Source code

001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2013-2016 ForgeRock AS.
015 */
016
017package org.forgerock.json.jose.utils;
018
019import java.io.IOException;
020import java.nio.charset.Charset;
021import java.nio.charset.StandardCharsets;
022import java.util.LinkedHashMap;
023import java.util.Map;
024
025import org.forgerock.json.jose.exceptions.InvalidJwtException;
026import org.forgerock.util.encode.Base64url;
027
028import com.fasterxml.jackson.core.JsonParser;
029import com.fasterxml.jackson.core.JsonProcessingException;
030import com.fasterxml.jackson.databind.ObjectMapper;
031import com.fasterxml.jackson.databind.SerializationFeature;
032
033/**
034 * This class provides utility methods to share common behaviour.
035 *
036 * @since 2.0.0
037 */
038public final class Utils {
039
040    /** Cached JSON object mapper for parsing tokens. */
041    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper()
042            .configure(JsonParser.Feature.STRICT_DUPLICATE_DETECTION, true)
043            .configure(SerializationFeature.INDENT_OUTPUT, false);
044
045    /** UTF-8 Charset. */
046    public static final Charset CHARSET = StandardCharsets.UTF_8;
047
048    /** Private constructor. */
049    private Utils() {
050        // Utility class
051    }
052
053    /**
054     * Base64url encodes the given String, converting the String to UTF-8 bytes.
055     *
056     * @param s The String to encoded.
057     * @return A Base64url encoded UTF-8 String.
058     */
059    public static String base64urlEncode(String s) {
060        return Base64url.encode(s.getBytes(CHARSET));
061    }
062
063    /**
064     * Base64url decodes the given String and converts the decoded bytes into a UTF-8 String.
065     *
066     * @param s The Base64url encoded String to decode.
067     * @return The UTF-8 decoded String.
068     */
069    public static String base64urlDecode(String s) {
070        return new String(Base64url.decode(s), CHARSET);
071    }
072
073    /**
074     * Compares two byte arrays for equality, in a constant time.
075     * <p>
076     * If the two byte arrays don't match the method will not return until the whole byte array has been checked.
077     * This prevents timing attacks.
078     * Unless the two arrays are not off equal length, and in this case the method will return immediately.
079     *
080     * @param a One of the byte arrays to compare.
081     * @param b The other byte array to compare.
082     *
083     * @return <code>true</code> if the arrays are equal, <code>false</code> otherwise.
084     */
085    public static boolean constantEquals(byte[] a, byte[] b) {
086        if (a.length != b.length) {
087            return false;
088        }
089
090        boolean result = true;
091        for (int i = 0; i < a.length; i++) {
092            result &= a[i] == b[i];
093        }
094        return result;
095    }
096
097    /**
098     * Parses the given JSON string into a NoDuplicatesMap.
099     * <p>
100     * The JWT specification details that any JWT with duplicate header parameters or claims MUST be rejected so
101     * a Map implementation is used to parse the JSON which will throw an exception if an entry with the same key
102     * is added to the map more than once.
103     *
104     * @param json The JSON string to parse.
105     * @return A Map of the JSON properties.
106     * @throws InvalidJwtException if the json value is not well formed or contains duplicate keys.
107     */
108    @SuppressWarnings("unchecked")
109    public static Map<String, Object> parseJson(String json) {
110        try {
111            return OBJECT_MAPPER.readValue(json, LinkedHashMap.class);
112        } catch (IOException e) {
113            throw new InvalidJwtException("Failed to parse json: " + e.getMessage(), e);
114        }
115    }
116
117    /**
118     * Writes the given map as a string in JSON object format.
119     *
120     * @param object the object to write as JSON.
121     * @return the JSON serialisation of the given object.
122     * @throws InvalidJwtException if the object cannot be converted to JSON for any reason.
123     */
124    public static String writeJsonObject(Map<String, Object> object) {
125        try {
126            return OBJECT_MAPPER.writeValueAsString(object);
127        } catch (JsonProcessingException e) {
128            throw new InvalidJwtException("Failed to write json: " + e, e);
129        }
130    }
131}