS; 71 | 72 | 73 | static { 74 | Set algs = new LinkedHashSet<>(); 75 | algs.add(JWEAlgorithm.RSA1_5); 76 | algs.add(JWEAlgorithm.RSA_OAEP); 77 | algs.add(JWEAlgorithm.RSA_OAEP_256); 78 | SUPPORTED_ALGORITHMS = Collections.unmodifiableSet(algs); 79 | } 80 | 81 | 82 | /** 83 | * Creates a new RSA encryption / decryption provider. 84 | */ 85 | protected RSACryptoProvider() { 86 | 87 | super(SUPPORTED_ALGORITHMS, ContentCryptoProvider.SUPPORTED_ENCRYPTION_METHODS); 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/RSASSAProvider.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.util.Collections; 22 | import java.util.LinkedHashSet; 23 | import java.util.Set; 24 | 25 | import com.nimbusds.jose.JWSAlgorithm; 26 | 27 | 28 | /** 29 | * The base abstract class for RSA signers and verifiers of {@link 30 | * com.nimbusds.jose.JWSObject JWS objects}. 31 | * 32 | *

Supports the following algorithms: 33 | * 34 | *

    35 | *
  • {@link com.nimbusds.jose.JWSAlgorithm#RS256} 36 | *
  • {@link com.nimbusds.jose.JWSAlgorithm#RS384} 37 | *
  • {@link com.nimbusds.jose.JWSAlgorithm#RS512} 38 | *
  • {@link com.nimbusds.jose.JWSAlgorithm#PS256} 39 | *
  • {@link com.nimbusds.jose.JWSAlgorithm#PS384} 40 | *
  • {@link com.nimbusds.jose.JWSAlgorithm#PS512} 41 | *
42 | * 43 | * @author Vladimir Dzhuvinov 44 | * @version 2015-05-31 45 | */ 46 | abstract class RSASSAProvider extends BaseJWSProvider { 47 | 48 | 49 | /** 50 | * The supported JWS algorithms by the RSA-SSA provider class. 51 | */ 52 | public static final Set SUPPORTED_ALGORITHMS; 53 | 54 | 55 | static { 56 | Set algs = new LinkedHashSet<>(); 57 | algs.add(JWSAlgorithm.RS256); 58 | algs.add(JWSAlgorithm.RS384); 59 | algs.add(JWSAlgorithm.RS512); 60 | algs.add(JWSAlgorithm.PS256); 61 | algs.add(JWSAlgorithm.PS384); 62 | algs.add(JWSAlgorithm.PS512); 63 | SUPPORTED_ALGORITHMS = Collections.unmodifiableSet(algs); 64 | } 65 | 66 | 67 | /** 68 | * Creates a new RSASSA provider. 69 | */ 70 | protected RSASSAProvider() { 71 | 72 | super(SUPPORTED_ALGORITHMS); 73 | } 74 | } 75 | 76 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/bc/BouncyCastleProviderSingleton.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto.bc; 19 | 20 | 21 | import org.bouncycastle.jce.provider.BouncyCastleProvider; 22 | 23 | 24 | /** 25 | * BouncyCastle JCA provider singleton, intended to prevent memory leaks by 26 | * ensuring a single instance is loaded at all times. Application code that 27 | * needs a BouncyCastle JCA provider should use the {@link #getInstance()} 28 | * method to obtain an instance. 29 | * 30 | * @author Vladimir Dzhuvinov 31 | */ 32 | public final class BouncyCastleProviderSingleton { 33 | 34 | 35 | /** 36 | * The BouncyCastle provider, lazily instantiated. 37 | */ 38 | private static BouncyCastleProvider bouncyCastleProvider; 39 | 40 | 41 | /** 42 | * Prevents external instantiation. 43 | */ 44 | private BouncyCastleProviderSingleton() { } 45 | 46 | 47 | /** 48 | * Returns a BouncyCastle JCA provider instance. 49 | * 50 | * @return The BouncyCastle JCA provider instance. 51 | */ 52 | public static BouncyCastleProvider getInstance() { 53 | 54 | if (bouncyCastleProvider != null) { 55 | 56 | return bouncyCastleProvider; 57 | 58 | } else { 59 | bouncyCastleProvider = new BouncyCastleProvider(); 60 | return bouncyCastleProvider; 61 | } 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/bc/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * BouncyCastle JCA provider singleton. 20 | */ 21 | package com.nimbusds.jose.crypto.bc; -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/factories/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * JWS verifier and JWE decrypter factories for use by the JOSE / JWT processor 20 | * framework. 21 | */ 22 | package com.nimbusds.jose.crypto.factories; -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/utils/ConstantTimeUtils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto.utils; 19 | 20 | 21 | /** 22 | * Array utilities. 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 2017-04-26 26 | */ 27 | public class ConstantTimeUtils { 28 | 29 | 30 | /** 31 | * Checks the specified arrays for equality in constant time. Intended 32 | * to mitigate timing attacks. 33 | * 34 | * @param a The first array. Must not be {@code null}. 35 | * @param b The second array. Must not be {@code null}. 36 | * 37 | * @return {@code true} if the two arrays are equal, else 38 | * {@code false}. 39 | */ 40 | public static boolean areEqual(final byte[] a, final byte[] b) { 41 | 42 | // From http://codahale.com/a-lesson-in-timing-attacks/ 43 | 44 | if (a.length != b.length) { 45 | return false; 46 | } 47 | 48 | int result = 0; 49 | for (int i = 0; i < a.length; i++) { 50 | result |= a[i] ^ b[i]; 51 | } 52 | 53 | return result == 0; 54 | } 55 | 56 | 57 | /** 58 | * Prevents public instantiation. 59 | */ 60 | private ConstantTimeUtils() { } 61 | } 62 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/crypto/utils/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * Cryptographic utilities. 20 | */ 21 | package com.nimbusds.jose.crypto.utils; -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jca/JCAAware.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jca; 19 | 20 | 21 | /** 22 | * Interface for a Java Cryptography Architecture (JCA) aware object, intended 23 | * for setting a JCA {@link java.security.Provider provider} and 24 | * {@link java.security.SecureRandom secure random generator}. 25 | * 26 | * @version 2015-06-30 27 | */ 28 | public interface JCAAware { 29 | 30 | 31 | /** 32 | * Returns the Java Cryptography Architecture (JCA) context. May be 33 | * used to set a specific JCA security provider or secure random 34 | * generator. 35 | * 36 | * @return The JCA context. Not {@code null}. 37 | */ 38 | T getJCAContext(); 39 | } 40 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jca/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * Java Cryptography Architecture (JCA) context interfaces and classes. 20 | * 21 | *

References: 22 | * 23 | *

27 | */ 28 | package com.nimbusds.jose.jca; -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/AssymetricJWK.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk; 19 | 20 | 21 | import java.security.KeyPair; 22 | import java.security.PrivateKey; 23 | import java.security.PublicKey; 24 | 25 | import com.nimbusds.jose.JOSEException; 26 | 27 | 28 | /** 29 | * Asymmetric (pair) JSON Web Key (JWK). 30 | * 31 | * @author Vladimir Dzhuvinov 32 | * @version 2015-12-08 33 | */ 34 | public interface AssymetricJWK { 35 | 36 | 37 | /** 38 | * Returns a Java public key representation of the JWK. 39 | * 40 | * @return The Java public key. 41 | * 42 | * @throws JOSEException If conversion failed or is not supported. 43 | */ 44 | PublicKey toPublicKey() 45 | throws JOSEException; 46 | 47 | 48 | /** 49 | * Returns a Java private key representation of this JWK. 50 | * 51 | * @return The Java private key, {@code null} if not specified. 52 | * 53 | * @throws JOSEException If conversion failed or is not supported. 54 | */ 55 | PrivateKey toPrivateKey() 56 | throws JOSEException; 57 | 58 | 59 | /** 60 | * Returns a Java key pair representation of this JWK. 61 | * 62 | * @return The Java key pair. The private key will be {@code null} if 63 | * not specified. 64 | * 65 | * @throws JOSEException If conversion failed or is not supported. 66 | */ 67 | KeyPair toKeyPair() 68 | throws JOSEException; 69 | } 70 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/CurveBasedJWK.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk; 19 | 20 | 21 | /** 22 | * Curve based JSON Web Key (JWK). 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 2018-08-23 26 | */ 27 | public interface CurveBasedJWK { 28 | 29 | 30 | /** 31 | * Returns the cryptographic curve. 32 | * 33 | * @return The cryptographic curve. 34 | */ 35 | Curve getCurve(); 36 | } 37 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/JWKSelector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk; 19 | 20 | 21 | import java.util.*; 22 | 23 | import net.jcip.annotations.Immutable; 24 | 25 | 26 | /** 27 | * Selects (filters) one or more JSON Web Keys (JWKs) from a JWK set. 28 | * 29 | * @author Vladimir Dzhuvinov 30 | * @version 2015-04-15 31 | */ 32 | @Immutable 33 | public final class JWKSelector { 34 | 35 | 36 | /** 37 | * The JWK matcher. 38 | */ 39 | private final JWKMatcher matcher; 40 | 41 | 42 | /** 43 | * Creates a new JWK selector (filter). 44 | * 45 | * @param matcher Specifies the JWK matching criteria. Must not be 46 | * {@code null}. 47 | */ 48 | public JWKSelector(final JWKMatcher matcher) { 49 | 50 | if (matcher == null) { 51 | throw new IllegalArgumentException("The JWK matcher must not be null"); 52 | } 53 | 54 | this.matcher = matcher; 55 | } 56 | 57 | 58 | /** 59 | * Returns the JWK matcher. 60 | * 61 | * @return The JWK matcher. 62 | */ 63 | public JWKMatcher getMatcher() { 64 | 65 | return matcher; 66 | } 67 | 68 | 69 | /** 70 | * Selects the keys from the specified JWK set according to the 71 | * matcher's criteria. 72 | * 73 | * @param jwkSet The JWK set. May be {@code null}. 74 | * 75 | * @return The selected keys, ordered by their position in the JWK set, 76 | * empty list if none were matched or the JWK is {@code null}. 77 | */ 78 | public List select(final JWKSet jwkSet) { 79 | 80 | List selectedKeys = new LinkedList<>(); 81 | 82 | if (jwkSet == null) 83 | return selectedKeys; 84 | 85 | for (JWK key: jwkSet.getKeys()) { 86 | 87 | if (matcher.matches(key)) { 88 | selectedKeys.add(key); 89 | } 90 | } 91 | 92 | return selectedKeys; 93 | } 94 | } 95 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/KeyConverter.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk; 19 | 20 | 21 | import java.security.Key; 22 | import java.security.KeyPair; 23 | import java.util.Collections; 24 | import java.util.LinkedList; 25 | import java.util.List; 26 | 27 | import com.nimbusds.jose.JOSEException; 28 | 29 | 30 | /** 31 | * Key converter. 32 | */ 33 | public class KeyConverter { 34 | 35 | 36 | /** 37 | * Converts the specified list of JSON Web Keys (JWK) their standard 38 | * Java class representation. Asymmetric {@link RSAKey RSA} and 39 | * {@link ECKey EC key} pairs are converted to 40 | * {@link java.security.PublicKey} and {@link java.security.PrivateKey} 41 | * (if specified) objects. {@link OctetSequenceKey secret JWKs} are 42 | * converted to {@link javax.crypto.SecretKey} objects. Key conversion 43 | * exceptions are silently ignored. 44 | * 45 | * @param jwkList The JWK list. May be {@code null}. 46 | * 47 | * @return The converted keys, empty set if none or {@code null}. 48 | */ 49 | public static List toJavaKeys(final List jwkList) { 50 | 51 | if (jwkList == null) { 52 | return Collections.emptyList(); 53 | } 54 | 55 | List out = new LinkedList<>(); 56 | for (JWK jwk: jwkList) { 57 | try { 58 | if (jwk instanceof AssymetricJWK) { 59 | KeyPair keyPair = ((AssymetricJWK)jwk).toKeyPair(); 60 | out.add(keyPair.getPublic()); // add public 61 | if (keyPair.getPrivate() != null) { 62 | out.add(keyPair.getPrivate()); // add private if present 63 | } 64 | } else if (jwk instanceof SecretJWK) { 65 | out.add(((SecretJWK)jwk).toSecretKey()); 66 | } 67 | } catch (JOSEException e) { 68 | // ignore and continue 69 | } 70 | } 71 | return out; 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/KeyUseAndOpsConsistency.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk; 19 | 20 | 21 | import java.util.*; 22 | 23 | 24 | /** 25 | * JWK {@code use} and {@code key_ops} consistency rules. 26 | * 27 | *

See https://tools.ietf.org/html/rfc7517#section-4.3 28 | * 29 | * @author Vladimir Dzhuvinov 30 | * @version 2017-06-20 31 | */ 32 | class KeyUseAndOpsConsistency { 33 | 34 | 35 | /** 36 | * Defines the consistent key use / key operations mappings. 37 | */ 38 | static Map> MAP; 39 | 40 | 41 | static { 42 | Map> map = new HashMap<>(); 43 | map.put( 44 | KeyUse.SIGNATURE, 45 | new HashSet<>(Arrays.asList( 46 | KeyOperation.SIGN, 47 | KeyOperation.VERIFY))); 48 | map.put( 49 | KeyUse.ENCRYPTION, 50 | new HashSet<>(Arrays.asList( 51 | KeyOperation.ENCRYPT, 52 | KeyOperation.DECRYPT, 53 | KeyOperation.WRAP_KEY, 54 | KeyOperation.UNWRAP_KEY 55 | ))); 56 | MAP = Collections.unmodifiableMap(map); 57 | } 58 | 59 | 60 | /** 61 | * Checks if the specified key use and key operations are consistent. 62 | * 63 | * @param use The key use. May be {@code null}. 64 | * @param ops The key operations. May be {@code null}. 65 | * 66 | * @return {@code true} if consistent, else {@code false}. 67 | */ 68 | static boolean areConsistent(final KeyUse use, final Set ops) { 69 | 70 | if (use == null || ops == null) { 71 | return true; 72 | } 73 | 74 | return MAP.get(use).containsAll(ops); 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/PasswordLookup.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk; 19 | 20 | 21 | /** 22 | * Password lookup interface. 23 | */ 24 | public interface PasswordLookup { 25 | 26 | 27 | /** 28 | * Looks up the password for the specified name, e.g. key alias. 29 | * 30 | * @param name The name. May be {@code null}. 31 | * 32 | * @return The password, empty array if no password. 33 | */ 34 | char[] lookupPassword(final String name); 35 | } 36 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/SecretJWK.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk; 19 | 20 | 21 | import javax.crypto.SecretKey; 22 | 23 | 24 | /** 25 | * Secret (symmetric) JSON Web Key (JWK). 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2015-12-08 29 | */ 30 | public interface SecretJWK { 31 | 32 | 33 | /** 34 | * Returns a Java secret key representation of the JWK. 35 | * 36 | * @return The Java secret key. 37 | */ 38 | SecretKey toSecretKey(); 39 | } 40 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * JSON Web Key (JWK) classes. 20 | * 21 | *

This package provides representation, serialisation and parsing of 22 | * Elliptic Curve (EC), RSA and symmetric JWKs. 23 | * 24 | *

References: 25 | * 26 | *

29 | */ 30 | package com.nimbusds.jose.jwk; -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/source/ImmutableJWKSet.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk.source; 19 | 20 | 21 | import java.util.List; 22 | 23 | import com.nimbusds.jose.jwk.JWK; 24 | import com.nimbusds.jose.jwk.JWKSelector; 25 | import com.nimbusds.jose.jwk.JWKSet; 26 | import com.nimbusds.jose.proc.SecurityContext; 27 | import net.jcip.annotations.Immutable; 28 | 29 | 30 | /** 31 | * JSON Web Key (JWK) source backed by an immutable JWK set. 32 | * 33 | * @author Vladimir Dzhuvinov 34 | * @version 2016-04-10 35 | */ 36 | @Immutable 37 | public class ImmutableJWKSet implements JWKSource { 38 | 39 | 40 | /** 41 | * The JWK set. 42 | */ 43 | private final JWKSet jwkSet; 44 | 45 | 46 | /** 47 | * Creates a new JWK source backed by an immutable JWK set. 48 | * 49 | * @param jwkSet The JWK set. Must not be {@code null}. 50 | */ 51 | public ImmutableJWKSet(final JWKSet jwkSet) { 52 | if (jwkSet == null) { 53 | throw new IllegalArgumentException("The JWK set must not be null"); 54 | } 55 | this.jwkSet = jwkSet; 56 | } 57 | 58 | 59 | /** 60 | * Returns the JWK set. 61 | * 62 | * @return The JWK set. 63 | */ 64 | public JWKSet getJWKSet() { 65 | return jwkSet; 66 | } 67 | 68 | 69 | /** 70 | * {@inheritDoc} The security context is ignored. 71 | */ 72 | @Override 73 | public List get(final JWKSelector jwkSelector, final C context) { 74 | 75 | return jwkSelector.select(jwkSet); 76 | } 77 | } 78 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/source/ImmutableSecret.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk.source; 19 | 20 | 21 | import javax.crypto.SecretKey; 22 | 23 | import com.nimbusds.jose.jwk.JWKSet; 24 | import com.nimbusds.jose.jwk.OctetSequenceKey; 25 | import com.nimbusds.jose.proc.SecurityContext; 26 | import net.jcip.annotations.Immutable; 27 | 28 | 29 | /** 30 | * JSON Web Key (JWK) source backed by an immutable secret. 31 | * 32 | * @author Vladimir Dzhuvinov 33 | * @version 2016-04-10 34 | */ 35 | @Immutable 36 | public class ImmutableSecret extends ImmutableJWKSet { 37 | 38 | 39 | /** 40 | * Creates a new JSON Web Key (JWK) source backed by an immutable 41 | * secret. 42 | * 43 | * @param secret The secret. Must not be empty or {@code null}. 44 | */ 45 | public ImmutableSecret(final byte[] secret) { 46 | 47 | super(new JWKSet(new OctetSequenceKey.Builder(secret).build())); 48 | } 49 | 50 | 51 | /** 52 | * Creates a new JSON Web Key (JWK) source backed by an immutable 53 | * secret key. 54 | * 55 | * @param secretKey The secret key. Must not be {@code null}. 56 | */ 57 | public ImmutableSecret(final SecretKey secretKey) { 58 | 59 | super(new JWKSet(new OctetSequenceKey.Builder(secretKey).build())); 60 | } 61 | 62 | 63 | /** 64 | * Returns the secret. 65 | * 66 | * @return The secret. 67 | */ 68 | public byte[] getSecret() { 69 | 70 | return ((OctetSequenceKey) getJWKSet().getKeys().get(0)).toByteArray(); 71 | } 72 | 73 | 74 | /** 75 | * Returns the secret key. 76 | * 77 | * @return The secret key. 78 | */ 79 | public SecretKey getSecretKey() { 80 | 81 | return ((OctetSequenceKey) getJWKSet().getKeys().get(0)).toSecretKey(); 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/source/JWKSource.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk.source; 19 | 20 | 21 | import java.util.List; 22 | 23 | import com.nimbusds.jose.KeySourceException; 24 | import com.nimbusds.jose.jwk.JWK; 25 | import com.nimbusds.jose.jwk.JWKSelector; 26 | import com.nimbusds.jose.proc.SecurityContext; 27 | 28 | 29 | /** 30 | * JSON Web Key (JWK) source. Exposes a method for retrieving JWKs matching a 31 | * specified selector. An optional context parameter is available to facilitate 32 | * passing of additional data between the caller and the underlying JWK source 33 | * (in both directions). Implementations must be thread-safe. 34 | * 35 | * @author Vladimir Dzhuvinov 36 | * @version 2016-06-21 37 | */ 38 | public interface JWKSource { 39 | 40 | 41 | /** 42 | * Retrieves a list of JWKs matching the specified selector. 43 | * 44 | * @param jwkSelector A JWK selector. Must not be {@code null}. 45 | * @param context Optional context, {@code null} if not required. 46 | * 47 | * @return The matching JWKs, empty list if no matches were found. 48 | * 49 | * @throws KeySourceException If key sourcing failed. 50 | */ 51 | List get(final JWKSelector jwkSelector, final C context) 52 | throws KeySourceException; 53 | } 54 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/jwk/source/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * Interface and utilities for sourcing JSON Web Keys (JWKs). Typical sources 20 | * can be a local text file containing a JWK set, a JWK set specified by URL, a 21 | * Java keystore, or a database. 22 | */ 23 | package com.nimbusds.jose.jwk.source; -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * Javascript Object Signing and Encryption (JOSE) classes. 20 | * 21 | *

This package provides representation, compact serialisation and parsing 22 | * for the following JOSE objects: 23 | * 24 | *

    25 | *
  • {@link com.nimbusds.jose.PlainObject Unsecured ({@code alg=none}) 26 | * JOSE objects}. 27 | *
  • {@link com.nimbusds.jose.JWSObject JSON Web Signature (JWS) 28 | * objects}. 29 | *
  • {@link com.nimbusds.jose.JWEObject JSON Web Encryption (JWE) 30 | * objects}. 31 | *
32 | * 33 | *

References: 34 | * 35 | *

39 | */ 40 | package com.nimbusds.jose; 41 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/AbstractJWKSelectorWithSource.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | import com.nimbusds.jose.jwk.source.JWKSource; 22 | import net.jcip.annotations.ThreadSafe; 23 | 24 | 25 | /** 26 | * Abstract JSON Web Key (JWK) selector with source. 27 | * 28 | * @author Vladimir Dzhuvinov 29 | * @version 2016-04-10 30 | */ 31 | @ThreadSafe 32 | abstract class AbstractJWKSelectorWithSource { 33 | 34 | 35 | /** 36 | * The JWK source. 37 | */ 38 | private final JWKSource jwkSource; 39 | 40 | 41 | /** 42 | * Creates a new abstract JWK selector with a source. 43 | * 44 | * @param jwkSource The JWK source. Must not be {@code null}. 45 | */ 46 | public AbstractJWKSelectorWithSource(final JWKSource jwkSource) { 47 | if (jwkSource == null) { 48 | throw new IllegalArgumentException("The JWK source must not be null"); 49 | } 50 | this.jwkSource = jwkSource; 51 | } 52 | 53 | 54 | /** 55 | * Returns the JWK source. 56 | * 57 | * @return The JWK source. 58 | */ 59 | public JWKSource getJWKSource() { 60 | return jwkSource; 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/BadJOSEException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | /** 22 | * Bad JSON Object Signing and Encryption (JOSE) exception. 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 2015-06-10 26 | */ 27 | public class BadJOSEException extends Exception { 28 | 29 | 30 | /** 31 | * Creates a new bad JOSE exception. 32 | * 33 | * @param message The exception message. 34 | */ 35 | public BadJOSEException(final String message) { 36 | 37 | super(message); 38 | } 39 | 40 | 41 | /** 42 | * Creates a new bad JOSE exception. 43 | * 44 | * @param message The exception message. 45 | * @param cause The exception cause. 46 | */ 47 | public BadJOSEException(final String message, final Throwable cause) { 48 | 49 | super(message, cause); 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/BadJWEException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | /** 22 | * Bad JSON Web Encryption (JWE) exception. Used to indicate a JWE-protected 23 | * object that couldn't be successfully decrypted or its integrity has been 24 | * compromised. 25 | * 26 | * @author Vladimir Dzhuvinov 27 | * @version 2015-06-11 28 | */ 29 | public class BadJWEException extends BadJOSEException { 30 | 31 | 32 | /** 33 | * Creates a new bad JWE exception. 34 | * 35 | * @param message The exception message. 36 | */ 37 | public BadJWEException(final String message) { 38 | 39 | super(message); 40 | } 41 | 42 | 43 | /** 44 | * Creates a new bad JWE exception. 45 | * 46 | * @param message The exception message. 47 | * @param cause The exception cause. 48 | */ 49 | public BadJWEException(final String message, final Throwable cause) { 50 | 51 | super(message, cause); 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/BadJWSException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | /** 22 | * Bad JSON Web Signature (JWS) exception. Used to indicate an invalid 23 | * signature or hash-based message authentication code (HMAC). 24 | * 25 | * @author Vladimir Dzhuvinov 26 | * @version 2015-06-11 27 | */ 28 | public class BadJWSException extends BadJOSEException { 29 | 30 | 31 | /** 32 | * Creates a new bad JWS exception. 33 | * 34 | * @param message The exception message. 35 | */ 36 | public BadJWSException(final String message) { 37 | 38 | super(message); 39 | } 40 | 41 | 42 | /** 43 | * Creates a new bad JWS exception. 44 | * 45 | * @param message The exception message. 46 | * @param cause The exception cause. 47 | */ 48 | public BadJWSException(final String message, final Throwable cause) { 49 | 50 | super(message, cause); 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/ConfigurableJOSEProcessor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | /** 22 | * Configurable processor of {@link com.nimbusds.jose.PlainObject unsecured} 23 | * (plain), {@link com.nimbusds.jose.JWSObject JWS} and 24 | * {@link com.nimbusds.jose.JWEObject JWE} objects. 25 | * 26 | * @author Vladimir Dzhuvinov 27 | * @version 2015-08-22 28 | */ 29 | public interface ConfigurableJOSEProcessor 30 | extends JOSEProcessor, JOSEProcessorConfiguration { 31 | 32 | } 33 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/JWEDecrypterFactory.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | import java.security.Key; 22 | 23 | import com.nimbusds.jose.JOSEException; 24 | import com.nimbusds.jose.JWEDecrypter; 25 | import com.nimbusds.jose.JWEHeader; 26 | import com.nimbusds.jose.JWEProvider; 27 | 28 | 29 | /** 30 | * JSON Web Encryption (JWE) decrypter factory. 31 | * 32 | * @author Vladimir Dzhuvinov 33 | * @version 2015-11-16 34 | */ 35 | public interface JWEDecrypterFactory extends JWEProvider { 36 | 37 | 38 | /** 39 | * Creates a new JWE decrypter for the specified header and key. 40 | * 41 | * @param header The JWE header. Not {@code null}. 42 | * @param key The key intended to verify the JWS message. Not 43 | * {@code null}. 44 | * 45 | * @return The JWE decrypter. 46 | * 47 | * @throws JOSEException If the JWE algorithm / encryption method is 48 | * not supported or the key type or length 49 | * doesn't match expected for the JWE algorithm. 50 | */ 51 | JWEDecrypter createJWEDecrypter(final JWEHeader header, final Key key) 52 | throws JOSEException; 53 | } 54 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/JWEKeySelector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | import java.io.IOException; 22 | import java.security.Key; 23 | import java.util.List; 24 | 25 | import com.nimbusds.jose.JWEHeader; 26 | import com.nimbusds.jose.KeySourceException; 27 | 28 | 29 | /** 30 | * Interface for selecting key candidates for decrypting a JSON Web Encryption 31 | * (JWE) object. Applications should utilise this interface or a similar 32 | * framework to determine whether a received JWE object (or encrypted JWT) is 33 | * eligible for {@link com.nimbusds.jose.JWEDecrypter decryption} and further 34 | * processing. 35 | * 36 | *

The key selection should be based on application specific criteria, such 37 | * as recognised header parameters referencing the key (e.g. {@code kid}, 38 | * {@code x5t}) and / or the JWE object {@link SecurityContext}. 39 | * 40 | *

See JSON Web Signature (JWE), Appendix D. Notes on Key Selection for 41 | * suggestions. 42 | * 43 | *

Possible key types: 44 | * 45 | *

    46 | *
  • {@link javax.crypto.SecretKey} for AES keys. 47 | *
  • {@link java.security.interfaces.RSAPrivateKey} private RSA keys. 48 | *
  • {@link java.security.interfaces.ECPrivateKey} private EC keys. 49 | *
50 | * 51 | * @author Vladimir Dzhuvinov 52 | * @version 2016-06-21 53 | */ 54 | public interface JWEKeySelector { 55 | 56 | 57 | /** 58 | * Selects key candidates for decrypting a JWE object. 59 | * 60 | * @param header The header of the JWE object. Must not be 61 | * {@code null}. 62 | * @param context Optional context of the JWE object, {@code null} if 63 | * not required. 64 | * 65 | * @return The key candidates in trial order, empty list if none. 66 | * 67 | * @throws KeySourceException If a key source exception is encountered, 68 | * e.g. on remote JWK retrieval. 69 | */ 70 | List selectJWEKeys(final JWEHeader header, final C context) 71 | throws KeySourceException; 72 | } 73 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/JWSKeySelector.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | import java.security.Key; 22 | import java.util.List; 23 | 24 | import com.nimbusds.jose.JWSHeader; 25 | import com.nimbusds.jose.KeySourceException; 26 | 27 | 28 | /** 29 | * Interface for selecting key candidates for verifying a JSON Web Signature 30 | * (JWS) object. Applications should utilise this interface or a similar 31 | * framework to determine whether a received JWS object (or signed JWT) is 32 | * eligible for {@link com.nimbusds.jose.JWSVerifier verification} and further 33 | * processing. 34 | * 35 | *

The key selection should be based on application specific criteria, such 36 | * as recognised header parameters referencing the key (e.g. {@code kid}, 37 | * {@code x5t}) and / or the JWS object {@link SecurityContext}. 38 | * 39 | *

See JSON Web Signature (JWS), Appendix D. Notes on Key Selection for 40 | * suggestions. 41 | * 42 | *

Possible key types: 43 | * 44 | *

    45 | *
  • {@link javax.crypto.SecretKey} for HMAC keys. 46 | *
  • {@link java.security.interfaces.RSAPublicKey} public RSA keys. 47 | *
  • {@link java.security.interfaces.ECPublicKey} public EC keys. 48 | *
49 | * 50 | * @author Vladimir Dzhuvinov 51 | * @version 2016-06-21 52 | */ 53 | public interface JWSKeySelector { 54 | 55 | 56 | /** 57 | * Selects key candidates for verifying a JWS object. 58 | * 59 | * @param header The header of the JWS object. Must not be 60 | * {@code null}. 61 | * @param context Optional context of the JWS object, {@code null} if 62 | * not required. 63 | * 64 | * @return The key candidates in trial order, empty list if none. 65 | * 66 | * @throws KeySourceException If a key sourcing exception is 67 | * encountered, e.g. on remote JWK 68 | * retrieval. 69 | */ 70 | List selectJWSKeys(final JWSHeader header, final C context) 71 | throws KeySourceException; 72 | } 73 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/JWSVerifierFactory.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | import java.security.Key; 22 | 23 | import com.nimbusds.jose.JOSEException; 24 | import com.nimbusds.jose.JWSHeader; 25 | import com.nimbusds.jose.JWSProvider; 26 | import com.nimbusds.jose.JWSVerifier; 27 | 28 | 29 | /** 30 | * JSON Web Signature (JWS) verifier factory. 31 | * 32 | * @author Vladimir Dzhuvinov 33 | * @version 2015-11-16 34 | */ 35 | public interface JWSVerifierFactory extends JWSProvider { 36 | 37 | 38 | /** 39 | * Creates a new JWS verifier for the specified header and key. 40 | * 41 | * @param header The JWS header. Not {@code null}. 42 | * @param key The key intended to verify the JWS message. Not 43 | * {@code null}. 44 | * 45 | * @return The JWS verifier. 46 | * 47 | * @throws JOSEException If the JWS algorithm is not supported or the 48 | * key type or length doesn't match the expected 49 | * for the JWS algorithm. 50 | */ 51 | JWSVerifier createJWSVerifier(final JWSHeader header, final Key key) 52 | throws JOSEException; 53 | } 54 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/SecurityContext.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | /** 22 | * Security context. Provides additional information necessary for processing 23 | * a JOSE object. 24 | * 25 | *

Example context information: 26 | * 27 | *

    28 | *
  • Identifier of the message producer (e.g. OpenID Connect issuer) to 29 | * retrieve its public key to verify the JWS signature. 30 | *
  • Indicator whether the message was received over a secure channel 31 | * (e.g. TLS/SSL) which is essential for processing unsecured (plain) 32 | * JOSE objects. 33 | *
34 | * 35 | * @author Vladimir Dzhuvinov 36 | * @version 2015-06-10 37 | */ 38 | public interface SecurityContext { 39 | 40 | 41 | } 42 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/SimpleSecurityContext.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | import java.util.HashMap; 22 | 23 | 24 | /** 25 | * Simple map-based security context. May be extended to provide typed setters 26 | * and getters. 27 | * 28 | * @author Vladimir Dzhuvinov 29 | * @version 2015-04-22 30 | */ 31 | public class SimpleSecurityContext extends HashMap implements SecurityContext { 32 | 33 | 34 | } 35 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/proc/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * Secure framework for application-specific verification and decryption of 20 | * JOSE objects (with arbitrary payloads). Provides a core 21 | * {@link com.nimbusds.jose.proc.JOSEProcessor interface} for processing JWS, 22 | * JWE and unsecured (plain) objects, with a 23 | * {@link com.nimbusds.jose.proc.DefaultJOSEProcessor default implementation} 24 | * which can be configured and extended as required. 25 | * 26 | *

To process JSON Web Tokens (JWT) refer to the 27 | * {@link com.nimbusds.jwt.proc} package. 28 | */ 29 | package com.nimbusds.jose.proc; -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/ArrayUtils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.util.Arrays; 22 | 23 | 24 | /** 25 | * Array utilities. 26 | */ 27 | public class ArrayUtils { 28 | 29 | 30 | /** 31 | * Concatenates the specified arrays. 32 | * 33 | * @param first The first array. Must not be {@code null}. 34 | * @param rest The remaining arrays. 35 | * @param The array type. 36 | * 37 | * @return The resulting array. 38 | */ 39 | public static T[] concat(final T[] first, final T[]... rest) { 40 | int totalLength = first.length; 41 | for (T[] array : rest) { 42 | totalLength += array.length; 43 | } 44 | T[] result = Arrays.copyOf(first, totalLength); 45 | int offset = first.length; 46 | for (T[] array : rest) { 47 | System.arraycopy(array, 0, result, offset, array.length); 48 | offset += array.length; 49 | } 50 | return result; 51 | } 52 | 53 | 54 | /** 55 | * Prevents public instantiation. 56 | */ 57 | private ArrayUtils() { 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/BigIntegerUtils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.math.BigInteger; 22 | 23 | 24 | /** 25 | * Big integer utilities. 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2013-03-21 29 | */ 30 | public class BigIntegerUtils { 31 | 32 | 33 | /** 34 | * Returns a byte array representation of the specified big integer 35 | * without the sign bit. 36 | * 37 | * @param bigInt The big integer to be converted. Must not be 38 | * {@code null}. 39 | * 40 | * @return A byte array representation of the big integer, without the 41 | * sign bit. 42 | */ 43 | public static byte[] toBytesUnsigned(final BigInteger bigInt) { 44 | 45 | // Copied from Apache Commons Codec 1.8 46 | 47 | int bitlen = bigInt.bitLength(); 48 | 49 | // round bitlen 50 | bitlen = ((bitlen + 7) >> 3) << 3; 51 | final byte[] bigBytes = bigInt.toByteArray(); 52 | 53 | if (((bigInt.bitLength() % 8) != 0) && (((bigInt.bitLength() / 8) + 1) == (bitlen / 8))) { 54 | 55 | return bigBytes; 56 | 57 | } 58 | 59 | // set up params for copying everything but sign bit 60 | int startSrc = 0; 61 | int len = bigBytes.length; 62 | 63 | // if bigInt is exactly byte-aligned, just skip signbit in copy 64 | if ((bigInt.bitLength() % 8) == 0) { 65 | 66 | startSrc = 1; 67 | len--; 68 | } 69 | 70 | final int startDst = bitlen / 8 - len; // to pad w/ nulls as per spec 71 | final byte[] resizedBytes = new byte[bitlen / 8]; 72 | System.arraycopy(bigBytes, startSrc, resizedBytes, startDst, len); 73 | return resizedBytes; 74 | } 75 | 76 | 77 | /** 78 | * Prevents public instantiation. 79 | */ 80 | private BigIntegerUtils() { 81 | 82 | } 83 | } -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/Container.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | import net.jcip.annotations.NotThreadSafe; 21 | 22 | 23 | /** 24 | * Generic container of items of any type. 25 | * 26 | *

This class is not thread-safe, if thread safety is required it should be 27 | * done externally to the class. 28 | * 29 | *

The author believes he borrowed the idea for such a class many years ago 30 | * from a man called Boris Karadjov. 31 | * 32 | * @param the type of the item in this container. 33 | * 34 | * @author Dimitar A. Stoikov 35 | * @version 2016-10-13 36 | */ 37 | @NotThreadSafe 38 | public class Container { 39 | 40 | 41 | /** 42 | * The item. 43 | */ 44 | private T item; 45 | 46 | 47 | /** 48 | * Creates a new container with no item. 49 | */ 50 | public Container() { 51 | } 52 | 53 | 54 | /** 55 | * Creates a new container with the specified item. 56 | * 57 | * @param item The item, may be {@code null}. 58 | */ 59 | public Container(final T item) { 60 | this.item = item; 61 | } 62 | 63 | 64 | /** 65 | * Gets the contained item. 66 | * 67 | * @return The item, {@code null} if none. 68 | */ 69 | public T get() { 70 | return item; 71 | } 72 | 73 | 74 | /** 75 | * Sets the contained item. 76 | * 77 | * @param item The item, may be {@code null}. 78 | */ 79 | public void set(final T item) { 80 | this.item = item; 81 | } 82 | } -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/IOUtils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.io.*; 22 | import java.nio.charset.Charset; 23 | 24 | 25 | /** 26 | * Input / output utilities. 27 | * 28 | * @author Vladimir Dzhuvinov 29 | * @version 2016-11-28 30 | */ 31 | public class IOUtils { 32 | 33 | 34 | /** 35 | * Reads the specified input stream into a string. 36 | * 37 | * @param stream The input stream. Must not be {@code null}. 38 | * @param charset The expected character set. Must not be {@code null}. 39 | * 40 | * @return The string. 41 | * 42 | * @throws IOException If an input exception is encountered. 43 | */ 44 | public static String readInputStreamToString(final InputStream stream, final Charset charset) 45 | throws IOException { 46 | 47 | final int bufferSize = 1024; 48 | final char[] buffer = new char[bufferSize]; 49 | final StringBuilder out = new StringBuilder(); 50 | Reader in = new InputStreamReader(stream, charset); 51 | 52 | while (true) { 53 | int rsz = in.read(buffer, 0, buffer.length); 54 | if (rsz < 0) 55 | break; 56 | out.append(buffer, 0, rsz); 57 | } 58 | 59 | return out.toString(); 60 | } 61 | 62 | 63 | /** 64 | * Reads the content of the specified file into a string. 65 | * 66 | * @param file The file. Must not be {@code null}. 67 | * @param charset The expected character set. Must not be {@code null}. 68 | * 69 | * @return The string. 70 | * 71 | * @throws IOException If an input exception is encountered. 72 | */ 73 | public static String readFileToString(final File file, final Charset charset) 74 | throws IOException { 75 | 76 | return readInputStreamToString(new FileInputStream(file), charset); 77 | } 78 | 79 | 80 | /** 81 | * Prevents public instantiation. 82 | */ 83 | private IOUtils() {} 84 | } 85 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/IntegerOverflowException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import com.nimbusds.jose.JOSEException; 22 | 23 | 24 | /** 25 | * Integer overflow exception. 26 | */ 27 | public class IntegerOverflowException extends JOSEException { 28 | 29 | 30 | /** 31 | * Creates a new integer overflow exception. 32 | */ 33 | public IntegerOverflowException() { 34 | super("Integer overflow"); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/IntegerUtils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | /** 22 | * Integer utilities. 23 | * 24 | * @author Vladimir Dzhuvinov 25 | * @version 2015-05-12 26 | */ 27 | public class IntegerUtils { 28 | 29 | 30 | /** 31 | * Returns a four byte array representation of the specified integer. 32 | * 33 | * @param intValue The integer to be converted. 34 | * 35 | * @return The byte array representation of the integer. 36 | */ 37 | public static byte[] toBytes(int intValue) { 38 | 39 | byte[] res = new byte[4]; 40 | res[0] = (byte) (intValue >>> 24); 41 | res[1] = (byte) ((intValue >>> 16) & 0xFF); 42 | res[2] = (byte) ((intValue >>> 8) & 0xFF); 43 | res[3] = (byte) (intValue & 0xFF); 44 | return res; 45 | } 46 | 47 | 48 | /** 49 | * Prevents public instantiation. 50 | */ 51 | private IntegerUtils() { 52 | 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/Resource.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import net.jcip.annotations.Immutable; 22 | 23 | 24 | /** 25 | * Resource with optional associated content type. 26 | */ 27 | @Immutable 28 | public class Resource { 29 | 30 | 31 | /** 32 | * The content. 33 | */ 34 | private final String content; 35 | 36 | 37 | /** 38 | * The content type. 39 | */ 40 | private final String contentType; 41 | 42 | 43 | /** 44 | * Creates a new resource with optional associated content type. 45 | * 46 | * @param content The resource content, empty string if none. Must 47 | * not be {@code null}. 48 | * @param contentType The resource content type, {@code null} if not 49 | * specified. 50 | */ 51 | public Resource(final String content, final String contentType) { 52 | 53 | if (content == null) { 54 | throw new IllegalArgumentException("The resource content must not be null"); 55 | } 56 | 57 | this.content = content; 58 | this.contentType = contentType; 59 | } 60 | 61 | 62 | /** 63 | * Gets the content of this resource. 64 | * 65 | * @return The content, empty string if none. 66 | */ 67 | public String getContent() { 68 | 69 | return content; 70 | } 71 | 72 | 73 | /** 74 | * Gets the content type of this resource. 75 | * 76 | * @return The content type, {@code null} if not specified. 77 | */ 78 | public String getContentType() { 79 | 80 | return contentType; 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/ResourceRetriever.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.io.IOException; 22 | import java.net.URL; 23 | 24 | 25 | /** 26 | * Retriever of resources specified by URL. 27 | */ 28 | public interface ResourceRetriever { 29 | 30 | 31 | /** 32 | * Retrieves the resource from the specified HTTP(S) URL. 33 | * 34 | * @param url The URL of the resource. Its scheme must be HTTP or 35 | * HTTPS. Must not be {@code null}. 36 | * 37 | * @return The retrieved resource. 38 | * 39 | * @throws IOException If the HTTP connection to the specified URL 40 | * failed or the resource couldn't be retrieved. 41 | */ 42 | Resource retrieveResource(final URL url) 43 | throws IOException; 44 | } -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/RestrictedResourceRetriever.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | /** 22 | * Retriever of resources specified by URL which permits setting of HTTP 23 | * connect and read timeouts as well as a size limit. 24 | */ 25 | public interface RestrictedResourceRetriever extends ResourceRetriever { 26 | 27 | 28 | /** 29 | * Gets the HTTP connect timeout. 30 | * 31 | * @return The HTTP connect timeout, in milliseconds, zero for 32 | * infinite. 33 | */ 34 | int getConnectTimeout(); 35 | 36 | 37 | /** 38 | * Sets the HTTP connect timeout. 39 | * 40 | * @param connectTimeoutMs The HTTP connect timeout, in milliseconds, 41 | * zero for infinite. Must not be negative. 42 | */ 43 | void setConnectTimeout(final int connectTimeoutMs); 44 | 45 | 46 | /** 47 | * Gets the HTTP read timeout. 48 | * 49 | * @return The HTTP read timeout, in milliseconds, zero for infinite. 50 | */ 51 | int getReadTimeout(); 52 | 53 | 54 | /** 55 | * Sets the HTTP read timeout. 56 | * 57 | * @param readTimeoutMs The HTTP read timeout, in milliseconds, zero 58 | * for infinite. Must not be negative. 59 | */ 60 | void setReadTimeout(final int readTimeoutMs); 61 | 62 | 63 | /** 64 | * Gets the HTTP entity size limit. 65 | * 66 | * @return The HTTP entity size limit, in bytes, zero for infinite. 67 | */ 68 | int getSizeLimit(); 69 | 70 | 71 | /** 72 | * Sets the HTTP entity size limit. 73 | * 74 | * @param sizeLimitBytes The HTTP entity size limit, in bytes, zero for 75 | * infinite. Must not be negative. 76 | */ 77 | void setSizeLimit(int sizeLimitBytes); 78 | } 79 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/StandardCharset.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.nio.charset.Charset; 22 | 23 | 24 | /** 25 | * UTF-8 is the standard charset in JOSE. Works around missing 26 | * {@link java.nio.charset.StandardCharsets} in Android below API level 19. 27 | */ 28 | public final class StandardCharset { 29 | 30 | 31 | /** 32 | * UTF-8 33 | */ 34 | public static final Charset UTF_8 = Charset.forName("UTF-8"); 35 | 36 | 37 | /** 38 | * Prevents public instantiation. 39 | */ 40 | private StandardCharset() {} 41 | } 42 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/X509CertChainUtils.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.text.ParseException; 22 | import java.util.LinkedList; 23 | import java.util.List; 24 | 25 | import com.nimbusds.jose.util.Base64; 26 | import net.minidev.json.JSONArray; 27 | 28 | 29 | /** 30 | * X.509 certificate chain utilities. 31 | * 32 | * @author Vladimir Dzhuvinov 33 | * @version 2013-05-29 34 | */ 35 | public class X509CertChainUtils { 36 | 37 | /** 38 | * Parses an X.509 certificate chain from the specified JSON array. 39 | * 40 | * @param jsonArray The JSON array to parse. Must not be {@code null}. 41 | * 42 | * @return The X.509 certificate chain. 43 | * 44 | * @throws ParseException If the X.509 certificate chain couldn't be 45 | * parsed. 46 | */ 47 | public static List parseX509CertChain(final JSONArray jsonArray) 48 | throws ParseException { 49 | 50 | List chain = new LinkedList<>(); 51 | 52 | for (int i=0; i < jsonArray.size(); i++) { 53 | 54 | Object item = jsonArray.get(i); 55 | 56 | if (item == null) { 57 | throw new ParseException("The X.509 certificate at position " + i + " must not be null", 0); 58 | } 59 | 60 | if (! (item instanceof String)) { 61 | throw new ParseException("The X.509 certificate at position " + i + " must be encoded as a Base64 string", 0); 62 | } 63 | 64 | chain.add(new Base64((String)item)); 65 | } 66 | 67 | return chain; 68 | } 69 | 70 | /** 71 | * Prevents public instantiation. 72 | */ 73 | private X509CertChainUtils() {} 74 | } -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jose/util/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * Utility interfaces and classes. 20 | */ 21 | package com.nimbusds.jose.util; 22 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/JWT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jwt; 19 | 20 | 21 | import java.io.Serializable; 22 | import java.text.ParseException; 23 | 24 | import com.nimbusds.jose.Header; 25 | import com.nimbusds.jose.util.Base64URL; 26 | 27 | 28 | /** 29 | * JSON Web Token (JWT) interface. 30 | * 31 | * @author Vladimir Dzhuvinov 32 | * @version 2014-08-19 33 | */ 34 | public interface JWT extends Serializable { 35 | 36 | 37 | /** 38 | * Gets the JOSE header of the JSON Web Token (JWT). 39 | * 40 | * @return The header. 41 | */ 42 | Header getHeader(); 43 | 44 | 45 | /** 46 | * Gets the claims set of the JSON Web Token (JWT). 47 | * 48 | * @return The claims set, {@code null} if not available (for an 49 | * encrypted JWT that isn't decrypted). 50 | * 51 | * @throws ParseException If the payload of the JWT doesn't represent a 52 | * valid JSON object and a JWT claims set. 53 | */ 54 | JWTClaimsSet getJWTClaimsSet() 55 | throws ParseException; 56 | 57 | 58 | /** 59 | * Gets the original parsed Base64URL parts used to create the JSON Web 60 | * Token (JWT). 61 | * 62 | * @return The original Base64URL parts used to creates the JWT, 63 | * {@code null} if the JWT was created from scratch. The 64 | * individual parts may be empty or {@code null} to indicate a 65 | * missing part. 66 | */ 67 | Base64URL[] getParsedParts(); 68 | 69 | 70 | /** 71 | * Gets the original parsed string used to create the JSON Web Token 72 | * (JWT). 73 | * 74 | * @see #getParsedParts 75 | * 76 | * @return The parsed string used to create the JWT, {@code null} if 77 | * the JWT was created from scratch. 78 | */ 79 | String getParsedString(); 80 | 81 | 82 | /** 83 | * Serialises the JSON Web Token (JWT) to its compact format consisting 84 | * of Base64URL-encoded parts delimited by period ('.') characters. 85 | * 86 | * @return The serialised JWT. 87 | * 88 | * @throws IllegalStateException If the JWT is not in a state that 89 | * permits serialisation. 90 | */ 91 | String serialize(); 92 | } 93 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/JWTClaimsSetTransformer.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jwt; 19 | 20 | 21 | /** 22 | * Generic JWT claims set type transformer. Implementations should be 23 | * tread-safe. 24 | */ 25 | public interface JWTClaimsSetTransformer { 26 | 27 | 28 | /** 29 | * Transforms the specified JWT claims set into the desired type. 30 | * 31 | * @param claimsSet The JWT claims set. Not {@code null}. 32 | * 33 | * @return The desired type. 34 | */ 35 | T transform(final JWTClaimsSet claimsSet); 36 | } 37 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/JWTParser.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jwt; 19 | 20 | 21 | import java.text.ParseException; 22 | 23 | import net.minidev.json.JSONObject; 24 | 25 | import com.nimbusds.jose.Algorithm; 26 | import com.nimbusds.jose.Header; 27 | import com.nimbusds.jose.JWEAlgorithm; 28 | import com.nimbusds.jose.JWSAlgorithm; 29 | import com.nimbusds.jose.util.Base64URL; 30 | import com.nimbusds.jose.util.JSONObjectUtils; 31 | 32 | 33 | /** 34 | * Parser for unsecured (plain), signed and encrypted JSON Web Tokens (JWTs). 35 | * 36 | * @author Vladimir Dzhuvinov 37 | * @author Junya Hayashi 38 | * @version 2015-06-14 39 | */ 40 | public final class JWTParser { 41 | 42 | 43 | /** 44 | * Parses an unsecured (plain), signed or encrypted JSON Web Token 45 | * (JWT) from the specified string in compact format. 46 | * 47 | * @param s The string to parse. Must not be {@code null}. 48 | * 49 | * @return The corresponding {@link PlainJWT}, {@link SignedJWT} or 50 | * {@link EncryptedJWT} instance. 51 | * 52 | * @throws ParseException If the string couldn't be parsed to a valid 53 | * unsecured, signed or encrypted JWT. 54 | */ 55 | public static JWT parse(final String s) 56 | throws ParseException { 57 | 58 | final int firstDotPos = s.indexOf("."); 59 | 60 | if (firstDotPos == -1) 61 | throw new ParseException("Invalid JWT serialization: Missing dot delimiter(s)", 0); 62 | 63 | Base64URL header = new Base64URL(s.substring(0, firstDotPos)); 64 | 65 | JSONObject jsonObject; 66 | 67 | try { 68 | jsonObject = JSONObjectUtils.parse(header.decodeToString()); 69 | 70 | } catch (ParseException e) { 71 | 72 | throw new ParseException("Invalid unsecured/JWS/JWE header: " + e.getMessage(), 0); 73 | } 74 | 75 | Algorithm alg = Header.parseAlgorithm(jsonObject); 76 | 77 | if (alg.equals(Algorithm.NONE)) { 78 | return PlainJWT.parse(s); 79 | } else if (alg instanceof JWSAlgorithm) { 80 | return SignedJWT.parse(s); 81 | } else if (alg instanceof JWEAlgorithm) { 82 | return EncryptedJWT.parse(s); 83 | } else { 84 | throw new AssertionError("Unexpected algorithm type: " + alg); 85 | } 86 | } 87 | 88 | 89 | /** 90 | * Prevents instantiation. 91 | */ 92 | private JWTParser() { 93 | 94 | } 95 | } 96 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * JSON Web Token (JWT) classes. 20 | * 21 | *

This package provides representation, compact serialisation and parsing 22 | * for the following JWT objects: 23 | * 24 | *

    25 | *
  • {@link com.nimbusds.jwt.PlainJWT Unsecured (plain) JWTs}. 26 | *
  • {@link com.nimbusds.jwt.SignedJWT Signed JWTs}. 27 | *
  • {@link com.nimbusds.jwt.EncryptedJWT Encrypted JWTs}. 28 | *
29 | * 30 | *

References: 31 | * 32 | *

    33 | *
  • RFC 7519 (JWT) 34 | *
35 | */ 36 | package com.nimbusds.jwt; 37 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/proc/BadJWTException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jwt.proc; 19 | 20 | 21 | import com.nimbusds.jose.proc.BadJOSEException; 22 | 23 | 24 | /** 25 | * Bad JSON Web Token (JWT) exception. 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2015-06-29 29 | */ 30 | public class BadJWTException extends BadJOSEException { 31 | 32 | 33 | /** 34 | * Creates a new bad JWT exception. 35 | * 36 | * @param message The exception message. 37 | */ 38 | public BadJWTException(final String message) { 39 | 40 | super(message); 41 | } 42 | 43 | 44 | /** 45 | * Creates a new bad JWT exception. 46 | * 47 | * @param message The exception message. 48 | * @param cause The exception cause. 49 | */ 50 | public BadJWTException(final String message, final Throwable cause) { 51 | 52 | super(message, cause); 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/proc/ClockSkewAware.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jwt.proc; 19 | 20 | 21 | import com.nimbusds.jose.util.DateUtils; 22 | 23 | 24 | /** 25 | * Clock skew aware interface. 26 | * 27 | * @see DateUtils 28 | */ 29 | public interface ClockSkewAware { 30 | 31 | 32 | /** 33 | * Gets the maximum acceptable clock skew. 34 | * 35 | * @return The maximum acceptable clock skew, in seconds. Zero if none. 36 | */ 37 | int getMaxClockSkew(); 38 | 39 | 40 | /** 41 | * Sets the maximum acceptable clock skew. 42 | * 43 | * @param maxClockSkewSeconds The maximum acceptable clock skew, in 44 | * seconds. Zero if none. 45 | */ 46 | void setMaxClockSkew(final int maxClockSkewSeconds); 47 | } 48 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/proc/ConfigurableJWTProcessor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jwt.proc; 19 | 20 | 21 | import com.nimbusds.jose.proc.SecurityContext; 22 | 23 | 24 | /** 25 | * Configurable processor of {@link com.nimbusds.jwt.PlainJWT 26 | * unsecured} (plain), {@link com.nimbusds.jwt.SignedJWT signed} and 27 | * {@link com.nimbusds.jwt.EncryptedJWT encrypted} JSON Web Tokens (JWT). 28 | * 29 | * @author Vladimir Dzhuvinov 30 | * @version 2015-08-22 31 | */ 32 | public interface ConfigurableJWTProcessor 33 | extends JWTProcessor, JWTProcessorConfiguration { 34 | 35 | } 36 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/proc/JWTClaimsSetVerifier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jwt.proc; 19 | 20 | 21 | import com.nimbusds.jose.proc.SecurityContext; 22 | import com.nimbusds.jwt.JWTClaimsSet; 23 | 24 | 25 | /** 26 | * JWT claims set verifier. Ensures the claims set of a JWT that is being 27 | * {@link JWTProcessor processed} complies with an application's requirements. 28 | * 29 | *

An application may implement JWT claims checks such as: 30 | * 31 | *

    32 | *
  • The JWT is within the required validity time window; 33 | *
  • has a specific issuer; 34 | *
  • has a specific audience; 35 | *
  • has a specific subject; 36 | *
  • etc. 37 | *
38 | * 39 | * @author Vladimir Dzhuvinov 40 | * @version 2016-07-25 41 | * @since 4.23 42 | */ 43 | public interface JWTClaimsSetVerifier { 44 | 45 | 46 | /** 47 | * Verifies selected or all claims from the specified JWT claims set. 48 | * 49 | * @param claimsSet The JWT claims set. Not {@code null}. 50 | * @param context Optional context, {@code null} if not required. 51 | * 52 | * @throws BadJWTException If the JWT claims set is rejected. 53 | */ 54 | void verify(final JWTClaimsSet claimsSet, final C context) 55 | throws BadJWTException; 56 | } 57 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/proc/JWTClaimsVerifier.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jwt.proc; 19 | 20 | 21 | import com.nimbusds.jwt.JWTClaimsSet; 22 | 23 | 24 | /** 25 | * @see JWTClaimsSetVerifier 26 | */ 27 | @Deprecated 28 | public interface JWTClaimsVerifier { 29 | 30 | 31 | /** 32 | * Performs verification of selected or all claims in the specified JWT 33 | * claims set. 34 | * 35 | * @param claimsSet The JWT claims set. Not {@code null}. 36 | * 37 | * @throws BadJWTException If the JWT claims set is rejected. 38 | */ 39 | @Deprecated 40 | void verify(final JWTClaimsSet claimsSet) 41 | throws BadJWTException; 42 | } 43 | -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/proc/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * Secure framework for application-specific verification and decryption of 20 | * JSON Web Tokens (JWTs). Provides a core 21 | * {@link com.nimbusds.jwt.proc.JWTProcessor interface} for processing signed, 22 | * encrypted and unsecured (plain) JWTs, with a 23 | * {@link com.nimbusds.jwt.proc.DefaultJWTProcessor default implementation} 24 | * which can be configured and extended as required. 25 | * 26 | *

To process generic JOSE objects refer to the 27 | * {@link com.nimbusds.jose.proc} package. 28 | * 29 | *

References: 30 | * 31 | *

34 | */ 35 | package com.nimbusds.jwt.proc; -------------------------------------------------------------------------------- /src/main/java/com/nimbusds/jwt/util/package-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | /** 19 | * Utility interfaces and classes. 20 | */ 21 | package com.nimbusds.jwt.util; -------------------------------------------------------------------------------- /src/test/certs/ietf.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFYDCCBEigAwIBAgIJAMl5DnNGNaxfMA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD 3 | VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl 4 | MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMq 5 | aHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYD 6 | VQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy 7 | MB4XDTE2MTAwMTE0MjEzOFoXDTE3MTEzMDIzMzQxOVowPjEhMB8GA1UECxMYRG9t 8 | YWluIENvbnRyb2wgVmFsaWRhdGVkMRkwFwYDVQQDDBAqLnRvb2xzLmlldGYub3Jn 9 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseE36OuC1on62/XCS3fw 10 | LErecm4+E2DRqGYexK09MmDl8Jm19Hp6SFUh7g45EvnODcr1aWHHBO1uDx07HlCI 11 | eToOMUEW8bECZGilzfVKCsqZljUIw34nXdCpz/PnKK832LZ73fN+rm6Xf/fKaU7M 12 | 0AbfXSebOxLn5v4Ia1J7ghF8crNG68HoeLgPy+HrvQZEWNyDULKgYlvcgbg24558 13 | ebKpU4rgC8lKKhM5MRO9LM+ocM+MjT0Bo4iuEgA2HR4kK9152FMBJu0oT8mGlINO 14 | yOEULoWzr9Ru3WlGr0ElDnqti/KSynnZezJP93fo+bRPI1zUXAOu2Ks6yhNfXV1d 15 | oQIDAQABo4IB1jCCAdIwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcD 16 | AQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDwGA1UdHwQ1MDMwMaAvoC2GK2h0 17 | dHA6Ly9jcmwuc3RhcmZpZWxkdGVjaC5jb20vc2ZpZzJzMS0zNi5jcmwwYwYDVR0g 18 | BFwwWjBOBgtghkgBhv1uAQcXATA/MD0GCCsGAQUFBwIBFjFodHRwOi8vY2VydGlm 19 | aWNhdGVzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATCB 20 | ggYIKwYBBQUHAQEEdjB0MCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFyZmll 21 | bGR0ZWNoLmNvbS8wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3Rh 22 | cmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZmlnMi5jcnQwHwYDVR0jBBgwFoAU 23 | JUWBaFAmOD07LSy+zWrZtj2zZmMwKwYDVR0RBCQwIoIQKi50b29scy5pZXRmLm9y 24 | Z4IOdG9vbHMuaWV0Zi5vcmcwHQYDVR0OBBYEFK2KtBwHUdeSiQewt4RiLzZVel9N 25 | MA0GCSqGSIb3DQEBCwUAA4IBAQBYon80vJkOa7NiBkDjXVUYAJSTv1iHyx8mQ8Qm 26 | D/XL4sbh/cvr1TFFfQm3eFi1k7WiVLWKgBpi5UdPof5p1tHt+DuctoDrKjhsu5bQ 27 | 40d/WcoQK/nM5Q6+3q0jDdvzc0hb3pEkkN8BNZ780G3KXTaOzE4XKJXQfra0XDSk 28 | DRCD1zgnHnRDHVgDDuzlS472zoxcZh+or2GcLljZbY+MJzmFwdcTHJwEM20JrkK7 29 | NUvacp7blz7MX8YIiF5CI/M0u/pV3OW57YJeX6FJ7Amw8fHYZDdUQJtPp2/z6CKm 30 | GVXGhBcfE+YIQMQpKpPOVHQ1vaRvPsXE6BXm6UHisQRX07RP 31 | -----END CERTIFICATE----- 32 | -------------------------------------------------------------------------------- /src/test/certs/wikipedia.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIHXDCCBkSgAwIBAgIMEOb8YrdBitUAXkW2MA0GCSqGSIb3DQEBCwUAMGYxCzAJ 3 | BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH 4 | bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g 5 | RzIwHhcNMTYxMTIxMDgwMDAwWhcNMTcxMTIyMDc1OTU5WjB5MQswCQYDVQQGEwJV 6 | UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEj 7 | MCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNVBAMMDyou 8 | d2lraXBlZGlhLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMkiaTGK1mzq 9 | 2sN/LKylr8AC6oHLZbn9DG1GW8ke7bKsKhtK7IB75xpR4N/3x0oge5FLIAchzs9o 10 | ZYzGnTvv1cGjggTAMIIEvDAOBgNVHQ8BAf8EBAMCA4gwgaAGCCsGAQUFBwEBBIGT 11 | MIGQME0GCCsGAQUFBzAChkFodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2Nh 12 | Y2VydC9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMnIxLmNydDA/BggrBgEFBQcwAYYz 13 | aHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFsc2hh 14 | MmcyMFYGA1UdIARPME0wQQYJKwYBBAGgMgEUMDQwMgYIKwYBBQUHAgEWJmh0dHBz 15 | Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECAjAJBgNV 16 | HRMEAjAAMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5j 17 | b20vZ3MvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIuY3JsMIIC+AYDVR0RBIIC7zCC 18 | AuuCDyoud2lraXBlZGlhLm9yZ4IRKi5tLm1lZGlhd2lraS5vcmeCESoubS53aWtp 19 | Ym9va3Mub3JnghAqLm0ud2lraWRhdGEub3JnghEqLm0ud2lraW1lZGlhLm9yZ4Ib 20 | Ki5tLndpa2ltZWRpYWZvdW5kYXRpb24ub3JnghAqLm0ud2lraW5ld3Mub3JnghEq 21 | Lm0ud2lraXBlZGlhLm9yZ4IRKi5tLndpa2lxdW90ZS5vcmeCEioubS53aWtpc291 22 | cmNlLm9yZ4ITKi5tLndpa2l2ZXJzaXR5Lm9yZ4ISKi5tLndpa2l2b3lhZ2Uub3Jn 23 | ghIqLm0ud2lrdGlvbmFyeS5vcmeCDyoubWVkaWF3aWtpLm9yZ4IWKi5wbGFuZXQu 24 | d2lraW1lZGlhLm9yZ4IPKi53aWtpYm9va3Mub3Jngg4qLndpa2lkYXRhLm9yZ4IP 25 | Ki53aWtpbWVkaWEub3JnghkqLndpa2ltZWRpYWZvdW5kYXRpb24ub3Jngg4qLndp 26 | a2luZXdzLm9yZ4IPKi53aWtpcXVvdGUub3JnghAqLndpa2lzb3VyY2Uub3JnghEq 27 | Lndpa2l2ZXJzaXR5Lm9yZ4IQKi53aWtpdm95YWdlLm9yZ4IQKi53aWt0aW9uYXJ5 28 | Lm9yZ4IUKi53bWZ1c2VyY29udGVudC5vcmeCFCouemVyby53aWtpcGVkaWEub3Jn 29 | gg1tZWRpYXdpa2kub3JnggZ3Lndpa2mCDXdpa2lib29rcy5vcmeCDHdpa2lkYXRh 30 | Lm9yZ4INd2lraW1lZGlhLm9yZ4IXd2lraW1lZGlhZm91bmRhdGlvbi5vcmeCDHdp 31 | a2luZXdzLm9yZ4INd2lraXF1b3RlLm9yZ4IOd2lraXNvdXJjZS5vcmeCD3dpa2l2 32 | ZXJzaXR5Lm9yZ4IOd2lraXZveWFnZS5vcmeCDndpa3Rpb25hcnkub3JnghJ3bWZ1 33 | c2VyY29udGVudC5vcmeCDXdpa2lwZWRpYS5vcmcwHQYDVR0lBBYwFAYIKwYBBQUH 34 | AwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQoKiYqV4s7zrTWq1Tv1zghLElcNjAfBgNV 35 | HSMEGDAWgBSW3mHxvRwWKVMcwMx9O4MAQOYafDANBgkqhkiG9w0BAQsFAAOCAQEA 36 | i8Pt0Z05b69Acr0eGF4wVCM1Zl5i1QHiY0dwy20bF7D1TRHkrZRRxV5yA7DVqxjr 37 | tToIqHOV839BGih7RXyDLtMUldjV0V+ZSwz0w5sLT+lJ9Cy1rsMdfSqA9nApTAzm 38 | 4MuIiooC7qXRc8KTWCT/Qxvj/Xuq8BUMYFKPIX2HOhT6gUEAYE+WmmKUWN7LFVw8 39 | 9MFNM+P/Of4o+7BBPtKKEdEGASh0fXHUKu8f4yVLLfBm7yb7TPCBhbsamQbJN4fe 40 | jUn3AJGpQjFKuUCgfU9PpurUWAc8AeAaU1Rm4aN+MM07+GlZo0iSSOGeY6sIcJHy 41 | SNKDS5gG+v28mQLanJixow== 42 | -----END CERTIFICATE----- 43 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/AlgorithmTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | 24 | /** 25 | * Tests the base Algorithm class. 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2012-09-26 29 | */ 30 | public class AlgorithmTest extends TestCase { 31 | 32 | 33 | public void testNoneConstant() { 34 | 35 | assertEquals("none", Algorithm.NONE.getName()); 36 | assertEquals(Requirement.REQUIRED, Algorithm.NONE.getRequirement()); 37 | 38 | assertEquals(Algorithm.NONE, new Algorithm("none", Requirement.REQUIRED)); 39 | } 40 | 41 | 42 | public void testMinimalConstructor() { 43 | 44 | Algorithm alg = new Algorithm("my-alg"); 45 | 46 | assertEquals("my-alg", alg.getName()); 47 | assertEquals("my-alg", alg.toString()); 48 | 49 | assertNull(alg.getRequirement()); 50 | } 51 | 52 | 53 | public void testFullContructor() { 54 | 55 | Algorithm alg = new Algorithm("my-alg", Requirement.OPTIONAL); 56 | 57 | assertEquals("my-alg", alg.getName()); 58 | assertEquals("my-alg", alg.toString()); 59 | 60 | assertEquals(Requirement.OPTIONAL, alg.getRequirement()); 61 | } 62 | 63 | 64 | public void testEquality() { 65 | 66 | Algorithm alg1 = new Algorithm("my-alg"); 67 | Algorithm alg2 = new Algorithm("my-alg"); 68 | 69 | assertTrue(alg1.equals(alg2)); 70 | } 71 | 72 | 73 | public void testEqualityDifferentRequirementLevels() { 74 | 75 | Algorithm alg1 = new Algorithm("my-alg", Requirement.REQUIRED); 76 | Algorithm alg2 = new Algorithm("my-alg", Requirement.OPTIONAL); 77 | 78 | assertTrue(alg1.equals(alg2)); 79 | } 80 | 81 | 82 | public void testInequality() { 83 | 84 | Algorithm alg1 = new Algorithm("my-alg"); 85 | Algorithm alg2 = new Algorithm("your-alg"); 86 | 87 | assertFalse(alg1.equals(alg2)); 88 | } 89 | 90 | 91 | public void testHashCode() { 92 | 93 | Algorithm alg1 = new Algorithm("my-alg"); 94 | Algorithm alg2 = new Algorithm("my-alg"); 95 | 96 | assertEquals(alg1.hashCode(), alg2.hashCode()); 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/EncryptionMethodTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | 24 | /** 25 | * Tests the EncryptionMethod class. 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2014-10-14 29 | */ 30 | public class EncryptionMethodTest extends TestCase { 31 | 32 | 33 | public void testCMKLengths() { 34 | 35 | assertEquals(256, EncryptionMethod.A128CBC_HS256.cekBitLength()); 36 | assertEquals(384, EncryptionMethod.A192CBC_HS384.cekBitLength()); 37 | assertEquals(512, EncryptionMethod.A256CBC_HS512.cekBitLength()); 38 | 39 | assertEquals(128, EncryptionMethod.A128GCM.cekBitLength()); 40 | assertEquals(192, EncryptionMethod.A192GCM.cekBitLength()); 41 | assertEquals(256, EncryptionMethod.A256GCM.cekBitLength()); 42 | 43 | assertEquals(256, EncryptionMethod.A128CBC_HS256_DEPRECATED.cekBitLength()); 44 | assertEquals(512, EncryptionMethod.A256CBC_HS512_DEPRECATED.cekBitLength()); 45 | } 46 | 47 | 48 | public void testAESCBCHMACFamily() { 49 | 50 | assertTrue(EncryptionMethod.Family.AES_CBC_HMAC_SHA.contains(EncryptionMethod.A128CBC_HS256)); 51 | assertTrue(EncryptionMethod.Family.AES_CBC_HMAC_SHA.contains(EncryptionMethod.A192CBC_HS384)); 52 | assertTrue(EncryptionMethod.Family.AES_CBC_HMAC_SHA.contains(EncryptionMethod.A256CBC_HS512)); 53 | assertEquals(3, EncryptionMethod.Family.AES_CBC_HMAC_SHA.size()); 54 | } 55 | 56 | 57 | public void testAESGCMFamily() { 58 | 59 | assertTrue(EncryptionMethod.Family.AES_GCM.contains(EncryptionMethod.A256GCM)); 60 | assertTrue(EncryptionMethod.Family.AES_GCM.contains(EncryptionMethod.A192GCM)); 61 | assertTrue(EncryptionMethod.Family.AES_GCM.contains(EncryptionMethod.A256GCM)); 62 | assertEquals(3, EncryptionMethod.Family.AES_GCM.size()); 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/HeaderTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import com.nimbusds.jose.util.Base64URL; 22 | import junit.framework.TestCase; 23 | 24 | 25 | /** 26 | * Tests the base JOSE header class. 27 | * 28 | * @author Vladimir Dzhuvinov 29 | * @version 2013-08-20 30 | */ 31 | public class HeaderTest extends TestCase { 32 | 33 | 34 | public void testParsePlainHeaderFromBase64URL() 35 | throws Exception { 36 | 37 | // Example BASE64URL from JWT spec 38 | Base64URL in = new Base64URL("eyJhbGciOiJub25lIn0"); 39 | 40 | Header header = Header.parse(in); 41 | 42 | assertTrue(header instanceof PlainHeader); 43 | assertEquals(in, header.toBase64URL()); 44 | assertEquals(Algorithm.NONE, header.getAlgorithm()); 45 | } 46 | 47 | 48 | public void testParseJWSHeaderFromBase64URL() 49 | throws Exception { 50 | 51 | // Example BASE64URL from JWS spec 52 | Base64URL in = new Base64URL("eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9"); 53 | 54 | Header header = Header.parse(in); 55 | 56 | assertTrue(header instanceof JWSHeader); 57 | assertEquals(in, header.toBase64URL()); 58 | assertEquals(JWSAlgorithm.HS256, header.getAlgorithm()); 59 | } 60 | 61 | 62 | public void testParseJWEHeaderFromBase64URL() 63 | throws Exception { 64 | 65 | // Example BASE64URL from JWE spec 66 | Base64URL in = new Base64URL("eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0"); 67 | 68 | Header header = Header.parse(in); 69 | 70 | assertTrue(header instanceof JWEHeader); 71 | assertEquals(in, header.toBase64URL()); 72 | assertEquals(JWEAlgorithm.RSA1_5, header.getAlgorithm()); 73 | 74 | JWEHeader jweHeader = (JWEHeader)header; 75 | assertEquals(EncryptionMethod.A128CBC_HS256, jweHeader.getEncryptionMethod()); 76 | } 77 | } 78 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/JOSEObjectTypeTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | 24 | /** 25 | * Tests the JOSE object type header parmeter. 26 | */ 27 | public class JOSEObjectTypeTest extends TestCase { 28 | 29 | 30 | public void testConstants() { 31 | 32 | assertEquals("JOSE", JOSEObjectType.JOSE.getType()); 33 | assertEquals("JOSE+JSON", JOSEObjectType.JOSE_JSON.getType()); 34 | assertEquals("JWT", JOSEObjectType.JWT.getType()); 35 | } 36 | 37 | 38 | public void testToString() { 39 | 40 | assertEquals(JOSEObjectType.JOSE.getType(), JOSEObjectType.JOSE.toString()); 41 | assertEquals(JOSEObjectType.JOSE_JSON.getType(), JOSEObjectType.JOSE_JSON.toString()); 42 | assertEquals(JOSEObjectType.JWT.getType(), JOSEObjectType.JWT.toString()); 43 | } 44 | 45 | 46 | public void testJSONAware() { 47 | 48 | assertEquals("\"JWT\"", JOSEObjectType.JWT.toJSONString()); 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/JWECryptoPartsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | import com.nimbusds.jose.util.Base64URL; 24 | 25 | 26 | /** 27 | * Tests the JWE crypto parts class. 28 | * 29 | * @author Vladimir Dzhuvinov 30 | * @version 2014-07-11 31 | */ 32 | public class JWECryptoPartsTest extends TestCase { 33 | 34 | 35 | public void testConstructorWithoutHeader() { 36 | 37 | JWECryptoParts p = new JWECryptoParts( 38 | new Base64URL("abc"), 39 | new Base64URL("def"), 40 | new Base64URL("ghi"), 41 | new Base64URL("jkl") 42 | ); 43 | 44 | 45 | assertNull(p.getHeader()); 46 | assertEquals("abc", p.getEncryptedKey().toString()); 47 | assertEquals("def", p.getInitializationVector().toString()); 48 | assertEquals("ghi", p.getCipherText().toString()); 49 | assertEquals("jkl", p.getAuthenticationTag().toString()); 50 | 51 | 52 | p = new JWECryptoParts(null, null, new Base64URL("abc"), null); 53 | 54 | assertNull(p.getHeader()); 55 | assertNull(p.getEncryptedKey()); 56 | assertNull(p.getInitializationVector()); 57 | assertEquals("abc", p.getCipherText().toString()); 58 | assertNull(p.getAuthenticationTag()); 59 | } 60 | 61 | 62 | public void testConstructorWithHeader() { 63 | 64 | JWEHeader header = new JWEHeader(JWEAlgorithm.A128KW, EncryptionMethod.A128GCM); 65 | 66 | JWECryptoParts p = new JWECryptoParts( 67 | header, 68 | new Base64URL("abc"), 69 | new Base64URL("def"), 70 | new Base64URL("ghi"), 71 | new Base64URL("jkl") 72 | ); 73 | 74 | assertEquals(header, p.getHeader()); 75 | assertEquals("abc", p.getEncryptedKey().toString()); 76 | assertEquals("def", p.getInitializationVector().toString()); 77 | assertEquals("ghi", p.getCipherText().toString()); 78 | assertEquals("jkl", p.getAuthenticationTag().toString()); 79 | 80 | p = new JWECryptoParts(null, null, null, new Base64URL("abc"), null); 81 | 82 | assertNull(p.getHeader()); 83 | assertNull(p.getEncryptedKey()); 84 | assertNull(p.getInitializationVector()); 85 | assertEquals("abc", p.getCipherText().toString()); 86 | assertNull(p.getAuthenticationTag()); 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/JWSObjectTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | import com.nimbusds.jose.crypto.MACSigner; 24 | import com.nimbusds.jose.util.Base64URL; 25 | 26 | 27 | /** 28 | * Tests JWS object methods. 29 | * 30 | * @author Vladimir Dzhuvinov 31 | * @version 2015-01-15 32 | */ 33 | public class JWSObjectTest extends TestCase { 34 | 35 | 36 | public void testBase64URLConstructor() 37 | throws Exception { 38 | 39 | JWSHeader header = new JWSHeader(JWSAlgorithm.RS256); 40 | 41 | Base64URL firstPart = header.toBase64URL(); 42 | Base64URL secondPart = new Base64URL("abc"); 43 | Base64URL thirdPart = new Base64URL("def"); 44 | 45 | JWSObject jws = new JWSObject(firstPart, secondPart, thirdPart); 46 | 47 | assertEquals(firstPart, jws.getHeader().toBase64URL()); 48 | assertEquals(secondPart, jws.getPayload().toBase64URL()); 49 | assertEquals(thirdPart, jws.getSignature()); 50 | 51 | assertEquals(firstPart.toString() + ".abc.def", jws.serialize()); 52 | assertEquals(firstPart.toString() + ".abc.def", jws.getParsedString()); 53 | 54 | assertEquals(JWSObject.State.SIGNED, jws.getState()); 55 | } 56 | 57 | 58 | public void testSignAndSerialize() 59 | throws Exception { 60 | 61 | JWSHeader header = new JWSHeader(JWSAlgorithm.HS256); 62 | 63 | JWSObject jwsObject = new JWSObject(header, new Payload("Hello world!")); 64 | 65 | Base64URL signingInput = Base64URL.encode(jwsObject.getSigningInput()); 66 | 67 | assertTrue(signingInput.equals(Base64URL.encode(jwsObject.getSigningInput()))); 68 | 69 | jwsObject.sign(new MACSigner("12345678901234567890123456789012")); 70 | 71 | String output = jwsObject.serialize(); 72 | 73 | assertEquals(output, jwsObject.serialize()); 74 | } 75 | } -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/KeyLengthExceptionTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | 24 | /** 25 | * Tests the key length exception. 26 | */ 27 | public class KeyLengthExceptionTest extends TestCase { 28 | 29 | 30 | public void testMessageConstructor() { 31 | 32 | KeyLengthException e = new KeyLengthException("abc"); 33 | 34 | assertEquals("abc", e.getMessage()); 35 | assertEquals(0, e.getExpectedKeyLength()); 36 | assertNull(e.getAlgorithm()); 37 | } 38 | 39 | 40 | public void testDetailConstructor() { 41 | 42 | KeyLengthException e = new KeyLengthException(128, EncryptionMethod.A128GCM); 43 | 44 | assertEquals("The expected key length is 128 bits (for A128GCM algorithm)", e.getMessage()); 45 | assertEquals(128, e.getExpectedKeyLength()); 46 | assertEquals(EncryptionMethod.A128GCM, e.getAlgorithm()); 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/PlainObjectTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | 24 | /** 25 | * Tests plaintext JOSE object parsing and serialisation. 26 | * 27 | * @author Vladimir Dzhuvinov 28 | * @version 2014-07-08 29 | */ 30 | public class PlainObjectTest extends TestCase { 31 | 32 | 33 | public void testSerializeAndParse() 34 | throws Exception { 35 | 36 | Payload payload = new Payload("Hello world!"); 37 | 38 | PlainObject p = new PlainObject(payload); 39 | 40 | assertNotNull(p.getHeader()); 41 | assertEquals("Hello world!", p.getPayload().toString()); 42 | 43 | PlainHeader h = p.getHeader(); 44 | assertEquals(Algorithm.NONE, h.getAlgorithm()); 45 | assertNull(h.getType()); 46 | assertNull(h.getContentType()); 47 | assertTrue(h.getCustomParams().isEmpty()); 48 | 49 | String serializedJOSEObject = p.serialize(); 50 | 51 | p = PlainObject.parse(serializedJOSEObject); 52 | 53 | h = p.getHeader(); 54 | assertEquals(Algorithm.NONE, h.getAlgorithm()); 55 | assertNull(h.getType()); 56 | assertNull(h.getContentType()); 57 | assertTrue(h.getCustomParams().isEmpty()); 58 | 59 | assertEquals("Hello world!", p.getPayload().toString()); 60 | 61 | assertEquals(serializedJOSEObject, p.getParsedString()); 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/crypto/AADTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.nio.charset.Charset; 22 | import java.util.Arrays; 23 | 24 | import com.nimbusds.jose.EncryptionMethod; 25 | import com.nimbusds.jose.JWEAlgorithm; 26 | import com.nimbusds.jose.JWEHeader; 27 | import com.nimbusds.jose.util.Base64URL; 28 | import com.nimbusds.jose.util.IntegerOverflowException; 29 | import junit.framework.TestCase; 30 | 31 | 32 | /** 33 | * Tests the Additional Authenticated Data (AAD) functions. 34 | * 35 | * @author Vladimir Dzhuvinov 36 | * @version 2017-06-01 37 | */ 38 | public class AADTest extends TestCase { 39 | 40 | 41 | public void testComputeForJWEHeader() { 42 | 43 | JWEHeader jweHeader = new JWEHeader(JWEAlgorithm.DIR, EncryptionMethod.A128GCM); 44 | 45 | byte[] expected = jweHeader.toBase64URL().toString().getBytes(Charset.forName("ASCII")); 46 | 47 | assertTrue(Arrays.equals(expected, AAD.compute(jweHeader))); 48 | } 49 | 50 | 51 | public void testComputeForBase64URL() { 52 | 53 | Base64URL base64URL = Base64URL.encode("Hello world!"); 54 | 55 | byte[] expected = base64URL.toString().getBytes(Charset.forName("ASCII")); 56 | 57 | assertTrue(Arrays.equals(expected, AAD.compute(base64URL))); 58 | } 59 | 60 | 61 | public void testComputeLength() 62 | throws IntegerOverflowException { 63 | 64 | byte[] aad = new byte[]{0, 1, 2, 3}; // 32 bits 65 | 66 | byte[] expectedBitLength = new byte[]{0, 0, 0, 0, 0, 0, 0, 32}; 67 | 68 | assertTrue(Arrays.equals(expectedBitLength, AAD.computeLength(aad))); 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/crypto/AESCryptoTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | import com.nimbusds.jose.EncryptionMethod; 24 | import com.nimbusds.jose.JWEAlgorithm; 25 | 26 | 27 | /** 28 | * Tests static AES crypto provider constants and methods. 29 | * 30 | * @author Vladimir Dzhuvinov 31 | * @version 2015-05-27 32 | */ 33 | public class AESCryptoTest extends TestCase { 34 | 35 | 36 | public void testClassAlgorithmSupport() { 37 | 38 | assertEquals(6, AESCryptoProvider.SUPPORTED_ALGORITHMS.size()); 39 | 40 | assertTrue(AESCryptoProvider.SUPPORTED_ALGORITHMS.contains(JWEAlgorithm.A128KW)); 41 | assertTrue(AESCryptoProvider.SUPPORTED_ALGORITHMS.contains(JWEAlgorithm.A192KW)); 42 | assertTrue(AESCryptoProvider.SUPPORTED_ALGORITHMS.contains(JWEAlgorithm.A256KW)); 43 | assertTrue(AESCryptoProvider.SUPPORTED_ALGORITHMS.contains(JWEAlgorithm.A128GCMKW)); 44 | assertTrue(AESCryptoProvider.SUPPORTED_ALGORITHMS.contains(JWEAlgorithm.A192GCMKW)); 45 | assertTrue(AESCryptoProvider.SUPPORTED_ALGORITHMS.contains(JWEAlgorithm.A256GCMKW)); 46 | } 47 | 48 | 49 | public void testClassEncryptionMethodSupport() { 50 | 51 | assertEquals(8, AESCryptoProvider.SUPPORTED_ENCRYPTION_METHODS.size()); 52 | 53 | assertTrue(AESCryptoProvider.SUPPORTED_ENCRYPTION_METHODS.contains(EncryptionMethod.A128CBC_HS256)); 54 | assertTrue(AESCryptoProvider.SUPPORTED_ENCRYPTION_METHODS.contains(EncryptionMethod.A192CBC_HS384)); 55 | assertTrue(AESCryptoProvider.SUPPORTED_ENCRYPTION_METHODS.contains(EncryptionMethod.A256CBC_HS512)); 56 | assertTrue(AESCryptoProvider.SUPPORTED_ENCRYPTION_METHODS.contains(EncryptionMethod.A128GCM)); 57 | assertTrue(AESCryptoProvider.SUPPORTED_ENCRYPTION_METHODS.contains(EncryptionMethod.A192GCM)); 58 | assertTrue(AESCryptoProvider.SUPPORTED_ENCRYPTION_METHODS.contains(EncryptionMethod.A256GCM)); 59 | assertTrue(AESCryptoProvider.SUPPORTED_ENCRYPTION_METHODS.contains(EncryptionMethod.A128CBC_HS256_DEPRECATED)); 60 | assertTrue(AESCryptoProvider.SUPPORTED_ENCRYPTION_METHODS.contains(EncryptionMethod.A256CBC_HS512_DEPRECATED)); 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/crypto/AGCMKWTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import com.nimbusds.jose.EncryptionMethod; 22 | import com.nimbusds.jose.JOSEException; 23 | import com.nimbusds.jose.JWEAlgorithm; 24 | import com.nimbusds.jose.JWEHeader; 25 | import com.nimbusds.jose.util.Base64URL; 26 | import junit.framework.TestCase; 27 | 28 | 29 | /** 30 | * General AxxxGCMKW tests. 31 | * 32 | * @author Vladimir Dzhuvinov 33 | * @version 2015-05-19 34 | */ 35 | public class AGCMKWTest extends TestCase { 36 | 37 | 38 | // 128-bit shared symmetric key 39 | private final static byte[] key128 = { 40 | (byte)177, (byte)119, (byte) 33, (byte) 13, (byte)164, (byte) 30, (byte)108, (byte)121, 41 | (byte)207, (byte)136, (byte)107, (byte)242, (byte) 12, (byte)224, (byte) 19, (byte)226 }; 42 | 43 | 44 | public void testRejectMissingHeaderIVParameter() 45 | throws Exception { 46 | 47 | JWEHeader header = new JWEHeader.Builder( 48 | JWEAlgorithm.A128GCMKW, EncryptionMethod.A128GCM). 49 | authTag(new Base64URL("abc")). 50 | build(); 51 | 52 | Base64URL encryptedKey = new Base64URL("abc"); 53 | Base64URL iv = new Base64URL("def"); 54 | Base64URL cipherText = new Base64URL("ghi"); 55 | Base64URL authTag = new Base64URL("jkl"); 56 | 57 | AESDecrypter decrypter = new AESDecrypter(key128); 58 | 59 | try { 60 | decrypter.decrypt(header, encryptedKey, iv, cipherText, authTag); 61 | fail(); 62 | } catch (JOSEException e) { 63 | assertEquals("Missing JWE \"iv\" header parameter", e.getMessage()); 64 | } 65 | } 66 | 67 | public void testRejectMissingHeaderAuthTagParameter() 68 | throws Exception { 69 | 70 | JWEHeader header = new JWEHeader.Builder( 71 | JWEAlgorithm.A128GCMKW, EncryptionMethod.A128GCM). 72 | iv(new Base64URL("abc")). 73 | build(); 74 | 75 | Base64URL encryptedKey = new Base64URL("abc"); 76 | Base64URL iv = new Base64URL("def"); 77 | Base64URL cipherText = new Base64URL("ghi"); 78 | Base64URL authTag = new Base64URL("jkl"); 79 | 80 | AESDecrypter decrypter = new AESDecrypter(key128); 81 | 82 | try { 83 | decrypter.decrypt(header, encryptedKey, iv, cipherText, authTag); 84 | fail(); 85 | } catch (JOSEException e) { 86 | assertEquals("Missing JWE \"tag\" header parameter", e.getMessage()); 87 | } 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/crypto/AuthenticatedCipherTextTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | import org.junit.Assert; 24 | 25 | 26 | /** 27 | * Tests the authenticated cipher text wrapper. 28 | * 29 | * @author Vladimir Dzhuvinov 30 | * @version 2013-05-07 31 | */ 32 | public class AuthenticatedCipherTextTest extends TestCase { 33 | 34 | 35 | public void testRun() { 36 | 37 | byte[] cipherText = {1, 2, 3, 4, 5}; 38 | byte[] authTag = {6, 7, 8, 9, 10}; 39 | 40 | AuthenticatedCipherText act = new AuthenticatedCipherText(cipherText, authTag); 41 | 42 | Assert.assertArrayEquals(cipherText, act.getCipherText()); 43 | 44 | Assert.assertArrayEquals(authTag, act.getAuthenticationTag()); 45 | } 46 | } -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/crypto/ECDSATest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.security.KeyPair; 22 | import java.security.interfaces.ECPrivateKey; 23 | import java.security.interfaces.ECPublicKey; 24 | 25 | import com.nimbusds.jose.JOSEException; 26 | import com.nimbusds.jose.JWSAlgorithm; 27 | import com.nimbusds.jose.jwk.Curve; 28 | import junit.framework.TestCase; 29 | 30 | 31 | /** 32 | * Tests the static ECDSA utilities. 33 | * 34 | * @version 2018-08-24 35 | */ 36 | public class ECDSATest extends TestCase { 37 | 38 | 39 | public void testResolveAlgFromCurve() 40 | throws JOSEException { 41 | 42 | assertEquals(JWSAlgorithm.ES256, ECDSA.resolveAlgorithm(Curve.P_256)); 43 | assertEquals(JWSAlgorithm.ES384, ECDSA.resolveAlgorithm(Curve.P_384)); 44 | assertEquals(JWSAlgorithm.ES512, ECDSA.resolveAlgorithm(Curve.P_521)); 45 | 46 | try { 47 | ECDSA.resolveAlgorithm((Curve)null); 48 | 49 | } catch (JOSEException e) { 50 | assertEquals("The EC key curve is not supported, must be P-256, P-384 or P-521", e.getMessage()); 51 | } 52 | } 53 | 54 | 55 | public void testResolveAlgFromECKey_P256() 56 | throws Exception { 57 | 58 | KeyPair keyPair = ECDSARoundTripTest.createECKeyPair(ECDSARoundTripTest.EC256SPEC); 59 | ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic(); 60 | ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate(); 61 | 62 | assertEquals(JWSAlgorithm.ES256, ECDSA.resolveAlgorithm(publicKey)); 63 | assertEquals(JWSAlgorithm.ES256, ECDSA.resolveAlgorithm(privateKey)); 64 | } 65 | 66 | 67 | public void testResolveAlgFromECKey_P384() 68 | throws Exception { 69 | 70 | KeyPair keyPair = ECDSARoundTripTest.createECKeyPair(ECDSARoundTripTest.EC384SPEC); 71 | ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic(); 72 | ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate(); 73 | 74 | assertEquals(JWSAlgorithm.ES384, ECDSA.resolveAlgorithm(publicKey)); 75 | assertEquals(JWSAlgorithm.ES384, ECDSA.resolveAlgorithm(privateKey)); 76 | } 77 | 78 | 79 | public void testResolveAlgFromECKey_P521() 80 | throws Exception { 81 | 82 | KeyPair keyPair = ECDSARoundTripTest.createECKeyPair(ECDSARoundTripTest.EC512SPEC); 83 | ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic(); 84 | ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate(); 85 | 86 | assertEquals(JWSAlgorithm.ES512, ECDSA.resolveAlgorithm(publicKey)); 87 | assertEquals(JWSAlgorithm.ES512, ECDSA.resolveAlgorithm(privateKey)); 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/crypto/LegacyAESGCMTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.nio.charset.Charset; 22 | import java.security.SecureRandom; 23 | import javax.crypto.KeyGenerator; 24 | import javax.crypto.SecretKey; 25 | 26 | import junit.framework.TestCase; 27 | 28 | 29 | /** 30 | * Tests AES/GCM using BouncyCastle API for Java 6. 31 | */ 32 | public class LegacyAESGCMTest extends TestCase { 33 | 34 | 35 | public void testEncryptDecrypt() 36 | throws Exception { 37 | 38 | KeyGenerator keyGen = KeyGenerator.getInstance("AES"); 39 | keyGen.init(128); 40 | SecretKey secretKey = keyGen.generateKey(); 41 | 42 | byte[] iv = AESGCM.generateIV(new SecureRandom()); 43 | byte[] plainText = "Hello world!".getBytes(Charset.forName("UTF-8")); 44 | byte[] authData = "abc".getBytes(Charset.forName("UTF-8")); 45 | 46 | AuthenticatedCipherText cipherText = LegacyAESGCM.encrypt(secretKey, iv, plainText, authData); 47 | 48 | byte[] decryptedPlainText = LegacyAESGCM.decrypt(secretKey, iv, cipherText.getCipherText(), authData, cipherText.getAuthenticationTag()); 49 | 50 | assertEquals("Hello world!", new String(decryptedPlainText, Charset.forName("UTF-8"))); 51 | } 52 | } 53 | 54 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/crypto/SecureRandomTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto; 19 | 20 | 21 | import java.security.NoSuchAlgorithmException; 22 | import java.security.SecureRandom; 23 | 24 | import junit.framework.TestCase; 25 | 26 | 27 | /** 28 | * Times secure random initialisation. 29 | */ 30 | public class SecureRandomTest extends TestCase { 31 | 32 | 33 | public void testDefault() 34 | throws NoSuchAlgorithmException { 35 | 36 | final long startTime = System.nanoTime(); 37 | 38 | SecureRandom sr = new SecureRandom(); 39 | 40 | final long endTime = System.nanoTime(); 41 | 42 | // Uncomment to print out result 43 | // System.out.println("Default secure random algorithm for this platform: " + sr.getAlgorithm()); 44 | // System.out.println(sr.getAlgorithm() + " initialisation time: " + (endTime - startTime) + "ns"); 45 | } 46 | 47 | 48 | public void testSHA1PRNGTime() 49 | throws NoSuchAlgorithmException { 50 | 51 | final long startTime = System.nanoTime(); 52 | 53 | SecureRandom.getInstance("SHA1PRNG"); 54 | 55 | final long endTime = System.nanoTime(); 56 | 57 | // Uncomment to print out result 58 | // System.out.println("SHA1PRNG initialisation time: " + (endTime - startTime) + "ns"); 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/crypto/utils/ConstantTimeUtilsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto.utils; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | 24 | /** 25 | * Tests the array utilities. 26 | */ 27 | public class ConstantTimeUtilsTest extends TestCase { 28 | 29 | 30 | public void testEquality() { 31 | 32 | byte[] a = { 1, 2, 3, 4, 5, 6, 7, 8}; 33 | byte[] b = { 1, 2, 3, 4, 5, 6, 7, 8}; 34 | 35 | assertTrue(ConstantTimeUtils.areEqual(a, b)); 36 | } 37 | 38 | 39 | public void testInequality() { 40 | 41 | byte[] a = { 1, 2, 3, 4, 5, 6, 7, 8}; 42 | byte[] b = { 1, 2, 3, 4, 5, 6, 7, 7}; 43 | 44 | assertFalse(ConstantTimeUtils.areEqual(a, b)); 45 | } 46 | 47 | 48 | public void testLengthMismatch() { 49 | 50 | byte[] a = { 1, 2, 3, 4, 5, 6, 7, 8}; 51 | byte[] b = { 1, 2, 3, 4, 5, 6, 7}; 52 | 53 | assertFalse(ConstantTimeUtils.areEqual(a, b)); 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/crypto/utils/ECChecksTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.crypto.utils; 19 | 20 | 21 | import java.security.KeyPair; 22 | import java.security.KeyPairGenerator; 23 | import java.security.interfaces.ECPrivateKey; 24 | import java.security.interfaces.ECPublicKey; 25 | import java.security.spec.ECParameterSpec; 26 | 27 | import com.nimbusds.jose.jwk.Curve; 28 | import junit.framework.TestCase; 29 | 30 | 31 | public class ECChecksTest extends TestCase { 32 | 33 | 34 | private static ECPrivateKey generateECPrivateKey(final Curve curve) 35 | throws Exception { 36 | 37 | final ECParameterSpec ecParameterSpec = curve.toECParameterSpec(); 38 | 39 | KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); 40 | generator.initialize(ecParameterSpec); 41 | KeyPair keyPair = generator.generateKeyPair(); 42 | 43 | return (ECPrivateKey) keyPair.getPrivate(); 44 | } 45 | 46 | 47 | private static ECPublicKey generateECPublicKey(final Curve curve) 48 | throws Exception { 49 | 50 | final ECParameterSpec ecParameterSpec = curve.toECParameterSpec(); 51 | 52 | KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); 53 | generator.initialize(ecParameterSpec); 54 | KeyPair keyPair = generator.generateKeyPair(); 55 | 56 | return (ECPublicKey) keyPair.getPublic(); 57 | } 58 | 59 | 60 | public void testCurveCheckOk() 61 | throws Exception { 62 | 63 | ECPublicKey ephemeralPublicKey = generateECPublicKey(Curve.P_256); 64 | ECPrivateKey privateKey = generateECPrivateKey(Curve.P_256); 65 | assertTrue(ECChecks.isPointOnCurve(ephemeralPublicKey, privateKey)); 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/jca/DumpSupportedJCAAlgs.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jca; 19 | 20 | 21 | import java.security.Provider; 22 | import java.security.Security; 23 | 24 | import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton; 25 | import junit.framework.TestCase; 26 | 27 | 28 | public class DumpSupportedJCAAlgs extends TestCase { 29 | 30 | 31 | public void testDumpAlgs() { 32 | 33 | for (Provider provider: Security.getProviders()) { 34 | System.out.println(provider.getName()); 35 | for (String key: provider.stringPropertyNames()) 36 | System.out.println("\t" + key + "\t" + provider.getProperty(key)); 37 | } 38 | } 39 | 40 | public void testDumpBC() { 41 | 42 | Provider provider = BouncyCastleProviderSingleton.getInstance(); 43 | 44 | for (String key: provider.stringPropertyNames()) 45 | System.out.println("\t" + key + "\t" + provider.getProperty(key)); 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/jca/JCAContextTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jca; 19 | 20 | 21 | import java.security.Provider; 22 | import java.security.SecureRandom; 23 | 24 | import junit.framework.TestCase; 25 | 26 | 27 | /** 28 | * Tests the simple JCA context. 29 | * 30 | * @author Vladimir Dzhuvinov 31 | * @version 2015-06-08 32 | */ 33 | public class JCAContextTest extends TestCase { 34 | 35 | 36 | public void testDefaultConstructor() { 37 | 38 | JCAContext context = new JCAContext(); 39 | assertNull(context.getProvider()); 40 | assertNotNull(context.getSecureRandom()); 41 | } 42 | 43 | 44 | public void testConstructor() { 45 | 46 | Provider provider = new Provider("general", 1.0, "test") {}; 47 | SecureRandom sr = new SecureRandom(); 48 | 49 | JCAContext context = new JCAContext(provider, sr); 50 | 51 | assertEquals(provider, context.getProvider()); 52 | assertEquals(sr, context.getSecureRandom()); 53 | } 54 | 55 | 56 | public void testSetters() { 57 | 58 | JCAContext context = new JCAContext(); 59 | 60 | context.setProvider(new Provider("general", 1.0, "test") { 61 | }); 62 | assertEquals("general", context.getProvider().getName()); 63 | 64 | SecureRandom sr = new SecureRandom(); 65 | context.setSecureRandom(sr); 66 | assertEquals(sr, context.getSecureRandom()); 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/jwk/source/ImmutableJWKSetTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk.source; 19 | 20 | 21 | import java.security.KeyPair; 22 | import java.security.KeyPairGenerator; 23 | import java.security.interfaces.RSAPrivateKey; 24 | import java.security.interfaces.RSAPublicKey; 25 | import java.util.List; 26 | 27 | import com.nimbusds.jose.jwk.*; 28 | import junit.framework.TestCase; 29 | 30 | 31 | public class ImmutableJWKSetTest extends TestCase { 32 | 33 | 34 | public void testRun() 35 | throws Exception { 36 | 37 | KeyPairGenerator pairGen = KeyPairGenerator.getInstance("RSA"); 38 | pairGen.initialize(2048); 39 | KeyPair keyPair = pairGen.generateKeyPair(); 40 | 41 | RSAKey rsaJWK = new RSAKey.Builder((RSAPublicKey)keyPair.getPublic()) 42 | .privateKey((RSAPrivateKey)keyPair.getPrivate()) 43 | .keyID("1") 44 | .build(); 45 | 46 | JWKSet jwkSet = new JWKSet(rsaJWK); 47 | 48 | ImmutableJWKSet immutableJWKSet = new ImmutableJWKSet(jwkSet); 49 | 50 | assertEquals(jwkSet, immutableJWKSet.getJWKSet()); 51 | 52 | List matches = immutableJWKSet.get(new JWKSelector(new JWKMatcher.Builder().keyID("1").build()), null); 53 | RSAKey m1 = (RSAKey)matches.get(0); 54 | assertEquals(rsaJWK.getModulus(), m1.getModulus()); 55 | assertEquals(rsaJWK.getPublicExponent(), m1.getPublicExponent()); 56 | assertEquals(rsaJWK.getPrivateExponent(), m1.getPrivateExponent()); 57 | assertEquals(1, matches.size()); 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/jwk/source/ImmutableSecretTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.jwk.source; 19 | 20 | 21 | import java.security.SecureRandom; 22 | 23 | import javax.crypto.SecretKey; 24 | import javax.crypto.spec.SecretKeySpec; 25 | 26 | import junit.framework.TestCase; 27 | import org.junit.Assert; 28 | 29 | 30 | public class ImmutableSecretTest extends TestCase { 31 | 32 | 33 | public void testByteArrayConstructor() { 34 | 35 | byte[] secret = new byte[32]; 36 | new SecureRandom().nextBytes(secret); 37 | ImmutableSecret immutableSecret = new ImmutableSecret(secret); 38 | Assert.assertArrayEquals(secret, immutableSecret.getSecret()); 39 | Assert.assertArrayEquals(secret, immutableSecret.getSecretKey().getEncoded()); 40 | assertEquals(1, immutableSecret.getJWKSet().getKeys().size()); 41 | } 42 | 43 | 44 | public void testSecretKeyConstructor() { 45 | 46 | byte[] secret = new byte[32]; 47 | new SecureRandom().nextBytes(secret); 48 | SecretKey secretKey = new SecretKeySpec(secret, "AES"); 49 | ImmutableSecret immutableSecret = new ImmutableSecret(secretKey); 50 | Assert.assertArrayEquals(secret, immutableSecret.getSecret()); 51 | Assert.assertArrayEquals(secret, immutableSecret.getSecretKey().getEncoded()); 52 | assertEquals(1, immutableSecret.getJWKSet().getKeys().size()); 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/proc/KeyTypeExceptionTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | import com.nimbusds.jose.KeyTypeException; 24 | 25 | 26 | /** 27 | * Key type exception test. 28 | */ 29 | public class KeyTypeExceptionTest extends TestCase { 30 | 31 | 32 | public void testMessage() { 33 | 34 | KeyTypeException e = new KeyTypeException(java.security.interfaces.RSAPublicKey.class); 35 | 36 | assertEquals("Invalid key: Must be an instance of interface java.security.interfaces.RSAPublicKey", e.getMessage()); 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/proc/SimpleSecurityContextTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.proc; 19 | 20 | 21 | import java.util.Map; 22 | 23 | import junit.framework.TestCase; 24 | 25 | 26 | /** 27 | * Tests the map-based secruty context. 28 | * 29 | * @version 2015-06-14 30 | */ 31 | public class SimpleSecurityContextTest extends TestCase { 32 | 33 | 34 | public void testInstanceOfMap() { 35 | 36 | SimpleSecurityContext ctx = new SimpleSecurityContext(); 37 | 38 | assertTrue(ctx instanceof Map); 39 | 40 | ctx.put("ip", "10.20.30.40"); 41 | assertEquals("10.20.30.40", ctx.get("ip")); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/util/ArrayUtilsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.util.Arrays; 22 | 23 | import junit.framework.TestCase; 24 | 25 | 26 | public class ArrayUtilsTest extends TestCase { 27 | 28 | 29 | public void testConcat() { 30 | 31 | String[] out = ArrayUtils.concat(new String[]{"a", "b", "c"}, new String[]{"d", "e"}); 32 | 33 | assertTrue(Arrays.equals(new String[]{"a", "b", "c", "d", "e"}, out)); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/util/Base64Test.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.math.BigInteger; 22 | 23 | import com.nimbusds.jose.util.Base64; 24 | import junit.framework.TestCase; 25 | 26 | 27 | /** 28 | * Tests the Base64URL class. 29 | * 30 | * @author Vladimir Dzhuvinov 31 | * @version 2014-07-13 32 | */ 33 | public class Base64Test extends TestCase { 34 | 35 | 36 | public void testEncode() { 37 | 38 | // Test vector from rfc4648#section-10 39 | Base64 b64 = Base64.encode("foobar"); 40 | assertEquals("Zm9vYmFy", b64.toString()); 41 | } 42 | 43 | 44 | public void testDecode() { 45 | 46 | // Test vector from rfc4648#section-10 47 | Base64 b64 = new Base64("Zm9vYmFy"); 48 | assertEquals("foobar", b64.decodeToString()); 49 | } 50 | 51 | 52 | public void testBigIntegerEncodeAndDecode() { 53 | 54 | BigInteger bigInt = new BigInteger("12345678901234567890"); 55 | Base64 b64 = Base64.encode(bigInt); 56 | assertEquals(bigInt, b64.decodeToBigInteger()); 57 | } 58 | } 59 | 60 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/util/Base64URLTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.math.BigInteger; 22 | import java.nio.charset.Charset; 23 | 24 | import com.nimbusds.jose.util.Base64URL; 25 | import junit.framework.TestCase; 26 | 27 | 28 | /** 29 | * Tests the Base64URL class. 30 | * 31 | * @author Vladimir Dzhuvinov 32 | */ 33 | public class Base64URLTest extends TestCase { 34 | 35 | 36 | // Test byte array 37 | private static final byte[] BYTES = {0x3, (byte)236, (byte)255, (byte)224, (byte)193}; 38 | 39 | 40 | // Test JSON string 41 | private static final String STRING = "{\"iss\":\"joe\",\r\n" + 42 | " \"exp\":1300819380,\r\n" + 43 | " \"http://example.com/is_root\":true}"; 44 | 45 | 46 | // Test big integer 47 | private static final BigInteger BIGINT = new BigInteger("9999999999999999999999999999999999"); 48 | 49 | 50 | // Test base64URL string 51 | private static final Base64URL B64URL = new Base64URL( 52 | "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx" + 53 | "4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs" + 54 | "tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2" + 55 | "QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI" + 56 | "SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb" + 57 | "w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw"); 58 | 59 | 60 | public void testByteArrayEncodeAndDecode() { 61 | 62 | assertEquals("A-z_4ME", Base64URL.encode(BYTES).toString()); 63 | 64 | byte[] decoded = new Base64URL("A-z_4ME").decode(); 65 | 66 | assertEquals(BYTES.length, decoded.length); 67 | assertEquals(BYTES[0], decoded[0]); 68 | assertEquals(BYTES[1], decoded[1]); 69 | assertEquals(BYTES[2], decoded[2]); 70 | assertEquals(BYTES[3], decoded[3]); 71 | } 72 | 73 | 74 | public void testEncodeAndDecode() { 75 | 76 | byte[] bytes = STRING.getBytes(Charset.forName("utf-8")); 77 | 78 | Base64URL b64url = Base64URL.encode(bytes); 79 | 80 | String expected = "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ"; 81 | assertEquals(expected, b64url.toString()); 82 | } 83 | 84 | 85 | public void testBigIntegerEncodeAndDecode() { 86 | 87 | Base64URL b64url = Base64URL.encode(BIGINT); 88 | 89 | assertEquals(BIGINT, b64url.decodeToBigInteger()); 90 | } 91 | } 92 | 93 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/util/BigIntegerUtilsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.math.BigInteger; 22 | 23 | import com.nimbusds.jose.util.BigIntegerUtils; 24 | import junit.framework.TestCase; 25 | 26 | 27 | /** 28 | * Tests the big integer utility. 29 | * 30 | * @author Vladimir Dzhuvinov 31 | */ 32 | public class BigIntegerUtilsTest extends TestCase { 33 | 34 | 35 | public void testBigIntegerLeadingZeroPadding() { 36 | 37 | byte[] a1 = new BigInteger("123456789A", 16).toByteArray(); 38 | byte[] a2 = new BigInteger("F23456789A", 16).toByteArray(); 39 | 40 | assertEquals(a1.length + 1, a2.length); 41 | assertEquals(0, a2[0]); 42 | } 43 | 44 | 45 | public void testNoLeadingZero() { 46 | 47 | byte[] a1 = BigIntegerUtils.toBytesUnsigned(new BigInteger("123456789A", 16)); 48 | byte[] a2 = BigIntegerUtils.toBytesUnsigned(new BigInteger("F23456789A", 16)); 49 | 50 | assertEquals(a1.length, a2.length); 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/util/ContainerTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd and contributors. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | 24 | public class ContainerTest extends TestCase { 25 | 26 | 27 | public void testDefaultConstructor() { 28 | 29 | Container container = new Container<>(); 30 | assertNull(container.get()); 31 | } 32 | 33 | 34 | public void testParamConstructor() { 35 | 36 | Container container = new Container<>("abc"); 37 | assertEquals("abc", container.get()); 38 | } 39 | 40 | 41 | public void testGetAndSet() { 42 | 43 | Container container = new Container<>(); 44 | container.set("abc"); 45 | assertEquals("abc", container.get()); 46 | container.set(null); 47 | assertNull(container.get()); 48 | } 49 | 50 | 51 | public void testMutable() { 52 | 53 | Container container = new Container<>("abc"); 54 | assertEquals("abc", container.get()); 55 | container.set("def"); 56 | assertEquals("def", container.get()); 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/util/DeflateUtilsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import com.nimbusds.jose.util.DeflateUtils; 22 | import junit.framework.TestCase; 23 | 24 | 25 | /** 26 | * Tests DEFLATE compression. 27 | * 28 | * @version 2013-03-26 29 | */ 30 | public class DeflateUtilsTest extends TestCase { 31 | 32 | 33 | public void testDeflateAndInflate() 34 | throws Exception { 35 | 36 | final String text = "Hello world!"; 37 | final byte[] textBytes = text.getBytes("UTF-8"); 38 | 39 | byte[] compressed = DeflateUtils.compress(textBytes); 40 | 41 | byte[] textBytesDecompressed = DeflateUtils.decompress(compressed); 42 | String textDecompressed = new String(textBytesDecompressed, "UTF-8"); 43 | 44 | assertEquals("byte length check", textBytes.length, textBytesDecompressed.length); 45 | 46 | assertEquals("text length check", text.length(), textDecompressed.length()); 47 | 48 | assertEquals("text comparison", text, textDecompressed); 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/util/IntegerUtilsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import java.util.Arrays; 22 | 23 | import com.nimbusds.jose.util.IntegerUtils; 24 | import junit.framework.TestCase; 25 | 26 | 27 | /** 28 | * Tests the integer utilities. 29 | */ 30 | public class IntegerUtilsTest extends TestCase { 31 | 32 | 33 | public void testGetBytesFromZeroInteger() { 34 | 35 | assertTrue(Arrays.equals(new byte[]{0, 0, 0, 0}, IntegerUtils.toBytes(0))); 36 | } 37 | 38 | 39 | public void testGetBytesFromOneInteger() { 40 | 41 | assertTrue(Arrays.equals(new byte[]{0, 0, 0, 1}, IntegerUtils.toBytes(1))); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/util/JSONObjectUtilsTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import com.nimbusds.jose.util.JSONObjectUtils; 22 | import junit.framework.TestCase; 23 | 24 | 25 | /** 26 | * Tests the JSON object utilities. 27 | * 28 | * @author Vladimir Dzhuvinov 29 | * @version 2015-03-16 30 | */ 31 | public class JSONObjectUtilsTest extends TestCase { 32 | 33 | 34 | public void testParseTrailingWhiteSpace() 35 | throws Exception { 36 | 37 | assertEquals(0, JSONObjectUtils.parse("{} ").size()); 38 | assertEquals(0, JSONObjectUtils.parse("{}\n").size()); 39 | assertEquals(0, JSONObjectUtils.parse("{}\r\n").size()); 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/util/ResourceTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import com.nimbusds.jose.util.Resource; 22 | import junit.framework.TestCase; 23 | 24 | 25 | public class ResourceTest extends TestCase { 26 | 27 | 28 | public void testWithContentType() { 29 | 30 | Resource resource = new Resource("content", "text/plain"); 31 | assertEquals("content", resource.getContent()); 32 | assertEquals("text/plain", resource.getContentType()); 33 | } 34 | 35 | 36 | public void testUnspecifiedContentType() { 37 | 38 | Resource resource = new Resource("content", null); 39 | assertEquals("content", resource.getContent()); 40 | assertNull(resource.getContentType()); 41 | } 42 | 43 | 44 | public void testEmptyContent() { 45 | 46 | assertEquals("", new Resource("", null).getContent()); 47 | } 48 | 49 | 50 | public void testRejectNullContent() { 51 | 52 | try { 53 | new Resource(null, null); 54 | fail(); 55 | } catch (IllegalArgumentException e) { 56 | assertEquals("The resource content must not be null", e.getMessage()); 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /src/test/java/com/nimbusds/jose/util/StandardCharsetTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * nimbus-jose-jwt 3 | * 4 | * Copyright 2012-2016, Connect2id Ltd. 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 7 | * this file except in compliance with the License. You may obtain a copy of the 8 | * License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software distributed 13 | * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 14 | * CONDITIONS OF ANY KIND, either express or implied. See the License for the 15 | * specific language governing permissions and limitations under the License. 16 | */ 17 | 18 | package com.nimbusds.jose.util; 19 | 20 | 21 | import junit.framework.TestCase; 22 | 23 | 24 | public class StandardCharsetTest extends TestCase { 25 | 26 | 27 | public void testConstant() { 28 | 29 | assertEquals("UTF-8", StandardCharset.UTF_8.name()); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /src/test/keys/test-ec256-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEIL4DP7dTLGAYdYoA2lQ7hxcrTbwThERgQhHcI+RX1Rm7oAoGCCqGSM49 3 | AwEHoUQDQgAE0eaDTMy2n3bpfMmWHLyKcY7gcJFBfPgy3zrNGpOLtfwILVXzZ0eP 4 | chNUlC4dl7+jqrWkzuD/mxbA+f3/0t3g1Q== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /src/test/keys/test-ec384-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MIGkAgEBBDCZtzThoj09EghVRAMEX/tXvj6JxFdt2ih+QuocQYi1F1hMJKq1z1oC 3 | 8TV6Wo/pRsKgBwYFK4EEACKhZANiAAScas+doaK0QcDdBITwapiXzV7M0nmM38pM 4 | iHOLIaOjU8jtw/Hant36b3NAz5oMv1fcLewzE+uzX+Zaalt6/zaOTMa+le1dPrj5 5 | Uju50jb1+HtBrLvs3M3jfVnloNrrvm4= 6 | -----END EC PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /src/test/keys/test-ec512-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MIHcAgEBBEIB1jgVahE36RUlLGyU7WM6WMWeoe+2CUCJ6WZH5PpV0Z7R9L07vwNH 3 | Lrf2ZsEq1MDmI0u5wpyQ+qx7ywsbGbD82J2gBwYFK4EEACOhgYkDgYYABAHAhv+m 4 | PPWcLkhd98Rfe4N2Rf0a8efGhcJLfHaWXz9bwPv7yu/VTlS2cOLQSvgQUHHpXrvk 5 | ts3weI/QlFBV4VeEXwHwvxU2rZkjN15MmQH+MmXfCgvwj+wx0vqYl2XDeu0Ikftm 6 | ff6DGQ2hDqlPaRfeOWI1Uj6zmLwBxvr3C0liFrB9HA== 7 | -----END EC PRIVATE KEY----- 8 | --------------------------------------------------------------------------------