Author: matthieu
Date: Thu Jan 28 09:12:10 2016
New Revision: 1727285
URL: http://svn.apache.org/viewvc?rev=1727285&view=rev
Log:
JAMES-1672 Check validity of JWT token payload before using it
Modified:
james/project/trunk/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JwtTokenVerifier.java
james/project/trunk/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JwtTokenVerifierTest.java
Modified:
james/project/trunk/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JwtTokenVerifier.java
URL:
http://svn.apache.org/viewvc/james/project/trunk/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JwtTokenVerifier.java?rev=1727285&r1=1727284&r2=1727285&view=diff
==============================================================================
---
james/project/trunk/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JwtTokenVerifier.java
(original)
+++
james/project/trunk/server/protocols/jmap/src/main/java/org/apache/james/jmap/crypto/JwtTokenVerifier.java
Thu Jan 28 09:12:10 2016
@@ -21,15 +21,13 @@ package org.apache.james.jmap.crypto;
import javax.inject.Inject;
import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
-import io.jsonwebtoken.SignatureException;
-import io.jsonwebtoken.UnsupportedJwtException;
public class JwtTokenVerifier {
@@ -42,7 +40,10 @@ public class JwtTokenVerifier {
}
public boolean verify(String token) throws JwtException {
- parseToken(token);
+ String subject = extractLogin(token);
+ if (Strings.isNullOrEmpty(subject)) {
+ throw new MalformedJwtException("'subject' field in token is
mandatory");
+ }
return true;
}
Modified:
james/project/trunk/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JwtTokenVerifierTest.java
URL:
http://svn.apache.org/viewvc/james/project/trunk/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JwtTokenVerifierTest.java?rev=1727285&r1=1727284&r2=1727285&view=diff
==============================================================================
---
james/project/trunk/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JwtTokenVerifierTest.java
(original)
+++
james/project/trunk/server/protocols/jmap/src/test/java/org/apache/james/jmap/crypto/JwtTokenVerifierTest.java
Thu Jan 28 09:12:10 2016
@@ -30,6 +30,7 @@ import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
+import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureException;
public class JwtTokenVerifierTest {
@@ -43,6 +44,7 @@ public class JwtTokenVerifierTest {
"U1LZUUbJW9/CH45YXz82CYqkrfbnQxqRb2iVbVjs/sHopHd1NTiCfUtwvcYJiBVj\n" +
"kwIDAQAB\n" +
"-----END PUBLIC KEY-----";
+
private static final String VALID_TOKEN =
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.T04BTk"
+
"LXkJj24coSZkK13RfG25lpvmSl2MJ7N10KpBk9_-95EGYZdog-BDAn3PJzqVw52z-Bwjh4VOj1-j7cURu0cT4jXehhUrlCxS4n7QHZD"
+
"N_bsEYGu7KzjWTpTsUiHe-rN7izXVFxDGG1TGwlmBCBnPW-EFCf9ylUsJi0r2BKNdaaPRfMIrHptH1zJBkkUziWpBN1RNLjmvlAUf49"
+
@@ -79,15 +81,41 @@ public class JwtTokenVerifierTest {
@Test
public void shouldThrowOnMismatchingSigningKey() {
- String token =
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.Pd6t82"
+
+ String invalidToken =
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.Pd6t82"
+
"tPL3EZdkeYxw_DV2KimE1U2FvuLHmfR_mimJ5US3JFU4J2Gd94O7rwpSTGN1B9h-_lsTebo4ua4xHsTtmczZ9xa8a_kWKaSkqFjNFa"
+
"Fp6zcoD6ivCu03SlRqsQzSRHXo6TKbnqOt9D6Y2rNa3C4igSwoS0jUE4BgpXbc0";
- assertThatThrownBy(() -> sut.verify(token))
+ assertThatThrownBy(() -> sut.verify(invalidToken))
.isInstanceOf(SignatureException.class);
}
@Test
+ public void verifyShouldThrowWhenSubjectIsNull() {
+ String tokenWithNullSubject =
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOm51bGwsIm5hbWUiOiJKb2huIERvZSJ9.EB"
+
+
"_1grWDy_kFelXs3AQeiP13ay4eG_134dWB9XPRSeWsuPs8Mz2UY-VHDxLGD-fAqv-xKXr4QFEnS7iZkdpe0tPLNSwIjqeqkC6KqQln"
+
+
"oC1okqWVWBDOcf7Acp1Jzp_cFTUhL5LkHvZDsyCdq5T9OOVVkzO4A9RrzIUsTrYPtRCBuYJ3ggR33cKpw191PulPGNH70rZqpUfDXe"
+
+
"VPY3q15vWzZH9O9IJzB2KdHRMPxl2luRjzDbh4DLp56NhZuLX_2a9UAlmbV8MQX4Z_04ybhAYrcBfxR3MgJyr0jlxSibqSbXrkXuo-"
+
+ "PyybfZCIhK_qXUlO5OS6sO7AQhKZO9p0MQ";
+
+ assertThatThrownBy(() -> sut.verify(tokenWithNullSubject))
+ .isInstanceOf(MalformedJwtException.class)
+ .hasMessage("'subject' field in token is mandatory");
+ }
+
+ @Test
+ public void verifyShouldThrowWhenEmptySubject() {
+ String tokenWithEmptySubject =
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIiLCJuYW1lIjoiSm9obiBEb2UifQ.UdY"
+
+
"s2PPzFCegUYspoDCnlJR_bJm8_z1InOv4v3tq8SJETQUarOXlhb_n6y6ujVvmJiSx9dI24Hc3Czi3RGUOXbnBDj1WPfd0aVSiUSqZr"
+
+
"MCHBt5vjCYqAseDaP3w4aiiFb6EV3tteJFeBLZx8XlKPYxlzRLLUADDyDSQvrFBBPxfsvCETZovKdo9ofIN64o-yx23ss63yE6oIOd"
+
+
"zJZ1Id40KSR2d7l3kIQJPLKUWJDnro5RAh4DOGOWNSq0JSbMhk7Zn3cXIBUpv3R8p79tui1UQpzwHMC0e6OSuWEDNQHtq-Cz85u8GG"
+
+ "sUSbogmgObA_BimNtUq_Q1p0SGtIYBXmQ";
+
+ assertThatThrownBy(() -> sut.verify(tokenWithEmptySubject))
+ .isInstanceOf(MalformedJwtException.class)
+ .hasMessage("'subject' field in token is mandatory");
+ }
+
+ @Test
public void shouldReturnUserLoginFromValidToken() {
assertThat(sut.extractLogin(VALID_TOKEN)).isEqualTo("1234567890");
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
