Skip to content

Commit

Permalink
Merge pull request #574 from auth0/expose-claim-header-constants
Browse files Browse the repository at this point in the history
[SDK-3226] Expose claim header constants
  • Loading branch information
jimmyjames authored Apr 13, 2022
2 parents af04b22 + 035f323 commit c82c150
Show file tree
Hide file tree
Showing 12 changed files with 166 additions and 115 deletions.
29 changes: 29 additions & 0 deletions lib/src/main/java/com/auth0/jwt/HeaderParams.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
package com.auth0.jwt;

/**
* Contains constants representing the JWT header parameter names.
*/
public final class HeaderParams {

private HeaderParams() {}

/**
* The algorithm used to sign a JWT.
*/
public static String ALGORITHM = "alg";

/**
* The content type of a JWT.
*/
public static String CONTENT_TYPE = "cty";

/**
* The media type of a JWT.
*/
public static String TYPE = "typ";

/**
* The key ID of a JWT used to specify the key for signature validation.
*/
public static String KEY_ID = "kid";
}
28 changes: 14 additions & 14 deletions lib/src/main/java/com/auth0/jwt/JWTCreator.java
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ public Builder withHeader(Map<String, Object> headerClaims) {
* @return this same Builder instance.
*/
public Builder withKeyId(String keyId) {
this.headerClaims.put(PublicClaims.KEY_ID, keyId);
this.headerClaims.put(HeaderParams.KEY_ID, keyId);
return this;
}

Expand All @@ -115,7 +115,7 @@ public Builder withKeyId(String keyId) {
* @return this same Builder instance.
*/
public Builder withIssuer(String issuer) {
addClaim(PublicClaims.ISSUER, issuer);
addClaim(RegisteredClaims.ISSUER, issuer);
return this;
}

Expand All @@ -126,7 +126,7 @@ public Builder withIssuer(String issuer) {
* @return this same Builder instance.
*/
public Builder withSubject(String subject) {
addClaim(PublicClaims.SUBJECT, subject);
addClaim(RegisteredClaims.SUBJECT, subject);
return this;
}

Expand All @@ -137,7 +137,7 @@ public Builder withSubject(String subject) {
* @return this same Builder instance.
*/
public Builder withAudience(String... audience) {
addClaim(PublicClaims.AUDIENCE, audience);
addClaim(RegisteredClaims.AUDIENCE, audience);
return this;
}

Expand All @@ -149,7 +149,7 @@ public Builder withAudience(String... audience) {
* @return this same Builder instance.
*/
public Builder withExpiresAt(Date expiresAt) {
addClaim(PublicClaims.EXPIRES_AT, expiresAt);
addClaim(RegisteredClaims.EXPIRES_AT, expiresAt);
return this;
}

Expand All @@ -161,7 +161,7 @@ public Builder withExpiresAt(Date expiresAt) {
* @return this same Builder instance.
*/
public Builder withExpiresAt(Instant expiresAt) {
addClaim(PublicClaims.EXPIRES_AT, expiresAt);
addClaim(RegisteredClaims.EXPIRES_AT, expiresAt);
return this;
}

Expand All @@ -173,7 +173,7 @@ public Builder withExpiresAt(Instant expiresAt) {
* @return this same Builder instance.
*/
public Builder withNotBefore(Date notBefore) {
addClaim(PublicClaims.NOT_BEFORE, notBefore);
addClaim(RegisteredClaims.NOT_BEFORE, notBefore);
return this;
}

Expand All @@ -185,7 +185,7 @@ public Builder withNotBefore(Date notBefore) {
* @return this same Builder instance.
*/
public Builder withNotBefore(Instant notBefore) {
addClaim(PublicClaims.NOT_BEFORE, notBefore);
addClaim(RegisteredClaims.NOT_BEFORE, notBefore);
return this;
}

Expand All @@ -197,7 +197,7 @@ public Builder withNotBefore(Instant notBefore) {
* @return this same Builder instance.
*/
public Builder withIssuedAt(Date issuedAt) {
addClaim(PublicClaims.ISSUED_AT, issuedAt);
addClaim(RegisteredClaims.ISSUED_AT, issuedAt);
return this;
}

Expand All @@ -209,7 +209,7 @@ public Builder withIssuedAt(Date issuedAt) {
* @return this same Builder instance.
*/
public Builder withIssuedAt(Instant issuedAt) {
addClaim(PublicClaims.ISSUED_AT, issuedAt);
addClaim(RegisteredClaims.ISSUED_AT, issuedAt);
return this;
}

Expand All @@ -220,7 +220,7 @@ public Builder withIssuedAt(Instant issuedAt) {
* @return this same Builder instance.
*/
public Builder withJWTId(String jwtId) {
addClaim(PublicClaims.JWT_ID, jwtId);
addClaim(RegisteredClaims.JWT_ID, jwtId);
return this;
}

Expand Down Expand Up @@ -543,9 +543,9 @@ public String sign(Algorithm algorithm) throws IllegalArgumentException, JWTCrea
if (algorithm == null) {
throw new IllegalArgumentException("The Algorithm cannot be null.");
}
headerClaims.put(PublicClaims.ALGORITHM, algorithm.getName());
if (!headerClaims.containsKey(PublicClaims.TYPE)) {
headerClaims.put(PublicClaims.TYPE, "JWT");
headerClaims.put(HeaderParams.ALGORITHM, algorithm.getName());
if (!headerClaims.containsKey(HeaderParams.TYPE)) {
headerClaims.put(HeaderParams.TYPE, "JWT");
}
String signingKeyId = algorithm.getSigningKeyId();
if (signingKeyId != null) {
Expand Down
43 changes: 21 additions & 22 deletions lib/src/main/java/com/auth0/jwt/JWTVerifier.java
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.*;
import com.auth0.jwt.impl.JWTParser;
import com.auth0.jwt.impl.PublicClaims;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.impl.ExpectedCheckHolder;
Expand Down Expand Up @@ -71,13 +70,13 @@ public static class BaseVerification implements Verification {
@Override
public Verification withIssuer(String... issuer) {
List<String> value = isNullOrEmpty(issuer) ? null : Arrays.asList(issuer);
addCheck(PublicClaims.ISSUER, ((claim, decodedJWT) -> {
addCheck(RegisteredClaims.ISSUER, ((claim, decodedJWT) -> {
if (verifyNull(claim, value)) {
return true;
}
if (value == null || !value.contains(claim.asString())) {
throw new IncorrectClaimException(
"The Claim 'iss' value doesn't match the required issuer.", PublicClaims.ISSUER, claim);
"The Claim 'iss' value doesn't match the required issuer.", RegisteredClaims.ISSUER, claim);
}
return true;
}));
Expand All @@ -86,21 +85,21 @@ public Verification withIssuer(String... issuer) {

@Override
public Verification withSubject(String subject) {
addCheck(PublicClaims.SUBJECT, (claim, decodedJWT) ->
addCheck(RegisteredClaims.SUBJECT, (claim, decodedJWT) ->
verifyNull(claim, subject) || subject.equals(claim.asString()));
return this;
}

@Override
public Verification withAudience(String... audience) {
List<String> value = isNullOrEmpty(audience) ? null : Arrays.asList(audience);
addCheck(PublicClaims.AUDIENCE, ((claim, decodedJWT) -> {
addCheck(RegisteredClaims.AUDIENCE, ((claim, decodedJWT) -> {
if (verifyNull(claim, value)) {
return true;
}
if (!assertValidAudienceClaim(decodedJWT.getAudience(), value, true)) {
throw new IncorrectClaimException("The Claim 'aud' value doesn't contain the required audience.",
PublicClaims.AUDIENCE, claim);
RegisteredClaims.AUDIENCE, claim);
}
return true;
}));
Expand All @@ -110,13 +109,13 @@ public Verification withAudience(String... audience) {
@Override
public Verification withAnyOfAudience(String... audience) {
List<String> value = isNullOrEmpty(audience) ? null : Arrays.asList(audience);
addCheck(PublicClaims.AUDIENCE, ((claim, decodedJWT) -> {
addCheck(RegisteredClaims.AUDIENCE, ((claim, decodedJWT) -> {
if (verifyNull(claim, value)) {
return true;
}
if (!assertValidAudienceClaim(decodedJWT.getAudience(), value, false)) {
throw new IncorrectClaimException("The Claim 'aud' value doesn't contain the required audience.",
PublicClaims.AUDIENCE, claim);
RegisteredClaims.AUDIENCE, claim);
}
return true;
}));
Expand All @@ -133,21 +132,21 @@ public Verification acceptLeeway(long leeway) throws IllegalArgumentException {
@Override
public Verification acceptExpiresAt(long leeway) throws IllegalArgumentException {
assertPositive(leeway);
customLeeways.put(PublicClaims.EXPIRES_AT, leeway);
customLeeways.put(RegisteredClaims.EXPIRES_AT, leeway);
return this;
}

@Override
public Verification acceptNotBefore(long leeway) throws IllegalArgumentException {
assertPositive(leeway);
customLeeways.put(PublicClaims.NOT_BEFORE, leeway);
customLeeways.put(RegisteredClaims.NOT_BEFORE, leeway);
return this;
}

@Override
public Verification acceptIssuedAt(long leeway) throws IllegalArgumentException {
assertPositive(leeway);
customLeeways.put(PublicClaims.ISSUED_AT, leeway);
customLeeways.put(RegisteredClaims.ISSUED_AT, leeway);
return this;
}

Expand All @@ -159,7 +158,7 @@ public Verification ignoreIssuedAt() {

@Override
public Verification withJWTId(String jwtId) {
addCheck(PublicClaims.JWT_ID, ((claim, decodedJWT) ->
addCheck(RegisteredClaims.JWT_ID, ((claim, decodedJWT) ->
verifyNull(claim, jwtId) || jwtId.equals(claim.asString())));
return this;
}
Expand Down Expand Up @@ -297,17 +296,17 @@ public long getLeewayFor(String name) {
}

private void addMandatoryClaimChecks() {
long expiresAtLeeway = getLeewayFor(PublicClaims.EXPIRES_AT);
long notBeforeLeeway = getLeewayFor(PublicClaims.NOT_BEFORE);
long issuedAtLeeway = getLeewayFor(PublicClaims.ISSUED_AT);

expectedChecks.add(constructExpectedCheck(PublicClaims.EXPIRES_AT, (claim, decodedJWT) ->
assertValidInstantClaim(PublicClaims.EXPIRES_AT, claim, expiresAtLeeway, true)));
expectedChecks.add(constructExpectedCheck(PublicClaims.NOT_BEFORE, (claim, decodedJWT) ->
assertValidInstantClaim(PublicClaims.NOT_BEFORE, claim, notBeforeLeeway, false)));
long expiresAtLeeway = getLeewayFor(RegisteredClaims.EXPIRES_AT);
long notBeforeLeeway = getLeewayFor(RegisteredClaims.NOT_BEFORE);
long issuedAtLeeway = getLeewayFor(RegisteredClaims.ISSUED_AT);

expectedChecks.add(constructExpectedCheck(RegisteredClaims.EXPIRES_AT, (claim, decodedJWT) ->
assertValidInstantClaim(RegisteredClaims.EXPIRES_AT, claim, expiresAtLeeway, true)));
expectedChecks.add(constructExpectedCheck(RegisteredClaims.NOT_BEFORE, (claim, decodedJWT) ->
assertValidInstantClaim(RegisteredClaims.NOT_BEFORE, claim, notBeforeLeeway, false)));
if (!ignoreIssuedAt) {
expectedChecks.add(constructExpectedCheck(PublicClaims.ISSUED_AT, (claim, decodedJWT) ->
assertValidInstantClaim(PublicClaims.ISSUED_AT, claim, issuedAtLeeway, false)));
expectedChecks.add(constructExpectedCheck(RegisteredClaims.ISSUED_AT, (claim, decodedJWT) ->
assertValidInstantClaim(RegisteredClaims.ISSUED_AT, claim, issuedAtLeeway, false)));
}
}

Expand Down
48 changes: 48 additions & 0 deletions lib/src/main/java/com/auth0/jwt/RegisteredClaims.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package com.auth0.jwt;

/**
* Contains constants representing the name of the Registered Claim Names as defined in Section 4.1.1 of
* <a href="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1">RFC 7529</a>
*/
public final class RegisteredClaims {

private RegisteredClaims() {
}

/**
* The "iss" (issuer) claim identifies the principal that issued the JWT.
*/
public static String ISSUER = "iss";

/**
* The "sub" (subject) claim identifies the principal that is the subject of the JWT.
*/
public static String SUBJECT = "sub";

/**
* The "aud" (audience) claim identifies the recipients that the JWT is intended for.
*/
public static String AUDIENCE = "aud";

/**
* The "exp" (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be
* accepted for processing.
*/
public static String EXPIRES_AT = "exp";

/**
* The "nbf" (not before) claim identifies the time before which the JWT MUST NOT be accepted for processing.
*/
public static String NOT_BEFORE = "nbf";

/**
* The "iat" (issued at) claim identifies the time at which the JWT was issued.
*/
public static String ISSUED_AT = "iat";

/**
* The "jti" (JWT ID) claim provides a unique identifier for the JWT.
*/
public static String JWT_ID = "jti";

}
9 changes: 5 additions & 4 deletions lib/src/main/java/com/auth0/jwt/impl/HeaderDeserializer.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.auth0.jwt.impl;

import com.auth0.jwt.HeaderParams;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.type.TypeReference;
Expand Down Expand Up @@ -40,10 +41,10 @@ public BasicHeader deserialize(JsonParser p, DeserializationContext ctxt) throws
throw new JWTDecodeException("Parsing the Header's JSON resulted on a Null map");
}

String algorithm = getString(tree, PublicClaims.ALGORITHM);
String type = getString(tree, PublicClaims.TYPE);
String contentType = getString(tree, PublicClaims.CONTENT_TYPE);
String keyId = getString(tree, PublicClaims.KEY_ID);
String algorithm = getString(tree, HeaderParams.ALGORITHM);
String type = getString(tree, HeaderParams.TYPE);
String contentType = getString(tree, HeaderParams.CONTENT_TYPE);
String keyId = getString(tree, HeaderParams.KEY_ID);
return new BasicHeader(algorithm, type, contentType, keyId, tree, objectReader);
}

Expand Down
15 changes: 8 additions & 7 deletions lib/src/main/java/com/auth0/jwt/impl/PayloadDeserializer.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.auth0.jwt.impl;

import com.auth0.jwt.RegisteredClaims;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.Payload;
import com.fasterxml.jackson.core.JsonParser;
Expand Down Expand Up @@ -43,13 +44,13 @@ public Payload deserialize(JsonParser p, DeserializationContext ctxt) throws IOE
throw new JWTDecodeException("Parsing the Payload's JSON resulted on a Null map");
}

String issuer = getString(tree, PublicClaims.ISSUER);
String subject = getString(tree, PublicClaims.SUBJECT);
List<String> audience = getStringOrArray(tree, PublicClaims.AUDIENCE);
Instant expiresAt = getInstantFromSeconds(tree, PublicClaims.EXPIRES_AT);
Instant notBefore = getInstantFromSeconds(tree, PublicClaims.NOT_BEFORE);
Instant issuedAt = getInstantFromSeconds(tree, PublicClaims.ISSUED_AT);
String jwtId = getString(tree, PublicClaims.JWT_ID);
String issuer = getString(tree, RegisteredClaims.ISSUER);
String subject = getString(tree, RegisteredClaims.SUBJECT);
List<String> audience = getStringOrArray(tree, RegisteredClaims.AUDIENCE);
Instant expiresAt = getInstantFromSeconds(tree, RegisteredClaims.EXPIRES_AT);
Instant notBefore = getInstantFromSeconds(tree, RegisteredClaims.NOT_BEFORE);
Instant issuedAt = getInstantFromSeconds(tree, RegisteredClaims.ISSUED_AT);
String jwtId = getString(tree, RegisteredClaims.JWT_ID);

return new PayloadImpl(issuer, subject, audience, expiresAt, notBefore, issuedAt, jwtId, tree, objectReader);
}
Expand Down
3 changes: 2 additions & 1 deletion lib/src/main/java/com/auth0/jwt/impl/PayloadSerializer.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.auth0.jwt.impl;

import com.auth0.jwt.RegisteredClaims;
import com.fasterxml.jackson.core.JsonGenerator;

import java.io.IOException;
Expand All @@ -22,7 +23,7 @@ public PayloadSerializer() {

@Override
protected void writeClaim(Map.Entry<String, Object> entry, JsonGenerator gen) throws IOException {
if (PublicClaims.AUDIENCE.equals(entry.getKey())) {
if (RegisteredClaims.AUDIENCE.equals(entry.getKey())) {
writeAudience(gen, entry);
} else {
super.writeClaim(entry, gen);
Expand Down
Loading

0 comments on commit c82c150

Please sign in to comment.