From 2f6b1ca3181e7fd04c30f4e949612279abf0e640 Mon Sep 17 00:00:00 2001 From: Micah Silverman Date: Thu, 14 Jul 2016 00:09:53 -0400 Subject: [PATCH] Moved TextCodec.BASE64.decode calls into service. Refactored method names to drive home that you're getting bytes back. --- .../jjwtfun/config/CSRFConfig.java | 2 +- .../jjwtfun/config/JWTCsrfTokenRepository.java | 5 ++--- .../jjwtfun/config/WebSecurityConfig.java | 2 -- .../controller/DynamicJWTController.java | 6 +++--- .../controller/StaticJWTController.java | 3 +-- .../jjwtfun/service/SecretService.java | 18 +++++++++--------- .../jjwtfun/DemoApplicationTests.java | 6 +++--- 7 files changed, 19 insertions(+), 23 deletions(-) diff --git a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/CSRFConfig.java b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/CSRFConfig.java index 8f88cc9ead..7d88835243 100644 --- a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/CSRFConfig.java +++ b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/CSRFConfig.java @@ -16,6 +16,6 @@ public class CSRFConfig { @Bean @ConditionalOnMissingBean public CsrfTokenRepository jwtCsrfTokenRepository() { - return new JWTCsrfTokenRepository(secretService.getHS256Secret()); + return new JWTCsrfTokenRepository(secretService.getHS256SecretBytes()); } } diff --git a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/JWTCsrfTokenRepository.java b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/JWTCsrfTokenRepository.java index efc5bc5839..bf88b8aff1 100644 --- a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/JWTCsrfTokenRepository.java +++ b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/JWTCsrfTokenRepository.java @@ -2,7 +2,6 @@ package io.jsonwebtoken.jjwtfun.config; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; -import io.jsonwebtoken.impl.TextCodec; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.web.csrf.CsrfToken; @@ -22,8 +21,8 @@ public class JWTCsrfTokenRepository implements CsrfTokenRepository { private static final Logger log = LoggerFactory.getLogger(JWTCsrfTokenRepository.class); private byte[] secret; - public JWTCsrfTokenRepository(String base64Secret) { - this.secret = TextCodec.BASE64.decode(base64Secret); + public JWTCsrfTokenRepository(byte[] secret) { + this.secret = secret; } @Override diff --git a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/WebSecurityConfig.java b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/WebSecurityConfig.java index 638cd0abab..ad51cdafdc 100644 --- a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/WebSecurityConfig.java +++ b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/config/WebSecurityConfig.java @@ -2,10 +2,8 @@ package io.jsonwebtoken.jjwtfun.config; import io.jsonwebtoken.JwtException; import io.jsonwebtoken.Jwts; -import io.jsonwebtoken.impl.TextCodec; import io.jsonwebtoken.jjwtfun.service.SecretService; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; diff --git a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/DynamicJWTController.java b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/DynamicJWTController.java index 82ae0f01d1..c03c63dd80 100644 --- a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/DynamicJWTController.java +++ b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/DynamicJWTController.java @@ -31,7 +31,7 @@ public class DynamicJWTController extends BaseController { .setClaims(claims) .signWith( SignatureAlgorithm.HS256, - secretService.getHS256Secret() + secretService.getHS256SecretBytes() ) .compact(); return new JwtResponse(jws); @@ -44,7 +44,7 @@ public class DynamicJWTController extends BaseController { .compressWith(CompressionCodecs.DEFLATE) .signWith( SignatureAlgorithm.HS256, - secretService.getHS256Secret() + secretService.getHS256SecretBytes() ) .compact(); return new JwtResponse(jws); @@ -89,7 +89,7 @@ public class DynamicJWTController extends BaseController { } }); - builder.signWith(SignatureAlgorithm.HS256, secretService.getHS256Secret()); + builder.signWith(SignatureAlgorithm.HS256, secretService.getHS256SecretBytes()); return new JwtResponse(builder.compact()); } diff --git a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/StaticJWTController.java b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/StaticJWTController.java index 489c85a32b..65630aeb84 100644 --- a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/StaticJWTController.java +++ b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/controller/StaticJWTController.java @@ -4,7 +4,6 @@ import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jws; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; -import io.jsonwebtoken.impl.TextCodec; import io.jsonwebtoken.jjwtfun.model.JwtResponse; import io.jsonwebtoken.jjwtfun.service.SecretService; import org.springframework.beans.factory.annotation.Autowired; @@ -35,7 +34,7 @@ public class StaticJWTController extends BaseController { .setExpiration(Date.from(Instant.ofEpochSecond(4622470422L))) // Sat Jun 24 2116 15:33:42 GMT-0400 (EDT) .signWith( SignatureAlgorithm.HS256, - TextCodec.BASE64.decode(secretService.getHS256Secret()) + secretService.getHS256SecretBytes() ) .compact(); diff --git a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/service/SecretService.java b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/service/SecretService.java index 8af538f90e..4311afa592 100644 --- a/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/service/SecretService.java +++ b/jjwt/src/main/java/io/jsonwebtoken/jjwtfun/service/SecretService.java @@ -42,23 +42,23 @@ public class SecretService { public void setSecrets(Map secrets) { Assert.notNull(secrets); - Assert.isTrue(secrets.get(SignatureAlgorithm.HS256.getValue()) != null); - Assert.isTrue(secrets.get(SignatureAlgorithm.HS384.getValue()) != null); - Assert.isTrue(secrets.get(SignatureAlgorithm.HS512.getValue()) != null); + Assert.hasText(secrets.get(SignatureAlgorithm.HS256.getValue())); + Assert.hasText(secrets.get(SignatureAlgorithm.HS384.getValue())); + Assert.hasText(secrets.get(SignatureAlgorithm.HS512.getValue())); this.secrets = secrets; } - public String getHS256Secret() { - return secrets.get(SignatureAlgorithm.HS256.getValue()); + public byte[] getHS256SecretBytes() { + return TextCodec.BASE64.decode(secrets.get(SignatureAlgorithm.HS256.getValue())); } - public String getHS384Secret() { - return secrets.get(SignatureAlgorithm.HS384.getValue()); + public byte[] getHS384SecretBytes() { + return TextCodec.BASE64.decode(secrets.get(SignatureAlgorithm.HS384.getValue())); } - public String getHS512Secret() { - return secrets.get(SignatureAlgorithm.HS512.getValue()); + public byte[] getHS512SecretBytes() { + return TextCodec.BASE64.decode(secrets.get(SignatureAlgorithm.HS384.getValue())); } diff --git a/jjwt/src/test/java/io/jsonwebtoken/jjwtfun/DemoApplicationTests.java b/jjwt/src/test/java/io/jsonwebtoken/jjwtfun/DemoApplicationTests.java index 357d91ed73..82138ea23e 100644 --- a/jjwt/src/test/java/io/jsonwebtoken/jjwtfun/DemoApplicationTests.java +++ b/jjwt/src/test/java/io/jsonwebtoken/jjwtfun/DemoApplicationTests.java @@ -11,8 +11,8 @@ import org.springframework.test.context.web.WebAppConfiguration; @WebAppConfiguration public class DemoApplicationTests { - @Test - public void contextLoads() { - } + @Test + public void contextLoads() { + } }