Repository: knox Updated Branches: refs/heads/master 8b1329b22 -> ea040febb
KNOX-1568 - Upgrade nimbus-jose-jwt to 6.5 Signed-off-by: Kevin Risden <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/ea040feb Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/ea040feb Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/ea040feb Branch: refs/heads/master Commit: ea040febbc3d7f162ac4a54bc71646eb1ce79d6b Parents: 8b1329b Author: Kevin Risden <[email protected]> Authored: Wed Nov 7 20:35:20 2018 -0500 Committer: Kevin Risden <[email protected]> Committed: Wed Dec 12 13:59:24 2018 -0500 ---------------------------------------------------------------------- .../knox/gateway/provider/federation/AbstractJWTFilterTest.java | 4 ++-- .../gateway/services/security/impl/DefaultKeystoreService.java | 2 +- .../services/token/impl/DefaultTokenAuthorityService.java | 3 ++- .../apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java | 4 ++-- .../knox/gateway/service/knoxtoken/TokenServiceResourceTest.java | 2 +- .../knox/gateway/services/security/impl/CMFKeystoreService.java | 2 +- .../knox/gateway/services/security/token/impl/JWTTokenTest.java | 4 +--- pom.xml | 2 +- 8 files changed, 11 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/ea040feb/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java index dd9aae9..23967c9 100644 --- a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java +++ b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java @@ -457,7 +457,7 @@ public abstract class AbstractJWTFilterTest { try { // Create a private key to sign the token KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); - kpg.initialize(1024); + kpg.initialize(2048); KeyPair kp = kpg.genKeyPair(); @@ -493,7 +493,7 @@ public abstract class AbstractJWTFilterTest { Properties props = getProperties(); KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); - kpg.initialize(1024); + kpg.initialize(2048); KeyPair KPair = kpg.generateKeyPair(); String dn = buildDistinguishedName(InetAddress.getLocalHost().getHostName()); http://git-wip-us.apache.org/repos/asf/knox/blob/ea040feb/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java index c0c6756..947b4a8 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java @@ -189,7 +189,7 @@ public class DefaultKeystoreService extends BaseKeystoreService implements KeyPairGenerator keyPairGenerator; try { keyPairGenerator = KeyPairGenerator.getInstance("RSA"); - keyPairGenerator.initialize(1024); + keyPairGenerator.initialize(2048); KeyPair KPair = keyPairGenerator.generateKeyPair(); if (hostname == null) { hostname = System.getProperty(CERT_GEN_MODE, CERT_GEN_MODE_LOCALHOST); http://git-wip-us.apache.org/repos/asf/knox/blob/ea040feb/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java ---------------------------------------------------------------------- diff --git a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java index b9e606f..6034889 100644 --- a/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java +++ b/gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java @@ -140,7 +140,8 @@ public class DefaultTokenAuthorityService implements JWTokenAuthority, Service { try { RSAPrivateKey key = (RSAPrivateKey) ks.getSigningKey(signingKeystoreName, getSigningKeyAlias(signingKeystoreAlias), passphrase); - JWSSigner signer = new RSASSASigner(key); + // allowWeakKey to not break existing 1024 bit certificates + JWSSigner signer = new RSASSASigner(key, true); token.sign(signer); } catch (KeystoreServiceException e) { throw new TokenServiceException(e); http://git-wip-us.apache.org/repos/asf/knox/blob/ea040feb/gateway-service-knoxsso/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxsso/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java b/gateway-service-knoxsso/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java index 52cc8f7..2f3c38e 100644 --- a/gateway-service-knoxsso/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java +++ b/gateway-service-knoxsso/src/test/java/org/apache/knox/gateway/service/knoxsso/WebSSOResourceTest.java @@ -81,7 +81,7 @@ public class WebSSOResourceTest { @BeforeClass public static void setup() throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); - kpg.initialize(1024); + kpg.initialize(2048); KeyPair keyPair = kpg.generateKeyPair(); gatewayPublicKey = (RSAPublicKey) keyPair.getPublic(); @@ -800,7 +800,7 @@ public class WebSSOResourceTest { String customSigningKeyPassphrase = "testSigningKeyPassphrase"; KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); - kpg.initialize(1024); + kpg.initialize(2048); KeyPair keyPair = kpg.generateKeyPair(); RSAPublicKey customPublicKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey customPrivateKey = (RSAPrivateKey) keyPair.getPrivate(); http://git-wip-us.apache.org/repos/asf/knox/blob/ea040feb/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java index 18a645f..44ab79f 100644 --- a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java +++ b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java @@ -64,7 +64,7 @@ public class TokenServiceResourceTest { @BeforeClass public static void setup() throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); - kpg.initialize(1024); + kpg.initialize(2048); KeyPair KPair = kpg.generateKeyPair(); publicKey = (RSAPublicKey) KPair.getPublic(); http://git-wip-us.apache.org/repos/asf/knox/blob/ea040feb/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/impl/CMFKeystoreService.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/impl/CMFKeystoreService.java b/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/impl/CMFKeystoreService.java index 4b41692..854ccd0 100644 --- a/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/impl/CMFKeystoreService.java +++ b/gateway-spi/src/main/java/org/apache/knox/gateway/services/security/impl/CMFKeystoreService.java @@ -68,7 +68,7 @@ public class CMFKeystoreService extends BaseKeystoreService { KeyPairGenerator keyPairGenerator; try { keyPairGenerator = KeyPairGenerator.getInstance("RSA"); - keyPairGenerator.initialize(1024); + keyPairGenerator.initialize(2048); KeyPair KPair = keyPairGenerator.generateKeyPair(); X509Certificate cert = X509CertificateUtil.generateCertificate(TEST_CERT_DN, KPair, 365, "SHA1withRSA"); http://git-wip-us.apache.org/repos/asf/knox/blob/ea040feb/gateway-spi/src/test/java/org/apache/knox/gateway/services/security/token/impl/JWTTokenTest.java ---------------------------------------------------------------------- diff --git a/gateway-spi/src/test/java/org/apache/knox/gateway/services/security/token/impl/JWTTokenTest.java b/gateway-spi/src/test/java/org/apache/knox/gateway/services/security/token/impl/JWTTokenTest.java index 296c4a7..ed23bd4 100644 --- a/gateway-spi/src/test/java/org/apache/knox/gateway/services/security/token/impl/JWTTokenTest.java +++ b/gateway-spi/src/test/java/org/apache/knox/gateway/services/security/token/impl/JWTTokenTest.java @@ -19,7 +19,6 @@ package org.apache.knox.gateway.services.security.token.impl; import java.security.KeyPair; import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.text.ParseException; @@ -44,7 +43,7 @@ public class JWTTokenTest extends org.junit.Assert { private static RSAPrivateKey privateKey; @BeforeClass - public static void setup() throws Exception, NoSuchAlgorithmException { + public static void setup() throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(2048); @@ -236,5 +235,4 @@ public class JWTTokenTest extends org.junit.Assert { // expected } } - } http://git-wip-us.apache.org/repos/asf/knox/blob/ea040feb/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 5173139..949a1c4 100644 --- a/pom.xml +++ b/pom.xml @@ -200,7 +200,7 @@ <maven-enforcer-plugin.version>3.0.0-M2</maven-enforcer-plugin.version> <maven-pmd-plugin.version>3.11.0</maven-pmd-plugin.version> <metrics.version>4.0.3</metrics.version> - <nimbus-jose-jwt.version>6.0.2</nimbus-jose-jwt.version> + <nimbus-jose-jwt.version>6.5</nimbus-jose-jwt.version> <okhttp.version>2.7.5</okhttp.version> <pac4j.version>2.1.0</pac4j.version> <protobuf.version>3.6.1</protobuf.version>
