From 09a274d7e95463f598ab12677f4c2a8cc7d03e42 Mon Sep 17 00:00:00 2001 From: luneo7 Date: Fri, 15 Nov 2024 13:21:54 -0600 Subject: [PATCH] JWT Auth micro optimization --- .../io/smallrye/jwt/SmallryeJwtUtils.java | 5 +++-- .../jwt/auth/cdi/RawClaimTypeProducer.java | 8 +++---- .../auth/principal/DefaultJWTTokenParser.java | 21 +++++++++++-------- .../auth/principal/KeyLocationResolver.java | 2 +- .../config/JWTAuthContextInfoProvider.java | 2 +- 5 files changed, 21 insertions(+), 17 deletions(-) diff --git a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/SmallryeJwtUtils.java b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/SmallryeJwtUtils.java index 71dc0276..5fe69311 100644 --- a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/SmallryeJwtUtils.java +++ b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/SmallryeJwtUtils.java @@ -67,8 +67,9 @@ public static void setContextTokenCookie(JWTAuthContextInfo contextInfo, Optiona } public static void setTokenSchemes(JWTAuthContextInfo contextInfo, String tokenSchemes) { - final List schemes = new ArrayList<>(); - for (final String s : tokenSchemes.split(",")) { + String[] splitTokenSchemes = tokenSchemes.split(","); + final List schemes = new ArrayList<>(splitTokenSchemes.length); + for (final String s : splitTokenSchemes) { schemes.add(s.trim()); } contextInfo.setTokenSchemes(schemes); diff --git a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/cdi/RawClaimTypeProducer.java b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/cdi/RawClaimTypeProducer.java index fc4f9de1..242d7219 100644 --- a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/cdi/RawClaimTypeProducer.java +++ b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/cdi/RawClaimTypeProducer.java @@ -90,7 +90,7 @@ Long getClaimAsLong(InjectionPoint ip) { JsonNumber jsonValue = (JsonNumber) value; returnValue = jsonValue.longValue(); } else { - returnValue = Long.parseLong(value.toString()); + returnValue = Long.valueOf(value.toString()); } } return returnValue; @@ -113,7 +113,7 @@ Double getClaimAsDouble(InjectionPoint ip) { JsonNumber jsonValue = (JsonNumber) value; returnValue = jsonValue.doubleValue(); } else { - returnValue = Double.parseDouble(value.toString()); + returnValue = Double.valueOf(value.toString()); } } return returnValue; @@ -135,9 +135,9 @@ Boolean getClaimAsBoolean(InjectionPoint ip) { if (value instanceof JsonValue) { final JsonValue.ValueType valueType = ((JsonValue) value).getValueType(); if (valueType.equals(JsonValue.ValueType.TRUE)) { - returnValue = true; + returnValue = Boolean.TRUE; } else if (valueType.equals(JsonValue.ValueType.FALSE)) { - returnValue = false; + returnValue = Boolean.FALSE; } } else { returnValue = Boolean.valueOf(value.toString()); diff --git a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/DefaultJWTTokenParser.java b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/DefaultJWTTokenParser.java index b09d44bd..e2124dd4 100644 --- a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/DefaultJWTTokenParser.java +++ b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/DefaultJWTTokenParser.java @@ -18,7 +18,6 @@ import static java.util.Collections.emptyList; -import java.util.LinkedHashSet; import java.util.Set; import java.util.stream.Collectors; @@ -91,19 +90,23 @@ private String decryptSignedToken(String token, JWTAuthContextInfo authContextIn } private String[] signatureAlgorithms(JWTAuthContextInfo authContextInfo) { - Set algorithms = new LinkedHashSet<>(); - for (SignatureAlgorithm keyEncAlgo : authContextInfo.getSignatureAlgorithm()) { - algorithms.add(keyEncAlgo.getAlgorithm()); + Set signatureAlgorithm = authContextInfo.getSignatureAlgorithm(); + String[] algorithms = new String[signatureAlgorithm.size()]; + int counter = 0; + for (SignatureAlgorithm keyEncAlgo : signatureAlgorithm) { + algorithms[counter++] = keyEncAlgo.getAlgorithm(); } - return algorithms.toArray(new String[] {}); + return algorithms; } private String[] encryptionAlgorithms(JWTAuthContextInfo authContextInfo) { - Set algorithms = new LinkedHashSet<>(); - for (KeyEncryptionAlgorithm keyEncAlgo : authContextInfo.getKeyEncryptionAlgorithm()) { - algorithms.add(keyEncAlgo.getAlgorithm()); + Set keyEncryptionAlgorithm = authContextInfo.getKeyEncryptionAlgorithm(); + String[] algorithms = new String[keyEncryptionAlgorithm.size()]; + int counter = 0; + for (KeyEncryptionAlgorithm keyEncAlgo : keyEncryptionAlgorithm) { + algorithms[counter++] = keyEncAlgo.getAlgorithm(); } - return algorithms.toArray(new String[] {}); + return algorithms; } private JwtContext parseClaims(String token, JWTAuthContextInfo authContextInfo, ProtectionLevel level) diff --git a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/KeyLocationResolver.java b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/KeyLocationResolver.java index f6f3ed92..cb8d3d30 100644 --- a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/KeyLocationResolver.java +++ b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/auth/principal/KeyLocationResolver.java @@ -66,7 +66,7 @@ public Key resolveKey(JsonWebSignature jws, List nestingContex if (theKey == null) { try { - if (httpsJwks != null && httpsJwks.getJsonWebKeys() != null && jws != null + if (httpsJwks != null && jws != null && httpsJwks.getJsonWebKeys() != null && jws.getKeyIdHeaderValue() != null) { throw PrincipalMessages.msg.unmatchedTokenKidException(); } diff --git a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/config/JWTAuthContextInfoProvider.java b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/config/JWTAuthContextInfoProvider.java index dd2482c4..4f62d2b5 100644 --- a/implementation/jwt-auth/src/main/java/io/smallrye/jwt/config/JWTAuthContextInfoProvider.java +++ b/implementation/jwt-auth/src/main/java/io/smallrye/jwt/config/JWTAuthContextInfoProvider.java @@ -839,7 +839,7 @@ Optional getOptionalContextInfo() { Set resolvedAlgorithm = mpJwtPublicKeyAlgorithm; if (signatureAlgorithm.isPresent()) { if (signatureAlgorithm.get().getAlgorithm().startsWith("HS")) { - if (!NONE.equals(resolvedVerifyKeyLocation) && resolvedVerifyKeyLocation == mpJwtLocation) { + if (verificationKeyLocationSet && resolvedVerifyKeyLocation == mpJwtLocation) { throw ConfigMessages.msg.hmacNotSupported(); } } else {