Restrict supported Web eID token formats by aarmam · Pull Request #125 · web-eid/web-eid-authtoken-validation-java · GitHub
Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,13 @@
import java.util.Arrays;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;

Check warning on line 57 in src/main/java/eu/webeid/security/validator/versionvalidators/AuthTokenVersion11Validator.java

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Remove this unused import 'java.util.regex.Pattern'.

See more on https://sonarcloud.io/project/issues?id=web-eid_web-eid-authtoken-validation-java&issues=AZ8n59vqGWPymC-mZ1MG&open=AZ8n59vqGWPymC-mZ1MG&pullRequest=125

import static eu.webeid.security.util.Strings.isNullOrEmpty;

class AuthTokenVersion11Validator extends AuthTokenVersion1Validator implements AuthTokenVersionValidator {

private static final Pattern V11_SUPPORTED_TOKEN_FORMAT_PATTERN = Pattern.compile("^web-eid:1\\.1$");
private static final String V11_SUPPORTED_TOKEN_FORMAT_PREFIX = "web-eid:1.1";
private static final Set<String> SUPPORTED_SIGNING_CRYPTO_ALGORITHMS = Set.of("ECC", "RSA");
private static final Set<String> SUPPORTED_SIGNING_PADDING_SCHEMES = Set.of("NONE", "PKCS1.5", "PSS");
private static final Set<String> SUPPORTED_SIGNING_HASH_FUNCTIONS = Set.of(
Expand Down Expand Up @@ -95,8 +95,8 @@
}

@Override
protected Pattern getSupportedFormatPattern() {
return V11_SUPPORTED_TOKEN_FORMAT_PATTERN;
public boolean supports(String format) {
return V11_SUPPORTED_TOKEN_FORMAT_PREFIX.equals(format);
}

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,11 @@
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.regex.Pattern;

Check warning on line 39 in src/main/java/eu/webeid/security/validator/versionvalidators/AuthTokenVersion1Validator.java

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Remove this unused import 'java.util.regex.Pattern'.

See more on https://sonarcloud.io/project/issues?id=web-eid_web-eid-authtoken-validation-java&issues=AZ8n59s0GWPymC-mZ1MF&open=AZ8n59s0GWPymC-mZ1MF&pullRequest=125

class AuthTokenVersion1Validator implements AuthTokenVersionValidator {

private static final String V1_SUPPORTED_TOKEN_FORMAT_PREFIX = "web-eid:1";
private static final Pattern V1_SUPPORTED_TOKEN_FORMAT_PATTERN = Pattern.compile("^web-eid:1(?:\\.\\d+)?$");
private final SubjectCertificateValidatorBatch simpleSubjectCertificateValidators;
private final Set<TrustAnchor> trustedCACertificateAnchors;
private final CertStore trustedCACertificateCertStore;
Expand Down Expand Up @@ -70,11 +69,8 @@

@Override
public boolean supports(String format) {
return format != null && getSupportedFormatPattern().matcher(format).matches();
}

protected Pattern getSupportedFormatPattern() {
return V1_SUPPORTED_TOKEN_FORMAT_PATTERN;
return V1_SUPPORTED_TOKEN_FORMAT_PREFIX.equals(format)
|| "web-eid:1.0".equals(format);
}

@Override
Expand Down
Loading