Add JwtEncoderAlternative #30
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| /* | ||
| * Copyright 2002-2019 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.security.oauth2.jose.jws; | ||
|
|
||
| public enum EncryptionAlgorithm implements JweAlgorithm { | ||
|
|
||
| RSA_OAEP_256("RSA-OAEP-256"); | ||
|
|
||
| private final String name; | ||
|
|
||
| EncryptionAlgorithm(String name) { | ||
| this.name = name; | ||
| } | ||
|
|
||
| /** | ||
| * Returns the algorithm name. | ||
| * @return the algorithm name | ||
| */ | ||
| @Override | ||
| public String getName() { | ||
| return this.name; | ||
| } | ||
|
|
||
| /** | ||
| * Attempt to resolve the provided algorithm name to a {@code EncryptionAlgorithm}. | ||
| * @param name the algorithm name | ||
| * @return the resolved {@code EncryptionAlgorithm}, or {@code null} if not found | ||
| */ | ||
| public static EncryptionAlgorithm from(String name) { | ||
| for (EncryptionAlgorithm value : values()) { | ||
| if (value.getName().equals(name)) { | ||
| return value; | ||
| } | ||
| } | ||
| return null; | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| /* | ||
| * Copyright 2002-2019 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.security.oauth2.jose.jws; | ||
|
|
||
| public enum EncryptionMethod { | ||
|
|
||
| A256GCM("A256GCM"); | ||
|
|
||
| private final String name; | ||
|
|
||
| EncryptionMethod(String name) { | ||
| this.name = name; | ||
| } | ||
|
|
||
| /** | ||
| * Returns the method name. | ||
| * @return the method name | ||
| */ | ||
| public String getName() { | ||
| return this.name; | ||
| } | ||
|
|
||
| /** | ||
| * Attempt to resolve the provided algorithm name to a {@code EncryptionMethod}. | ||
| * @param name the algorithm name | ||
| * @return the resolved {@code EncryptionMethod}, or {@code null} if not found | ||
| */ | ||
| public static EncryptionMethod from(String name) { | ||
| for (EncryptionMethod value : values()) { | ||
| if (value.getName().equals(name)) { | ||
| return value; | ||
| } | ||
| } | ||
| return null; | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| /* | ||
| * Copyright 2002-2020 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.security.oauth2.jose.jws; | ||
|
|
||
| import org.springframework.security.oauth2.jose.JwaAlgorithm; | ||
|
|
||
| public interface JweAlgorithm extends JwaAlgorithm { | ||
|
|
||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| /* | ||
| * Copyright 2002-2021 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.security.oauth2.jwt; | ||
|
|
||
| import java.util.Map; | ||
| import java.util.function.Consumer; | ||
|
|
||
| import org.springframework.security.oauth2.jose.jws.EncryptionMethod; | ||
| import org.springframework.security.oauth2.jose.jws.JweAlgorithm; | ||
|
|
||
| public interface JweHeaderMutator<M extends JweHeaderMutator<M>> { | ||
| /** | ||
| * Set the algorithm {@code (alg)} header which identifies the algorithm | ||
| * used when encrypting the JWE | ||
| * | ||
| * @return the {@link JweHeaderMutator} for more customizations | ||
| */ | ||
| default M algorithm(JweAlgorithm jws) { | ||
| return header(JoseHeaderNames.ALG, jws); | ||
| } | ||
|
|
||
| /** | ||
| * Set the encryption method {@code (enc)} header which identifies the | ||
| * method to use when encrypting the JWE | ||
| * | ||
| * @return the {@link JweHeaderMutator} for more customizations | ||
| */ | ||
| default M encryptionMethod(EncryptionMethod method) { | ||
| return header("enc", method); | ||
| } | ||
|
|
||
| /** | ||
| * Set a header that is critical for decoders to understand | ||
| * | ||
| * @param name the header name | ||
| * @param value the header value | ||
| * @return the {@link JweHeaderMutator} for more customizations | ||
| */ | ||
| default M criticalHeader(String name, Object value) { | ||
| return criticalHeaders((crit) -> crit.put(name, value)); | ||
| } | ||
|
|
||
| /** | ||
| * Mutate the set of critical headers | ||
| * | ||
| * @param criticalHeadersConsumer a {@link Consumer} of the critical headers {@link Map} | ||
| * @return the {@link JweHeaderMutator} for more customizations | ||
| */ | ||
| M criticalHeaders(Consumer<Map<String, Object>> criticalHeadersConsumer); | ||
|
|
||
| /** | ||
| * Set a header | ||
| * | ||
| * Note that key-specific headers are typically best specified by the encoder | ||
| * itself. | ||
| * | ||
| * See {@link JwtEncoderAlternative} | ||
| */ | ||
| default M header(String name, Object value) { | ||
| return headers((headers) -> headers.put(name, value)); | ||
| } | ||
|
|
||
| /** | ||
| * Mutate the set of headers | ||
| * | ||
| * @param headersConsumer a {@link Consumer} of the headers {@link Map} | ||
| * @return the {@link JweHeaderMutator} for more customizations | ||
| */ | ||
| M headers(Consumer<Map<String, Object>> headersConsumer); | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| /* | ||
| * Copyright 2002-2021 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.security.oauth2.jwt; | ||
|
|
||
| import java.util.Map; | ||
| import java.util.function.Consumer; | ||
|
|
||
| import org.springframework.security.oauth2.jose.jws.JwsAlgorithm; | ||
|
|
||
| public interface JwsHeaderMutator<M extends JwsHeaderMutator<M>> { | ||
| /** | ||
| * Set the algorithm {@code (alg)} header which identifies the algorithm | ||
| * used when signing the JWS | ||
| * | ||
| * @return the {@link JwsHeaderMutator} for more customizations | ||
| */ | ||
| default M algorithm(JwsAlgorithm jws) { | ||
| return header(JoseHeaderNames.ALG, jws); | ||
| } | ||
|
|
||
| /** | ||
| * Set a header that is critical for decoders to understand | ||
| * | ||
| * @param name the header name | ||
| * @param value the header value | ||
| * @return the {@link JwsHeaderMutator} for more customizations | ||
| */ | ||
| default M criticalHeader(String name, Object value) { | ||
|
There was a problem hiding this comment. The JWS spec indicates that when the Critical headers are still added, but they also ultimately add the |
||
| return criticalHeaders((crit) -> crit.put(name, value)); | ||
| } | ||
|
|
||
| M criticalHeaders(Consumer<Map<String, Object>> criticalHeadersConsumer); | ||
|
|
||
| /** | ||
| * Set a header | ||
| * | ||
| * Note that key-specific headers are typically best specified by the encoder | ||
| * itself. | ||
| * | ||
| * See {@link JwtEncoderAlternative} | ||
| */ | ||
| default M header(String name, Object value) { | ||
|
There was a problem hiding this comment. Since no other headers are required, and since those headers are quite easy to get wrong in the general case, I think it's best to leave other headers out for now. Generally speaking, those headers are for looking up keys anyway, which is something likely better decided centrally in an encoder instead of by the caller. And even if that's not the case, this method still exists so that an application can specify them if needed. |
||
| return headers((headers) -> headers.put(name, value)); | ||
| } | ||
|
|
||
| M headers(Consumer<Map<String, Object>> headersConsumer); | ||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This interface represents the minimal set of headers necessary to specify a JWT.
I like this interface due to the symmetry it provides to Spring Security's claim accessors, like
JwtClaimAccessor.