jjwt dependency update

Author: symphony-enrico

symphony-bdk-bom/build.gradle

@@ -55,7 +55,9 @@ dependencies {
         api 'org.apache.commons:commons-text:1.14.0'
         api 'commons-logging:commons-logging:1.3.5'
         api 'com.brsanthu:migbase64:2.2'
-        api 'io.jsonwebtoken:jjwt:0.9.1'
+        api 'io.jsonwebtoken:jjwt-api:0.13.0'
+        api 'io.jsonwebtoken:jjwt-impl:0.13.0'
+        api 'io.jsonwebtoken:jjwt-jackson:0.13.0'
         api 'org.bouncycastle:bcpkix-jdk18on:1.79'
         api 'com.google.code.findbugs:jsr305:3.0.2'
 

symphony-bdk-core/build.gradle

@@ -47,7 +47,9 @@ dependencies {
     implementation 'org.apache.commons:commons-lang3'
     implementation 'org.apache.commons:commons-text'
     implementation 'com.brsanthu:migbase64'
-    implementation 'io.jsonwebtoken:jjwt'
+    implementation 'io.jsonwebtoken:jjwt-api'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson'
     implementation 'org.bouncycastle:bcpkix-jdk18on'
     api 'com.fasterxml.jackson.core:jackson-databind'
     implementation 'io.github.resilience4j:resilience4j-retry'

symphony-bdk-core/src/main/java/com/symphony/bdk/core/auth/jwt/JwtHelper.java

@@ -9,7 +9,6 @@
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
 import org.apiguardian.api.API;
 import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
@@ -23,7 +22,6 @@
 import java.io.StringReader;
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
-import java.security.Key;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
@@ -65,7 +63,7 @@ public class JwtHelper {
 
 
   /**
-   * Creates a JWT with the provided user name and expiration date, signed with the provided private key.
+   * Creates a JWT with the provided username and expiration date, signed with the provided private key.
    *
    * @param user       the username to authenticate; will be verified by the pod
    * @param expiration of the authentication request in milliseconds; cannot be longer than the value defined on the
@@ -75,16 +73,16 @@ public class JwtHelper {
    *                   the public key stored for the user
    * @return a signed JWT for a specific user (or subject)
    */
-  public static String createSignedJwt(String user, long expiration, Key privateKey) {
+  public static String createSignedJwt(String user, long expiration, PrivateKey privateKey) {
     return Jwts.builder()
-        .setSubject(user)
-        .setExpiration(new Date(System.currentTimeMillis() + expiration))
-        .signWith(SignatureAlgorithm.RS512, privateKey)
+        .subject(user)
+        .expiration(new Date(System.currentTimeMillis() + expiration))
+        .signWith(privateKey, Jwts.SIG.RS512)
         .compact();
   }
 
   /**
-   * Creates a RSA Private Key from a PEM String. It supports PKCS#1 and PKCS#8 string formats.
+   * Creates an RSA Private Key from a PEM String. It supports PKCS#1 and PKCS#8 string formats.
    *
    * @param pemPrivateKey RSA Private Key content
    * @return a {@link PrivateKey} instance
@@ -110,18 +108,21 @@ else if (pemPrivateKey.contains(PEM_RSA_PRIVATE_START)) {
   /**
    * Validates a jwt against a certificate.
    *
-   * @param jwt
+   * @param jwt string of the jwt to be validated
    * @param certificate string of the X.509 certificate content in pem format.
-   * @return the content of jwt clain "user" if jwt is successfully validated.
+   * @return the content of jwt claim "user" if jwt is successfully validated.
    * @throws AuthInitializationException if certificate or jwt are invalid.
    */
   public static UserClaim validateJwt(String jwt, String certificate) throws AuthInitializationException {
     final Certificate x509Certificate = parseX509Certificate(certificate);
 
     try {
-      final Claims body = Jwts.parser().setSigningKey(x509Certificate.getPublicKey())
-        .parseClaimsJws(jwt).getBody();
-      return mapper.convertValue(body.get("user"), UserClaim.class);
+      final Claims claims = Jwts.parser()
+          .verifyWith(x509Certificate.getPublicKey())
+          .build()
+          .parseSignedClaims(jwt)
+          .getPayload();
+      return mapper.convertValue(claims.get("user"), UserClaim.class);
     } catch (JwtException e) {
       throw new AuthInitializationException("Unable to validate JWT", e);
     }

symphony-bdk-http/symphony-bdk-http-jersey2/build.gradle

@@ -16,7 +16,9 @@ dependencies {
 
     implementation 'org.slf4j:slf4j-api'
     implementation 'org.apiguardian:apiguardian-api'
-    implementation 'io.jsonwebtoken:jjwt'
+    implementation 'io.jsonwebtoken:jjwt-api'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson'
     implementation 'org.bouncycastle:bcpkix-jdk18on'
     implementation 'commons-io:commons-io'
     implementation 'org.apache.commons:commons-lang3'
@@ -42,4 +44,3 @@ dependencies {
     testImplementation 'org.mockito:mockito-junit-jupiter'
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }
-