Name cleanup (#840)

- Renamed X509Mutator#x509CertificateSha1Thumbprint to x509Sha1Thumbprint - Renamed X509Mutator#x509CertificateSha256Thumbprint to x509Sha256Thumbprint - Renamed X509Builder#withX509Sha1Thumbprint to x509Sha1Thumbprint - Renamed X509Builder#withX509Sha256Thumbprint to x509Sha256Thumbprint - Renamed X509Builder#x509CertificateChain to x509Chain - Renamed X509Accessor#getX509CertificateChain to getX509Chain - Renamed X509Accessor#getX509CertificateSha1Thumbprint getX509Sha1Thumbprint - Renamed X509Accessor#getX509CertificateSha256Thumbprint to getX509Sha256Thumbprint - Renamed JwtParserBuilder#enableUnsecured() to unsecured() - Renamed JwtParserBuilder#enableUnsecuredDecompression() to unsecuredDecompression() - Renamed KeyOperationPolicyBuilder#allowUnrelated(boolean) to unrelated() (removed boolean argument also to be consistent with JwtParserBuilder#unsecured())
jwtk · Sep 28, 2023 · 20b2fa9 · 20b2fa9
1 parent b687ca5
commit 20b2fa9
Show file tree

Hide file tree

Showing 38 changed files with 246 additions and 250 deletions.
diff --git a/api/src/main/java/io/jsonwebtoken/JwsHeader.java b/api/src/main/java/io/jsonwebtoken/JwsHeader.java
@@ -65,23 +65,23 @@ public interface JwsHeader extends ProtectedHeader {
     /**
      * JWS <a href="https://tools.ietf.org/html/rfc7516#section-4.1.6">X.509 Certificate Chain Header</a> name: the string literal <b><code>x5c</code></b>
      *
-     * @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509CertificateChain()}
+     * @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509Chain()}
      */
     @Deprecated
     String X509_CERT_CHAIN = "x5c";
 
     /**
      * JWS <a href="https://tools.ietf.org/html/rfc7516#section-4.1.7">X.509 Certificate SHA-1 Thumbprint Header</a> name: the string literal <b><code>x5t</code></b>
      *
-     * @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509CertificateSha1Thumbprint()}
+     * @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509Sha1Thumbprint()}
      */
     @Deprecated
     String X509_CERT_SHA1_THUMBPRINT = "x5t";
 
     /**
      * JWS <a href="https://tools.ietf.org/html/rfc7516#section-4.1.8">X.509 Certificate SHA-256 Thumbprint Header</a> name: the string literal <b><code>x5t#S256</code></b>
      *
-     * @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509CertificateSha256Thumbprint()}
+     * @deprecated since JJWT_RELEASE_VERSION in favor of {@link #getX509Sha256Thumbprint()}
      */
     @Deprecated
     String X509_CERT_SHA256_THUMBPRINT = "x5t#S256";

diff --git a/api/src/main/java/io/jsonwebtoken/JwtParserBuilder.java b/api/src/main/java/io/jsonwebtoken/JwtParserBuilder.java
@@ -62,26 +62,26 @@ public interface JwtParserBuilder extends Builder<JwtParser> {
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-8.5">Unsecured JWS Security Considerations</a>
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-3.6">Using the Algorithm &quot;none&quot;</a>
      * @see Jwts.SIG#NONE
-     * @see #enableUnsecuredDecompression()
+     * @see #unsecuredDecompression()
      * @since JJWT_RELEASE_VERSION
      */
-    JwtParserBuilder enableUnsecured();
+    JwtParserBuilder unsecured();
 
     /**
-     * If {@link #enableUnsecured() enabledUnsecuredJws} is enabled, calling this method additionally enables
+     * If the parser is {@link #unsecured()}, calling this method additionally enables
      * payload decompression of Unsecured JWTs (JWTs with an 'alg' (Algorithm) header value of 'none') that also have
      * a 'zip' (Compression) header. This behavior is disabled by default because using compression
      * algorithms with data from unverified (unauthenticated) parties can be susceptible to Denial of Service attacks
      * and other data integrity problems as described in
      * <a href="https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-pellegrino.pdf">In the
      * Compression Hornet’s Nest: A Security Study of Data Compression in Network Services</a>.
      *
-     * <p>Because this behavior is only relevant if {@link #enableUnsecured() enabledUnsecured} is specified,
-     * calling this method without also calling {@code enableUnsecured()} will result in a build exception, as the
+     * <p>Because this behavior is only relevant if the parser is unsecured,
+     * calling this method without also calling {@link #unsecured()} will result in a build exception, as the
      * incongruent state could reflect a misunderstanding of both behaviors which should be remedied by the
      * application developer.</p>
      *
-     * <b>As is the case for {@link #enableUnsecured()}, be careful when calling this method - one should fully
+     * <b>As is the case for {@link #unsecured()}, be careful when calling this method - one should fully
      * understand
      * <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-8.5">Unsecured JWS Security Considerations</a>
      * before enabling this feature.</b>
@@ -91,10 +91,10 @@ public interface JwtParserBuilder extends Builder<JwtParser> {
      * @see <a href="https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-pellegrino.pdf">In the
      * Compression Hornet’s Nest: A Security Study of Data Compression in Network Services</a>
      * @see Jwts.SIG#NONE
-     * @see #enableUnsecured()
+     * @see #unsecured()
      * @since JJWT_RELEASE_VERSION
      */
-    JwtParserBuilder enableUnsecuredDecompression();
+    JwtParserBuilder unsecuredDecompression();
 
     JwtParserBuilder critical(String crit);
 

diff --git a/api/src/main/java/io/jsonwebtoken/security/KeyOperationBuilder.java b/api/src/main/java/io/jsonwebtoken/security/KeyOperationBuilder.java
@@ -61,7 +61,7 @@ public interface KeyOperationBuilder extends Builder<KeyOperation> {
      *     assert built.isRelated(other);</pre></blockquote>
      *
      * <p>A {@link JwkBuilder}'s key operation {@link JwkBuilder#operationPolicy(KeyOperationPolicy) policy} is likely
-     * to {@link KeyOperationPolicyBuilder#allowUnrelated(boolean) reject} any <em>un</em>related operations specified
+     * to {@link KeyOperationPolicyBuilder#unrelated() reject} any <em>un</em>related operations specified
      * together due to the potential security vulnerabilities that could occur.</p>
      *
      * <p>This method may be called multiple times to add/append a related {@code id} to the constructed

diff --git a/api/src/main/java/io/jsonwebtoken/security/KeyOperationPolicyBuilder.java b/api/src/main/java/io/jsonwebtoken/security/KeyOperationPolicyBuilder.java
@@ -35,25 +35,21 @@
 public interface KeyOperationPolicyBuilder extends Builder<KeyOperationPolicy> {
 
     /**
-     * Sets if a JWK is allowed to have unrelated {@link KeyOperation}s in its {@code key_ops} parameter values.
-     * The default value is {@code false} per the JWK
-     * <a href="https://www.rfc-editor.org/rfc/rfc7517.html#section-4.3">RFC 7517, Section 4.3</a> recommendation:
-     *
+     * Allows a JWK to have unrelated {@link KeyOperation}s in its {@code key_ops} parameter values. <b>Be careful
+     * when calling this method - one should fully understand the security implications of using the same key
+     * with multiple algorithms in your application.</b>
+     * <p>If this method is not called, unrelated key operations are disabled by default per the recommendations in
+     * <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.3">RFC 7517, Section 4.3</a>:</p>
      * <blockquote><pre>
      * Multiple unrelated key operations SHOULD NOT be specified for a key
      * because of the potential vulnerabilities associated with using the
-     * same key with multiple algorithms.
-     * </pre></blockquote>
-     *
-     * <p>Only set this value to {@code true} if you fully understand the security implications of using the same key
-     * with multiple algorithms in your application. Otherwise it is best not to use this builder method, or
-     * explicitly set it to {@code false}.</p>
+     * same key with multiple algorithms.</pre></blockquote>
      *
-     * @param allow if a JWK is allowed to have unrelated key {@link KeyOperation}s in its {@code key_ops}
-     *              parameter values.
      * @return the builder for method chaining
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.3">&quot;key_ops&quot; (Key Operations)
+     * Parameter</a>
      */
-    KeyOperationPolicyBuilder allowUnrelated(boolean allow);
+    KeyOperationPolicyBuilder unrelated();
 
     /**
      * Adds the specified key operation to the policy's total set of supported key operations

diff --git a/api/src/main/java/io/jsonwebtoken/security/X509Accessor.java b/api/src/main/java/io/jsonwebtoken/security/X509Accessor.java
@@ -86,7 +86,7 @@ public interface X509Accessor {
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6">JWS <code>x5c</code> (X.509 Certificate Chain) Header Parameter</a>
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.8">JWE <code>x5c</code> (X.509 Certificate Chain) Header Parameter</a>
      */
-    List<X509Certificate> getX509CertificateChain();
+    List<X509Certificate> getX509Chain();
 
     /**
      * Returns the {@code x5t} (X.509 Certificate SHA-1 Thumbprint) (a.k.a. digest) of the DER-encoding of the
@@ -110,7 +110,7 @@ public interface X509Accessor {
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7">JWS <code>x5t</code> (X.509 Certificate SHA-1 Thumbprint) Header Parameter</a>
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.9">JWE <code>x5t</code> (X.509 Certificate SHA-1 Thumbprint) Header Parameter</a>
      */
-    byte[] getX509CertificateSha1Thumbprint();
+    byte[] getX509Sha1Thumbprint();
 
     /**
      * Returns the {@code x5t#S256} (X.509 Certificate SHA-256 Thumbprint) (a.k.a. digest) of the DER-encoding of the
@@ -134,5 +134,5 @@ public interface X509Accessor {
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8">JWS <code>x5t#S256</code> (X.509 Certificate SHA-256 Thumbprint) Header Parameter</a>
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.10">JWE <code>x5t#S256</code> (X.509 Certificate SHA-256 Thumbprint) Header Parameter</a>
      */
-    byte[] getX509CertificateSha256Thumbprint();
+    byte[] getX509Sha256Thumbprint();
 }
diff --git a/api/src/main/java/io/jsonwebtoken/security/X509Builder.java b/api/src/main/java/io/jsonwebtoken/security/X509Builder.java
@@ -28,8 +28,8 @@ public interface X509Builder<T extends X509Builder<T>> extends X509Mutator<T> {
 
     /**
      * If the {@code enable} argument is {@code true}, compute the SHA-1 thumbprint of the first
-     * {@link X509Certificate} in the configured {@link #x509CertificateChain(List) x509CertificateChain}, and set
-     * the resulting value as the {@link #x509CertificateSha1Thumbprint(byte[])} parameter.
+     * {@link X509Certificate} in the configured {@link #x509Chain(List) x509CertificateChain}, and set
+     * the resulting value as the {@link #x509Sha1Thumbprint(byte[])} parameter.
      *
      * <p>If no chain has been configured, or {@code enable} is {@code false}, the builder will not compute nor add a
      * {@code x5t} value.</p>
@@ -38,12 +38,12 @@ public interface X509Builder<T extends X509Builder<T>> extends X509Mutator<T> {
      *               the resulting value as the {@code x5t} value.
      * @return the builder for method chaining.
      */
-    T withX509Sha1Thumbprint(boolean enable);
+    T x509Sha1Thumbprint(boolean enable);
 
     /**
      * If the {@code enable} argument is {@code true}, compute the SHA-256 thumbprint of the first
-     * {@link X509Certificate} in the configured {@link #x509CertificateChain(List) x509CertificateChain}, and set
-     * the resulting value as the {@link #x509CertificateSha256Thumbprint(byte[])} parameter.
+     * {@link X509Certificate} in the configured {@link #x509Chain(List) x509CertificateChain}, and set
+     * the resulting value as the {@link #x509Sha256Thumbprint(byte[])} parameter.
      *
      * <p>If no chain has been configured, or {@code enable} is {@code false}, the builder will not compute nor add a
      * {@code x5t#S256} value.</p>
@@ -52,5 +52,5 @@ public interface X509Builder<T extends X509Builder<T>> extends X509Mutator<T> {
      *               the resulting value as the {@code x5t#S256} value.
      * @return the builder for method chaining.
      */
-    T withX509Sha256Thumbprint(boolean enable);
+    T x509Sha256Thumbprint(boolean enable);
 }
diff --git a/api/src/main/java/io/jsonwebtoken/security/X509Mutator.java b/api/src/main/java/io/jsonwebtoken/security/X509Mutator.java
@@ -85,7 +85,7 @@ public interface X509Mutator<T extends X509Mutator<T>> {
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6">JWS <code>x5c</code> (X.509 Certificate Chain) Header Parameter</a>
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.8">JWE <code>x5c</code> (X.509 Certificate Chain) Header Parameter</a>
      */
-    T x509CertificateChain(List<X509Certificate> chain);
+    T x509Chain(List<X509Certificate> chain);
 
     /**
      * Sets the {@code x5t} (X.509 Certificate SHA-1 Thumbprint) (a.k.a. digest) of the DER-encoding of the
@@ -111,7 +111,7 @@ public interface X509Mutator<T extends X509Mutator<T>> {
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7">JWS <code>x5t</code> (X.509 Certificate SHA-1 Thumbprint) Header Parameter</a>
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.9">JWE <code>x5t</code> (X.509 Certificate SHA-1 Thumbprint) Header Parameter</a>
      */
-    T x509CertificateSha1Thumbprint(byte[] thumbprint);
+    T x509Sha1Thumbprint(byte[] thumbprint);
 
     /**
      * Sets the {@code x5t#S256} (X.509 Certificate SHA-256 Thumbprint) (a.k.a. digest) of the DER-encoding of the
@@ -137,5 +137,5 @@ public interface X509Mutator<T extends X509Mutator<T>> {
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8">JWS <code>x5t#S256</code> (X.509 Certificate SHA-256 Thumbprint) Header Parameter</a>
      * @see <a href="https://www.rfc-editor.org/rfc/rfc7516.html#section-4.1.10">JWE <code>x5t#S256</code> (X.509 Certificate SHA-256 Thumbprint) Header Parameter</a>
      */
-    T x509CertificateSha256Thumbprint(byte[] thumbprint);
+    T x509Sha256Thumbprint(byte[] thumbprint);
 }
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/AbstractX509Context.java b/impl/src/main/java/io/jsonwebtoken/impl/AbstractX509Context.java
@@ -47,34 +47,34 @@ public T x509Url(URI uri) {
     }
 
     @Override
-    public List<X509Certificate> getX509CertificateChain() {
+    public List<X509Certificate> getX509Chain() {
         return get(AbstractAsymmetricJwk.X5C);
     }
 
     @Override
-    public T x509CertificateChain(List<X509Certificate> chain) {
+    public T x509Chain(List<X509Certificate> chain) {
         put(AbstractAsymmetricJwk.X5C, chain);
         return self();
     }
 
     @Override
-    public byte[] getX509CertificateSha1Thumbprint() {
+    public byte[] getX509Sha1Thumbprint() {
         return get(AbstractAsymmetricJwk.X5T);
     }
 
     @Override
-    public T x509CertificateSha1Thumbprint(byte[] thumbprint) {
+    public T x509Sha1Thumbprint(byte[] thumbprint) {
         put(AbstractAsymmetricJwk.X5T, thumbprint);
         return self();
     }
 
     @Override
-    public byte[] getX509CertificateSha256Thumbprint() {
+    public byte[] getX509Sha256Thumbprint() {
         return get(AbstractAsymmetricJwk.X5T_S256);
     }
 
     @Override
-    public T x509CertificateSha256Thumbprint(byte[] thumbprint) {
+    public T x509Sha256Thumbprint(byte[] thumbprint) {
         put(AbstractAsymmetricJwk.X5T_S256, thumbprint);
         return self();
     }

diff --git a/impl/src/main/java/io/jsonwebtoken/impl/DefaultJweHeaderBuilder.java b/impl/src/main/java/io/jsonwebtoken/impl/DefaultJweHeaderBuilder.java
@@ -34,14 +34,14 @@ protected DefaultJweHeaderBuilder(DefaultJweHeaderMutator<?> src) {
     }
 
     @Override
-    public T withX509Sha1Thumbprint(boolean enable) {
-        this.x509.withX509Sha1Thumbprint(enable);
+    public T x509Sha1Thumbprint(boolean enable) {
+        this.x509.x509Sha1Thumbprint(enable);
         return self();
     }
 
     @Override
-    public T withX509Sha256Thumbprint(boolean enable) {
-        this.x509.withX509Sha256Thumbprint(enable);
+    public T x509Sha256Thumbprint(boolean enable) {
+        this.x509.x509Sha256Thumbprint(enable);
         return self();
     }
 }
diff --git a/impl/src/main/java/io/jsonwebtoken/impl/DefaultJweHeaderMutator.java b/impl/src/main/java/io/jsonwebtoken/impl/DefaultJweHeaderMutator.java
@@ -166,20 +166,20 @@ public T x509Url(URI uri) {
     }
 
     @Override
-    public T x509CertificateChain(List<X509Certificate> chain) {
-        this.x509.x509CertificateChain(chain);
+    public T x509Chain(List<X509Certificate> chain) {
+        this.x509.x509Chain(chain);
         return self();
     }
 
     @Override
-    public T x509CertificateSha1Thumbprint(byte[] thumbprint) {
-        this.x509.x509CertificateSha1Thumbprint(thumbprint);
+    public T x509Sha1Thumbprint(byte[] thumbprint) {
+        this.x509.x509Sha1Thumbprint(thumbprint);
         return self();
     }
 
     @Override
-    public T x509CertificateSha256Thumbprint(byte[] thumbprint) {
-        this.x509.x509CertificateSha256Thumbprint(thumbprint);
+    public T x509Sha256Thumbprint(byte[] thumbprint) {
+        this.x509.x509Sha256Thumbprint(thumbprint);
         return self();
     }
 

diff --git a/impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java b/impl/src/main/java/io/jsonwebtoken/impl/DefaultJwtParser.java
@@ -128,7 +128,7 @@ public class DefaultJwtParser implements JwtParser {
     private static final String UNSECURED_DISABLED_MSG_PREFIX = "Unsecured JWSs (those with an " +
             DefaultHeader.ALGORITHM + " header value of '" + Jwts.SIG.NONE.getId() + "') are disallowed by " +
             "default as mandated by https://www.rfc-editor.org/rfc/rfc7518.html#section-3.6. If you wish to " +
-            "allow them to be parsed, call the JwtParserBuilder.enableUnsecured() method, but please read the " +
+            "allow them to be parsed, call the JwtParserBuilder.unsecured() method, but please read the " +
             "security considerations covered in that method's JavaDoc before doing so. Header: ";
 
     private static final String CRIT_UNSECURED_MSG = "Unsecured JWSs (those with an " + DefaultHeader.ALGORITHM +
@@ -176,17 +176,17 @@ public class DefaultJwtParser implements JwtParser {
             "by default to protect against [Denial of Service attacks](" +
             "https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-pellegrino.pdf).  If you " +
             "wish to enable Unsecure JWS or Unencoded JWS payload decompression, call the JwtParserBuilder." +
-            "enableUnsecuredDecompression() method, but please read the security considerations covered in that " +
+            "unsecuredDecompression() method, but please read the security considerations covered in that " +
             "method's JavaDoc before doing so.";
 
     private final Provider provider;
 
     @SuppressWarnings("deprecation")
     private final SigningKeyResolver signingKeyResolver;
 
-    private final boolean enableUnsecured;
+    private final boolean unsecured;
 
-    private final boolean enableUnsecuredDecompression;
+    private final boolean unsecuredDecompression;
 
     private final Function<JwsHeader, SecureDigestAlgorithm<?, ?>> sigAlgFn;
 
@@ -214,8 +214,8 @@ public class DefaultJwtParser implements JwtParser {
     @SuppressWarnings("deprecation")
     DefaultJwtParser(Provider provider,
                      SigningKeyResolver signingKeyResolver,
-                     boolean enableUnsecured,
-                     boolean enableUnsecuredDecompression,
+                     boolean unsecured,
+                     boolean unsecuredDecompression,
                      Locator<? extends Key> keyLocator,
                      Clock clock,
                      Set<String> critical,
@@ -229,8 +229,8 @@ public class DefaultJwtParser implements JwtParser {
                      Collection<KeyAlgorithm<?, ?>> extraKeyAlgs,
                      Collection<AeadAlgorithm> extraEncAlgs) {
         this.provider = provider;
-        this.enableUnsecured = enableUnsecured;
-        this.enableUnsecuredDecompression = enableUnsecuredDecompression;
+        this.unsecured = unsecured;
+        this.unsecuredDecompression = unsecuredDecompression;
         this.signingKeyResolver = signingKeyResolver;
         this.keyLocator = Assert.notNull(keyLocator, "Key Locator cannot be null.");
         this.clock = Assert.notNull(clock, "Clock cannot be null.");
@@ -406,7 +406,7 @@ private void verifySignature(final TokenizedJwt tokenized, final JwsHeader jwsHe
                 throw new MalformedJwtException(JWE_NONE_MSG);
             }
             // Unsecured JWTs are disabled by default per the RFC:
-            if (!enableUnsecured) {
+            if (!this.unsecured) {
                 String msg = UNSECURED_DISABLED_MSG_PREFIX + header;
                 throw new UnsupportedJwtException(msg);
             }
@@ -584,7 +584,7 @@ private void verifySignature(final TokenizedJwt tokenized, final JwsHeader jwsHe
                 if (!payloadBase64UrlEncoded) {
                     String msg = String.format(B64_DECOMPRESSION_MSG, compressionAlgorithm.getId());
                     throw new UnsupportedJwtException(msg);
-                } else if (!enableUnsecuredDecompression) {
+                } else if (!unsecuredDecompression) {
                     String msg = String.format(UNPROTECTED_DECOMPRESSION_MSG, compressionAlgorithm.getId());
                     throw new UnsupportedJwtException(msg);
                 }