jwtk / jjwt / #1415 / 1
100%
master: 100%

DEFAULT BRANCH: master
Ran
Files 320
Run time 5s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 100.0%. Remained the same
#1415.1

push

github

web-flow 
PKCS11 testing with SoftHSM2 (#805)

* Added impl/src/main/resources/io/jsonwebtoken/impl/security/genkeys script for reuse/simplicity and help in CI

* Updated tests reflecting updated test key material from genkeys script

* Fixed license headers for newly generated test key files

* Removed conditional check for X448 and X25519 certificate/chains now that we have signed certs for those test key files

* Added new impl/src/test/scripts/softhsm script with `configure` and `import` subcommands for working with SoftHSMv2, used locally and in CI

* Enabling PKCS11 keystore interaction on macos and linux (CI) via Pkcs11Test

* Added new AbstractCurve#contains method and leveraged that to clean up code considerably in EcdhKeyAlgorithm.java

* Updated softhsm script to ensure EC key import used the pkcs11-tool `--usage-derive` flag to allow testing PKCS11 keys with ECDH-ES key algorithms

* Renamed CryptoAlgorithm#generateKey to #generateCek to be more explicit in its purpose.

* Introduced new CryptoAlgorithm#nonPkcs11Provider to ensure PKCS11 provider won't be used when key material is required (i.e. for ephemeral key(pair) KeyAlgorithms).

* Ensured CryptoAlgorithm#generateCek ignored applying a PKCS11 provider since required key material wouldn't be available otherwise.

* Ensured DefaultJwtBuilder and DefaultJwtParser would use the provider for the KeyAlgorithm, but not for the AeadAlgorithm (unless using direct encryption)

* Consolidated unsigned byte array length calculation for non-negative integers (used in a few places) to a new Bytes#uintLength method. Refactored other classes to use this new method to eliminate code duplication

* Added tests for JWS MAC algorithms (HS256, HS384, HS512) with PKCS11 secret keys

* Explicitly prevented Password instances in DefaultMacAlgorithm

* Fixed the EdwardsCurve#keyBitLength implementation to accurately reflect RFC key sizes and not encoded byte array sizes.

* OptionalMeth... (continued)

5591 of 5591 relevant lines covered (100.0%)

1.0 hits per line

Source Files on job #1415.1