Support RS256 and HS256 algorithm aliases
Older versions of CF/XSA UAA used the identifiers
SHA256withRSA or HMACSHA256 to specify the algorithm
used to sign OAuth 2 access tokens they issued.
Newer CF/XSA UAA versions, however, prefer the following
identifiers:
RS256 (common alias for SHA256withRSA)
HS256 (common alias for HMACSHA256)
Most other implementations of JSON web tokens (e.g. OpenId)
also prefer these aliases over the more specific identifiers.
Consequently, the cfoauth plugin should support them, too.
Change-Id: Ib1786552e08be8583c5360243acd215e7193abdd
Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>
diff --git a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java
index b800265..fb67075 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/cfoauth/UAAClient.java
@@ -378,10 +378,10 @@
throw new UAAClientException(
"GET /uaa/token_key failed: missing \"alg\" attribute");
}
- if ("HMACSHA256".equals(alg)) {
+ if ("HS256".equals(alg) || "HMACSHA256".equals(alg)) {
return new HMACSHA256SignatureVerifier(
getAttribute(content, VALUE_ATTRIBUTE));
- } else if ("SHA256withRSA".equals(alg)) {
+ } else if ("RS256".equals(alg) || "SHA256withRSA".equals(alg)) {
return new SHA265WithRSASignatureVerifier(
getAttribute(content, MODULUS_ATTRIBUTE),
getAttribute(content, PUBLIC_EXPONENT_ATTRIBUTE));
