Java Code Examples for io.jsonwebtoken.lang.Assert#isTrue()
The following examples show how to use
io.jsonwebtoken.lang.Assert#isTrue() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RsaProvider.java From jjwt with Apache License 2.0 | 6 votes |
|
/**
* Generates a new RSA secure-randomly key pair suitable for the specified SignatureAlgorithm using JJWT's
* default {@link SignatureProvider#DEFAULT_SECURE_RANDOM SecureRandom instance}. This is a convenience method
* that immediately delegates to {@link #generateKeyPair(int)} based on the relevant key size for the specified
* algorithm.
*
* @param alg the signature algorithm to inspect to determine a size in bits.
* @return a new RSA secure-random key pair of the specified size.
* @see #generateKeyPair()
* @see #generateKeyPair(int, SecureRandom)
* @see #generateKeyPair(String, int, SecureRandom)
* @since 0.10.0
*/
@SuppressWarnings("unused") //used by io.jsonwebtoken.security.Keys
public static KeyPair generateKeyPair(SignatureAlgorithm alg) {
Assert.isTrue(alg.isRsa(), "Only RSA algorithms are supported by this method.");
int keySizeInBits = 4096;
switch (alg) {
case RS256:
case PS256:
keySizeInBits = 2048;
break;
case RS384:
case PS384:
keySizeInBits = 3072;
break;
}
return generateKeyPair(keySizeInBits, DEFAULT_SECURE_RANDOM);
}
Example 2
| Source File: EllipticCurveProvider.java From jjwt with Apache License 2.0 | 6 votes |
|
/**
* Generates a new secure-random key pair of sufficient strength for the specified Elliptic Curve {@link
* SignatureAlgorithm} (must be one of {@code ES256}, {@code ES384} or {@code ES512}) using the specified {@link
* SecureRandom} random number generator via the specified JCA provider and algorithm name.
*
* @param jcaAlgorithmName the JCA name of the algorithm to use for key pair generation, for example, {@code
* ECDSA}.
* @param jcaProviderName the JCA provider name of the algorithm implementation (for example {@code "BC"} for
* BouncyCastle) or {@code null} if the default provider should be used.
* @param alg alg the algorithm indicating strength, must be one of {@code ES256}, {@code ES384} or
* {@code ES512}
* @param random the SecureRandom generator to use during key generation.
* @return a new secure-randomly generated key pair of sufficient strength for the specified Elliptic Curve {@link
* SignatureAlgorithm} (must be one of {@code ES256}, {@code ES384} or {@code ES512}) using the specified {@link
* SecureRandom} random number generator via the specified JCA provider and algorithm name.
* @see #generateKeyPair()
* @see #generateKeyPair(SignatureAlgorithm)
* @see #generateKeyPair(SignatureAlgorithm, SecureRandom)
*/
public static KeyPair generateKeyPair(String jcaAlgorithmName, String jcaProviderName, SignatureAlgorithm alg,
SecureRandom random) {
Assert.notNull(alg, "SignatureAlgorithm argument cannot be null.");
Assert.isTrue(alg.isEllipticCurve(), "SignatureAlgorithm argument must represent an Elliptic Curve algorithm.");
try {
KeyPairGenerator g;
if (Strings.hasText(jcaProviderName)) {
g = KeyPairGenerator.getInstance(jcaAlgorithmName, jcaProviderName);
} else {
g = KeyPairGenerator.getInstance(jcaAlgorithmName);
}
String paramSpecCurveName = EC_CURVE_NAMES.get(alg);
ECGenParameterSpec spec = new ECGenParameterSpec(paramSpecCurveName);
g.initialize(spec, random);
return g.generateKeyPair();
} catch (Exception e) {
throw new IllegalStateException("Unable to generate Elliptic Curve KeyPair: " + e.getMessage(), e);
}
}
Example 3
| Source File: MacProvider.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Generates a new secure-random secret key of a length suitable for creating and verifying HMAC signatures
* according to the specified {@code SignatureAlgorithm} using the specified SecureRandom number generator. This
* implementation returns secure-random key sizes as follows:
*
* <table> <caption>Key Sizes</caption> <thead> <tr> <th>Signature Algorithm</th> <th>Generated Key Size</th> </tr> </thead> <tbody> <tr>
* <td>HS256</td> <td>256 bits (32 bytes)</td> </tr> <tr> <td>HS384</td> <td>384 bits (48 bytes)</td> </tr> <tr>
* <td>HS512</td> <td>512 bits (64 bytes)</td> </tr> </tbody> </table>
*
* @param alg the signature algorithm that will be used with the generated key
* @param random the secure random number generator used during key generation
* @return a new secure-random secret key of a length suitable for creating and verifying HMAC signatures according
* to the specified {@code SignatureAlgorithm} using the specified SecureRandom number generator.
* @see #generateKey()
* @see #generateKey(SignatureAlgorithm)
* @since 0.5
*/
public static SecretKey generateKey(SignatureAlgorithm alg, SecureRandom random) {
Assert.isTrue(alg.isHmac(), "SignatureAlgorithm argument must represent an HMAC algorithm.");
byte[] bytes;
switch (alg) {
case HS256:
bytes = new byte[32];
break;
case HS384:
bytes = new byte[48];
break;
default:
bytes = new byte[64];
}
random.nextBytes(bytes);
return new SecretKeySpec(bytes, alg.getJcaName());
}
Example 4
| Source File: SigningKeyResolverAdapter.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public Key resolveSigningKey(JwsHeader header, String plaintext) {
SignatureAlgorithm alg = SignatureAlgorithm.forName(header.getAlgorithm());
Assert.isTrue(alg.isHmac(), "The default resolveSigningKey(JwsHeader, String) implementation cannot be " +
"used for asymmetric key algorithms (RSA, Elliptic Curve). " +
"Override the resolveSigningKey(JwsHeader, String) method instead and return a " +
"Key instance appropriate for the " + alg.name() + " algorithm.");
byte[] keyBytes = resolveSigningKeyBytes(header, plaintext);
return new SecretKeySpec(keyBytes, alg.getJcaName());
}
Example 5
| Source File: DefaultJwtBuilder.java From jjwt with Apache License 2.0 | 5 votes |
|
@Override
public JwtBuilder signWith(SignatureAlgorithm alg, String base64EncodedSecretKey) throws InvalidKeyException {
Assert.hasText(base64EncodedSecretKey, "base64-encoded secret key cannot be null or empty.");
Assert.isTrue(alg.isHmac(), "Base64-encoded key bytes may only be specified for HMAC signatures. If using RSA or Elliptic Curve, use the signWith(SignatureAlgorithm, Key) method instead.");
byte[] bytes = Decoders.BASE64.decode(base64EncodedSecretKey);
return signWith(alg, bytes);
}
Example 6
| Source File: ConfigJwkResolver.java From juiser with Apache License 2.0 | 5 votes |
|
static SignatureAlgorithm getAlgorithm(byte[] hmacSigningKeyBytes) {
Assert.isTrue(hmacSigningKeyBytes != null && hmacSigningKeyBytes.length > 0,
"hmacSigningBytes cannot be null or empty.");
if (hmacSigningKeyBytes.length >= 64) {
return SignatureAlgorithm.HS512;
} else if (hmacSigningKeyBytes.length >= 48) {
return SignatureAlgorithm.HS384;
} else { //<= 32
return SignatureAlgorithm.HS256;
}
}
Example 7
| Source File: JwsClaimsExtractor.java From juiser with Apache License 2.0 | 5 votes |
|
public JwsClaimsExtractor(byte[] hmacSigningKeyBytes) {
Assert.isTrue(hmacSigningKeyBytes != null && hmacSigningKeyBytes.length > 0,
"hmacSigningKeyByte array argument cannot be null or empty.");
this.signingKeyBytes = hmacSigningKeyBytes;
this.signingKey = null;
this.signingKeyResolver = null;
}
Example 8
| Source File: MacSigner.java From jjwt with Apache License 2.0 | 5 votes |
|
public MacSigner(SignatureAlgorithm alg, Key key) {
super(alg, key);
Assert.isTrue(alg.isHmac(), "The MacSigner only supports HMAC signature algorithms.");
if (!(key instanceof SecretKey)) {
String msg = "MAC signatures must be computed and verified using a SecretKey. The specified key of " +
"type " + key.getClass().getName() + " is not a SecretKey.";
throw new IllegalArgumentException(msg);
}
}
Example 9
| Source File: MacSigner.java From lams with GNU General Public License v2.0 | 5 votes |
|
public MacSigner(SignatureAlgorithm alg, Key key) {
super(alg, key);
Assert.isTrue(alg.isHmac(), "The MacSigner only supports HMAC signature algorithms.");
if (!(key instanceof SecretKey)) {
String msg = "MAC signatures must be computed and verified using a SecretKey. The specified key of " +
"type " + key.getClass().getName() + " is not a SecretKey.";
throw new IllegalArgumentException(msg);
}
}
Example 10
| Source File: SigningKeyResolverAdapter.java From lams with GNU General Public License v2.0 | 5 votes |
|
@Override
public Key resolveSigningKey(JwsHeader header, Claims claims) {
SignatureAlgorithm alg = SignatureAlgorithm.forName(header.getAlgorithm());
Assert.isTrue(alg.isHmac(), "The default resolveSigningKey(JwsHeader, Claims) implementation cannot be " +
"used for asymmetric key algorithms (RSA, Elliptic Curve). " +
"Override the resolveSigningKey(JwsHeader, Claims) method instead and return a " +
"Key instance appropriate for the " + alg.name() + " algorithm.");
byte[] keyBytes = resolveSigningKeyBytes(header, claims);
return new SecretKeySpec(keyBytes, alg.getJcaName());
}
Example 11
| Source File: EllipticCurveSignatureValidator.java From lams with GNU General Public License v2.0 | 4 votes |
|
public EllipticCurveSignatureValidator(SignatureAlgorithm alg, Key key) {
super(alg, key);
Assert.isTrue(key instanceof ECPublicKey, EC_PUBLIC_KEY_REQD_MSG);
}
Example 12
| Source File: EllipticCurveSignatureValidator.java From jjwt with Apache License 2.0 | 4 votes |
|
public EllipticCurveSignatureValidator(SignatureAlgorithm alg, Key key) {
super(alg, key);
Assert.isTrue(key instanceof ECPublicKey, EC_PUBLIC_KEY_REQD_MSG);
}
Example 13
| Source File: MacProvider.java From jjwt with Apache License 2.0 | 4 votes |
|
/**
* Generates a new secure-random secret key of a length suitable for creating and verifying HMAC signatures
* according to the specified {@code SignatureAlgorithm} using the specified SecureRandom number generator. This
* implementation returns secure-random key sizes as follows:
*
* <table> <caption>Key Sizes</caption> <thead> <tr> <th>Signature Algorithm</th> <th>Generated Key Size</th> </tr> </thead> <tbody> <tr>
* <td>HS256</td> <td>256 bits (32 bytes)</td> </tr> <tr> <td>HS384</td> <td>384 bits (48 bytes)</td> </tr> <tr>
* <td>HS512</td> <td>512 bits (64 bytes)</td> </tr> </tbody> </table>
*
* @param alg the signature algorithm that will be used with the generated key
* @param random the secure random number generator used during key generation
* @return a new secure-random secret key of a length suitable for creating and verifying HMAC signatures according
* to the specified {@code SignatureAlgorithm} using the specified SecureRandom number generator.
* @see #generateKey()
* @see #generateKey(SignatureAlgorithm)
* @since 0.5
* @deprecated since 0.10.0 - use {@link #generateKey(SignatureAlgorithm)} instead.
*/
@Deprecated
public static SecretKey generateKey(SignatureAlgorithm alg, SecureRandom random) {
Assert.isTrue(alg.isHmac(), "SignatureAlgorithm argument must represent an HMAC algorithm.");
KeyGenerator gen;
try {
gen = KeyGenerator.getInstance(alg.getJcaName());
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("The " + alg.getJcaName() + " algorithm is not available. " +
"This should never happen on JDK 7 or later - please report this to the JJWT developers.", e);
}
return gen.generateKey();
}
Example 14
| Source File: EllipticCurveProvider.java From lams with GNU General Public License v2.0 | 4 votes |
|
protected EllipticCurveProvider(SignatureAlgorithm alg, Key key) {
super(alg, key);
Assert.isTrue(alg.isEllipticCurve(), "SignatureAlgorithm must be an Elliptic Curve algorithm.");
}
Example 15
| Source File: MacProvider.java From lams with GNU General Public License v2.0 | 4 votes |
|
protected MacProvider(SignatureAlgorithm alg, Key key) {
super(alg, key);
Assert.isTrue(alg.isHmac(), "SignatureAlgorithm must be a HMAC SHA algorithm.");
}
Example 16
| Source File: RsaProvider.java From lams with GNU General Public License v2.0 | 4 votes |
|
protected RsaProvider(SignatureAlgorithm alg, Key key) {
super(alg, key);
Assert.isTrue(alg.isRsa(), "SignatureAlgorithm must be an RSASSA or RSASSA-PSS algorithm.");
}
Example 17
| Source File: DefaultJwtParserBuilder.java From jjwt with Apache License 2.0 | 4 votes |
|
@Override
public JwtParserBuilder setAllowedClockSkewSeconds(long seconds) throws IllegalArgumentException {
Assert.isTrue(seconds <= MAX_CLOCK_SKEW_MILLIS, MAX_CLOCK_SKEW_ILLEGAL_MSG);
this.allowedClockSkewMillis = Math.max(0, seconds * MILLISECONDS_PER_SECOND);
return this;
}
Example 18
| Source File: DefaultJwtParser.java From jjwt with Apache License 2.0 | 4 votes |
|
@Override
public JwtParser setAllowedClockSkewSeconds(long seconds) throws IllegalArgumentException {
Assert.isTrue(seconds <= DefaultJwtParserBuilder.MAX_CLOCK_SKEW_MILLIS, DefaultJwtParserBuilder.MAX_CLOCK_SKEW_ILLEGAL_MSG);
this.allowedClockSkewMillis = Math.max(0, seconds * MILLISECONDS_PER_SECOND);
return this;
}
Example 19
| Source File: RsaProvider.java From jjwt with Apache License 2.0 | 4 votes |
|
protected RsaProvider(SignatureAlgorithm alg, Key key) {
super(alg, key);
Assert.isTrue(alg.isRsa(), "SignatureAlgorithm must be an RSASSA or RSASSA-PSS algorithm.");
}
Example 20
| Source File: MacProvider.java From jjwt with Apache License 2.0 | 4 votes |
|
protected MacProvider(SignatureAlgorithm alg, Key key) {
super(alg, key);
Assert.isTrue(alg.isHmac(), "SignatureAlgorithm must be a HMAC SHA algorithm.");
}
