Upgrade jsonwebtoken

[ghost]

Description

2022-08-29 13:07:43.695 ERROR 39352 --- [nio-9001-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Handler dispatch failed; nested exception is java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter] with root cause

java.lang.ClassNotFoundException: javax.xml.bind.DatatypeConverter
        at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581) ~[na:na]
        at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) ~[na:na]
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ~[na:na]
        at io.jsonwebtoken.impl.Base64Codec.decode(Base64Codec.java:26) ~[jjwt-0.9.1.jar:0.9.1]
        at io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(DefaultJwtBuilder.java:99) ~[jjwt-0.9.1.jar:0.9.1]
        at edu.tamu.weaver.token.service.TokenService.createToken(TokenService.java:82) ~[token-2.1.1-RC12.jar:na]
        at edu.tamu.weaver.token.service.TokenService.craftToken(TokenService.java:130) ~[token-2.1.1-RC12.jar:na]
        at edu.tamu.weaver.token.provider.controller.TokenController.token(TokenController.java:45) ~[token-provider-2.1.1-RC12.jar:na]

Type of change

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Building and deploying multiple Weaver UIs against AuthService.

• AuthService
• MyLibraryUI
• DirectoryUI
• MAGPIE UI
• Project Management UI
• Library Service System Status UI
• Get It For Me Button UI
• CAP
• SAGE

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• My changes generate no new warnings
• Any dependent changes have been merged and published in downstream modules

[coveralls]

Pull Request Test Coverage Report for Build 2956432040

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 0.0%

---

Totals
Change from base Build 2929102844:	0.0%
Covered Lines:	0
Relevant Lines:	0

---

💛 - Coveralls

[kaladay]

I'm not following this logic.

If length < 32, why prepend a 0.

[ghost]

It ensures it is a 256 bit to use with HS512 signature algorithm.

[ghost]

So the confusing part in this service is that the secret was used for both signing the JWT and then encrypting the JWT. With the jsonwebtoken upgrade the methods we used have been deprecated and require a key or key pair now to sign the JWT. I just added this hack to hash the secret to a 256 bit secret.