GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix ClassCastException 

Closes gh-9651
pull/9672/head
Tibor Koch 5 years ago committed by Josh Cummings
parent
53e94bca45
commit
5da472f3be
2 changed files with 15 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
  2. 13
      oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtilsTests.java

3
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtils.java
Unescape View File

@ -90,7 +90,8 @@ final class JwtDecoderProviderConfigurationUtils { @@ -90,7 +90,8 @@ final class JwtDecoderProviderConfigurationUtils {
List<? extends JWK> jwks = jwkSource.get(new JWKSelector(jwkMatcher), null);
for (JWK jwk : jwks) {
if (jwk.getAlgorithm() != null) {
jwsAlgorithms.add((JWSAlgorithm) jwk.getAlgorithm());
JWSAlgorithm jwsAlgorithm = JWSAlgorithm.parse(jwk.getAlgorithm().getName());
jwsAlgorithms.add(jwsAlgorithm);
}
else {
if (jwk.getKeyType() == KeyType.RSA) {

13
oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtDecoderProviderConfigurationUtilsTests.java
Unescape View File

@ -20,6 +20,7 @@ import java.util.Arrays; @@ -20,6 +20,7 @@ import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
import com.nimbusds.jose.Algorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
@ -32,6 +33,7 @@ import com.nimbusds.jose.util.Base64URL; @@ -32,6 +33,7 @@ import com.nimbusds.jose.util.Base64URL;
import org.junit.Test;
import org.springframework.security.oauth2.jose.TestKeys;
import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import static org.assertj.core.api.Assertions.assertThat;
@ -73,4 +75,15 @@ public class JwtDecoderProviderConfigurationUtilsTests { @@ -73,4 +75,15 @@ public class JwtDecoderProviderConfigurationUtilsTests {
assertThat(algorithms).contains(SignatureAlgorithm.ES256, SignatureAlgorithm.ES384, SignatureAlgorithm.ES512);
}
// gh-9651
@Test
public void getSignatureAlgorithmsWhenAlgorithmThenParses() throws Exception {
JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
RSAKey key = new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyUse(KeyUse.SIGNATURE)
.algorithm(new Algorithm(JwsAlgorithms.RS256)).build();
given(jwkSource.get(any(JWKSelector.class), isNull())).willReturn(Collections.singletonList(key));
Set<SignatureAlgorithm> algorithms = JwtDecoderProviderConfigurationUtils.getSignatureAlgorithms(jwkSource);
assertThat(algorithms).containsOnly(SignatureAlgorithm.RS256);
}
}

Write Preview
Loading…
Cancel
Save