001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2013-2015 ForgeRock AS.
015 */
016
017package org.forgerock.json.jose.utils;
018
019import java.io.IOException;
020import java.nio.charset.Charset;
021import java.util.LinkedHashMap;
022import java.util.Map;
023
024import org.forgerock.json.jose.exceptions.InvalidJwtException;
025import org.forgerock.util.encode.Base64url;
026
027import com.fasterxml.jackson.core.JsonParser;
028import com.fasterxml.jackson.databind.ObjectMapper;
029
030/**
031 * This class provides utility methods to share common behaviour.
032 *
033 * @since 2.0.0
034 */
035public final class Utils {
036
037    /**
038     * Cached JSON object mapper for parsing tokens.
039     */
040    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper()
041        .configure(JsonParser.Feature.STRICT_DUPLICATE_DETECTION, true);
042
043    /**
044     * UTF-8 Charset.
045     */
046    public static final Charset CHARSET = Charset.forName("UTF-8");
047
048    /**
049     * Private constructor.
050     */
051    private Utils() {
052    }
053
054    /**
055     * Base64url encodes the given String, converting the String to UTF-8 bytes.
056     *
057     * @param s The String to encoded.
058     * @return A Base64url encoded UTF-8 String.
059     */
060    public static String base64urlEncode(String s) {
061        return Base64url.encode(s.getBytes(CHARSET));
062    }
063
064    /**
065     * Base64url decodes the given String and converts the decoded bytes into a UTF-8 String.
066     *
067     * @param s The Base64url encoded String to decode.
068     * @return The UTF-8 decoded String.
069     */
070    public static String base64urlDecode(String s) {
071        return new String(Base64url.decode(s), CHARSET);
072    }
073
074    /**
075     * Compares two byte arrays for equality, in a constant time.
076     * <p>
077     * If the two byte arrays don't match the method will not return until the whole byte array has been checked.
078     * This prevents timing attacks.
079     * Unless the two arrays are not off equal length, and in this case the method will return immediately.
080     *
081     * @param a One of the byte arrays to compare.
082     * @param b The other byte array to compare.
083     *
084     * @return <code>true</code> if the arrays are equal, <code>false</code> otherwise.
085     */
086    public static boolean constantEquals(byte[] a, byte[] b) {
087        if (a.length != b.length) {
088            return false;
089        }
090
091        boolean result = true;
092        for (int i = 0; i < a.length; i++) {
093            result &= a[i] == b[i];
094        }
095        return result;
096    }
097
098    /**
099     * Parses the given JSON string into a NoDuplicatesMap.
100     * <p>
101     * The JWT specification details that any JWT with duplicate header parameters or claims MUST be rejected so
102     * a Map implementation is used to parse the JSON which will throw an exception if an entry with the same key
103     * is added to the map more than once.
104     *
105     * @param json The JSON string to parse.
106     * @return A Map of the JSON properties.
107     */
108    @SuppressWarnings("unchecked")
109    public static Map<String, Object> parseJson(String json) {
110        try {
111            return OBJECT_MAPPER.readValue(json, LinkedHashMap.class);
112        } catch (IOException e) {
113            throw new InvalidJwtException("Failed to parse json: " + e.getMessage(), e);
114        }
115    }
116}