Skip to content

Commit

Permalink
Ensured Jwk tests that used RSASSA-PSS keys (from openssl files) used…
Browse files Browse the repository at this point in the history 
… the BC provider since RSASSA-PSS isn't available natively before JDK 11
  • Loading branch information
@lhazlewood
lhazlewood committed Aug 17, 2023
1 parent 62a48af commit d4956c1
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 11 deletions.
10 changes: 8 additions & 2 deletions impl/src/test/groovy/io/jsonwebtoken/impl/security/DefaultJwkParserTest.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import org.junit.Test

import java.nio.charset.StandardCharsets
import java.security.Key
import java.security.Provider

import static org.junit.Assert.*

Expand All @@ -35,7 +36,7 @@ class DefaultJwkParserTest {
void testKeys() {

Set<Key> keys = new LinkedHashSet<>()
TestKeys.HS.each { keys.add(it) }
TestKeys.SECRET.each { keys.add(it) }
TestKeys.ASYM.each {
keys.add(it.pair.public)
keys.add(it.pair.private)
Expand All @@ -44,7 +45,12 @@ class DefaultJwkParserTest {
def serializer = Services.loadFirst(Serializer)
for (Key key : keys) {
//noinspection GroovyAssignabilityCheck
def jwk = Jwks.builder().key(key).build()
Provider provider = null // assume default
if (key.getClass().getName().startsWith("org.bouncycastle.")) {
// No native JVM support for the key, so we need to enable BC:
provider = Providers.findBouncyCastle(Conditions.TRUE)
}
def jwk = Jwks.builder().provider(provider).key(key).build()
def data = serializer.serialize(jwk)
String json = new String(data, StandardCharsets.UTF_8)
def parsed = Jwks.parser().build().parse(json)
Expand Down
23 changes: 14 additions & 9 deletions impl/src/test/groovy/io/jsonwebtoken/impl/security/JwksTest.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,15 @@
package io.jsonwebtoken.impl.security

import io.jsonwebtoken.Jwts
import io.jsonwebtoken.impl.lang.Conditions
import io.jsonwebtoken.impl.lang.Converters
import io.jsonwebtoken.io.Decoders
import io.jsonwebtoken.io.Encoders
import io.jsonwebtoken.security.*
import org.junit.Test

import javax.crypto.SecretKey
import java.security.MessageDigest
import java.security.PrivateKey
import java.security.PublicKey
import java.security.SecureRandom
import java.security.*
import java.security.cert.X509Certificate
import java.security.interfaces.ECKey
import java.security.interfaces.ECPublicKey
Expand Down Expand Up @@ -264,11 +262,17 @@ class JwksTest {
PublicKey pub = pair.getPublic()
PrivateKey priv = pair.getPrivate()

Provider provider = null // assume default
if (pub.getClass().getName().startsWith("org.bouncycastle.")) {
// No native JVM support for the key, so we need to enable BC:
provider = Providers.findBouncyCastle(Conditions.TRUE)
}

// test individual keys
PublicJwk pubJwk = Jwks.builder().key(pub).publicKeyUse("sig").build()
PublicJwk pubJwk = Jwks.builder().provider(provider).key(pub).publicKeyUse("sig").build()
assertEquals pub, pubJwk.toKey()

def builder = Jwks.builder().key(priv).publicKeyUse('sig')
def builder = Jwks.builder().provider(provider).key(priv).publicKeyUse('sig')
if (alg instanceof EdSignatureAlgorithm) {
// We haven't implemented EdDSA public-key derivation yet, so public key is required
builder.publicKey(pub)
Expand All @@ -283,12 +287,13 @@ class JwksTest {
assertEquals priv, jwkPair.getPrivate()

// test pair
builder = Jwks.builder().provider(provider)
if (pub instanceof ECKey) {
builder = Jwks.builder().ecKeyPair(pair)
builder = builder.ecKeyPair(pair)
} else if (pub instanceof RSAKey) {
builder = Jwks.builder().rsaKeyPair(pair)
builder = builder.rsaKeyPair(pair)
} else {
builder = Jwks.builder().octetKeyPair(pair)
builder = builder.octetKeyPair(pair)
}
privJwk = builder.publicKeyUse("sig").build() as PrivateJwk
assertEquals priv, privJwk.toKey()
Expand Down

0 comments on commit d4956c1

Please sign in to comment.