Skip to content

Commit

Permalink
Avoid using JwtBuilder's deprecated methods
Browse files Browse the repository at this point in the history
  • Loading branch information
@takezoe
takezoe committed May 4, 2024
1 parent 1998e09 commit 1501c55
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 32 deletions.
39 changes: 19 additions & 20 deletions core/trino-main/src/test/java/io/trino/server/security/TestResourceSecurity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@
import io.airlift.http.server.testing.TestingHttpServer;
import io.airlift.node.NodeInfo;
import io.airlift.security.pem.PemReader;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.JwtParser;
import io.trino.plugin.base.security.AllowAllSystemAccessControl;
Expand Down Expand Up @@ -534,9 +533,9 @@ public void testJwtWithJwkAuthenticator()

String token = newJwtBuilder()
.signWith(JWK_PRIVATE_KEY)
.setHeaderParam(JwsHeader.KEY_ID, JWK_KEY_ID)
.setSubject("test-user")
.setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant()))
.header().keyId(JWK_KEY_ID).and()
.subject("test-user")
.expiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant()))
.compact();

OkHttpClient clientWithJwt = client.newBuilder()
Expand Down Expand Up @@ -910,9 +909,9 @@ private void testJwtAndOAuth2AuthenticatorsSeparation(String authenticators)

String token = newJwtBuilder()
.signWith(JWK_PRIVATE_KEY)
.setHeaderParam(JwsHeader.KEY_ID, JWK_KEY_ID)
.setSubject("test-user")
.setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant()))
.header().keyId(JWK_KEY_ID).and()
.subject("test-user")
.expiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant()))
.compact();

OkHttpClient clientWithJwt = client.newBuilder()
Expand Down Expand Up @@ -952,9 +951,9 @@ public void testJwtWithRefreshTokensForOAuth2Enabled()

String token = newJwtBuilder()
.signWith(JWK_PRIVATE_KEY)
.setHeaderParam(JwsHeader.KEY_ID, JWK_KEY_ID)
.setSubject("test-user")
.setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant()))
.header().keyId(JWK_KEY_ID).and()
.subject("test-user")
.expiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant()))
.compact();

OkHttpClient clientWithJwt = client.newBuilder()
Expand Down Expand Up @@ -1141,15 +1140,15 @@ public String issueAccessToken(Optional<Set<String>> groups)
{
JwtBuilder accessToken = newJwtBuilder()
.signWith(JWK_PRIVATE_KEY)
.setHeaderParam(JwsHeader.KEY_ID, JWK_KEY_ID)
.setIssuer(issuer)
.setAudience(clientId)
.setExpiration(tokenExpiration);
.header().keyId(JWK_KEY_ID).and()
.issuer(issuer)
.audience().add(clientId).and()
.expiration(tokenExpiration);
if (principalField.isPresent()) {
accessToken.claim(principalField.get(), TEST_USER);
}
else {
accessToken.setSubject(TEST_USER);
accessToken.subject(TEST_USER);
}
groups.ifPresent(groupsClaim -> accessToken.claim(GROUPS_CLAIM, groupsClaim));
return accessToken.compact();
Expand All @@ -1159,15 +1158,15 @@ private String issueIdToken(Optional<String> nonceHash)
{
JwtBuilder idToken = newJwtBuilder()
.signWith(JWK_PRIVATE_KEY)
.setHeaderParam(JwsHeader.KEY_ID, JWK_KEY_ID)
.setIssuer(issuer)
.setAudience(clientId)
.setExpiration(tokenExpiration);
.header().keyId(JWK_KEY_ID).and()
.issuer(issuer)
.audience().add(clientId).and()
.expiration(tokenExpiration);
if (principalField.isPresent()) {
idToken.claim(principalField.get(), TEST_USER);
}
else {
idToken.setSubject(TEST_USER);
idToken.subject(TEST_USER);
}
nonceHash.ifPresent(nonce -> idToken.claim(NONCE, nonce));
return idToken.compact();
Expand Down
10 changes: 5 additions & 5 deletions ...in/trino-iceberg/src/main/java/io/trino/plugin/iceberg/catalog/rest/TrinoRestCatalog.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -498,11 +498,11 @@ private SessionCatalog.SessionContext convert(ConnectorSession session)
.buildOrThrow();

String subjectJwt = new DefaultJwtBuilder()
.setSubject(session.getUser())
.setIssuer(trinoVersion)
.setIssuedAt(new Date())
.addClaims(claims)
.serializeToJsonWith(new JacksonSerializer<>())
.subject(session.getUser())
.issuer(trinoVersion)
.issuedAt(new Date())
.claims(claims)
.json(new JacksonSerializer<>())
.compact();

Map<String, String> credentials = ImmutableMap.<String, String>builder()
Expand Down
13 changes: 6 additions & 7 deletions service/trino-proxy/src/main/java/io/trino/proxy/JsonWebTokenHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@
import java.util.function.Consumer;

import static com.google.common.base.Preconditions.checkState;
import static io.jsonwebtoken.JwsHeader.KEY_ID;
import static java.nio.file.Files.readAllBytes;

public class JsonWebTokenHandler
Expand Down Expand Up @@ -62,14 +61,14 @@ public String getBearerToken(String subject)
checkState(jwtSigner.isPresent(), "not configured");

JwtBuilder jwt = new DefaultJwtBuilder()
.serializeToJsonWith(new JacksonSerializer<>())
.setSubject(subject)
.setExpiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant()));
.json(new JacksonSerializer<>())
.subject(subject)
.expiration(Date.from(ZonedDateTime.now().plusMinutes(5).toInstant()));

jwtSigner.get().accept(jwt);
jwtKeyId.ifPresent(keyId -> jwt.setHeaderParam(KEY_ID, keyId));
jwtIssuer.ifPresent(jwt::setIssuer);
jwtAudience.ifPresent(jwt::setAudience);
jwtKeyId.ifPresent(keyId -> jwt.header().keyId(keyId));
jwtIssuer.ifPresent(jwt::issuer);
jwtAudience.ifPresent(audience -> jwt.audience().add(audience));

return jwt.compact();
}
Expand Down

0 comments on commit 1501c55

Please sign in to comment.