Skip to content

feat: Support ES256/ES384/ES512 JWT signature algorithms#1995

Open
NiklasHerrmann21 wants to merge 1 commit into
feature/jwt-rsa-algorithmsfrom
feature/jwt-ec-algorithms
Open

feat: Support ES256/ES384/ES512 JWT signature algorithms#1995
NiklasHerrmann21 wants to merge 1 commit into
feature/jwt-rsa-algorithmsfrom
feature/jwt-ec-algorithms

Conversation

@NiklasHerrmann21

Copy link
Copy Markdown
Contributor

Summary

  • Adds ECDSA support (ES256/ES384/ES512) to JwtSignatureValidator, completing the RFC 7518 §3.1 algorithm set on top of the RS*/PS* families added in #. Builds on feature/jwt-rsa-algorithms.
  • Uses the JCA name SHA*withECDSAinP1363Format so the raw R||S signature format mandated by RFC 7518 §3.4 is accepted directly, without DER transcoding.
  • Constructs EC public keys from JWK crv/x/y with strict validation: the curve must match the algorithm and each coordinate must have the exact octet length per RFC 7518 §6.2.1.
  • JwtSignatureAlgorithm.fromType(\"EC\") deliberately returns null — unlike RSA, EC keys are curve-bound and no safe default exists when a JWK omits its alg field.

Implementation notes

  • JWK curve names P-256/P-384/P-521 are mapped to the NIST names secp256r1/secp384r1/secp521r1 before being passed to AlgorithmParameters.init(ECGenParameterSpec). SunEC accepts only the NIST names for the larger two curves; without this mapping ES384/ES512 would fail at runtime on the reference JCA provider.
  • The PEM-encoded-key path in JsonWebKeyImpl is unchanged; EC support is implemented via a new createECPublicKey branch using ECPublicKeySpec.
  • JsonWebKeyImpl constructor is overloaded — the existing 5-arg signature is preserved for backwards compatibility, EC fields go through a new 8-arg overload that only JsonWebKeySetFactory calls.

Test plan

  • JwtSignatureAlgorithmTest (existing, now parametrized over all 9 algorithms) — happy path + tamper rejection in isolation.
  • New SapIdJwtSignatureValidatorAlgorithmsTest — end-to-end through the real SapIdJwtSignatureValidator with mocked transport: generates a fresh key pair per algorithm, builds a synthetic JWKS, signs a token, validates it. 9 × happy + 9 × tamper.
  • JsonWebKeySetFactoryTest extended with PS256, ES256/384/512 parsing, plus EC curve-mismatch and coordinate-length-mismatch error cases.
  • All keys/tokens are generated at test time — no real tenant material in the repo.
  • mvn -pl java-security test → 370 tests, 0 failures, 2 pre-existing @Disabled skipped.

Adds ECDSA support to the JWT signature validator alongside the existing
RS*/PS* families. The JCA name SHA*withECDSAinP1363Format is used so the
raw R||S signature format mandated by RFC 7518 §3.4 is accepted directly,
without DER transcoding.

JsonWebKeyImpl now constructs EC public keys from JWK crv/x/y parameters
with strict validation: the curve must match the algorithm and each
coordinate must have the exact octet length per RFC 7518 §6.2.1. The
JWK curve names P-256/P-384/P-521 are mapped to the NIST names that
SunEC's AlgorithmParameters accepts for all three curves.

JwtSignatureAlgorithm.fromType("EC") deliberately returns null — unlike
RSA, EC keys are curve-bound and no safe default exists when a JWK omits
its alg field.

Adds end-to-end coverage in SapIdJwtSignatureValidatorAlgorithmsTest that
generates a fresh key pair per algorithm, builds a synthetic JWKS, signs
a token, and routes it through the real validator with mocked transport.
Extends JsonWebKeySetFactoryTest with PS256, ES256/384/512, and EC
curve/length mismatch cases.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant