Dependencies updates & jjwt update

plume-admin-dependencies/pom.xml

@@ -14,11 +14,11 @@
 	<description>Gather versions of various libraries used by Plume Admin</description>
 
 	<properties>
-		<jjwt.version>0.11.5</jjwt.version>
+		<jjwt.version>0.12.6</jjwt.version>
 		<jbcrypt.version>0.4.3</jbcrypt.version>
-		<okhttp.version>4.10.0</okhttp.version>
+		<okhttp.version>4.12.0</okhttp.version>
 
-		<plume-framework.version>4.1.0</plume-framework.version>
+		<plume-framework.version>4.2.4-SNAPSHOT</plume-framework.version>
 	</properties>
 
 	<dependencyManagement>

plume-admin-security/src/main/java/com/coreoz/plume/admin/websession/JwtSessionSigner.java

@@ -1,64 +1,54 @@
 package com.coreoz.plume.admin.websession;
 
-import java.security.Key;
-import java.util.Date;
-import java.util.Map;
-
-import javax.crypto.spec.SecretKeySpec;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import com.coreoz.plume.services.time.TimeProvider;
 import com.fasterxml.jackson.databind.ObjectMapper;
-
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.JwtBuilder;
 import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.SecretKey;
+import java.util.Date;
+import java.util.Map;
 
 /**
  * A generic class to help serialialize/deserialialize objets from/to JWT.
  * Note that to use this class, you must have <code>plume-services</code> in your classpath.
  */
 public class JwtSessionSigner implements WebSessionSigner {
-
 	private static final Logger logger = LoggerFactory.getLogger(JwtSessionSigner.class);
 
-	private final Key signingKey;
-	private final SignatureAlgorithm signatureAlgorithm;
+	private final SecretKey signingKey;
 
 	private final ObjectMapper objectMapper;
 
 	private final JwtParser jwtParser;
 
 	public JwtSessionSigner(String jwtSecret,
 			ObjectMapper objectMapper, TimeProvider timeProvider) {
-		this.signatureAlgorithm = SignatureAlgorithm.HS384;
-		this.signingKey = new SecretKeySpec(
-			jwtSecret.getBytes(),
-			signatureAlgorithm.getJcaName()
-		);
+        this.signingKey = Keys.hmacShaKeyFor(jwtSecret.getBytes());
 		this.objectMapper = objectMapper;
 		this.jwtParser = Jwts
-			.parserBuilder()
-			.setSigningKey(signingKey)
-			.setClock(() -> new Date(timeProvider.currentTime()))
+			.parser()
+			.verifyWith(signingKey)
+			.clock(() -> new Date(timeProvider.currentTime()))
 			.build();
 	}
 
 	/**
-	 * Returns an instance of {@link #T} if the session could be read and is fully valid
+	 * Returns an instance of <code>T</code> if the session could be read and is fully valid
 	 * or null otherwise.
 	 */
 	@Override
-	public <T> T parseSession(String webSesionSerialized, Class<T> sessionClass) {
+	public <T> T parseSession(String webSessionSerialized, Class<T> sessionClass) {
 		try {
 			Claims sessionAsMap = jwtParser
-				.parseClaimsJws(webSesionSerialized)
-				.getBody();
+				.parseSignedClaims(webSessionSerialized)
+				.getPayload();
 			return objectMapper.convertValue(sessionAsMap, sessionClass);
 		} catch (ExpiredJwtException e) {
 			logger.warn(e.getMessage());
@@ -76,14 +66,13 @@ public <T> T parseSession(String webSesionSerialized, Class<T> sessionClass) {
 	public String serializeSession(Object sessionInformation, Long expirationTime) {
 		JwtBuilder jwtBuilder = Jwts
 			.builder()
-			.signWith(signingKey, signatureAlgorithm)
-			.setClaims(objectMapper.convertValue(sessionInformation, Map.class));
+			.signWith(signingKey)
+			.claims(objectMapper.convertValue(sessionInformation, Map.class));
 
 		if(expirationTime != null) {
-			jwtBuilder.setExpiration(new Date(expirationTime));
+			jwtBuilder.expiration(new Date(expirationTime));
 		}
 
 		return jwtBuilder.compact();
 	}
-
 }