RSA Support

Author: arcseldon

README.md

@@ -2,49 +2,73 @@
 
 An implementation of [JSON Web Tokens](http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) developed against `draft-ietf-oauth-json-web-token-08`.
 
-### Usage
-Note for Auth0 users:
-By default, Auth0's CLIENT_SECRET is base64-encoded.
-To work with JWTVerifier, it must be decoded first.
+## Installation
 
-```java
-public class Application {
-    public static void main (String [] args) {
-        try {
-            Base64 decoder = new Base64(true);
-            byte[] secret = decoder.decodeBase64(CLIENT_SECRET);
-            Map<String,Object> decodedPayload =
-                new JWTVerifier(secret, "audience").verify("my-token");
-                
-            // Get custom fields from decoded Payload
-            System.out.println(decodedPayload.get("name"));
-        } catch (SignatureException signatureException) {
-            System.err.println("Invalid signature!");
-        } catch (IllegalStateException illegalStateException) {
-            System.err.println("Invalid Token! " + illegalStateException);
-        }
-    }
-}
-```
-
-#### Maven coordinates?
-
-Yes, here you are:
+### Maven
 
 ```xml
 <dependency>
     <groupId>com.auth0</groupId>
     <artifactId>java-jwt</artifactId>
-    <version>2.1.0</version>
+    <version>2.2.1</version>
 </dependency>
 ```
 
-### Credits
+### Gradle
+
+```gradle
+compile 'com.auth0.java-jwt:2.2.1'
+```
+
+## Usage
+
+### Sign JWT (HS256)
+
+```java
+final String issuer = "https://mydomain.com/";
+final String secret = "{{a secret used for signing}}";
+
+final long iat = System.currentTimeMillis() / 1000l; // issued at claim 
+final long exp = iat + 60L; // expires claim. In this case the token expires in 60 seconds
+
+final JWTSigner signer = new JWTSigner(secret);
+final HashMap<String, Object> claims = new HashMap<String, Object>();
+claims.put("iss", issuer);
+claims.put("exp", exp);
+claims.put("iat", iat);
+
+final String jwt = signer.sign(claims);
+```
+
+### Verify JWT (HS256)
+
+```java
+final String secret = "{{secret used for signing}}";
+try {
+    final JWTVerifier verifier = new JWTVerifier(secret);
+    final Map<String,Object> claims= jwtVerifier.verify(jwt);
+} catch (JWTVerifyException e) {
+    // Invalid Token
+}
+```
+
+### Validate aud & iss claims
+
+```java
+final String secret = "{{secret used for signing}}";
+try {
+    final JWTVerifier verifier = new JWTVerifier(secret, "{{my-audience}}", "{{my-issuer}}");
+    final Map<String,Object> claims= jwtVerifier.verify(jwt);
+} catch (JWTVerifyException e) {
+    // Invalid Token
+}
+```
 
-Most of the code have been written by Luis Faja <https://bitbucket.org/lluisfaja/javajwt>. We just wrapped it in a nicer interface and published it to Maven Central. We'll be adding support for signing and other algorithms in the future.
 
 ### Why another JSON Web Token implementation for Java?
-We think that current JWT implementations are either too complex or not tested enough. We want something simple with the right number of abstractions.
+
+We believe existing JWT implementations in Java are either too complex or not tested enough.
+This library aims to be simple and achieve the right level of abstraction.
 
 ## Issue Reporting
 

pom.xml

@@ -1,4 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>
@@ -9,14 +10,15 @@
 
   <groupId>com.auth0</groupId>
   <artifactId>java-jwt</artifactId>
-  <version>2.1.1-SNAPSHOT</version>
+  <version>2.2.1-SNAPSHOT</version>
 
   <name>Java JWT</name>
-  <description>Java implementation of JSON Web Token developed against draft-ietf-oauth-json-web-token-08.</description>
+  <description>Java implementation of JSON Web Token developed against draft-ietf-oauth-json-web-token-08.
+  </description>
   <url>http://www.jwt.io</url>
 
   <properties>
-    <java.version>1.5</java.version>
+    <java.version>1.7</java.version>
     <repackage.base>com.auth0.jwt.internal</repackage.base>
   </properties>
 
@@ -28,41 +30,53 @@
     </license>
   </licenses>
 
-  <developers>
-    <developer>
-      <name>Alberto Pose</name>
-      <id>pose</id>
-      <roles>
-        <role>Developer</role>
-      </roles>
-    </developer>
-  </developers>
-
   <scm>
     <url>https://github.com/auth0/java-jwt</url>
     <developerConnection>scm:git:[email protected]:auth0/java-jwt.git</developerConnection>
     <connection>scm:git:[email protected]:auth0/java-jwt.git</connection>
   </scm>
 
   <dependencies>
-    <!-- For JWT parsing-->
+
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
       <version>2.0.1</version>
     </dependency>
+
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcprov-jdk15on</artifactId>
+      <version>1.52</version>
+    </dependency>
+
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
       <version>1.4</version>
     </dependency>
 
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-lang3</artifactId>
+      <version>3.4</version>
+    </dependency>
+
+    <dependency>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-io</artifactId>
+      <version>1.3.2</version>
+    </dependency>
+
+    <!-- test -->
+
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
       <version>4.11</version>
       <scope>test</scope>
     </dependency>
+
   </dependencies>
 
   <build>
@@ -77,33 +91,55 @@
           <encoding>UTF-8</encoding>
         </configuration>
       </plugin>
-        <plugin>
-          <groupId>org.apache.maven.plugins</groupId>
-          <artifactId>maven-shade-plugin</artifactId>
-          <version>2.2</version>
-          <executions>
-            <execution>
-              <phase>package</phase>
-              <goals>
-                <goal>shade</goal>
-              </goals>
-              <configuration>
-                <shadedArtifactAttached>false</shadedArtifactAttached>
-                <createDependencyReducedPom>true</createDependencyReducedPom>
-                <relocations>
-                  <relocation>
-                    <pattern>com.fasterxml.jackson</pattern>
-                    <shadedPattern>${repackage.base}.com.fasterxml.jackson</shadedPattern>
-                  </relocation>
-                  <relocation>
-                    <pattern>org.apache.commons.codec</pattern>
-                    <shadedPattern>${repackage.base}.org.apache.commons.codec</shadedPattern>
-                  </relocation>
-                </relocations>
-              </configuration>
-            </execution>
-          </executions>
-        </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-shade-plugin</artifactId>
+        <version>2.2</version>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>shade</goal>
+            </goals>
+            <configuration>
+              <filters>
+                <filter>
+                  <artifact>*:*</artifact>
+                  <excludes>
+                    <exclude>META-INF/*.SF</exclude>
+                    <exclude>META-INF/*.DSA</exclude>
+                    <exclude>META-INF/*.RSA</exclude>
+                  </excludes>
+                </filter>
+              </filters>
+              <shadedArtifactAttached>false</shadedArtifactAttached>
+              <createDependencyReducedPom>true</createDependencyReducedPom>
+              <relocations>
+                <relocation>
+                  <pattern>com.fasterxml.jackson</pattern>
+                  <shadedPattern>${repackage.base}.com.fasterxml.jackson</shadedPattern>
+                </relocation>
+                <relocation>
+                  <pattern>org.apache.commons.codec</pattern>
+                  <shadedPattern>${repackage.base}.org.apache.commons.codec</shadedPattern>
+                </relocation>
+                <relocation>
+                  <pattern>org.apache.commons.io</pattern>
+                  <shadedPattern>${repackage.base}.org.apache.commons.io</shadedPattern>
+                </relocation>
+                <relocation>
+                  <pattern>org.apache.commons.lang3</pattern>
+                  <shadedPattern>${repackage.base}.org.apache.commons.lang3</shadedPattern>
+                </relocation>
+                <relocation>
+                  <pattern>org.bouncycastle</pattern>
+                  <shadedPattern>${repackage.base}.org.bouncycastle</shadedPattern>
+                </relocation>
+              </relocations>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
     </plugins>
   </build>
 </project>

src/main/java/com/auth0/jwt/Algorithm.java

@@ -1,15 +1,33 @@
 package com.auth0.jwt;
 
+import org.apache.commons.lang3.Validate;
+
+/**
+ * Supported Library Algorithms
+ *
+ * https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator
+ */
 public enum Algorithm {
-	HS256("HmacSHA256"), HS384("HmacSHA384"), HS512("HmacSHA512"), RS256("RS256"), RS384("RS384"), RS512("RS512");
 
-	private Algorithm(String value) {
+	HS256("HmacSHA256"), HS384("HmacSHA384"), HS512("HmacSHA512"), RS256("SHA256withRSA"), RS384("SHA384withRSA"), RS512("SHA512withRSA");
+
+	private Algorithm(final String value) {
 		this.value = value;
 	}
-	
+
 	private String value;
 
 	public String getValue() {
 		return value;
 	}
+
+	public static Algorithm findByName(final String name) throws JWTAlgorithmException {
+		Validate.notNull(name);
+		try {
+			return Algorithm.valueOf(name);
+		} catch (IllegalArgumentException e) {
+			throw new JWTAlgorithmException("Unsupported algorithm: " + name);
+		}
+	}
+
 }

src/main/java/com/auth0/jwt/JWTAlgorithmException.java

@@ -0,0 +1,20 @@
+package com.auth0.jwt;
+
+/**
+ * Represents Exception related to Algorithm - for example JWT header algorithm is unsupported / missing
+ */
+public class JWTAlgorithmException extends JWTVerifyException {
+
+
+    public JWTAlgorithmException() {}
+
+    public JWTAlgorithmException(final String message, final Throwable cause) {
+        super(message, cause);
+    }
+
+    public JWTAlgorithmException(final String message) {
+        super(message);
+    }
+
+}
+

src/main/java/com/auth0/jwt/JWTAudienceException.java

@@ -1,26 +1,33 @@
 package com.auth0.jwt;
 
 import com.fasterxml.jackson.databind.JsonNode;
+import org.apache.commons.lang3.Validate;
 
 import java.util.ArrayList;
 import java.util.List;
 
+/**
+ * Represents Exception related to Audience - for example illegal audience on JWT Verification
+ */
 public class JWTAudienceException extends JWTVerifyException {
+
     private JsonNode audienceNode;
 
-    public JWTAudienceException(JsonNode audienceNode) {
+    public JWTAudienceException(final JsonNode audienceNode) {
+        Validate.notNull(audienceNode);
         this.audienceNode = audienceNode;
     }
 
-    public JWTAudienceException(String message, JsonNode audienceNode) {
+    public JWTAudienceException(final String message, final JsonNode audienceNode) {
         super(message);
+        Validate.notNull(audienceNode);
         this.audienceNode = audienceNode;
     }
 
     public List<String> getAudience() {
-        ArrayList<String> audience = new ArrayList<String>();
+        final ArrayList<String> audience = new ArrayList<>();
         if (audienceNode.isArray()) {
-            for (JsonNode jsonNode : audienceNode) {
+            for (final JsonNode jsonNode : audienceNode) {
                 audience.add(jsonNode.textValue());
             }
         } else if (audienceNode.isTextual()) {

src/main/java/com/auth0/jwt/JWTExpiredException.java

@@ -1,13 +1,18 @@
 package com.auth0.jwt;
 
+
+/**
+ * Represents Exception related to Expiration - for example JWT token has expired
+ */
 public class JWTExpiredException extends JWTVerifyException {
+
     private long expiration;
 
-    public JWTExpiredException(long expiration) {
+    public JWTExpiredException(final long expiration) {
         this.expiration = expiration;
     }
 
-    public JWTExpiredException(String message, long expiration) {
+    public JWTExpiredException(final String message, final long expiration) {
         super(message);
         this.expiration = expiration;
     }