spiffe
/
java-spiffe
mirror of https://github.com/spiffe/java-spiffe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bump version to 0.6.1 

Upgrade gprc-java dependency to 1.31.1
Upgrade other dependencies.
Fix jwt-svid audience validation.

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
This commit is contained in:
Max Lambrecht 2020-08-20 13:40:47 -03:00
parent 09149487a0
commit d64db92d1f
7 changed files with 30 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -26,26 +26,26 @@ X.509 and JWT SVIDs and bundles.
Download
--------
The JARs can be downloaded from [Maven Central](https://search.maven.org/search?q=g:io.spiffe%20AND%20v:0.6.0).
The JARs can be downloaded from [Maven Central](https://search.maven.org/search?q=g:io.spiffe%20AND%20v:0.6.1).
The dependencies can be added to `pom.xml`:
```xml
<dependency>
<groupId>io.spiffe</groupId>
<artifactId>java-spiffe-core</artifactId>
<version>0.6.0</version>
<version>0.6.1</version>
</dependency>
<dependency>
<groupId>io.spiffe</groupId>
<artifactId>java-spiffe-provider</artifactId>
<version>0.6.0</version>
<version>0.6.1</version>
</dependency>
```
Using Gradle:
```gradle
implementation 'io.spiffe:java-spiffe-core:0.6.0'
implementation 'io.spiffe:java-spiffe-provider:0.6.0'
implementation 'io.spiffe:java-spiffe-core:0.6.1'
implementation 'io.spiffe:java-spiffe-provider:0.6.1'
```
### MacOS Support
@ -55,14 +55,14 @@ Add to your `pom.xml`:
<dependency>
<groupId>io.spiffe</groupId>
<artifactId>grpc-netty-macos</artifactId>
<version>0.6.0</version>
<version>0.6.1</version>
<scope>runtime</scope>
</dependency>
```
Using Gradle:
```gradle
runtimeOnly 'io.spiffe:grpc-netty-macos:0.6.0'
runtimeOnly 'io.spiffe:grpc-netty-macos:0.6.1'
```
### Build the JARs

12
build.gradle
View File

@ -12,14 +12,14 @@ allprojects {
subprojects {
group = 'io.spiffe'
version = '0.6.0'
version = '0.6.1'
ext {
grpcVersion = '1.30.2'
grpcVersion = '1.31.1'
jupiterVersion = '5.6.2'
mockitoVersion = '3.3.3'
mockitoVersion = '3.5.2'
lombokVersion = '1.18.12'
nimbusVersion = '8.19'
nimbusVersion = '8.20'
}
apply plugin: 'java-library'
@ -95,8 +95,8 @@ subprojects {
}
dependencies {
implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.10'
implementation group: 'commons-validator', name: 'commons-validator', version: "1.6"
implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.11'
implementation group: 'commons-validator', name: 'commons-validator', version: "1.7"
testCompileOnly group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: "${jupiterVersion}"
testRuntimeOnly group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: "${jupiterVersion}"

4
java-spiffe-core/build.gradle
View File

@ -57,7 +57,7 @@ dependencies {
testFixturesImplementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: "${nimbusVersion}"
// using bouncy castle for generating X.509 certs for testing purposes
testFixturesImplementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.65'
testFixturesImplementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.10'
testFixturesImplementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.66'
testFixturesImplementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.11'
}

2
java-spiffe-core/grpc-netty-macos/build.gradle
View File

@ -2,7 +2,7 @@ description = "Java SPIFFE Library GRPC-Netty MacOS module"
dependencies {
implementation group: 'io.grpc', name: 'grpc-netty', version: "${grpcVersion}"
implementation group: 'io.netty', name: 'netty-transport-native-kqueue', version: '4.1.50.Final', classifier: 'osx-x86_64'
implementation group: 'io.netty', name: 'netty-transport-native-kqueue', version: '4.1.51.Final', classifier: 'osx-x86_64'
}
jar {

9
java-spiffe-core/src/main/java/io/spiffe/svid/jwtsvid/JwtSvid.java
View File

@ -278,11 +278,10 @@ public class JwtSvid {
}
private static void validateAudience(final List<String> audClaim, final Set<String> expectedAudience) throws JwtSvidException {
for (String aud : audClaim) {
if (!expectedAudience.contains(aud)) {
throw new JwtSvidException(String.format("expected audience in %s (audience=%s)", expectedAudience, audClaim));
}
// expected audiences must be a subset of the audience claim in the token
private static void validateAudience(final List<String> audClaim, final Set<String> expectedAudiences) throws JwtSvidException {
if (!audClaim.containsAll(expectedAudiences)) {
throw new JwtSvidException(String.format("expected audience in %s (audience=%s)", expectedAudiences, audClaim));
}
}
}

15
java-spiffe-core/src/test/java/io/spiffe/svid/jwtsvid/JwtSvidParseAndValidateTest.java
View File

@ -19,6 +19,7 @@ import org.junit.jupiter.params.provider.MethodSource;
import java.security.KeyPair;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Stream;
@ -28,9 +29,9 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
class JwtSvidParseAndValidateTest {
private static final String HS256TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImF1dGhvcml0eTEifQ.eyJzdWIiOiJ" +
"zcGlmZmU6Ly90ZXN0LmRvbWFpbi9ob3N0IiwibmFtZSI6IkpvaG4gRG9lIiwiZXhwIjoxMjM0MzQzNTM0NTUsImlhdCI6MTUxNjIzOTAyMn0." +
"TWSPgMbs227cbZxSLg247Uuag0Kz72cuSpJuozcMddA";
private static final String HS256TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImF1dGhvcml0eTEifQ." +
"eyJzdWIiOiJzcGlmZmU6Ly90ZXN0LmRvbWFpbi9ob3N0IiwibmFtZSI6IkpvaG4gRG9lIiwiZXhwIjoxMjM0MzQzNTM0NTUsImlh" +
"dCI6MTUxNjIzOTAyMiwiYXVkIjoiYXVkaWVuY2UifQ.wNm5pQGSLCw5N9ddgSF2hkgmQpGnG9le_gpiFmyBhao";
@ParameterizedTest
@MethodSource("provideJwtScenarios")
@ -112,7 +113,7 @@ class JwtSvidParseAndValidateTest {
SpiffeId spiffeId = trustDomain.newSpiffeId("host");
Date expiration = new Date(System.currentTimeMillis() + 3600000);
Set<String> audience = Collections.singleton("audience");
Set<String> audience = new HashSet<String>() {{add("audience1"); add("audience2");}};
JWTClaimsSet claims = TestUtils.buildJWTClaimSet(audience, spiffeId.toString(), expiration);
@ -120,7 +121,7 @@ class JwtSvidParseAndValidateTest {
Arguments.of(TestCase.builder()
.name("1. success using EC signature")
.jwtBundle(jwtBundle)
.expectedAudience(audience)
.expectedAudience(Collections.singleton("audience1"))
.generateToken(() -> TestUtils.generateToken(claims, key1, "authority1"))
.expectedException(null)
.expectedJwtSvid(newJwtSvidInstance(
@ -151,7 +152,7 @@ class JwtSvidParseAndValidateTest {
Arguments.of(TestCase.builder()
.name("4. unsupported algorithm")
.jwtBundle(jwtBundle)
.expectedAudience(audience)
.expectedAudience(Collections.singleton("audience"))
.generateToken(() -> HS256TOKEN)
.expectedException(new JwtSvidException("Unsupported token signature algorithm HS256"))
.build()),
@ -181,7 +182,7 @@ class JwtSvidParseAndValidateTest {
.jwtBundle(jwtBundle)
.expectedAudience(Collections.singleton("another"))
.generateToken(() -> TestUtils.generateToken(claims, key1, "authority1"))
.expectedException(new JwtSvidException("expected audience in [another] (audience=[audience])"))
.expectedException(new JwtSvidException("expected audience in [another] (audience=[audience2, audience1])"))
.build()),
Arguments.of(TestCase.builder()
.name("9. invalid subject claim")

4
java-spiffe-helper/README.md
View File

@ -10,11 +10,11 @@ The Helper automatically gets the SVID updates and stores them in the KeyStore a
On Linux:
`java -jar java-spiffe-helper-0.6.0-linux-x86_64.jar -c helper.conf`
`java -jar java-spiffe-helper-0.6.1-linux-x86_64.jar -c helper.conf`
On Mac OS:
`java -jar java-spiffe-helper-0.6.0-osx-x86_64.jar -c helper.conf`
`java -jar java-spiffe-helper-0.6.1-osx-x86_64.jar -c helper.conf`
(The jar can be found in `build/libs`, after running the gradle build)