From 180f1dd03e73a8a02acb91f119dad7fb485a167b Mon Sep 17 00:00:00 2001 From: Chris Eager Date: Thu, 1 Aug 2024 14:51:58 -0500 Subject: [PATCH] Update com.auth0:java-jwt to 4.4.0 --- api/pom.xml | 2 +- api/src/main/java/com/messagebird/RequestValidator.java | 6 ++++-- .../test/java/com/messagebird/RequestValidatorTest.java | 9 ++++----- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/api/pom.xml b/api/pom.xml index c6bc186b..a4d2e90a 100644 --- a/api/pom.xml +++ b/api/pom.xml @@ -90,7 +90,7 @@ com.auth0 java-jwt - 3.17.0 + 4.4.0 org.apache.maven diff --git a/api/src/main/java/com/messagebird/RequestValidator.java b/api/src/main/java/com/messagebird/RequestValidator.java index f2a4613b..24ae6343 100644 --- a/api/src/main/java/com/messagebird/RequestValidator.java +++ b/api/src/main/java/com/messagebird/RequestValidator.java @@ -5,13 +5,14 @@ import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.exceptions.JWTVerificationException; import com.auth0.jwt.exceptions.SignatureVerificationException; -import com.auth0.jwt.interfaces.Clock; +import com.auth0.jwt.interfaces.Claim; import com.auth0.jwt.interfaces.DecodedJWT; import com.auth0.jwt.interfaces.JWTVerifier; import com.messagebird.exceptions.RequestValidationException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.time.Clock; /** * RequestValidator validates request signature signed by MessageBird services. @@ -128,7 +129,8 @@ public DecodedJWT validateSignature(Clock clock, String signature, String url, b if (!skipURLValidation) builder.withClaim("url_hash", calculateSha256(url.getBytes())); - boolean payloadHashClaimExist = !jwt.getClaim("payload_hash").isNull(); + Claim payloadHashClaim = jwt.getClaim("payload_hash"); + boolean payloadHashClaimExist = !(payloadHashClaim.isNull() || payloadHashClaim.isMissing()); if (requestBody != null && requestBody.length > 0) { if (!payloadHashClaimExist) { throw new RequestValidationException("The Claim 'payload_hash' is not set but payload is present."); diff --git a/api/src/test/java/com/messagebird/RequestValidatorTest.java b/api/src/test/java/com/messagebird/RequestValidatorTest.java index a8d38132..23c64ef0 100644 --- a/api/src/test/java/com/messagebird/RequestValidatorTest.java +++ b/api/src/test/java/com/messagebird/RequestValidatorTest.java @@ -1,6 +1,5 @@ package com.messagebird; -import com.auth0.jwt.interfaces.Clock; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; import com.messagebird.exceptions.RequestValidationException; @@ -13,7 +12,10 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; +import java.time.Clock; +import java.time.Instant; import java.time.OffsetDateTime; +import java.time.ZoneId; import java.util.*; import java.util.stream.Collectors; @@ -64,10 +66,7 @@ public static Collection data() throws IOException { public void testWebhookSignature() throws Throwable { RequestValidator validator = new RequestValidator(testCase.secret != null ? testCase.secret : ""); - Clock clock = mock(Clock.class); - Date clockDate = spy(Date.from(OffsetDateTime.parse(testCase.timestamp).toInstant())); - when(clock.getToday()).thenReturn(clockDate); - + Clock clock = Clock.fixed(OffsetDateTime.parse(testCase.timestamp).toInstant(), ZoneId.systemDefault()); ThrowingRunnable runnable = () -> validator.validateSignature(clock, testCase.token, testCase.url, (testCase.payload == null) ? null : testCase.payload.getBytes(StandardCharsets.UTF_8));