Making verify method return Map<String, Object>

pose · pose · commit ef3533406624 · 2014-03-07T17:04:49.000-03:00
diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ This was developed against `draft-ietf-oauth-json-web-token-08`.
     public class Application {
         public static void main (String [] args) {
             try {
-                Map<String,String> decodedPayload = 
+                Map<String,Object> decodedPayload =
                     new JWTVerifier("secret", "audience").verify("my-token");
                 
                 // Get custom fields from decoded Payload
diff --git a/src/main/java/com/auth0/jwt/JWTVerifier.java b/src/main/java/com/auth0/jwt/JWTVerifier.java
@@ -1,6 +1,7 @@
 package com.auth0.jwt;
 
 import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.commons.codec.binary.Base64;
 
@@ -79,12 +80,12 @@ public Map<String, String> verify(String token)
         }
 
         // get JWTHeader JSON object. Extract algorithm
-        Map<String, String> jwtHeader = decodeAndParse(pieces[0]);
+        JsonNode jwtHeader = decodeAndParse(pieces[0]);
 
         String algorithm = getAlgorithm(jwtHeader);
 
         // get JWTClaims JSON object
-        Map<String, String> jwtPayload = decodeAndParse(pieces[1]);
+        JsonNode jwtPayload = decodeAndParse(pieces[1]);
 
         // check signature
         verifySignature(pieces, algorithm);
@@ -94,7 +95,7 @@ public Map<String, String> verify(String token)
         verifyIssuer(jwtPayload);
         verifyAudience(jwtPayload);
 
-        return jwtPayload;
+        return mapper.treeToValue(jwtPayload, Map.class);
     }
 
     void verifySignature(String[] pieces, String algorithm) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
@@ -107,31 +108,32 @@ void verifySignature(String[] pieces, String algorithm) throws NoSuchAlgorithmEx
         }
     }
 
-    void verifyExpiration(Map<String, String> jwtClaims) {
-        long expiration = Long.parseLong(jwtClaims.get("exp"));
+    void verifyExpiration(JsonNode jwtClaims) {
+        final long expiration = jwtClaims.has("exp") ? jwtClaims.get("exp").asLong(0) : 0;
+
         if (expiration != 0 && System.currentTimeMillis() / 1000L >= expiration) {
             throw new IllegalStateException("jwt expired");
         }
     }
 
-    void verifyIssuer(Map<String, String> jwtClaims) {
-        String issuerFromToken = jwtClaims.get("iss");
+    void verifyIssuer(JsonNode jwtClaims) {
+        final String issuerFromToken = jwtClaims.has("iss") ? jwtClaims.get("iss").asText() : null;
 
         if (issuerFromToken != null && issuer != null && !issuer.equals(issuerFromToken)) {
             throw new IllegalStateException("jwt issuer invalid");
         }
     }
 
-    void verifyAudience(Map<String, String> jwtClaims) {
-        String audienceFromToken = jwtClaims.get("aud");
+    void verifyAudience(JsonNode jwtClaims) {
+        final String audienceFromToken = jwtClaims.has("aud") ? jwtClaims.get("aud").asText() : null;
 
         if (audienceFromToken != null && !audience.equals(audienceFromToken)) {
             throw new IllegalStateException("jwt audience invalid");
         }
     }
 
-    String getAlgorithm(Map<String, String> jwtHeader) {
-        String algorithmName = jwtHeader.get("alg");
+    String getAlgorithm(JsonNode jwtHeader) {
+        final String algorithmName = jwtHeader.has("alg") ? jwtHeader.get("alg").asText() : null;
 
         if (jwtHeader.get("alg") == null) {
             throw new IllegalStateException("algorithm not set");
@@ -144,10 +146,9 @@ String getAlgorithm(Map<String, String> jwtHeader) {
         return algorithms.get(algorithmName);
     }
 
-    Map<String, String> decodeAndParse(String b64String) throws IOException {
+    JsonNode decodeAndParse(String b64String) throws IOException {
         String jsonString = new String(decoder.decodeBase64(b64String), "UTF-8");
-        TypeReference<HashMap<String,String>> typeRef = new TypeReference< HashMap<String,String> >() {};
-        Map<String, String> jwtHeader = mapper.readValue(jsonString, typeRef);
+        JsonNode jwtHeader = mapper.readValue(jsonString, JsonNode.class);
         return jwtHeader;
     }
 }
diff --git a/src/test/java/com/auth0/jwt/JWTVerifierTest.java b/src/test/java/com/auth0/jwt/JWTVerifierTest.java
@@ -1,5 +1,8 @@
 package com.auth0.jwt;
 
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.JsonNodeFactory;
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.apache.commons.codec.binary.Base64;
 import org.junit.Test;
 
@@ -48,17 +51,17 @@ public void shouldFailOnNullToken() throws Exception {
 
     @Test(expected = IllegalStateException.class)
     public void shouldFailIfAlgorithmIsNotSetOnToken() throws Exception {
-        new JWTVerifier("such secret").getAlgorithm(Collections.<String, String>emptyMap());
+        new JWTVerifier("such secret").getAlgorithm(JsonNodeFactory.instance.objectNode());
     }
 
     @Test(expected = IllegalStateException.class)
     public void shouldFailIfAlgorithmIsNotSupported() throws Exception {
-        new JWTVerifier("such secret").getAlgorithm(Collections.singletonMap("alg", "doge-crypt"));
+        new JWTVerifier("such secret").getAlgorithm(createSingletonJSONNode("alg", "doge-crypt"));
     }
 
     @Test
     public void shouldWorkIfAlgorithmIsSupported() throws Exception {
-       new JWTVerifier("such secret").getAlgorithm(Collections.singletonMap("alg", "HS256"));
+       new JWTVerifier("such secret").getAlgorithm(createSingletonJSONNode("alg", "HS256"));
     }
 
     @Test(expected = SignatureException.class)
@@ -89,49 +92,49 @@ public void shouldVerifySignature() throws Exception {
     @Test(expected = IllegalStateException.class)
     public void shouldFailWhenExpired1SecondAgo() throws Exception {
         new JWTVerifier("such secret").verifyExpiration(
-                Collections.singletonMap("exp", Long.toString(System.currentTimeMillis() / 1000L - 1L)));
+                createSingletonJSONNode("exp", Long.toString(System.currentTimeMillis() / 1000L - 1L)));
     }
 
     @Test
     public void shouldVerifyExpiration() throws Exception {
         new JWTVerifier("such secret").verifyExpiration(
-                Collections.singletonMap("exp", Long.toString(System.currentTimeMillis() / 1000L + 50L)));
+                createSingletonJSONNode("exp", Long.toString(System.currentTimeMillis() / 1000L + 50L)));
     }
 
     @Test
     public void shouldVerifyIssuer() throws Exception {
         new JWTVerifier("such secret", "amaze audience", "very issuer")
-                .verifyIssuer(Collections.singletonMap("iss", "very issuer"));
+                .verifyIssuer(createSingletonJSONNode("iss", "very issuer"));
     }
 
     @Test(expected = IllegalStateException.class)
     public void shouldFailIssuer() throws Exception {
         new JWTVerifier("such secret", "amaze audience", "very issuer")
-                .verifyIssuer(Collections.singletonMap("iss", "wow"));
+                .verifyIssuer(createSingletonJSONNode("iss", "wow"));
     }
 
     @Test
     public void shouldVerifyIssuerWhenNotFoundInClaimsSet() throws Exception {
         new JWTVerifier("such secret", "amaze audience", "very issuer")
-                .verifyIssuer(Collections.<String, String>emptyMap());
+                .verifyIssuer(JsonNodeFactory.instance.objectNode());
     }
 
     @Test
     public void shouldVerifyAudience() throws Exception {
         new JWTVerifier("such secret", "amaze audience")
-                .verifyAudience(Collections.singletonMap("aud", "amaze audience"));
+                .verifyAudience(createSingletonJSONNode("aud", "amaze audience"));
     }
 
     @Test(expected = IllegalStateException.class)
     public void shouldFailAudience() throws Exception {
         new JWTVerifier("such secret", "amaze audience")
-                .verifyAudience(Collections.singletonMap("aud", "wow"));
+                .verifyAudience(createSingletonJSONNode("aud", "wow"));
     }
 
     @Test
     public void shouldVerifyAudienceWhenNotFoundInClaimsSet() throws Exception {
         new JWTVerifier("such secret", "amaze audience")
-                .verifyAudience(Collections.<String, String>emptyMap());
+                .verifyAudience(JsonNodeFactory.instance.objectNode());
     }
 
     @Test
@@ -140,12 +143,17 @@ public void decodeAndParse() throws Exception {
         final String encodedJSON = new String(encoder.encode("{\"some\": \"json\", \"number\": 123}".getBytes()));
         final JWTVerifier jwtVerifier = new JWTVerifier("secret", "audience");
 
-        final Map<String,String> decodedJSON = jwtVerifier.decodeAndParse(encodedJSON);
+        final JsonNode decodedJSON = jwtVerifier.decodeAndParse(encodedJSON);
 
-        assertEquals("json", decodedJSON.get("some"));
+        assertEquals("json", decodedJSON.get("some").asText());
         assertEquals(null, decodedJSON.get("unexisting_property"));
-        assertEquals("123", decodedJSON.get("number"));
+        assertEquals("123", decodedJSON.get("number").asText());
     }
 
 
+    public static JsonNode createSingletonJSONNode(String key, String value) {
+        final ObjectNode jsonNodes = JsonNodeFactory.instance.objectNode();
+        jsonNodes.put(key, value);
+        return jsonNodes;
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`package com.auth0.jwt;`
`2`	`2`
`3`	`3`	`import com.fasterxml.jackson.core.type.TypeReference;`
	`4`	`+import com.fasterxml.jackson.databind.JsonNode;`
`4`	`5`	`import com.fasterxml.jackson.databind.ObjectMapper;`
`5`	`6`	`import org.apache.commons.codec.binary.Base64;`
`6`	`7`
`@@ -79,12 +80,12 @@ public Map<String, String> verify(String token)`
`79`	`80`	`}`
`80`	`81`
`81`	`82`	`// get JWTHeader JSON object. Extract algorithm`
`82`		`- Map<String, String> jwtHeader = decodeAndParse(pieces[0]);`
	`83`	`+ JsonNode jwtHeader = decodeAndParse(pieces[0]);`
`83`	`84`
`84`	`85`	`String algorithm = getAlgorithm(jwtHeader);`
`85`	`86`
`86`	`87`	`// get JWTClaims JSON object`
`87`		`- Map<String, String> jwtPayload = decodeAndParse(pieces[1]);`
	`88`	`+ JsonNode jwtPayload = decodeAndParse(pieces[1]);`
`88`	`89`
`89`	`90`	`// check signature`
`90`	`91`	`verifySignature(pieces, algorithm);`
`@@ -94,7 +95,7 @@ public Map<String, String> verify(String token)`
`94`	`95`	`verifyIssuer(jwtPayload);`
`95`	`96`	`verifyAudience(jwtPayload);`
`96`	`97`
`97`		`- return jwtPayload;`
	`98`	`+ return mapper.treeToValue(jwtPayload, Map.class);`
`98`	`99`	`}`
`99`	`100`
`100`	`101`	`void verifySignature(String[] pieces, String algorithm) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {`
`@@ -107,31 +108,32 @@ void verifySignature(String[] pieces, String algorithm) throws NoSuchAlgorithmEx`
`107`	`108`	`}`
`108`	`109`	`}`
`109`	`110`
`110`		`- void verifyExpiration(Map<String, String> jwtClaims) {`
`111`		`- long expiration = Long.parseLong(jwtClaims.get("exp"));`
	`111`	`+ void verifyExpiration(JsonNode jwtClaims) {`
	`112`	`+ final long expiration = jwtClaims.has("exp") ? jwtClaims.get("exp").asLong(0) : 0;`
	`113`	`+`
`112`	`114`	`if (expiration != 0 && System.currentTimeMillis() / 1000L >= expiration) {`
`113`	`115`	`throw new IllegalStateException("jwt expired");`
`114`	`116`	`}`
`115`	`117`	`}`
`116`	`118`
`117`		`- void verifyIssuer(Map<String, String> jwtClaims) {`
`118`		`- String issuerFromToken = jwtClaims.get("iss");`
	`119`	`+ void verifyIssuer(JsonNode jwtClaims) {`
	`120`	`+ final String issuerFromToken = jwtClaims.has("iss") ? jwtClaims.get("iss").asText() : null;`
`119`	`121`
`120`	`122`	`if (issuerFromToken != null && issuer != null && !issuer.equals(issuerFromToken)) {`
`121`	`123`	`throw new IllegalStateException("jwt issuer invalid");`
`122`	`124`	`}`
`123`	`125`	`}`
`124`	`126`
`125`		`- void verifyAudience(Map<String, String> jwtClaims) {`
`126`		`- String audienceFromToken = jwtClaims.get("aud");`
	`127`	`+ void verifyAudience(JsonNode jwtClaims) {`
	`128`	`+ final String audienceFromToken = jwtClaims.has("aud") ? jwtClaims.get("aud").asText() : null;`
`127`	`129`
`128`	`130`	`if (audienceFromToken != null && !audience.equals(audienceFromToken)) {`
`129`	`131`	`throw new IllegalStateException("jwt audience invalid");`
`130`	`132`	`}`
`131`	`133`	`}`
`132`	`134`
`133`		`- String getAlgorithm(Map<String, String> jwtHeader) {`
`134`		`- String algorithmName = jwtHeader.get("alg");`
	`135`	`+ String getAlgorithm(JsonNode jwtHeader) {`
	`136`	`+ final String algorithmName = jwtHeader.has("alg") ? jwtHeader.get("alg").asText() : null;`
`135`	`137`
`136`	`138`	`if (jwtHeader.get("alg") == null) {`
`137`	`139`	`throw new IllegalStateException("algorithm not set");`
`@@ -144,10 +146,9 @@ String getAlgorithm(Map<String, String> jwtHeader) {`
`144`	`146`	`return algorithms.get(algorithmName);`
`145`	`147`	`}`
`146`	`148`
`147`		`- Map<String, String> decodeAndParse(String b64String) throws IOException {`
	`149`	`+ JsonNode decodeAndParse(String b64String) throws IOException {`
`148`	`150`	`String jsonString = new String(decoder.decodeBase64(b64String), "UTF-8");`
`149`		`- TypeReference<HashMap<String,String>> typeRef = new TypeReference< HashMap<String,String> >() {};`
`150`		`- Map<String, String> jwtHeader = mapper.readValue(jsonString, typeRef);`
	`151`	`+ JsonNode jwtHeader = mapper.readValue(jsonString, JsonNode.class);`
`151`	`152`	`return jwtHeader;`
`152`	`153`	`}`
`153`	`154`	`}`