-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix IllegalArgumentException when using EdDSA signature algorithm #801
Fix IllegalArgumentException when using EdDSA signature algorithm #801
Conversation
implementation/common/src/main/java/io/smallrye/jwt/algorithm/SignatureAlgorithm.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@0rzech Thanks for your help and patience with fixing this issue.
Before I merge, can you give me a favor and squash commits, and have IllegalStateException
thrown indirectly by adding it to https://github.com/smallrye/smallrye-jwt/blob/main/implementation/jwt-build/src/main/java/io/smallrye/jwt/build/impl/ImplMessages.java instead
Thanks
@0rzech You may still have to make these two latest tests conditional as Java 11 is still required, let me run the build |
Looks like so |
I can't put it there, because it would create circular library dependency. I have wrapped all calls to
Whoops, sorry for that. I tried to avoid post-Java-11 features. Which part have I overlooked? Do you mean running tests conditional on JRE version? If yes, then I've added min 17 condition to new tests. |
This fixes `java.lang.IllegalArgumentException: No enum constant io.smallrye.jwt.algorithm.SignatureAlgorithm.EdDSA` when `EDDSA` is set through `smallrye.jwt.new-token.signature-algorithm` property, or when it is set with `JwtClaimsBuilderImpl`. Currently, `JwtSignatureImpl.getConfiguredSignatureAlgorithm()` returns algorithm name as a String from `SignatureAlgorithm.algorithmName` field, in case of it being loaded from a configuration file. If the algorithm was set through `JwtClaimsBuilderImpl`, the value is returned as-is from the header, which means `EdDSA`, because this is how `JwtClaimsBuilderImpl` puts the value there. using `toUpperCase()` on the name, causing exception when `EdDSA` is used. The fix adds `toUpperCase()` call on algorithm name before passing it to `SignatureAlgorithm.valueOf(String)`. As requested, this fix does not introduce property-based testing in the project.
This fixes
java.lang.IllegalArgumentException: No enum constant io.smallrye.jwt.algorithm.SignatureAlgorithm.EdDSA
whenEDDSA
is set throughsmallrye.jwt.new-token.signature-algorithm
property, or when it is set withJwtClaimsBuilderImpl
.Currently,
JwtSignatureImpl.getConfiguredSignatureAlgorithm()
returnsalgorithm name as a String from
SignatureAlgorithm.algorithmName
field,in case of it being loaded from a configuration file.
If the algorithm was set through
JwtClaimsBuilderImpl
, the value is returnedas-is from the header, which means
EdDSA
, because this is howJwtClaimsBuilderImpl
puts the value there.This name is then used to get appropriate
SignatureAlgorithm
enum variantin
JwtSignatureImpl.getSigningKeyFromKeyContent(String)
, but withoutusing
toUpperCase()
on the name, causing exception whenEdDSA
is used.The fix adds
toUpperCase()
call on algorithm name before passing itto
SignatureAlgorithm.valueOf(String)
.