add sign method. Refactor key parameter type

lbalmaceda · lbalmaceda · commit 351cda2ee8c6 · 2016-11-09T19:13:33.000-03:00
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java
@@ -1,8 +1,10 @@
 package com.auth0.jwt.algorithms;
 
+import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
 
-import java.security.PublicKey;
+import java.security.interfaces.ECKey;
+import java.security.interfaces.RSAKey;
 
 /**
  * The Algorithm class represents an algorithm to be used in the Signing or Verification process of a Token.
@@ -15,37 +17,37 @@ public abstract class Algorithm {
     /**
      * Creates a new Algorithm instance using SHA256withRSA. Tokens specify this as "RS256".
      *
-     * @param publicKey the key to use in the verify instance.
+     * @param key the key to use in the verify or signing instance.
      * @return a valid RSA256 Algorithm.
      */
-    public static Algorithm RSA256(PublicKey publicKey) {
-        return new RSAAlgorithm("RS256", "SHA256withRSA", publicKey);
+    public static Algorithm RSA256(RSAKey key) {
+        return new RSAAlgorithm("RS256", "SHA256withRSA", key);
     }
 
     /**
      * Creates a new Algorithm instance using SHA384withRSA. Tokens specify this as "RS384".
      *
-     * @param publicKey the key to use in the verify instance.
+     * @param key the key to use in the verify or signing instance.
      * @return a valid RSA384 Algorithm.
      */
-    public static Algorithm RSA384(PublicKey publicKey) {
-        return new RSAAlgorithm("RS384", "SHA384withRSA", publicKey);
+    public static Algorithm RSA384(RSAKey key) {
+        return new RSAAlgorithm("RS384", "SHA384withRSA", key);
     }
 
     /**
      * Creates a new Algorithm instance using SHA512withRSA. Tokens specify this as "RS512".
      *
-     * @param publicKey the key to use in the verify instance.
+     * @param key the key to use in the verify or signing instance.
      * @return a valid RSA512 Algorithm.
      */
-    public static Algorithm RSA512(PublicKey publicKey) {
-        return new RSAAlgorithm("RS512", "SHA512withRSA", publicKey);
+    public static Algorithm RSA512(RSAKey key) {
+        return new RSAAlgorithm("RS512", "SHA512withRSA", key);
     }
 
     /**
      * Creates a new Algorithm instance using HmacSHA256. Tokens specify this as "HS256".
      *
-     * @param secret the secret to use in the verify instance.
+     * @param secret the secret to use in the verify or signing instance.
      * @return a valid HMAC256 Algorithm.
      */
     public static Algorithm HMAC256(String secret) {
@@ -55,7 +57,7 @@ public static Algorithm HMAC256(String secret) {
     /**
      * Creates a new Algorithm instance using HmacSHA384. Tokens specify this as "HS384".
      *
-     * @param secret the secret to use in the verify instance.
+     * @param secret the secret to use in the verify or signing instance.
      * @return a valid HMAC384 Algorithm.
      */
     public static Algorithm HMAC384(String secret) {
@@ -65,7 +67,7 @@ public static Algorithm HMAC384(String secret) {
     /**
      * Creates a new Algorithm instance using HmacSHA512. Tokens specify this as "HS512".
      *
-     * @param secret the secret to use in the verify instance.
+     * @param secret the secret to use in the verify or signing instance.
      * @return a valid HMAC512 Algorithm.
      */
     public static Algorithm HMAC512(String secret) {
@@ -75,31 +77,31 @@ public static Algorithm HMAC512(String secret) {
     /**
      * Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256".
      *
-     * @param publicKey the key to use in the verify instance.
+     * @param key the key to use in the verify or signing instance.
      * @return a valid ECDSA256 Algorithm.
      */
-    public static Algorithm ECDSA256(PublicKey publicKey) {
-        return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, publicKey);
+    public static Algorithm ECDSA256(ECKey key) {
+        return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, key);
     }
 
     /**
      * Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384".
      *
-     * @param publicKey the key to use in the verify instance.
+     * @param key the key to use in the verify or signing instance.
      * @return a valid ECDSA384 Algorithm.
      */
-    public static Algorithm ECDSA384(PublicKey publicKey) {
-        return new ECDSAAlgorithm("ES384", "SHA384withECDSA", 48, publicKey);
+    public static Algorithm ECDSA384(ECKey key) {
+        return new ECDSAAlgorithm("ES384", "SHA384withECDSA", 48, key);
     }
 
     /**
      * Creates a new Algorithm instance using SHA512withECDSA. Tokens specify this as "ES512".
      *
-     * @param publicKey the key to use in the verify instance.
+     * @param key the key to use in the verify or signing instance.
      * @return a valid ECDSA512 Algorithm.
      */
-    public static Algorithm ECDSA512(PublicKey publicKey) {
-        return new ECDSAAlgorithm("ES512", "SHA512withECDSA", 66, publicKey);
+    public static Algorithm ECDSA512(ECKey key) {
+        return new ECDSAAlgorithm("ES512", "SHA512withECDSA", 66, key);
     }
 
     public static Algorithm none() {
@@ -141,4 +143,6 @@ public String toString() {
      * @throws SignatureVerificationException if the Token's Signature is invalid.
      */
     public abstract void verify(String[] jwtParts) throws SignatureVerificationException;
+
+    public abstract byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException;
 }
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/CryptoHelper.java b/lib/src/main/java/com/auth0/jwt/algorithms/CryptoHelper.java
@@ -7,10 +7,13 @@
 class CryptoHelper {
 
     boolean verifyMacFor(String algorithm, byte[] secretBytes, byte[] contentBytes, byte[] signatureBytes) throws NoSuchAlgorithmException, InvalidKeyException {
+        return MessageDigest.isEqual(createMacFor(algorithm, secretBytes, contentBytes), signatureBytes);
+    }
+
+    byte[] createMacFor(String algorithm, byte[] secretBytes, byte[] contentBytes) throws NoSuchAlgorithmException, InvalidKeyException {
         final Mac mac = Mac.getInstance(algorithm);
         mac.init(new SecretKeySpec(secretBytes, algorithm));
-        byte[] result = mac.doFinal(contentBytes);
-        return MessageDigest.isEqual(result, signatureBytes);
+        return mac.doFinal(contentBytes);
     }
 
     boolean verifySignatureFor(String algorithm, PublicKey publicKey, byte[] contentBytes, byte[] signatureBytes) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
@@ -19,4 +22,11 @@ boolean verifySignatureFor(String algorithm, PublicKey publicKey, byte[] content
         s.update(contentBytes);
         return s.verify(signatureBytes);
     }
+
+    byte[] createSignatureFor(String algorithm, PrivateKey privateKey, byte[] contentBytes) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
+        final Signature s = Signature.getInstance(algorithm);
+        s.initSign(privateKey);
+        s.update(contentBytes);
+        return s.sign();
+    }
 }
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java
@@ -1,46 +1,50 @@
 package com.auth0.jwt.algorithms;
 
+import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
 import org.apache.commons.codec.binary.Base64;
 
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.SignatureException;
+import java.security.*;
+import java.security.interfaces.ECKey;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
 
 class ECDSAAlgorithm extends Algorithm {
 
     private final CryptoHelper crypto;
     private final int ecNumberSize;
-    private final PublicKey publicKey;
+    private final ECKey key;
 
-    ECDSAAlgorithm(CryptoHelper crypto, String id, String algorithm, int ecNumberSize, PublicKey publicKey) {
+    ECDSAAlgorithm(CryptoHelper crypto, String id, String algorithm, int ecNumberSize, ECKey key) {
         super(id, algorithm);
-        if (publicKey == null) {
-            throw new IllegalArgumentException("The PublicKey cannot be null");
+        if (key == null) {
+            throw new IllegalArgumentException("The ECKey cannot be null");
         }
         this.ecNumberSize = ecNumberSize;
-        this.publicKey = publicKey;
+        this.key = key;
         this.crypto = crypto;
     }
 
-    ECDSAAlgorithm(String id, String algorithm, int ecNumberSize, PublicKey publicKey) {
-        this(new CryptoHelper(), id, algorithm, ecNumberSize, publicKey);
+    ECDSAAlgorithm(String id, String algorithm, int ecNumberSize, ECKey key) {
+        this(new CryptoHelper(), id, algorithm, ecNumberSize, key);
     }
 
-    PublicKey getPublicKey() {
-        return publicKey;
+    ECKey getKey() {
+        return key;
     }
 
     @Override
     public void verify(String[] jwtParts) throws SignatureVerificationException {
+        if (!(key instanceof ECPublicKey)) {
+            throw new IllegalArgumentException("The given ECKey is not an ECPublicKey.");
+        }
         try {
             String content = String.format("%s.%s", jwtParts[0], jwtParts[1]);
             byte[] signature = Base64.decodeBase64(jwtParts[2]);
             if (!isDERSignature(signature)) {
                 signature = JOSEToDER(signature);
             }
-            boolean valid = crypto.verifySignatureFor(getDescription(), publicKey, content.getBytes(), signature);
+            boolean valid = crypto.verifySignatureFor(getDescription(), (ECPublicKey) key, content.getBytes(), signature);
 
             if (!valid) {
                 throw new SignatureVerificationException(this);
@@ -50,6 +54,18 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {
         }
     }
 
+    @Override
+    public byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException {
+        try {
+            if (!(key instanceof ECPrivateKey)) {
+                throw new IllegalArgumentException("The given ECKey is not a ECPrivateKey.");
+            }
+            return crypto.createSignatureFor(getDescription(), (PrivateKey) key, headerAndPayloadBytes);
+        } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalArgumentException e) {
+            throw new SignatureGenerationException(this, e);
+        }
+    }
+
     private boolean isDERSignature(byte[] signature) {
         // DER Structure: http://crypto.stackexchange.com/a/1797
         // Should begin with 0x30 and have exactly the expected length
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/HMACAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/HMACAlgorithm.java
@@ -1,5 +1,6 @@
 package com.auth0.jwt.algorithms;
 
+import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
 import org.apache.commons.codec.binary.Base64;
 
@@ -43,4 +44,13 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {
         }
     }
 
+    @Override
+    public byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException {
+        try {
+            return crypto.createMacFor(getDescription(), secret.getBytes(), headerAndPayloadBytes);
+        } catch (NoSuchAlgorithmException | InvalidKeyException e) {
+            throw new SignatureGenerationException(this, e);
+        }
+    }
+
 }
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/NoneAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/NoneAlgorithm.java
@@ -1,5 +1,6 @@
 package com.auth0.jwt.algorithms;
 
+import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
 
 class NoneAlgorithm extends Algorithm {
@@ -14,4 +15,9 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {
             throw new SignatureVerificationException(this);
         }
     }
+
+    @Override
+    public byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException {
+        return new byte[0];
+    }
 }
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java
@@ -1,41 +1,45 @@
 package com.auth0.jwt.algorithms;
 
+import com.auth0.jwt.exceptions.SignatureGenerationException;
 import com.auth0.jwt.exceptions.SignatureVerificationException;
 import org.apache.commons.codec.binary.Base64;
 
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PublicKey;
-import java.security.SignatureException;
+import java.security.*;
+import java.security.interfaces.RSAKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
 
 class RSAAlgorithm extends Algorithm {
 
-    private final PublicKey publicKey;
+    private final RSAKey key;
     private CryptoHelper crypto;
 
-    RSAAlgorithm(CryptoHelper crypto, String id, String algorithm, PublicKey publicKey) {
+    RSAAlgorithm(CryptoHelper crypto, String id, String algorithm, RSAKey key) {
         super(id, algorithm);
-        if (publicKey == null) {
-            throw new IllegalArgumentException("The PublicKey cannot be null");
+        if (key == null) {
+            throw new IllegalArgumentException("The RSAKey cannot be null");
         }
-        this.publicKey = publicKey;
+        this.key = key;
         this.crypto = crypto;
     }
 
-    RSAAlgorithm(String id, String algorithm, PublicKey publicKey) {
-        this(new CryptoHelper(), id, algorithm, publicKey);
+    RSAAlgorithm(String id, String algorithm, RSAKey key) {
+        this(new CryptoHelper(), id, algorithm, key);
     }
 
-    PublicKey getPublicKey() {
-        return publicKey;
+    RSAKey getKey() {
+        return key;
     }
 
     @Override
     public void verify(String[] jwtParts) throws SignatureVerificationException {
+        if (!(key instanceof PublicKey)) {
+            throw new IllegalArgumentException("The given RSAKey is not a RSAPublicKey.");
+        }
         try {
             String content = String.format("%s.%s", jwtParts[0], jwtParts[1]);
             byte[] signature = Base64.decodeBase64(jwtParts[2]);
-            boolean valid = crypto.verifySignatureFor(getDescription(), publicKey, content.getBytes(), signature);
+            boolean valid = crypto.verifySignatureFor(getDescription(), (RSAPublicKey) key, content.getBytes(), signature);
 
             if (!valid) {
                 throw new SignatureVerificationException(this);
@@ -44,4 +48,16 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {
             throw new SignatureVerificationException(this, e);
         }
     }
+
+    @Override
+    public byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException {
+        try {
+            if (!(key instanceof PrivateKey)) {
+                throw new IllegalArgumentException("The given RSAKey is not a RSAPrivateKey.");
+            }
+            return crypto.createSignatureFor(getDescription(), (RSAPrivateKey) key, headerAndPayloadBytes);
+        } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalArgumentException e) {
+            throw new SignatureGenerationException(this, e);
+        }
+    }
 }
diff --git a/lib/src/main/java/com/auth0/jwt/exceptions/JWTCreationException.java b/lib/src/main/java/com/auth0/jwt/exceptions/JWTCreationException.java
@@ -0,0 +1,11 @@
+package com.auth0.jwt.exceptions;
+
+public class JWTCreationException extends RuntimeException {
+    public JWTCreationException(String message) {
+        this(message, null);
+    }
+
+    public JWTCreationException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}
diff --git a/lib/src/main/java/com/auth0/jwt/exceptions/SignatureGenerationException.java b/lib/src/main/java/com/auth0/jwt/exceptions/SignatureGenerationException.java
@@ -0,0 +1,9 @@
+package com.auth0.jwt.exceptions;
+
+import com.auth0.jwt.algorithms.Algorithm;
+
+public class SignatureGenerationException extends JWTCreationException {
+    public SignatureGenerationException(Algorithm algorithm, Throwable cause) {
+        super("The Token's Signature couldn't be generated when signing using the Algorithm: " + algorithm, cause);
+    }
+}
diff --git a/lib/src/test/java/com/auth0/jwt/JWTTest.java b/lib/src/test/java/com/auth0/jwt/JWTTest.java
diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java
diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java
diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`package com.auth0.jwt.algorithms;`
`2`	`2`
	`3`	`+import com.auth0.jwt.exceptions.SignatureGenerationException;`
`3`	`4`	`import com.auth0.jwt.exceptions.SignatureVerificationException;`
`4`	`5`	`import org.apache.commons.codec.binary.Base64;`
`5`	`6`
`@@ -43,4 +44,13 @@ public void verify(String[] jwtParts) throws SignatureVerificationException {`
`43`	`44`	`}`
`44`	`45`	`}`
`45`	`46`
	`47`	`+ @Override`
	`48`	`+ public byte[] sign(byte[] headerAndPayloadBytes) throws SignatureGenerationException {`
	`49`	`+ try {`
	`50`	`+ return crypto.createMacFor(getDescription(), secret.getBytes(), headerAndPayloadBytes);`
	`51`	`+ } catch (NoSuchAlgorithmException \| InvalidKeyException e) {`
	`52`	`+ throw new SignatureGenerationException(this, e);`
	`53`	`+ }`
	`54`	`+ }`
	`55`	`+`
`46`	`56`	`}`