Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -309,7 +309,7 @@ It contains the following fields:

- `signature`: the base64-encoded signature of the token (see the description below),

- `format`: the type identifier and version of the token format separated by a colon character '`:`', `web-eid:1.0` as of now; the version number consists of the major and minor number separated by a dot, major version changes are incompatible with previous versions, minor version changes are backwards-compatible within the given major version,
- `format`: the type identifier and version of the token format separated by a colon character '`:`'. While minor version changes are intended to be backwards-compatible within the same major version, this validation library accepts only explicitly supported token format versions.

- `appVersion`: the URL identifying the name and version of the application that issued the token; informative purpose, can be used to identify the affected application in case of faulty tokens.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,13 @@
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;

Check warning on line 57 in src/main/java/eu/webeid/security/validator/versionvalidators/AuthTokenVersion11Validator.java

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Remove this unused import 'java.util.regex.Pattern'.

See more on https://sonarcloud.io/project/issues?id=web-eid_web-eid-authtoken-validation-java&issues=AZ8n59vqGWPymC-mZ1MG&open=AZ8n59vqGWPymC-mZ1MG&pullRequest=125

import static eu.webeid.security.util.Strings.isNullOrEmpty;

class AuthTokenVersion11Validator extends AuthTokenVersion1Validator implements AuthTokenVersionValidator {

private static final Pattern V11_SUPPORTED_TOKEN_FORMAT_PATTERN = Pattern.compile("^web-eid:1\\.1$");
private static final String V11_SUPPORTED_TOKEN_FORMAT_PREFIX = "web-eid:1.1";
private static final Set<String> SUPPORTED_SIGNING_CRYPTO_ALGORITHMS = Set.of("ECC", "RSA");
private static final Set<String> SUPPORTED_SIGNING_PADDING_SCHEMES = Set.of("NONE", "PKCS1.5", "PSS");
private static final Set<String> SUPPORTED_SIGNING_HASH_FUNCTIONS = Set.of(
Expand Down Expand Up @@ -95,8 +95,8 @@
}

@Override
protected Pattern getSupportedFormatPattern() {
return V11_SUPPORTED_TOKEN_FORMAT_PATTERN;
public boolean supports(String format) {
return V11_SUPPORTED_TOKEN_FORMAT_PREFIX.equals(format);
}

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,11 @@
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.regex.Pattern;

Check warning on line 39 in src/main/java/eu/webeid/security/validator/versionvalidators/AuthTokenVersion1Validator.java

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Remove this unused import 'java.util.regex.Pattern'.

See more on https://sonarcloud.io/project/issues?id=web-eid_web-eid-authtoken-validation-java&issues=AZ8n59s0GWPymC-mZ1MF&open=AZ8n59s0GWPymC-mZ1MF&pullRequest=125

class AuthTokenVersion1Validator implements AuthTokenVersionValidator {

private static final String V1_SUPPORTED_TOKEN_FORMAT_PREFIX = "web-eid:1";
private static final Pattern V1_SUPPORTED_TOKEN_FORMAT_PATTERN = Pattern.compile("^web-eid:1(?:\\.\\d+)?$");
private final SubjectCertificateValidatorBatch simpleSubjectCertificateValidators;
private final Set<TrustAnchor> trustedCACertificateAnchors;
private final CertStore trustedCACertificateCertStore;
Expand Down Expand Up @@ -70,11 +69,8 @@

@Override
public boolean supports(String format) {
return format != null && getSupportedFormatPattern().matcher(format).matches();
}

protected Pattern getSupportedFormatPattern() {
return V1_SUPPORTED_TOKEN_FORMAT_PATTERN;
return V1_SUPPORTED_TOKEN_FORMAT_PREFIX.equals(format)
|| "web-eid:1.0".equals(format);
}

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,26 @@ class AuthTokenVersion1ValidatorTest {
);

@ParameterizedTest
@ValueSource(strings = {"web-eid:1", "web-eid:1.0", "web-eid:1.1", "web-eid:1.10", "web-eid:1.999"})
void whenFormatIsValidMajorV1Format_thenSupportsReturnsTrue(String format) {
@ValueSource(strings = {"web-eid:1", "web-eid:1.0"})
void whenFormatIsSupportedV1_thenSupportsReturnsTrue(String format) {
assertThat(validator.supports(format)).isTrue();
}

@ParameterizedTest
@NullAndEmptySource
@ValueSource(strings = {"web-eid", "web-eid:1.", "web-eid:1.0TEST", "web-eid:1.1.0", "web-eid:0.9", "web-eid:2", "webauthn:1"})
@ValueSource(strings = {
"web-eid",
"web-eid:1.",
"web-eid:1.0TEST",
"web-eid:1.1",
"web-eid:1.1.0",
"web-eid:1.2",
"web-eid:1.10",
"web-eid:1.999",
"web-eid:0.9",
"web-eid:2",
"webauthn:1"
})
void whenFormatIsNullEmptyOrMalformedOrNotV1_thenSupportsReturnsFalse(String format) {
assertThat(validator.supports(format)).isFalse();
}
Expand Down
Loading