Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Nimbus JWK Set Builders Take SignatureAlgorithm

Fixes gh-7270
Josh Cummings 6 years ago
parent
10a9207cd5
commit
aa026f8526
4 changed files with 30 additions and 31 deletions
Split View Show Diff Stats
  1. 11 11
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
  2. 11 11
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
  3. 4 5
      oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
  4. 4 4
      oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java

+ 11 - 11
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java
View File 

@@ -15,6 +15,16 @@
 
  */
 
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 
+import java.net.URL;
 
+import java.nio.charset.StandardCharsets;
 
+import java.time.Instant;
 
+import java.util.Collection;
 
+import java.util.HashMap;
 
+import java.util.Map;
 
+import java.util.concurrent.ConcurrentHashMap;
 
+import java.util.function.Function;
 
+import javax.crypto.spec.SecretKeySpec;
 
+
 
 import org.springframework.core.convert.TypeDescriptor;
 
 import org.springframework.core.convert.converter.Converter;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 
@@ -37,16 +47,6 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 
 import org.springframework.util.Assert;
 
 import org.springframework.util.StringUtils;
 
 
-import javax.crypto.spec.SecretKeySpec;
 
-import java.net.URL;
 
-import java.nio.charset.StandardCharsets;
 
-import java.time.Instant;
 
-import java.util.Collection;
 
-import java.util.HashMap;
 
-import java.util.Map;
 
-import java.util.concurrent.ConcurrentHashMap;
 
-import java.util.function.Function;
 
-
 
 import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withJwkSetUri;
 
 import static org.springframework.security.oauth2.jwt.NimbusJwtDecoder.withSecretKey;
 
 
@@ -150,7 +150,7 @@ public final class OidcIdTokenDecoderFactory implements JwtDecoderFactory<Client
 
 				);
 
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 
 			}
 
-			return withJwkSetUri(jwkSetUri).jwsAlgorithm(jwsAlgorithm).build();
 
+			return withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm).build();
 
 		} else if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
 
 			// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
 
 			//

+ 11 - 11
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/ReactiveOidcIdTokenDecoderFactory.java
View File 

@@ -15,6 +15,16 @@
 
  */
 
 package org.springframework.security.oauth2.client.oidc.authentication;
 
 
+import java.net.URL;
 
+import java.nio.charset.StandardCharsets;
 
+import java.time.Instant;
 
+import java.util.Collection;
 
+import java.util.HashMap;
 
+import java.util.Map;
 
+import java.util.concurrent.ConcurrentHashMap;
 
+import java.util.function.Function;
 
+import javax.crypto.spec.SecretKeySpec;
 
+
 
 import org.springframework.core.convert.TypeDescriptor;
 
 import org.springframework.core.convert.converter.Converter;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 
@@ -37,16 +47,6 @@ import org.springframework.security.oauth2.jwt.ReactiveJwtDecoderFactory;
 
 import org.springframework.util.Assert;
 
 import org.springframework.util.StringUtils;
 
 
-import javax.crypto.spec.SecretKeySpec;
 
-import java.net.URL;
 
-import java.nio.charset.StandardCharsets;
 
-import java.time.Instant;
 
-import java.util.Collection;
 
-import java.util.HashMap;
 
-import java.util.Map;
 
-import java.util.concurrent.ConcurrentHashMap;
 
-import java.util.function.Function;
 
-
 
 import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withJwkSetUri;
 
 import static org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder.withSecretKey;
 
 
@@ -150,7 +150,7 @@ public final class ReactiveOidcIdTokenDecoderFactory implements ReactiveJwtDecod
 
 				);
 
 				throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
 
 			}
 
-			return withJwkSetUri(jwkSetUri).jwsAlgorithm(jwsAlgorithm).build();
 
+			return withJwkSetUri(jwkSetUri).jwsAlgorithm((SignatureAlgorithm) jwsAlgorithm).build();
 
 		} else if (jwsAlgorithm != null && MacAlgorithm.class.isAssignableFrom(jwsAlgorithm.getClass())) {
 
 			// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
 
 			//

+ 4 - 5
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusJwtDecoder.java
View File 

@@ -52,7 +52,6 @@ import org.springframework.http.RequestEntity;
 
 import org.springframework.http.ResponseEntity;
 
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 
 import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
 
-import org.springframework.security.oauth2.jose.jws.JwsAlgorithm;
 
 import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
 
 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 
 import org.springframework.util.Assert;
 
@@ -222,12 +221,12 @@ public final class NimbusJwtDecoder implements JwtDecoder {
 
 		 * Use the given signing
 
 		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>.
 
 		 *
 
-		 * @param jwsAlgorithm the algorithm to use
 
+		 * @param signatureAlgorithm the algorithm to use
 
 		 * @return a {@link JwkSetUriJwtDecoderBuilder} for further configurations
 
 		 */
 
-		public JwkSetUriJwtDecoderBuilder jwsAlgorithm(JwsAlgorithm jwsAlgorithm) {
 
-			Assert.notNull(jwsAlgorithm, "jwsAlgorithm cannot be null");
 
-			this.jwsAlgorithm = JWSAlgorithm.parse(jwsAlgorithm.getName());
 
+		public JwkSetUriJwtDecoderBuilder jwsAlgorithm(SignatureAlgorithm signatureAlgorithm) {
 
+			Assert.notNull(signatureAlgorithm, "signatureAlgorithm cannot be null");
 
+			this.jwsAlgorithm = JWSAlgorithm.parse(signatureAlgorithm.getName());
 
 			return this;
 
 		}

+ 4 - 4
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
View File 

@@ -245,12 +245,12 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
 
 		 * Use the given signing
 
 		 * <a href="https://tools.ietf.org/html/rfc7515#section-4.1.1" target="_blank">algorithm</a>.
 
 		 *
 
-		 * @param jwsAlgorithm the algorithm to use
 
+		 * @param signatureAlgorithm the algorithm to use
 
 		 * @return a {@link JwkSetUriReactiveJwtDecoderBuilder} for further configurations
 
 		 */
 
-		public JwkSetUriReactiveJwtDecoderBuilder jwsAlgorithm(JwsAlgorithm jwsAlgorithm) {
 
-			Assert.notNull(jwsAlgorithm, "jwsAlgorithm cannot be null");
 
-			this.jwsAlgorithm = JWSAlgorithm.parse(jwsAlgorithm.getName());
 
+		public JwkSetUriReactiveJwtDecoderBuilder jwsAlgorithm(SignatureAlgorithm signatureAlgorithm) {
 
+			Assert.notNull(signatureAlgorithm, "sig cannot be null");
 
+			this.jwsAlgorithm = JWSAlgorithm.parse(signatureAlgorithm.getName());
 
 			return this;
 
 		}