refactor SignUtils and base64 helper methods

lbalmaceda · lbalmaceda · commit 8b3fbd250d7e · 2016-11-09T19:15:14.000-03:00
diff --git a/lib/src/main/java/com/auth0/jwt/JWTDecoder.java b/lib/src/main/java/com/auth0/jwt/JWTDecoder.java
@@ -40,8 +40,8 @@ private void parseToken(String token) throws JWTDecodeException {
         String headerJson;
         String payloadJson;
         try {
-            headerJson = SignUtils.base64Decode(parts[0]);
-            payloadJson = SignUtils.base64Decode(parts[1]);
+            headerJson = SignUtils.toUTF8String(SignUtils.base64Decode(parts[0]));
+            payloadJson = SignUtils.toUTF8String(SignUtils.base64Decode(parts[1]));
         } catch (NullPointerException e) {
             throw new JWTDecodeException("The UTF-8 Charset isn't initialized.", e);
         }
diff --git a/lib/src/main/java/com/auth0/jwt/JWTSigner.java b/lib/src/main/java/com/auth0/jwt/JWTSigner.java
@@ -0,0 +1,18 @@
+package com.auth0.jwt;
+
+import com.auth0.jwt.algorithms.Algorithm;
+
+public class JWTSigner {
+
+    public String sign(String headerJson, String payloadJson) {
+        String header = SignUtils.base64Encode(headerJson.getBytes());
+        String payload = SignUtils.base64Encode(payloadJson.getBytes());
+        String content = String.format("%s.%s", header, payload);
+        Algorithm algorithm = Algorithm.HMAC256("secret");
+
+        byte[] signatureBytes = algorithm.sign(content.getBytes());
+        String signature = SignUtils.base64Encode(signatureBytes);
+
+        return String.format("%s.%s", content, signature);
+    }
+}
diff --git a/lib/src/main/java/com/auth0/jwt/JWTVerifier.java b/lib/src/main/java/com/auth0/jwt/JWTVerifier.java
@@ -3,7 +3,6 @@
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.*;
 import com.auth0.jwt.impl.PublicClaims;
-import org.apache.commons.codec.binary.Base64;
 
 import java.util.*;
 
@@ -215,7 +214,7 @@ public JWT verify(String token) throws JWTDecodeException, JWTVerificationExcept
 
     private void verifySignature(String[] parts) throws SignatureVerificationException {
         byte[] content = String.format("%s.%s", parts[0], parts[1]).getBytes();
-        byte[] signature = Base64.decodeBase64(parts[2]);
+        byte[] signature = SignUtils.base64Decode(parts[2]);
         algorithm.verify(content, signature);
     }
 
diff --git a/lib/src/main/java/com/auth0/jwt/SignUtils.java b/lib/src/main/java/com/auth0/jwt/SignUtils.java
@@ -7,28 +7,37 @@
 abstract class SignUtils {
 
     /**
-     * Decodes a given String from it's Base64 string representation into a UTF-8 String.
+     * Encodes the given bytes into a UTF-8 String representation.
      *
-     * @param source the source of the decode process.
-     * @return a UTF-8 String representing the Base64 decoded source.
+     * @param source the source of the .
+     * @return a UTF-8 String representing the source bytes.
      * @throws NullPointerException if the UTF-8 Charset isn't initialized.
      */
-    static String base64Decode(String source) throws NullPointerException {
-        return StringUtils.newStringUtf8(Base64.decodeBase64(source));
+    static String toUTF8String(byte[] source) throws NullPointerException {
+        return StringUtils.newStringUtf8(source);
     }
 
     /**
-     * Encodes a given String into it's Base64 string representation.
+     * Decodes a given String from it's Base64 String representation into an array of bytes.
      *
-     * @param source the source of the decode process.
-     * @return a UTF-8 String encoded into it's Base64 representation.
-     * @throws NullPointerException     if the UTF-8 Charset isn't initialized.
-     * @throws IllegalArgumentException if the source string is too long.
+     * @param source the source bytes to decode.
+     * @return an array of bytes representing the Base64 decoded source.
      */
-    static String base64Encode(String source) throws NullPointerException, IllegalArgumentException {
-        return StringUtils.newStringUtf8(Base64.encodeBase64(source.getBytes(), false, true));
+    static byte[] base64Decode(String source) {
+        return Base64.decodeBase64(source);
     }
 
+    /**
+     * Encodes a given String into it's Base64 String representation.
+     *
+     * @param source the source bytes to encode.
+     * @return a String containing Base64 characters.
+     */
+    static String base64Encode(byte[] source) {
+        return Base64.encodeBase64URLSafeString(source);
+    }
+
+
     /**
      * Splits the given token on the "." chars into a String array with 3 parts.
      *
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java
@@ -149,6 +149,7 @@ public String toString() {
      * Sign the given content using this Algorithm instance.
      *
      * @param contentBytes an array of bytes representing the base64 encoded content to be verified against the signature.
+     * @return the signature in a base64 encoded array of bytes
      * @throws SignatureGenerationException if the Key is invalid.
      */
     public abstract byte[] sign(byte[] contentBytes) throws SignatureGenerationException;
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/CryptoHelper.java b/lib/src/main/java/com/auth0/jwt/algorithms/CryptoHelper.java
@@ -6,11 +6,11 @@
 
 class CryptoHelper {
 
-    boolean verifyMacFor(String algorithm, byte[] secretBytes, byte[] contentBytes, byte[] signatureBytes) throws NoSuchAlgorithmException, InvalidKeyException {
-        return MessageDigest.isEqual(createMacFor(algorithm, secretBytes, contentBytes), signatureBytes);
+    boolean verifySignatureFor(String algorithm, byte[] secretBytes, byte[] contentBytes, byte[] signatureBytes) throws NoSuchAlgorithmException, InvalidKeyException {
+        return MessageDigest.isEqual(createSignatureFor(algorithm, secretBytes, contentBytes), signatureBytes);
     }
 
-    byte[] createMacFor(String algorithm, byte[] secretBytes, byte[] contentBytes) throws NoSuchAlgorithmException, InvalidKeyException {
+    byte[] createSignatureFor(String algorithm, byte[] secretBytes, byte[] contentBytes) throws NoSuchAlgorithmException, InvalidKeyException {
         final Mac mac = Mac.getInstance(algorithm);
         mac.init(new SecretKeySpec(secretBytes, algorithm));
         return mac.doFinal(contentBytes);
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/ECDSAAlgorithm.java
@@ -37,10 +37,10 @@ ECKey getKey() {
 
     @Override
     public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException {
-        if (!(key instanceof ECPublicKey)) {
-            throw new IllegalArgumentException("The given ECKey is not an ECPublicKey.");
-        }
         try {
+            if (!(key instanceof ECPublicKey)) {
+                throw new IllegalArgumentException("The given ECKey is not an ECPublicKey.");
+            }
             if (!isDERSignature(signatureBytes)) {
                 signatureBytes = JOSEToDER(signatureBytes);
             }
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/HMACAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/HMACAlgorithm.java
@@ -31,8 +31,7 @@ String getSecret() {
     @Override
     public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException {
         try {
-            boolean valid = crypto.verifyMacFor(getDescription(), secret.getBytes(), contentBytes, signatureBytes);
-
+            boolean valid = crypto.verifySignatureFor(getDescription(), secret.getBytes(), contentBytes, signatureBytes);
             if (!valid) {
                 throw new SignatureVerificationException(this);
             }
@@ -44,7 +43,7 @@ public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureV
     @Override
     public byte[] sign(byte[] contentBytes) throws SignatureGenerationException {
         try {
-            return crypto.createMacFor(getDescription(), secret.getBytes(), contentBytes);
+            return crypto.createSignatureFor(getDescription(), secret.getBytes(), contentBytes);
         } catch (NoSuchAlgorithmException | InvalidKeyException e) {
             throw new SignatureGenerationException(this, e);
         }
diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/RSAAlgorithm.java
@@ -11,7 +11,7 @@
 class RSAAlgorithm extends Algorithm {
 
     private final RSAKey key;
-    private CryptoHelper crypto;
+    private final CryptoHelper crypto;
 
     RSAAlgorithm(CryptoHelper crypto, String id, String algorithm, RSAKey key) {
         super(id, algorithm);
@@ -32,12 +32,11 @@ RSAKey getKey() {
 
     @Override
     public void verify(byte[] contentBytes, byte[] signatureBytes) throws SignatureVerificationException {
-        if (!(key instanceof PublicKey)) {
-            throw new IllegalArgumentException("The given RSAKey is not a RSAPublicKey.");
-        }
         try {
+            if (!(key instanceof PublicKey)) {
+                throw new IllegalArgumentException("The given RSAKey is not a RSAPublicKey.");
+            }
             boolean valid = crypto.verifySignatureFor(getDescription(), (RSAPublicKey) key, contentBytes, signatureBytes);
-
             if (!valid) {
                 throw new SignatureVerificationException(this);
             }
diff --git a/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java b/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java
@@ -200,8 +200,8 @@ public void shouldGetNullClaimIfClaimValueIsNull() throws Exception {
     //Helper Methods
 
     private JWT customJWT(String jsonHeader, String jsonPayload, String signature) {
-        String header = base64Encode(jsonHeader);
-        String body = base64Encode(jsonPayload);
+        String header = base64Encode(jsonHeader.getBytes());
+        String body = base64Encode(jsonPayload.getBytes());
         return JWTDecoder.decode(String.format("%s.%s.%s", header, body, signature));
     }
 
diff --git a/lib/src/test/java/com/auth0/jwt/JWTSignerTest.java b/lib/src/test/java/com/auth0/jwt/JWTSignerTest.java
@@ -0,0 +1,28 @@
+package com.auth0.jwt;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.hamcrest.Matchers.is;
+import static org.junit.Assert.assertThat;
+
+public class JWTSignerTest {
+
+    private final String header = "{\"alg\":\"HS256\"}";
+    private final String payload = "{\"iat\":1477592}";
+    private JWTSigner signer;
+
+    @Before
+    public void setUp() throws Exception {
+        signer = new JWTSigner();
+    }
+
+    @Test
+    public void shouldSign() throws Exception {
+        String originalJwt = "eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0Nzc1OTJ9.5o1CKlLFjKKcddZzoarQ37pq7qZqNPav3sdZ_bsZaD4";
+        String result = signer.sign(header, payload);
+
+        assertThat(result, is(originalJwt));
+    }
+
+}
diff --git a/lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java b/lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java
@@ -10,7 +10,6 @@
 
 import java.util.Date;
 
-import static com.auth0.jwt.SignUtils.base64Encode;
 import static org.hamcrest.Matchers.*;
 import static org.junit.Assert.assertThat;
 import static org.mockito.Mockito.mock;
@@ -381,37 +380,4 @@ public void shouldSkipClaimValidationsIfNoClaimsRequired() throws Exception {
 
         assertThat(jwt, is(notNullValue()));
     }
-
-
-    //Helper Methods
-
-    private JWT customTimeJWT(Long iat, Long exp, Long nbf) {
-        String header = base64Encode("{}");
-        StringBuilder bodyBuilder = new StringBuilder("{");
-        if (iat != null) {
-            bodyBuilder.append("\"iat\":").append(iat.longValue());
-        }
-        if (exp != null) {
-            if (iat != null) {
-                bodyBuilder.append(",");
-            }
-            bodyBuilder.append("\"exp\":").append(exp.longValue());
-        }
-        if (nbf != null) {
-            if (iat != null || exp != null) {
-                bodyBuilder.append(",");
-            }
-            bodyBuilder.append("\"nbf\":").append(nbf.longValue());
-        }
-        bodyBuilder.append("}");
-        String body = base64Encode(bodyBuilder.toString());
-        String signature = "sign";
-        return JWTDecoder.decode(String.format("%s.%s.%s", header, body, signature));
-    }
-
-    private JWT customJWT(String jsonHeader, String jsonPayload, String signature) {
-        String header = base64Encode(jsonHeader);
-        String body = base64Encode(jsonPayload);
-        return JWTDecoder.decode(String.format("%s.%s.%s", header, body, signature));
-    }
 }
diff --git a/lib/src/test/java/com/auth0/jwt/SignUtilsTest.java b/lib/src/test/java/com/auth0/jwt/SignUtilsTest.java
@@ -1,6 +1,5 @@
 package com.auth0.jwt;
 
-import com.auth0.jwt.SignUtils;
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import org.junit.Rule;
 import org.junit.Test;
@@ -57,16 +56,16 @@ public void shouldThrowOnSplitTokenWithLessThan3Parts() throws Exception {
     @Test
     public void shouldDecodeBase64() throws Exception {
         String source = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9";
-        String result = SignUtils.base64Decode(source);
+        byte[] result = SignUtils.base64Decode(source);
 
         assertThat(result, is(notNullValue()));
-        assertThat(result, is("{\"alg\":\"HS256\",\"typ\":\"JWT\"}"));
+        assertThat(result, is("{\"alg\":\"HS256\",\"typ\":\"JWT\"}".getBytes()));
     }
 
     @Test
     public void shouldEncodeBase64() throws Exception {
         String source = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
-        String result = SignUtils.base64Encode(source);
+        String result = SignUtils.base64Encode(source.getBytes());
 
         assertThat(result, is(notNullValue()));
         assertThat(result, is("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"));
diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/HMACAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/HMACAlgorithmTest.java
@@ -74,7 +74,7 @@ public void shouldThrowWhenSignatureAlgorithmDoesNotExists() throws Exception {
         exception.expectCause(isA(NoSuchAlgorithmException.class));
 
         CryptoHelper crypto = mock(CryptoHelper.class);
-        when(crypto.verifyMacFor(anyString(), any(byte[].class), any(byte[].class), any(byte[].class)))
+        when(crypto.verifySignatureFor(anyString(), any(byte[].class), any(byte[].class), any(byte[].class)))
                 .thenThrow(NoSuchAlgorithmException.class);
 
         Algorithm algorithm = new HMACAlgorithm(crypto, "some-alg", "some-algorithm", "secret");
@@ -89,7 +89,7 @@ public void shouldThrowWhenTheSecretIsInvalid() throws Exception {
         exception.expectCause(isA(InvalidKeyException.class));
 
         CryptoHelper crypto = mock(CryptoHelper.class);
-        when(crypto.verifyMacFor(anyString(), any(byte[].class), any(byte[].class), any(byte[].class)))
+        when(crypto.verifySignatureFor(anyString(), any(byte[].class), any(byte[].class), any(byte[].class)))
                 .thenThrow(InvalidKeyException.class);
 
         Algorithm algorithm = new HMACAlgorithm(crypto, "some-alg", "some-algorithm", "secret");

Original file line number	Diff line number	Diff line change
`@@ -149,6 +149,7 @@ public String toString() {`
`149`	`149`	`* Sign the given content using this Algorithm instance.`
`150`	`150`	`*`
`151`	`151`	`* @param contentBytes an array of bytes representing the base64 encoded content to be verified against the signature.`
	`152`	`+ * @return the signature in a base64 encoded array of bytes`
`152`	`153`	`* @throws SignatureGenerationException if the Key is invalid.`
`153`	`154`	`*/`
`154`	`155`	`public abstract byte[] sign(byte[] contentBytes) throws SignatureGenerationException;`
Original file line number	Diff line number	Diff line change
`@@ -200,8 +200,8 @@ public void shouldGetNullClaimIfClaimValueIsNull() throws Exception {`
`200`	`200`	`//Helper Methods`
`201`	`201`
`202`	`202`	`private JWT customJWT(String jsonHeader, String jsonPayload, String signature) {`
`203`		`- String header = base64Encode(jsonHeader);`
`204`		`- String body = base64Encode(jsonPayload);`
	`203`	`+ String header = base64Encode(jsonHeader.getBytes());`
	`204`	`+ String body = base64Encode(jsonPayload.getBytes());`
`205`	`205`	`return JWTDecoder.decode(String.format("%s.%s.%s", header, body, signature));`
`206`	`206`	`}`
`207`	`207`