/** * Assert a boolean expression, throwing <code>IllegalArgumentException</code> * if the test result is <code>false</code>. * <pre class="code">Assert.isTrue(i > 0);</pre> * @param expression a boolean expression * @throws IllegalArgumentException if expression is <code>false</code> */ public static void isTrue(boolean expression) { isTrue(expression, "[Assertion failed] - this expression must be true"); }
public EllipticCurveSignatureValidator(SignatureAlgorithm alg, Key key) { super(alg, key); Assert.isTrue(key instanceof ECPublicKey, EC_PUBLIC_KEY_REQD_MSG); }
public RsaSignatureValidator(SignatureAlgorithm alg, Key key) { super(alg, key); Assert.isTrue(key instanceof RSAPrivateKey || key instanceof RSAPublicKey, "RSA Signature validation requires either a RSAPublicKey or RSAPrivateKey instance."); this.SIGNER = key instanceof RSAPrivateKey ? new RsaSigner(alg, key) : null; }
public MacSigner(SignatureAlgorithm alg, Key key) { super(alg, key); Assert.isTrue(alg.isHmac(), "The MacSigner only supports HMAC signature algorithms."); if (!(key instanceof SecretKey)) { String msg = "MAC signatures must be computed and verified using a SecretKey. The specified key of " + "type " + key.getClass().getName() + " is not a SecretKey."; throw new IllegalArgumentException(msg); } }
protected MacProvider(SignatureAlgorithm alg, Key key) { super(alg, key); Assert.isTrue(alg.isHmac(), "SignatureAlgorithm must be a HMAC SHA algorithm."); }
protected EllipticCurveProvider(SignatureAlgorithm alg, Key key) { super(alg, key); Assert.isTrue(alg.isEllipticCurve(), "SignatureAlgorithm must be an Elliptic Curve algorithm."); }
protected RsaProvider(SignatureAlgorithm alg, Key key) { super(alg, key); Assert.isTrue(alg.isRsa(), "SignatureAlgorithm must be an RSASSA or RSASSA-PSS algorithm."); }
public static SecretKey generateKey(SignatureAlgorithm alg, SecureRandom random) { Assert.isTrue(alg.isHmac(), "SignatureAlgorithm argument must represent an HMAC algorithm.");
SecureRandom random) { Assert.notNull(alg, "SignatureAlgorithm argument cannot be null."); Assert.isTrue(alg.isEllipticCurve(), "SignatureAlgorithm argument must represent an Elliptic Curve algorithm."); try { KeyPairGenerator g;
/** * Generates a new RSA secure-randomly key pair suitable for the specified SignatureAlgorithm using JJWT's * default {@link SignatureProvider#DEFAULT_SECURE_RANDOM SecureRandom instance}. This is a convenience method * that immediately delegates to {@link #generateKeyPair(int)} based on the relevant key size for the specified * algorithm. * * @param alg the signature algorithm to inspect to determine a size in bits. * @return a new RSA secure-random key pair of the specified size. * @see #generateKeyPair() * @see #generateKeyPair(int, SecureRandom) * @see #generateKeyPair(String, int, SecureRandom) * @since 0.10.0 */ @SuppressWarnings("unused") //used by io.jsonwebtoken.security.Keys public static KeyPair generateKeyPair(SignatureAlgorithm alg) { Assert.isTrue(alg.isRsa(), "Only RSA algorithms are supported by this method."); int keySizeInBits = 4096; switch (alg) { case RS256: case PS256: keySizeInBits = 2048; break; case RS384: case PS384: keySizeInBits = 3072; break; } return generateKeyPair(keySizeInBits, DEFAULT_SECURE_RANDOM); }
@Override public JwtBuilder signWith(SignatureAlgorithm alg, byte[] secretKeyBytes) throws InvalidKeyException { Assert.notNull(alg, "SignatureAlgorithm cannot be null."); Assert.notEmpty(secretKeyBytes, "secret key byte array cannot be null or empty."); Assert.isTrue(alg.isHmac(), "Key bytes may only be specified for HMAC signatures. If using RSA or Elliptic Curve, use the signWith(SignatureAlgorithm, Key) method instead."); SecretKey key = new SecretKeySpec(secretKeyBytes, alg.getJcaName()); return signWith(key, alg); }
@Override public JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey) throws InvalidKeyException { Assert.hasText(base64EncodedSecretKey, "base64-encoded secret key cannot be null or empty."); Assert.isTrue(alg.isHmac(), "Base64-encoded key bytes may only be specified for HMAC signatures. If using RSA or Elliptic Curve, use the signWith(SignatureAlgorithm, Key) method instead."); byte[] bytes = Decoders.BASE64.decode(base64EncodedSecretKey); return signWith(alg, bytes); }
@Override public Key resolveSigningKey(JwsHeader header, String plaintext) { SignatureAlgorithm alg = SignatureAlgorithm.forName(header.getAlgorithm()); Assert.isTrue(alg.isHmac(), "The default resolveSigningKey(JwsHeader, String) implementation cannot be " + "used for asymmetric key algorithms (RSA, Elliptic Curve). " + "Override the resolveSigningKey(JwsHeader, String) method instead and return a " + "Key instance appropriate for the " + alg.name() + " algorithm."); byte[] keyBytes = resolveSigningKeyBytes(header, plaintext); return new SecretKeySpec(keyBytes, alg.getJcaName()); }
@Override public Key resolveSigningKey(JwsHeader header, Claims claims) { SignatureAlgorithm alg = SignatureAlgorithm.forName(header.getAlgorithm()); Assert.isTrue(alg.isHmac(), "The default resolveSigningKey(JwsHeader, Claims) implementation cannot be " + "used for asymmetric key algorithms (RSA, Elliptic Curve). " + "Override the resolveSigningKey(JwsHeader, Claims) method instead and return a " + "Key instance appropriate for the " + alg.name() + " algorithm."); byte[] keyBytes = resolveSigningKeyBytes(header, claims); return new SecretKeySpec(keyBytes, alg.getJcaName()); }
Assert.isTrue(algorithm.isHmac(), "Key bytes can only be specified for HMAC signatures. Please specify a PublicKey or PrivateKey instance.");
/** * Assert a boolean expression, throwing <code>IllegalArgumentException</code> * if the test result is <code>false</code>. * <pre class="code">Assert.isTrue(i > 0);</pre> * @param expression a boolean expression * @throws IllegalArgumentException if expression is <code>false</code> */ public static void isTrue(boolean expression) { isTrue(expression, "[Assertion failed] - this expression must be true"); }
public MacSigner(SignatureAlgorithm alg, Key key) { super(alg, key); Assert.isTrue(alg.isHmac(), "The MacSigner only supports HMAC signature algorithms."); if (!(key instanceof SecretKey)) { String msg = "MAC signatures must be computed and verified using a SecretKey. The specified key of " + "type " + key.getClass().getName() + " is not a SecretKey."; throw new IllegalArgumentException(msg); } }
@Override public JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey) { Assert.hasText(base64EncodedSecretKey, "base64-encoded secret key cannot be null or empty."); Assert.isTrue(alg.isHmac(), "Base64-encoded key bytes may only be specified for HMAC signatures. If using RSA or Elliptic Curve, use the signWith(SignatureAlgorithm, Key) method instead."); byte[] bytes = TextCodec.BASE64.decode(base64EncodedSecretKey); return signWith(alg, bytes); }
@Override public Key resolveSigningKey(JwsHeader header, Claims claims) { SignatureAlgorithm alg = SignatureAlgorithm.forName(header.getAlgorithm()); Assert.isTrue(alg.isHmac(), "The default resolveSigningKey(JwsHeader, Claims) implementation cannot be " + "used for asymmetric key algorithms (RSA, Elliptic Curve). " + "Override the resolveSigningKey(JwsHeader, Claims) method instead and return a " + "Key instance appropriate for the " + alg.name() + " algorithm."); byte[] keyBytes = resolveSigningKeyBytes(header, claims); return new SecretKeySpec(keyBytes, alg.getJcaName()); }
@Override public Key resolveSigningKey(JwsHeader header, String plaintext) { SignatureAlgorithm alg = SignatureAlgorithm.forName(header.getAlgorithm()); Assert.isTrue(alg.isHmac(), "The default resolveSigningKey(JwsHeader, String) implementation cannot be " + "used for asymmetric key algorithms (RSA, Elliptic Curve). " + "Override the resolveSigningKey(JwsHeader, String) method instead and return a " + "Key instance appropriate for the " + alg.name() + " algorithm."); byte[] keyBytes = resolveSigningKeyBytes(header, plaintext); return new SecretKeySpec(keyBytes, alg.getJcaName()); }