Cherry pick branch 'genexuslabs:gamutils_eo' into beta

Author: sgrampone

gamutils/src/main/java/com/genexus/gam/GamUtilsEO.java

@@ -57,27 +57,19 @@ public static String getJwkAlgorithm(String jwkString) {
 	}
 
 	//**JWT**//
-	public static boolean verifyJwtRsa(String path, String alias, String password, String token) {
-		return Jwt.verify(path, alias, password, token, "", false);
+	public static boolean verifyJwt(String path, String alias, String password, String token) {
+		return Jwt.verify(path, alias, password, token);
 	}
 
-	public static String createJwtRsa(String path, String alias, String password, String payload, String header) {
-		return Jwt.create(path, alias, password, payload, header, "", false);
-	}
-
-	public static boolean verifyJwtSha(String secret, String token) {
-		return Jwt.verify("", "", "", token, secret, true);
+	public static String createJwt(String path, String alias, String password, String payload, String header) {
+		return Jwt.create(path, alias, password, payload, header);
 	}
 
 	public static boolean verifyAlgorithm(String expectedAlgorithm, String token)
 	{
 		return Jwt.verifyAlgorithm(expectedAlgorithm, token);
 	}
 
-	public static String createJwtSha(String secret, String payload, String header) {
-		return Jwt.create("", "", "",  payload, header, secret, true);
-	}
-
 	public static long createUnixTimestamp(Date date) {
 		return UnixTimestamp.create(date);
 	}
@@ -97,5 +89,9 @@ public static String base64ToBase64Url(String base64) {
 
 	public static String hexaToBase64(String hexa) { return Encoding.hexaToBase64(hexa); }
 
+	public static String toBase64Url(String input) { return Encoding.toBase64Url(input); }
+
+	public static String fromBase64Url(String base64) { return Encoding.fromBase64Url(base64); }
+
 	/********EXTERNAL OBJECT PUBLIC METHODS  - END ********/
 }

gamutils/src/main/java/com/genexus/gam/utils/Encoding.java

@@ -1,12 +1,15 @@
 package com.genexus.gam.utils;
 
 
+import com.nimbusds.jose.util.Base64URL;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.bouncycastle.util.encoders.Base64;
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.encoders.UrlBase64;
 
+import java.nio.charset.StandardCharsets;
+
 public class Encoding {
 
 	private static final Logger logger = LogManager.getLogger(Encoding.class);
@@ -32,4 +35,28 @@ public static String hexaToBase64(String hexa)
 			return "";
 		}
 	}
+
+	public static String toBase64Url(String input)
+	{
+		logger.debug("UTF8toBase64Url");
+		try{
+			return new String(UrlBase64.encode(input.getBytes(StandardCharsets.UTF_8)));
+		}catch (Exception e)
+		{
+			logger.error("UTF8toBase64Url", e);
+			return "";
+		}
+	}
+
+	public static String fromBase64Url(String base64Url)
+	{
+		logger.debug("fromBase64Url");
+		try{
+			return new String(UrlBase64.decode(base64Url), StandardCharsets.UTF_8);
+		}catch (Exception e)
+		{
+			logger.error("fromBase64Url", e);
+			return "";
+		}
+	}
 }

gamutils/src/main/java/com/genexus/gam/utils/json/JWTAlgorithm.java

@@ -0,0 +1,72 @@
+package com.genexus.gam.utils.json;
+
+import com.nimbusds.jose.JWSAlgorithm;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+public enum JWTAlgorithm {
+
+	HS256, HS512, HS384, RS256, RS512;
+
+	private static final Logger logger = LogManager.getLogger(JWTAlgorithm.class);
+
+	public static JWSAlgorithm getJWSAlgorithm(JWTAlgorithm alg)
+	{
+		logger.debug("getJWSAlgorithm");
+		switch (alg)
+		{
+			case HS256:
+				return JWSAlgorithm.HS256;
+			case HS512:
+				return JWSAlgorithm.HS512;
+			case HS384:
+				return JWSAlgorithm.HS384;
+			case RS256:
+				return JWSAlgorithm.RS256;
+			case RS512:
+				return JWSAlgorithm.RS512;
+			default:
+				logger.error("getJWSAlgorithm - not implemented algorithm");
+				return null;
+		}
+	}
+
+	public static JWTAlgorithm getJWTAlgoritm(String alg)
+	{
+		logger.debug("getJWTAlgoritm");
+		switch (alg.trim().toUpperCase())
+		{
+			case "HS256":
+				return JWTAlgorithm.HS256;
+			case "HS512":
+				return JWTAlgorithm.HS512;
+			case "HS384":
+				return JWTAlgorithm.HS384;
+			case "RS256":
+				return JWTAlgorithm.RS256;
+			case "RS512":
+				return JWTAlgorithm.RS512;
+			default:
+				logger.error("getJWTAlgoritm- not implemented algorithm");
+				return null;
+		}
+	}
+
+	public static boolean isSymmetric(JWTAlgorithm alg)
+	{
+		logger.debug("isSymmetric");
+		switch (alg)
+		{
+			case HS256:
+			case HS384:
+			case HS512:
+				return true;
+			case RS256:
+			case RS512:
+				return false;
+			default:
+				logger.error("isSymmetric - not implemented algorithm");
+				return false;
+		}
+	}
+}

gamutils/src/main/java/com/genexus/gam/utils/json/Jwt.java

@@ -2,10 +2,7 @@
 
 import com.genexus.gam.utils.keys.PrivateKeyUtil;
 import com.genexus.gam.utils.keys.PublicKeyUtil;
-import com.nimbusds.jose.JWSAlgorithm;
-import com.nimbusds.jose.JWSHeader;
-import com.nimbusds.jose.JWSSigner;
-import com.nimbusds.jose.JWSVerifier;
+import com.nimbusds.jose.*;
 import com.nimbusds.jose.crypto.MACSigner;
 import com.nimbusds.jose.crypto.MACVerifier;
 import com.nimbusds.jose.crypto.RSASSASigner;
@@ -17,27 +14,29 @@
 
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
+import java.text.ParseException;
+import java.util.Objects;
 
 public class Jwt {
 
 	private static final Logger logger = LogManager.getLogger(Jwt.class);
 
 	/******** EXTERNAL OBJECT PUBLIC METHODS - BEGIN ********/
 
-	public static boolean verify(String path, String alias, String password, String token, String secret, boolean isSymmetric) {
+	public static boolean verify(String path, String alias, String password, String token) {
 		logger.debug("verify");
 		try {
-			return !isSymmetric ? verify_internal(PublicKeyUtil.getPublicKey(path, alias, password, token), token, "", isSymmetric) : verify_internal(null, token, secret, isSymmetric);
+			return verify_internal(path, alias, password, token);
 		} catch (Exception e) {
 			logger.error("verify", e);
 			return false;
 		}
 	}
 
-	public static String create(String path, String alias, String password, String payload, String header, String secret, boolean isSymmetric) {
+	public static String create(String path, String alias, String password, String payload, String header) {
 		logger.debug("create");
 		try {
-			return !isSymmetric ? create_internal(PrivateKeyUtil.getPrivateKey(path, alias, password), payload, header, "", isSymmetric): create_internal(null, payload, header, secret, isSymmetric);
+			return create_internal(path, alias, password, payload, header);
 		}catch (Exception e)
 		{
 			logger.error("create", e);
@@ -79,29 +78,25 @@ public static boolean verifyAlgorithm(String algorithm, String token)
 
 	/******** EXTERNAL OBJECT PUBLIC METHODS - END ********/
 
-	private static boolean verify_internal(RSAPublicKey publicKey, String token, String secret, boolean isSymmetric){
+	private static boolean verify_internal(String path, String alias, String password, String token) throws JOSEException, ParseException {
 		logger.debug("verify_internal");
-		try {
-			SignedJWT signedJWT = SignedJWT.parse(token);
-			JWSVerifier verifier = isSymmetric ? new MACVerifier(secret):new RSASSAVerifier(publicKey);
-			return signedJWT.verify(verifier);
-		} catch (Exception e) {
-			logger.error("verify_internal", e);
-			return false;
-		}
+		JWTAlgorithm algorithm = JWTAlgorithm.getJWTAlgoritm(JWSHeader.parse(getHeader(token)).getAlgorithm().getName());
+		assert algorithm != null;
+		boolean isSymmetric = JWTAlgorithm.isSymmetric(algorithm);
+		SignedJWT signedJWT = SignedJWT.parse(token);
+		JWSVerifier verifier = isSymmetric ? new MACVerifier(password):new RSASSAVerifier(Objects.requireNonNull(PublicKeyUtil.getPublicKey(path, alias, password, token)));
+		return signedJWT.verify(verifier);
 	}
 
-	private static String create_internal(RSAPrivateKey privateKey, String payload, String header, String secret, boolean isSymmetric) {
+	private static String create_internal(String path, String alias, String password, String payload, String header) throws Exception {
 		logger.debug("create_internal");
-		try {
-			SignedJWT signedJWT = new SignedJWT(JWSHeader.parse(header), JWTClaimsSet.parse(payload));
-			JWSSigner signer = isSymmetric ? new MACSigner(secret): new RSASSASigner(privateKey);
-			signedJWT.sign(signer);
-			return signedJWT.serialize();
-		} catch (Exception e) {
-			logger.error("create_internal", e);
-			return "";
-		}
+		JWSHeader parsedHeader = JWSHeader.parse(header);
+		JWTAlgorithm algorithm = JWTAlgorithm.getJWTAlgoritm(parsedHeader.getAlgorithm().getName());
+		assert algorithm != null;
+		boolean isSymmetric = JWTAlgorithm.isSymmetric(algorithm);
+		SignedJWT signedJWT = new SignedJWT(parsedHeader, JWTClaimsSet.parse(payload));
+		JWSSigner signer = isSymmetric ? new MACSigner(password): new RSASSASigner(Objects.requireNonNull(PrivateKeyUtil.getPrivateKey(path, alias, password)));
+		signedJWT.sign(signer);
+		return signedJWT.serialize();
 	}
-
 }

gamutils/src/test/java/com/genexus/gam/utils/test/EncodingTest.java

@@ -34,6 +34,17 @@ private static String b64UrlToUtf8(String base64Url) {
 		}
 	}
 
+	@Test
+	public void testToBase64Url() {
+		int i = 0;
+		do {
+			String randomString = GamUtilsEO.randomAlphanumeric(128);
+			String testing = GamUtilsEO.toBase64Url(randomString);
+			Assert.assertEquals("testB64ToB64Url", randomString, GamUtilsEO.fromBase64Url(testing));
+			i++;
+		} while (i < 50);
+	}
+
 	@Test
 	public void testHexaToBase64()
 	{
@@ -57,5 +68,4 @@ private static String b64ToHexa(String base64) {
 	}
 
 
-
 }