Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consolidate BouncyCastle lookup/fallback logic to JcaTemplate #798

Merged
merged 10 commits into from
Aug 24, 2023
Merged

Consolidate BouncyCastle lookup/fallback logic to JcaTemplate #798

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
e8b6592
Consolidating BouncyCastle lookup/fallback behavior to JcaTemplate to…
lhazlewood Aug 18, 2023
6ac4fd8
Consolidating BouncyCastle lookup/fallback behavior to JcaTemplate to…
lhazlewood Aug 20, 2023
95b6699
Added JcaTemplate generateX509Certificate helper method to enable BC-…
lhazlewood Aug 21, 2023
9517f27
- Removed unused/unnecessary code.
lhazlewood Aug 22, 2023
8297995
- Addressed JDK-specific test expectations
lhazlewood Aug 22, 2023
0d5b943
- Addressed JDK-specific test expectations
lhazlewood Aug 22, 2023
7d607e3
- Addressed JDK-specific test expectations
lhazlewood Aug 22, 2023
aca6d68
Merge remote-tracking branch 'origin/master' into bc-fallback
lhazlewood Aug 22, 2023
c20d5a7
- Further reducing code dependencies on Providers class. Now only us…
lhazlewood Aug 24, 2023
cbbb871
- Removed Condition and Conditions concepts - no longer needed now th…
lhazlewood Aug 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 0 additions & 23 deletions impl/src/main/java/io/jsonwebtoken/impl/lang/Condition.java
View file
Open in desktop

This file was deleted.

90 changes: 0 additions & 90 deletions impl/src/main/java/io/jsonwebtoken/impl/lang/Conditions.java
View file
Open in desktop

This file was deleted.

7 changes: 0 additions & 7 deletions impl/src/main/java/io/jsonwebtoken/impl/lang/ConstantFunction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,19 +24,12 @@
*/
public final class ConstantFunction<T, R> implements Function<T, R> {

private static final Function<?, ?> NULL = new ConstantFunction<>(null);

private final R value;

public ConstantFunction(R value) {
this.value = value;
}

@SuppressWarnings("unchecked")
public static <T, R> Function<T, R> forNull() {
return (Function<T, R>) NULL;
}

@Override
public R apply(T t) {
return this.value;
Expand Down
4 changes: 0 additions & 4 deletions impl/src/main/java/io/jsonwebtoken/impl/lang/Functions.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,6 @@ public final class Functions {
private Functions() {
}

public static <T, R> Function<T, R> forNull() {
return ConstantFunction.forNull();
}

public static <T> Function<T, T> identity() {
return new Function<T, T>() {
@Override
Expand Down
72 changes: 0 additions & 72 deletions impl/src/main/java/io/jsonwebtoken/impl/lang/OptionalCtorInvoker.java
View file
Open in desktop

This file was deleted.

14 changes: 0 additions & 14 deletions impl/src/main/java/io/jsonwebtoken/impl/security/AesAlgorithm.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,6 @@
package io.jsonwebtoken.impl.security;

import io.jsonwebtoken.impl.lang.Bytes;
import io.jsonwebtoken.impl.lang.CheckedSupplier;
import io.jsonwebtoken.impl.lang.Conditions;
import io.jsonwebtoken.lang.Arrays;
import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.security.AssociatedDataSupplier;
Expand All @@ -28,7 +26,6 @@
import io.jsonwebtoken.security.SecretKeyBuilder;
import io.jsonwebtoken.security.WeakKeyException;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
Expand Down Expand Up @@ -62,17 +59,6 @@ abstract class AesAlgorithm extends CryptoAlgorithm implements KeyBuilderSupplie
this.ivBitLength = jcaTransformation.equals("AESWrap") ? 0 : (this.gcm ? GCM_IV_SIZE : BLOCK_SIZE);
// https://tools.ietf.org/html/rfc7518#section-5.2.3 through https://tools.ietf.org/html/rfc7518#section-5.3 :
this.tagBitLength = this.gcm ? BLOCK_SIZE : this.keyBitLength;

// GCM mode only available on JDK 8 and later, so enable BC as a backup provider if necessary for <= JDK 7:
// TODO: remove when dropping JDK 7:
if (this.gcm) {
setProvider(Providers.findBouncyCastle(Conditions.notExists(new CheckedSupplier<Cipher>() {
@Override
public Cipher get() throws Exception {
return Cipher.getInstance(jcaTransformation);
}
})));
}
}

@Override
Expand Down
24 changes: 3 additions & 21 deletions impl/src/main/java/io/jsonwebtoken/impl/security/CryptoAlgorithm.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,6 @@ abstract class CryptoAlgorithm implements Identifiable {

private final String jcaName;

private Provider provider; // default, if any

CryptoAlgorithm(String id, String jcaName) {
Assert.hasText(id, "id cannot be null or empty.");
this.ID = id;
Expand All @@ -53,27 +51,19 @@ String getJcaName() {
return this.jcaName;
}

protected void setProvider(Provider provider) { // can be null
this.provider = provider;
}

protected Provider getProvider() {
return this.provider;
}

SecureRandom ensureSecureRandom(Request<?> request) {
SecureRandom random = request != null ? request.getSecureRandom() : null;
return random != null ? random : Randoms.secureRandom();
}

protected JcaTemplate jca() {
return new JcaTemplate(getJcaName(), getProvider());
return new JcaTemplate(getJcaName(), null);
}

protected JcaTemplate jca(Request<?> request) {
Assert.notNull(request, "request cannot be null.");
String jcaName = Assert.hasText(getJcaName(request), "Request jcaName cannot be null or empty.");
Provider provider = getProvider(request);
Provider provider = request.getProvider();
SecureRandom random = ensureSecureRandom(request);
return new JcaTemplate(jcaName, provider, random);
}
Expand All @@ -82,18 +72,10 @@ protected String getJcaName(Request<?> request) {
return getJcaName();
}

protected Provider getProvider(Request<?> request) {
Provider provider = request.getProvider();
if (provider == null) {
provider = this.provider; // fallback, if any
}
return provider;
}

protected SecretKey generateKey(KeyRequest<?> request) {
AeadAlgorithm enc = Assert.notNull(request.getEncryptionAlgorithm(), "Request encryptionAlgorithm cannot be null.");
SecretKeyBuilder builder = Assert.notNull(enc.key(), "Request encryptionAlgorithm KeyBuilder cannot be null.");
SecretKey key = builder.provider(getProvider(request)).random(request.getSecureRandom()).build();
SecretKey key = builder.provider(request.getProvider()).random(request.getSecureRandom()).build();
return Assert.notNull(key, "Request encryptionAlgorithm SecretKeyBuilder cannot produce null keys.");
}

Expand Down
15 changes: 1 addition & 14 deletions impl/src/main/java/io/jsonwebtoken/impl/security/DefaultCurve.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,24 +20,15 @@
import io.jsonwebtoken.security.Curve;
import io.jsonwebtoken.security.KeyPairBuilder;

import java.security.Provider;

class DefaultCurve implements Curve {

private final String ID;

private final String JCA_NAME;

private final Provider PROVIDER; // can be null

DefaultCurve(String id, String jcaName) {
this(id, jcaName, null);
}

DefaultCurve(String id, String jcaName, Provider provider) {
this.ID = Assert.notNull(Strings.clean(id), "Curve ID cannot be null or empty.");
this.JCA_NAME = Assert.notNull(Strings.clean(jcaName), "Curve jcaName cannot be null or empty.");
this.PROVIDER = provider;
}

@Override
Expand All @@ -49,10 +40,6 @@ public String getJcaName() {
return this.JCA_NAME;
}

public Provider getProvider() {
return this.PROVIDER;
}

@Override
public int hashCode() {
return ID.hashCode();
Expand All @@ -76,6 +63,6 @@ public String toString() {
}

public KeyPairBuilder keyPair() {
return new DefaultKeyPairBuilder(this.JCA_NAME).provider(this.PROVIDER);
return new DefaultKeyPairBuilder(this.JCA_NAME);
}
}
6 changes: 0 additions & 6 deletions impl/src/main/java/io/jsonwebtoken/impl/security/DefaultHashAlgorithm.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@
import io.jsonwebtoken.security.VerifyDigestRequest;

import java.security.MessageDigest;
import java.security.Provider;
import java.util.Locale;

public final class DefaultHashAlgorithm extends CryptoAlgorithm implements HashAlgorithm {
Expand All @@ -33,11 +32,6 @@ public final class DefaultHashAlgorithm extends CryptoAlgorithm implements HashA
super(id, id.toUpperCase(Locale.ENGLISH));
}

DefaultHashAlgorithm(String id, String jcaName, Provider provider) {
super(id, jcaName);
setProvider(provider);
}

@Override
public byte[] digest(final Request<byte[]> request) {
Assert.notNull(request, "Request cannot be null.");
Expand Down
1 change: 0 additions & 1 deletion impl/src/main/java/io/jsonwebtoken/impl/security/EcSignatureAlgorithm.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,6 @@ private EcSignatureAlgorithm(int orderBitLength, String oid) {
@Override
public KeyPairBuilder keyPair() {
return new DefaultKeyPairBuilder(ECCurve.KEY_PAIR_GENERATOR_JCA_NAME, this.KEY_PAIR_GEN_PARAMS)
.provider(getProvider())
.random(Randoms.secureRandom());
}

Expand Down
Loading