ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5659/java/how-to-fix-it/nimbus.adoc
Hendrik Buchwald 11918dbf3c Add nimbus sample
2024-06-06 15:20:11 +02:00

64 lines
1.3 KiB
Plaintext
Raw Blame History

== How to fix it in Nimbus
=== Code examples
include::../../common/fix/code-rationale.adoc[]
==== Noncompliant code example
[source,java,diff-id=21,diff-type=noncompliant]
----
import com.nimbusds.jwt.PlainJWT;
public void encode(JWTClaimsSet claimsSet) {
PlainJWT jwt = new PlainJWT(claimsSet); // Noncompliant
}
----
[source,java,diff-id=22,diff-type=noncompliant]
----
import com.nimbusds.jwt.PlainJWT;
public void decode(String jwtString) {
PlainJWT jwt = PlainJWT.parse(jwtString); // Noncompliant
}
----
==== Compliant solution
[source,java,diff-id=21,diff-type=compliant]
----
import com.nimbusds.jwt.SignedJWT;
public void encode(JWTClaimsSet claimsSet) {
SignedJWT jwt = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
jwt.sign(new MACSigner(sharedSecret));
}
----
[source,java,diff-id=22,diff-type=compliant]
----
import com.nimbusds.jwt.SignedJWT;
public void decode(String jwtString) {
SignedJWT jwt = SignedJWT.parse(jwtString);
if (!jwt.verify(new MACVerifier(sharedSecret))) {
throw new JOSEException("JWT signature does not match");
}
}
----
=== How does this work?
include::../../common/fix/encode.adoc[]
include::../../common/fix/decode.adoc[]
=== Going the extra mile
include::../../common/extra-mile/key-storage.adoc[]
include::../../common/extra-mile/key-rotation.adoc[]
Reference in New Issue View Git Blame Copy Permalink