jwtk / jjwt / #1381
100%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 323
Run time 35min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 100.0%. Remained the same
#1381

push

github

web-flow 
Made Curve and Jwks.CRV part of the public API (#797)

* Made Curve concept part of the public API for key generation, and added Jwks.CRV utility class to reference standard curves

- Ensured PS256, PS384, and PS512 pem-encoded test key files accurately represented the rsassa-pss algorithmId (OID) with appropriate hash/mgf1 properties.
- Removed Jwts.SIG#Ed25519 and Jwts.SIG#Ed448 since they were only there for key generation and those keys can now be generated via the Jwks.CRV#Ed25519 and Jwks.CRV#Ed448 references.
- Consolidated duplicate use/key_ops logic for checking sig/sign/verify between SecretJwkFactory and RsaPrivateJwkFactory into JwkContext.isSigUse()
- Ensured if JwkContext.isSigUse() is true, and a JWK (from values only) is RSA and RSASSA-PSS is available (JDK 11+ or BC enabled), that the JWK's generated RSAPublicKey and RSAPrivateKey use the RSASSA-PSS algorithm instead of just RSA.
- Enforced that RSASSA-PSS keys cannot be used for encryption in the RSA KeyAlgorithm implementation (would be a security risk otherwise).
- Enforced that RSA encryption keys cannot be used to create RSASSA-PSS digital signatures (but can verify them) ala the "robustness principle" (to reduce security exposure).
- Ensured README.md and JavaReadmeTest reflected Jwks.CRV usage for keypair generation.

* Added TestCertificates workaround for https://bugs.openjdk.org/browse/JDK-8242556

* Added JwtX509StringConverter workaround for https://bugs.openjdk.org/browse/JDK-8242556

* Added JwtX509StringConverter workaround for https://bugs.openjdk.org/browse/JDK-8242556

* Reverted to former RsaSignatureAlgorithm logic for PSS key validation (no prevention of rsaEncryption keys with PSS) as RFC 7520 test vectors show using a standard RSA key to compute a PSS signature in https://www.rfc-editor.org/rfc/rfc7520.html#section-4.2.1

* Ensured Jwk tests that used RSASSA-PSS keys (from openssl files) used the BC provider since RSASSA-PSS isn't available nat... (continued)

206 of 206 new or added lines in 21 files covered. (100.0%)

5594 of 5594 relevant lines covered (100.0%)

1.0 hits per line

Jobs
ID Job ID Ran Files Coverage
1 #1381.1 0
100.0
Source Files on build #1381
Detailed source file information is not available for this build.