diff --git a/lib/src/main/java/com/auth0/jwt/JWTCreator.java b/lib/src/main/java/com/auth0/jwt/JWTCreator.java index f5b70c13..526a9000 100644 --- a/lib/src/main/java/com/auth0/jwt/JWTCreator.java +++ b/lib/src/main/java/com/auth0/jwt/JWTCreator.java @@ -11,12 +11,13 @@ import com.fasterxml.jackson.databind.module.SimpleModule; import org.apache.commons.codec.binary.Base64; +import java.nio.charset.StandardCharsets; import java.util.Date; import java.util.HashMap; import java.util.Map; /** - * The JWTCreator class holds the sign method to generate a complete DecodedJWT (with Signature) from a given Header and Payload content. + * The JWTCreator class holds the sign method to generate a complete JWT (with Signature) from a given Header and Payload content. */ @SuppressWarnings("WeakerAccess") public final class JWTCreator { @@ -50,7 +51,7 @@ static JWTCreator.Builder init() { } /** - * The Builder class holds the Claims that defines the DecodedJWT to be created. + * The Builder class holds the Claims that defines the JWT to be created. */ public static class Builder { private final Map payloadClaims; @@ -139,7 +140,7 @@ public Builder withIssuedAt(Date issuedAt) { } /** - * Add a specific DecodedJWT Id ("jti") claim. + * Add a specific JWT Id ("jti") claim. * * @param jwtId the Token Id value. * @return this same Builder instance. @@ -172,12 +173,12 @@ public Builder withClaim(String name, Object value) throws IllegalArgumentExcept } /** - * Creates a new instance of the DecodedJWT with the specified payloadClaims. + * Creates a new JWT and signs is with the given algorithm * - * @param algorithm the Algorithm to use on the DecodedJWT signing. - * @return a new DecodedJWT instance. + * @param algorithm used to sign the JWT + * @return a new JWT token * @throws IllegalArgumentException if the provided algorithm is null. - * @throws JWTCreationException if the Claims coudln't be converted to a valid JSON or there was a problem with the signing key. + * @throws JWTCreationException if the claims could not be converted to a valid JSON or there was a problem with the signing key. */ public String sign(Algorithm algorithm) throws IllegalArgumentException, JWTCreationException { if (algorithm == null) { @@ -197,11 +198,11 @@ private void addClaim(String name, Object value) { } private String sign() throws SignatureGenerationException { - String header = Base64.encodeBase64URLSafeString((headerJson.getBytes())); - String payload = Base64.encodeBase64URLSafeString((payloadJson.getBytes())); + String header = Base64.encodeBase64URLSafeString((headerJson.getBytes(StandardCharsets.UTF_8))); + String payload = Base64.encodeBase64URLSafeString((payloadJson.getBytes(StandardCharsets.UTF_8))); String content = String.format("%s.%s", header, payload); - byte[] signatureBytes = algorithm.sign(content.getBytes()); + byte[] signatureBytes = algorithm.sign(content.getBytes(StandardCharsets.UTF_8)); String signature = Base64.encodeBase64URLSafeString((signatureBytes)); return String.format("%s.%s", content, signature); diff --git a/lib/src/main/java/com/auth0/jwt/JWTDecoder.java b/lib/src/main/java/com/auth0/jwt/JWTDecoder.java index 0c080375..1c0c0afc 100644 --- a/lib/src/main/java/com/auth0/jwt/JWTDecoder.java +++ b/lib/src/main/java/com/auth0/jwt/JWTDecoder.java @@ -13,7 +13,7 @@ import java.util.List; /** - * The JWTDecoder class holds the decode method to parse a given Token into it's DecodedJWT representation. + * The JWTDecoder class holds the decode method to parse a given JWT token into it's JWT representation. */ @SuppressWarnings("WeakerAccess") final class JWTDecoder extends JWT { diff --git a/lib/src/main/java/com/auth0/jwt/JWTVerifier.java b/lib/src/main/java/com/auth0/jwt/JWTVerifier.java index d0d2905c..b9077cb2 100644 --- a/lib/src/main/java/com/auth0/jwt/JWTVerifier.java +++ b/lib/src/main/java/com/auth0/jwt/JWTVerifier.java @@ -10,10 +10,11 @@ import com.auth0.jwt.interfaces.DecodedJWT; import org.apache.commons.codec.binary.Base64; +import java.nio.charset.StandardCharsets; import java.util.*; /** - * The JWTVerifier class holds the verify method to assert that a given Token has not only a proper DecodedJWT format, but also it's signature matches. + * The JWTVerifier class holds the verify method to assert that a given Token has not only a proper JWT format, but also it's signature matches. */ @SuppressWarnings("WeakerAccess") public final class JWTVerifier { @@ -30,7 +31,7 @@ public final class JWTVerifier { /** * Initialize a JWTVerifier instance using the given Algorithm. * - * @param algorithm the Algorithm to use on the DecodedJWT verification. + * @param algorithm the Algorithm to use on the JWT verification. * @return a JWTVerifier.Verification instance to configure. * @throws IllegalArgumentException if the provided algorithm is null. */ @@ -39,7 +40,7 @@ static JWTVerifier.Verification init(Algorithm algorithm) throws IllegalArgument } /** - * The Verification class holds the Claims required by a DecodedJWT to be valid. + * The Verification class holds the Claims required by a JWT to be valid. */ public static class Verification { private final Algorithm algorithm; @@ -154,7 +155,7 @@ public Verification acceptIssuedAt(long leeway) throws IllegalArgumentException } /** - * Require a specific DecodedJWT Id ("jti") claim. + * Require a specific JWT Id ("jti") claim. * * @param jwtId the required Id value * @return this same Verification instance. @@ -232,9 +233,9 @@ private void requireClaim(String name, Object value) { /** * Perform the verification against the given Token, using any previous configured options. * - * @param token the String representation of the DecodedJWT. - * @return a verified DecodedJWT. - * @throws JWTVerificationException if any of the required contents inside the DecodedJWT is invalid. + * @param token to verify. + * @return a verified and decoded JWT. + * @throws JWTVerificationException if any of the required contents inside the JWT is invalid. */ public DecodedJWT verify(String token) throws JWTVerificationException { DecodedJWT jwt = JWTDecoder.decode(token); @@ -245,14 +246,14 @@ public DecodedJWT verify(String token) throws JWTVerificationException { } private void verifySignature(String[] parts) throws SignatureVerificationException { - byte[] content = String.format("%s.%s", parts[0], parts[1]).getBytes(); + byte[] content = String.format("%s.%s", parts[0], parts[1]).getBytes(StandardCharsets.UTF_8); byte[] signature = Base64.decodeBase64(parts[2]); algorithm.verify(content, signature); } private void verifyAlgorithm(DecodedJWT jwt, Algorithm expectedAlgorithm) throws AlgorithmMismatchException { if (!expectedAlgorithm.getName().equals(jwt.getAlgorithm())) { - throw new AlgorithmMismatchException("The provided Algorithm doesn't match the one defined in the DecodedJWT's Header."); + throw new AlgorithmMismatchException("The provided Algorithm doesn't match the one defined in the JWT's Header."); } } diff --git a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java index e00bed16..b74b1aa3 100644 --- a/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java +++ b/lib/src/main/java/com/auth0/jwt/algorithms/Algorithm.java @@ -160,7 +160,7 @@ protected Algorithm(String name, String description) { } /** - * Getter for the name of this Algorithm, as defined in the DecodedJWT Standard. i.e. "HS256" + * Getter for the name of this Algorithm, as defined in the JWT Standard. i.e. "HS256" * * @return the algorithm name. */ diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/DecodedJWT.java b/lib/src/main/java/com/auth0/jwt/interfaces/DecodedJWT.java index 651a9baa..b672b474 100644 --- a/lib/src/main/java/com/auth0/jwt/interfaces/DecodedJWT.java +++ b/lib/src/main/java/com/auth0/jwt/interfaces/DecodedJWT.java @@ -1,7 +1,7 @@ package com.auth0.jwt.interfaces; /** - * The DecodedJWT class represents a Json Web Token. + * Class that represents a Json Web Token that was decoded from it's string representation. */ public interface DecodedJWT extends Payload, Header, Signature { String getToken(); diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/Header.java b/lib/src/main/java/com/auth0/jwt/interfaces/Header.java index b656c89b..2af99788 100644 --- a/lib/src/main/java/com/auth0/jwt/interfaces/Header.java +++ b/lib/src/main/java/com/auth0/jwt/interfaces/Header.java @@ -1,26 +1,26 @@ package com.auth0.jwt.interfaces; /** - * The Header class represents the 1st part of the DecodedJWT, where the Header value is hold. + * The Header class represents the 1st part of the JWT, where the Header value is hold. */ public interface Header { /** - * Getter for the Algorithm "alg" claim defined in the DecodedJWT's Header. If the claim is missing it will return null. + * Getter for the Algorithm "alg" claim defined in the JWT's Header. If the claim is missing it will return null. * * @return the Algorithm defined or null. */ String getAlgorithm(); /** - * Getter for the Type "typ" claim defined in the DecodedJWT's Header. If the claim is missing it will return null. + * Getter for the Type "typ" claim defined in the JWT's Header. If the claim is missing it will return null. * * @return the Type defined or null. */ String getType(); /** - * Getter for the Content Type "cty" claim defined in the DecodedJWT's Header. If the claim is missing it will return null. + * Getter for the Content Type "cty" claim defined in the JWT's Header. If the claim is missing it will return null. * * @return the Content Type defined or null. */ diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/JWTPartsParser.java b/lib/src/main/java/com/auth0/jwt/interfaces/JWTPartsParser.java index 99300530..520e35c8 100644 --- a/lib/src/main/java/com/auth0/jwt/interfaces/JWTPartsParser.java +++ b/lib/src/main/java/com/auth0/jwt/interfaces/JWTPartsParser.java @@ -3,7 +3,7 @@ import com.auth0.jwt.exceptions.JWTDecodeException; /** - * The JWTPartsParser class defines which parts of the DecodedJWT should be converted to it's specific Object representation instance. + * The JWTPartsParser class defines which parts of the JWT should be converted to it's specific Object representation instance. */ public interface JWTPartsParser { diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/Payload.java b/lib/src/main/java/com/auth0/jwt/interfaces/Payload.java index 662e2cdc..2fd93cc2 100644 --- a/lib/src/main/java/com/auth0/jwt/interfaces/Payload.java +++ b/lib/src/main/java/com/auth0/jwt/interfaces/Payload.java @@ -4,7 +4,7 @@ import java.util.List; /** - * The Payload class represents the 2nd part of the DecodedJWT, where the Payload value is hold. + * The Payload class represents the 2nd part of the JWT, where the Payload value is hold. */ public interface Payload { @@ -53,7 +53,7 @@ public interface Payload { /** * Get the value of the "jti" claim, or null if it's not available. * - * @return the DecodedJWT ID value or null. + * @return the JWT ID value or null. */ String getId(); diff --git a/lib/src/main/java/com/auth0/jwt/interfaces/Signature.java b/lib/src/main/java/com/auth0/jwt/interfaces/Signature.java index d984e953..ae190bf3 100644 --- a/lib/src/main/java/com/auth0/jwt/interfaces/Signature.java +++ b/lib/src/main/java/com/auth0/jwt/interfaces/Signature.java @@ -1,14 +1,14 @@ package com.auth0.jwt.interfaces; /** - * The Signature class represents the 3rd part of the DecodedJWT, where the Signature value is hold. + * The Signature class represents the 3rd part of the JWT, where the Signature value is hold. */ public interface Signature { /** - * Getter for the Signature contained in the DecodedJWT as a Base64 encoded String. + * Getter for the Signature contained in the JWT as a Base64 encoded String. * - * @return the Signature of the DecodedJWT. + * @return the Signature of the JWT. */ String getSignature(); } diff --git a/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java b/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java index ddacb0ab..b3e74f6e 100644 --- a/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java +++ b/lib/src/test/java/com/auth0/jwt/JWTDecoderTest.java @@ -11,6 +11,7 @@ import org.junit.Test; import org.junit.rules.ExpectedException; +import java.nio.charset.StandardCharsets; import java.util.Date; import static org.hamcrest.MatcherAssert.assertThat; @@ -200,8 +201,8 @@ public void shouldGetNullClaimIfClaimValueIsNull() throws Exception { //Helper Methods private DecodedJWT customJWT(String jsonHeader, String jsonPayload, String signature) { - String header = Base64.encodeBase64URLSafeString(jsonHeader.getBytes()); - String body = Base64.encodeBase64URLSafeString(jsonPayload.getBytes()); + String header = Base64.encodeBase64URLSafeString(jsonHeader.getBytes(StandardCharsets.UTF_8)); + String body = Base64.encodeBase64URLSafeString(jsonPayload.getBytes(StandardCharsets.UTF_8)); return JWTDecoder.decode(String.format("%s.%s.%s", header, body, signature)); } diff --git a/lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java b/lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java index 004691e8..fe7b1cf5 100644 --- a/lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java +++ b/lib/src/test/java/com/auth0/jwt/JWTVerifierTest.java @@ -33,7 +33,7 @@ public void shouldThrowWhenInitializedWithoutAlgorithm() throws Exception { @Test public void shouldThrowWhenAlgorithmDoesntMatchTheTokensAlgorithm() throws Exception { exception.expect(AlgorithmMismatchException.class); - exception.expectMessage("The provided Algorithm doesn't match the one defined in the DecodedJWT's Header."); + exception.expectMessage("The provided Algorithm doesn't match the one defined in the JWT's Header."); JWTVerifier verifier = JWTVerifier.init(Algorithm.HMAC512("secret")).build(); verifier.verify("eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.s69x7Mmu4JqwmdxiK6sesALO7tcedbFsKEEITUxw9ho"); } diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java index c52ff64a..73b23dbb 100644 --- a/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java +++ b/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmTest.java @@ -4,6 +4,7 @@ import org.junit.Test; import org.junit.rules.ExpectedException; +import java.nio.charset.StandardCharsets; import java.security.interfaces.ECKey; import java.security.interfaces.RSAKey; @@ -109,35 +110,35 @@ public void shouldThrowECDSA512VerificationWithNullPublicKey() throws Exception @Test public void shouldCreateHMAC256AlgorithmWithBytes() throws Exception { - Algorithm algorithm = Algorithm.HMAC256("secret".getBytes()); + Algorithm algorithm = Algorithm.HMAC256("secret".getBytes(StandardCharsets.UTF_8)); assertThat(algorithm, is(notNullValue())); assertThat(algorithm, is(instanceOf(HMACAlgorithm.class))); assertThat(algorithm.getDescription(), is("HmacSHA256")); assertThat(algorithm.getName(), is("HS256")); - assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes())); + assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes(StandardCharsets.UTF_8))); } @Test public void shouldCreateHMAC384AlgorithmWithBytes() throws Exception { - Algorithm algorithm = Algorithm.HMAC384("secret".getBytes()); + Algorithm algorithm = Algorithm.HMAC384("secret".getBytes(StandardCharsets.UTF_8)); assertThat(algorithm, is(notNullValue())); assertThat(algorithm, is(instanceOf(HMACAlgorithm.class))); assertThat(algorithm.getDescription(), is("HmacSHA384")); assertThat(algorithm.getName(), is("HS384")); - assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes())); + assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes(StandardCharsets.UTF_8))); } @Test public void shouldCreateHMAC512AlgorithmWithBytes() throws Exception { - Algorithm algorithm = Algorithm.HMAC512("secret".getBytes()); + Algorithm algorithm = Algorithm.HMAC512("secret".getBytes(StandardCharsets.UTF_8)); assertThat(algorithm, is(notNullValue())); assertThat(algorithm, is(instanceOf(HMACAlgorithm.class))); assertThat(algorithm.getDescription(), is("HmacSHA512")); assertThat(algorithm.getName(), is("HS512")); - assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes())); + assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes(StandardCharsets.UTF_8))); } @Test @@ -148,7 +149,7 @@ public void shouldCreateHMAC256AlgorithmWithString() throws Exception { assertThat(algorithm, is(instanceOf(HMACAlgorithm.class))); assertThat(algorithm.getDescription(), is("HmacSHA256")); assertThat(algorithm.getName(), is("HS256")); - assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes())); + assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes(StandardCharsets.UTF_8))); } @Test @@ -159,7 +160,7 @@ public void shouldCreateHMAC384AlgorithmWithString() throws Exception { assertThat(algorithm, is(instanceOf(HMACAlgorithm.class))); assertThat(algorithm.getDescription(), is("HmacSHA384")); assertThat(algorithm.getName(), is("HS384")); - assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes())); + assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes(StandardCharsets.UTF_8))); } @Test @@ -170,7 +171,7 @@ public void shouldCreateHMAC512AlgorithmWithString() throws Exception { assertThat(algorithm, is(instanceOf(HMACAlgorithm.class))); assertThat(algorithm.getDescription(), is("HmacSHA512")); assertThat(algorithm.getName(), is("HS512")); - assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes())); + assertThat(((HMACAlgorithm) algorithm).getSecret(), is("secret".getBytes(StandardCharsets.UTF_8))); } @Test diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmUtils.java b/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmUtils.java index 10235fee..c8eaccfa 100644 --- a/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmUtils.java +++ b/lib/src/test/java/com/auth0/jwt/algorithms/AlgorithmUtils.java @@ -2,11 +2,13 @@ import org.apache.commons.codec.binary.Base64; +import java.nio.charset.StandardCharsets; + public class AlgorithmUtils { public static void verify(Algorithm algorithm, String jwt) { String[] parts = jwt.split("\\."); - byte[] content = String.format("%s.%s", parts[0], parts[1]).getBytes(); + byte[] content = String.format("%s.%s", parts[0], parts[1]).getBytes(StandardCharsets.UTF_8); byte[] signature = new byte[0]; if (parts.length == 3) { signature = Base64.decodeBase64(parts[2]); diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java index 7dc1108a..c2b8f574 100644 --- a/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java +++ b/lib/src/test/java/com/auth0/jwt/algorithms/ECDSAAlgorithmTest.java @@ -7,6 +7,7 @@ import org.junit.Test; import org.junit.rules.ExpectedException; +import java.nio.charset.StandardCharsets; import java.security.*; import java.security.interfaces.ECKey; import java.security.interfaces.ECPrivateKey; @@ -352,7 +353,7 @@ public void shouldThrowOnVerifyWhenTheSignatureIsNotPrepared() throws Exception public void shouldDoECDSA256Signing() throws Exception { Algorithm algorithmSign = Algorithm.ECDSA256((ECKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_256, "EC")); Algorithm algorithmVerify = Algorithm.ECDSA256((ECKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_256, "EC")); - byte[] contentBytes = String.format("%s.%s", ES256Header, auth0IssPayload).getBytes(); + byte[] contentBytes = String.format("%s.%s", ES256Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithmSign.sign(contentBytes); assertThat(signatureBytes, is(notNullValue())); @@ -374,7 +375,7 @@ public void shouldFailOnECDSA256SigningWhenUsingPublicKey() throws Exception { public void shouldDoECDSA384Signing() throws Exception { Algorithm algorithmSign = Algorithm.ECDSA384((ECKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_384, "EC")); Algorithm algorithmVerify = Algorithm.ECDSA384((ECKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_384, "EC")); - byte[] contentBytes = String.format("%s.%s", ES384Header, auth0IssPayload).getBytes(); + byte[] contentBytes = String.format("%s.%s", ES384Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithmSign.sign(contentBytes); assertThat(signatureBytes, is(notNullValue())); @@ -396,7 +397,7 @@ public void shouldFailOnECDSA384SigningWhenUsingPublicKey() throws Exception { public void shouldDoECDSA512Signing() throws Exception { Algorithm algorithmSign = Algorithm.ECDSA512((ECKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_512, "EC")); Algorithm algorithmVerify = Algorithm.ECDSA512((ECKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_512, "EC")); - byte[] contentBytes = String.format("%s.%s", ES512Header, auth0IssPayload).getBytes(); + byte[] contentBytes = String.format("%s.%s", ES512Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithmSign.sign(contentBytes); assertThat(signatureBytes, is(notNullValue())); @@ -441,7 +442,7 @@ public void shouldThrowOnSignWhenThePrivateKeyIsInvalid() throws Exception { ECKey key = mock(ECKey.class, withSettings().extraInterfaces(ECPrivateKey.class)); Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, key); - algorithm.sign(ES256Header.getBytes()); + algorithm.sign(ES256Header.getBytes(StandardCharsets.UTF_8)); } @Test @@ -457,7 +458,7 @@ public void shouldThrowOnSignWhenUsingPublicKey() throws Exception { ECKey key = mock(ECKey.class, withSettings().extraInterfaces(ECPublicKey.class)); Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, key); - algorithm.sign(ES256Header.getBytes()); + algorithm.sign(ES256Header.getBytes(StandardCharsets.UTF_8)); } @Test @@ -472,6 +473,6 @@ public void shouldThrowOnSignWhenTheSignatureIsNotPrepared() throws Exception { ECKey key = mock(ECKey.class, withSettings().extraInterfaces(ECPrivateKey.class)); Algorithm algorithm = new ECDSAAlgorithm(crypto, "some-alg", "some-algorithm", 32, key); - algorithm.sign(ES256Header.getBytes()); + algorithm.sign(ES256Header.getBytes(StandardCharsets.UTF_8)); } } \ No newline at end of file diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/HMACAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/HMACAlgorithmTest.java index 2b063f87..1c8a2012 100644 --- a/lib/src/test/java/com/auth0/jwt/algorithms/HMACAlgorithmTest.java +++ b/lib/src/test/java/com/auth0/jwt/algorithms/HMACAlgorithmTest.java @@ -7,6 +7,7 @@ import org.junit.Test; import org.junit.rules.ExpectedException; +import java.nio.charset.StandardCharsets; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.util.Arrays; @@ -153,8 +154,8 @@ public void shouldThrowOnVerifyWhenTheSecretIsInvalid() throws Exception { @Test public void shouldDoHMAC256SigningWithBytes() throws Exception { - Algorithm algorithm = Algorithm.HMAC256("secret".getBytes()); - byte[] contentBytes = String.format("%s.%s", HS256Header, auth0IssPayload).getBytes(); + Algorithm algorithm = Algorithm.HMAC256("secret".getBytes(StandardCharsets.UTF_8)); + byte[] contentBytes = String.format("%s.%s", HS256Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithm.sign(contentBytes); String signature = Base64.encodeBase64URLSafeString(signatureBytes); String expectedSignature = "s69x7Mmu4JqwmdxiK6sesALO7tcedbFsKEEITUxw9ho"; @@ -166,8 +167,8 @@ public void shouldDoHMAC256SigningWithBytes() throws Exception { @Test public void shouldDoHMAC384SigningWithBytes() throws Exception { - Algorithm algorithm = Algorithm.HMAC384("secret".getBytes()); - byte[] contentBytes = String.format("%s.%s", HS384Header, auth0IssPayload).getBytes(); + Algorithm algorithm = Algorithm.HMAC384("secret".getBytes(StandardCharsets.UTF_8)); + byte[] contentBytes = String.format("%s.%s", HS384Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithm.sign(contentBytes); String signature = Base64.encodeBase64URLSafeString(signatureBytes); String expectedSignature = "4-y2Gxz_foN0jAOFimmBPF7DWxf4AsjM20zxNkHg8Zah5Q64G42P9GfjmUp4Hldt"; @@ -179,8 +180,8 @@ public void shouldDoHMAC384SigningWithBytes() throws Exception { @Test public void shouldDoHMAC512SigningWithBytes() throws Exception { - Algorithm algorithm = Algorithm.HMAC512("secret".getBytes()); - byte[] contentBytes = String.format("%s.%s", HS512Header, auth0IssPayload).getBytes(); + Algorithm algorithm = Algorithm.HMAC512("secret".getBytes(StandardCharsets.UTF_8)); + byte[] contentBytes = String.format("%s.%s", HS512Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithm.sign(contentBytes); String signature = Base64.encodeBase64URLSafeString(signatureBytes); String expectedSignature = "OXWyxmf-VcVo8viOiTFfLaEy6mrQqLEos5R82Xsx8mtFxQadJAQ1aVniIWN8qT2GNE_pMQPcdzk4x7Cqxsp1dw"; @@ -193,7 +194,7 @@ public void shouldDoHMAC512SigningWithBytes() throws Exception { @Test public void shouldDoHMAC256SigningWithString() throws Exception { Algorithm algorithm = Algorithm.HMAC256("secret"); - byte[] contentBytes = String.format("%s.%s", HS256Header, auth0IssPayload).getBytes(); + byte[] contentBytes = String.format("%s.%s", HS256Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithm.sign(contentBytes); String signature = Base64.encodeBase64URLSafeString(signatureBytes); String expectedSignature = "s69x7Mmu4JqwmdxiK6sesALO7tcedbFsKEEITUxw9ho"; @@ -206,7 +207,7 @@ public void shouldDoHMAC256SigningWithString() throws Exception { @Test public void shouldDoHMAC384SigningWithString() throws Exception { Algorithm algorithm = Algorithm.HMAC384("secret"); - byte[] contentBytes = String.format("%s.%s", HS384Header, auth0IssPayload).getBytes(); + byte[] contentBytes = String.format("%s.%s", HS384Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithm.sign(contentBytes); String signature = Base64.encodeBase64URLSafeString(signatureBytes); String expectedSignature = "4-y2Gxz_foN0jAOFimmBPF7DWxf4AsjM20zxNkHg8Zah5Q64G42P9GfjmUp4Hldt"; @@ -219,7 +220,7 @@ public void shouldDoHMAC384SigningWithString() throws Exception { @Test public void shouldDoHMAC512SigningWithString() throws Exception { Algorithm algorithm = Algorithm.HMAC512("secret"); - byte[] contentBytes = String.format("%s.%s", HS512Header, auth0IssPayload).getBytes(); + byte[] contentBytes = String.format("%s.%s", HS512Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithm.sign(contentBytes); String signature = Base64.encodeBase64URLSafeString(signatureBytes); String expectedSignature = "OXWyxmf-VcVo8viOiTFfLaEy6mrQqLEos5R82Xsx8mtFxQadJAQ1aVniIWN8qT2GNE_pMQPcdzk4x7Cqxsp1dw"; @@ -239,7 +240,7 @@ public void shouldThrowOnSignWhenSignatureAlgorithmDoesNotExists() throws Except when(crypto.createSignatureFor(anyString(), any(byte[].class), any(byte[].class))) .thenThrow(NoSuchAlgorithmException.class); - Algorithm algorithm = new HMACAlgorithm(crypto, "some-alg", "some-algorithm", "secret".getBytes()); + Algorithm algorithm = new HMACAlgorithm(crypto, "some-alg", "some-algorithm", "secret".getBytes(StandardCharsets.UTF_8)); algorithm.sign(new byte[0]); } @@ -253,7 +254,7 @@ public void shouldThrowOnSignWhenTheSecretIsInvalid() throws Exception { when(crypto.createSignatureFor(anyString(), any(byte[].class), any(byte[].class))) .thenThrow(InvalidKeyException.class); - Algorithm algorithm = new HMACAlgorithm(crypto, "some-alg", "some-algorithm", "secret".getBytes()); + Algorithm algorithm = new HMACAlgorithm(crypto, "some-alg", "some-algorithm", "secret".getBytes(StandardCharsets.UTF_8)); algorithm.sign(new byte[0]); } diff --git a/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java b/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java index 203f3ce2..ea6961fc 100644 --- a/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java +++ b/lib/src/test/java/com/auth0/jwt/algorithms/RSAAlgorithmTest.java @@ -7,6 +7,7 @@ import org.junit.Test; import org.junit.rules.ExpectedException; +import java.nio.charset.StandardCharsets; import java.security.*; import java.security.interfaces.RSAKey; import java.security.interfaces.RSAPrivateKey; @@ -174,7 +175,7 @@ public void shouldDoRSA256Signing() throws Exception { Algorithm algorithmSign = Algorithm.RSA256((RSAKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE, "RSA")); Algorithm algorithmVerify = Algorithm.RSA256((RSAKey) readPublicKeyFromFile(PUBLIC_KEY_FILE, "RSA")); - byte[] contentBytes = String.format("%s.%s", RS256Header, auth0IssPayload).getBytes(); + byte[] contentBytes = String.format("%s.%s", RS256Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithmSign.sign(contentBytes); String signature = Base64.encodeBase64URLSafeString(signatureBytes); String expectedSignature = "ZB-Tr0vLtnf8I9fhSdSjU6HZei5xLYZQ6nZqM5O6Va0W9PgAqgRT7ShI9CjeYulRXPHvVmSl5EQuYuXdBzM0-H_3p_Nsl6tSMy4EyX2kkhEm6T0HhvarTh8CG0PCjn5p6FP5ZxWwhLcmRN70ItP6Z5MMO4CcJh1JrNxR4Fi4xQgt-CK2aVDMFXd-Br5yQiLVx1CX83w28OD9wssW3Rdltl5e66vCef0Ql6Q5I5e5F0nqGYT989a9fkNgLIx2F8k_az5x07BY59FV2SZg59nSiY7TZNjP8ot11Ew7HKRfPXOdh9eKRUVdhcxzqDePhyzKabU8TG5FP0SiWH5qVPfAgw"; @@ -200,7 +201,7 @@ public void shouldDoRSA384Signing() throws Exception { Algorithm algorithmSign = Algorithm.RSA384((RSAKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE, "RSA")); Algorithm algorithmVerify = Algorithm.RSA384((RSAKey) readPublicKeyFromFile(PUBLIC_KEY_FILE, "RSA")); - byte[] contentBytes = String.format("%s.%s", RS384Header, auth0IssPayload).getBytes(); + byte[] contentBytes = String.format("%s.%s", RS384Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithmSign.sign(contentBytes); String signature = Base64.encodeBase64URLSafeString(signatureBytes); String expectedSignature = "Jx1PaTBnjd_U56MNjifFcY7w9ImDbseg0y8Ijr2pSiA1_wzQb_wy9undaWfzR5YqdIAXvjS8AGuZUAzIoTG4KMgOgdVyYDz3l2jzj6wI-lgqfR5hTy1w1ruMUQ4_wobpdxAiJ4fEbg8Mi_GljOiCO-P1HilxKnpiOJZidR8MQGwTInsf71tOUkK4x5UsdmUueuZbaU-CL5kPnRfXmJj9CcdxZbD9oMlbo23dwkP5BNMrS2LwGGzc9C_-ypxrBIOVilG3WZxcSmuG86LjcZbnL6LBEfph5NmKBgQav147uipb_7umBEr1m2dYiB_9u606n3bcoo3rnsYYK_Xfi1GAEQ"; @@ -226,7 +227,7 @@ public void shouldDoRSA512Signing() throws Exception { Algorithm algorithmSign = Algorithm.RSA512((RSAKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE, "RSA")); Algorithm algorithmVerify = Algorithm.RSA512((RSAKey) readPublicKeyFromFile(PUBLIC_KEY_FILE, "RSA")); - byte[] contentBytes = String.format("%s.%s", RS512Header, auth0IssPayload).getBytes(); + byte[] contentBytes = String.format("%s.%s", RS512Header, auth0IssPayload).getBytes(StandardCharsets.UTF_8); byte[] signatureBytes = algorithmSign.sign(contentBytes); String signature = Base64.encodeBase64URLSafeString(signatureBytes); String expectedSignature = "THIPVYzNZ1Yo_dm0k1UELqV0txs3SzyMopCyHcLXOOdgYXF4MlGvBqu0CFvgSga72Sp5LpuC1Oesj40v_QDsp2GTGDeWnvvcv_eo-b0LPSpmT2h1Ibrmu-z70u2rKf28pkN-AJiMFqi8sit2kMIp1bwIVOovPvMTQKGFmova4Xwb3G526y_PeLlflW1h69hQTIVcI67ACEkAC-byjDnnYIklA-B4GWcggEoFwQRTdRjAUpifA6HOlvnBbZZlUd6KXwEydxVS-eh1odwPjB2_sfbyy5HnLsvNdaniiZQwX7QbwLNT4F72LctYdHHM1QCrID6bgfgYp9Ij9CRX__XDEA"; @@ -259,7 +260,7 @@ public void shouldThrowOnSignWhenSignatureAlgorithmDoesNotExists() throws Except RSAKey key = mock(RSAKey.class, withSettings().extraInterfaces(RSAPrivateKey.class)); Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", key); - algorithm.sign(RS256Header.getBytes()); + algorithm.sign(RS256Header.getBytes(StandardCharsets.UTF_8)); } @Test @@ -274,7 +275,7 @@ public void shouldThrowOnSignWhenThePrivateKeyIsInvalid() throws Exception { RSAKey key = mock(RSAKey.class, withSettings().extraInterfaces(RSAPrivateKey.class)); Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", key); - algorithm.sign(RS256Header.getBytes()); + algorithm.sign(RS256Header.getBytes(StandardCharsets.UTF_8)); } @Test @@ -290,7 +291,7 @@ public void shouldThrowOnSignWhenUsingPublicKey() throws Exception { RSAKey key = mock(RSAKey.class, withSettings().extraInterfaces(RSAPublicKey.class)); Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", key); - algorithm.sign(RS256Header.getBytes()); + algorithm.sign(RS256Header.getBytes(StandardCharsets.UTF_8)); } @Test @@ -305,6 +306,6 @@ public void shouldThrowOnSignWhenTheSignatureIsNotPrepared() throws Exception { RSAKey key = mock(RSAKey.class, withSettings().extraInterfaces(RSAPrivateKey.class)); Algorithm algorithm = new RSAAlgorithm(crypto, "some-alg", "some-algorithm", key); - algorithm.sign(RS256Header.getBytes()); + algorithm.sign(RS256Header.getBytes(StandardCharsets.UTF_8)); } } \ No newline at end of file