Introduce JwtEncoder with JWS implementation

Closes spring-projectsgh-81

Author: jgrandja

crypto/spring-security-crypto2.gradle

@@ -0,0 +1,11 @@
+apply plugin: 'io.spring.convention.spring-module'
+
+dependencies {
+	compile project(':spring-security-core2')
+	compile 'org.springframework.security:spring-security-core'
+	compile springCoreDependency
+
+	testCompile 'junit:junit'
+	testCompile 'org.assertj:assertj-core'
+	testCompile 'org.mockito:mockito-core'
+}

crypto/src/main/java/org/springframework/security/crypto/keys/KeyManager.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.crypto.keys;
+
+import java.util.List;
+
+/**
+ *
+ * @author Joe Grandja
+ * @since 0.0.1
+ */
+public interface KeyManager {
+
+	ManagedKey findByKeyId(String keyId);
+
+	List<ManagedKey> findByAlgorithm(String algorithm);
+
+	List<ManagedKey> getKeys();
+
+}

crypto/src/main/java/org/springframework/security/crypto/keys/ManagedKey.java

@@ -0,0 +1,138 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.crypto.keys;
+
+import org.springframework.lang.Nullable;
+import org.springframework.security.core.SpringSecurityCoreVersion2;
+import org.springframework.util.Assert;
+
+import javax.crypto.SecretKey;
+import java.io.Serializable;
+import java.security.Key;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.time.Instant;
+
+/**
+ *
+ * @author Joe Grandja
+ * @since 0.0.1
+ */
+public final class ManagedKey implements Serializable {
+	private static final long serialVersionUID = SpringSecurityCoreVersion2.SERIAL_VERSION_UID;
+	private Key key;
+	private PublicKey publicKey;
+	private String keyId;
+	private Instant activatedOn;
+	private Instant deactivatedOn;
+
+	private ManagedKey() {
+	}
+
+	public boolean isSymmetric() {
+		return SecretKey.class.isAssignableFrom(this.key.getClass());
+	}
+
+	public boolean isAsymmetric() {
+		return PrivateKey.class.isAssignableFrom(this.key.getClass());
+	}
+
+	@SuppressWarnings("unchecked")
+	public <T> T getKey() {
+		return (T) this.key;
+	}
+
+	@Nullable
+	public PublicKey getPublicKey() {
+		return this.publicKey;
+	}
+
+	public String getKeyId() {
+		return this.keyId;
+	}
+
+	public Instant getActivatedOn() {
+		return this.activatedOn;
+	}
+
+	public Instant getDeactivatedOn() {
+		return this.deactivatedOn;
+	}
+
+	public boolean isActive() {
+		return getDeactivatedOn() == null;
+	}
+
+	public String getAlgorithm() {
+		return this.key.getAlgorithm();
+	}
+
+	public static Builder withSymmetricKey(SecretKey secretKey) {
+		return new Builder(secretKey);
+	}
+
+	public static Builder withAsymmetricKey(PublicKey publicKey, PrivateKey privateKey) {
+		return new Builder(publicKey, privateKey);
+	}
+
+	public static class Builder {
+		private Key key;
+		private PublicKey publicKey;
+		private String keyId;
+		private Instant activatedOn;
+		private Instant deactivatedOn;
+
+		private Builder(SecretKey secretKey) {
+			Assert.notNull(secretKey, "secretKey cannot be null");
+			this.key = secretKey;
+		}
+
+		private Builder(PublicKey publicKey, PrivateKey privateKey) {
+			Assert.notNull(publicKey, "publicKey cannot be null");
+			Assert.notNull(privateKey, "privateKey cannot be null");
+			this.key = privateKey;
+			this.publicKey = publicKey;
+		}
+
+		public Builder keyId(String keyId) {
+			this.keyId = keyId;
+			return this;
+		}
+
+		public Builder activatedOn(Instant activatedOn) {
+			this.activatedOn = activatedOn;
+			return this;
+		}
+
+		public Builder deactivatedOn(Instant deactivatedOn) {
+			this.deactivatedOn = deactivatedOn;
+			return this;
+		}
+
+		public ManagedKey build() {
+			Assert.hasText(this.keyId, "keyId cannot be empty");
+			Assert.notNull(this.activatedOn, "activatedOn cannot be null");
+
+			ManagedKey managedKey = new ManagedKey();
+			managedKey.key = this.key;
+			managedKey.publicKey = this.publicKey;
+			managedKey.keyId = this.keyId;
+			managedKey.activatedOn = this.activatedOn;
+			managedKey.deactivatedOn = this.deactivatedOn;
+			return managedKey;
+		}
+	}
+}

crypto/src/main/java/org/springframework/security/crypto/keys/StaticKeyGeneratingKeyManager.java

@@ -0,0 +1,99 @@
+/*
+ * Copyright 2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.crypto.keys;
+
+import org.springframework.util.Assert;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+/**
+ *
+ * @author Joe Grandja
+ * @since 0.0.1
+ */
+public final class StaticKeyGeneratingKeyManager implements KeyManager {
+	private final Map<String, ManagedKey> keys;
+
+	public StaticKeyGeneratingKeyManager() {
+		this.keys = Collections.unmodifiableMap(new HashMap<>(generateKeys()));
+	}
+
+	@Override
+	public ManagedKey findByKeyId(String keyId) {
+		Assert.hasText(keyId, "keyId cannot be empty");
+		return this.keys.get(keyId);
+	}
+
+	@Override
+	public List<ManagedKey> findByAlgorithm(String algorithm) {
+		Assert.hasText(algorithm, "algorithm cannot be empty");
+		return this.keys.values().stream()
+				.filter(managedKey -> managedKey.getAlgorithm().equals(algorithm))
+				.collect(Collectors.toList());
+	}
+
+	@Override
+	public List<ManagedKey> getKeys() {
+		return new ArrayList<>(this.keys.values());
+	}
+
+	private static Map<String, ManagedKey> generateKeys() {
+		return Stream.of(generateRsaKey(), generateSecretKey())
+				.collect(Collectors.toMap(ManagedKey::getKeyId, v -> v));
+	}
+
+	private static ManagedKey generateRsaKey() {
+		KeyPair keyPair;
+		try {
+			KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+			keyPairGenerator.initialize(2048);
+			keyPair = keyPairGenerator.generateKeyPair();
+		} catch (Exception ex) {
+			throw new IllegalStateException(ex);
+		}
+
+		return ManagedKey.withAsymmetricKey(keyPair.getPublic(), keyPair.getPrivate())
+				.keyId(UUID.randomUUID().toString())
+				.activatedOn(Instant.now())
+				.build();
+	}
+
+	private static ManagedKey generateSecretKey() {
+		SecretKey hmacKey;
+		try {
+			hmacKey = KeyGenerator.getInstance("HmacSha256").generateKey();
+		} catch (Exception ex) {
+			throw new IllegalStateException(ex);
+		}
+
+		return ManagedKey.withSymmetricKey(hmacKey)
+				.keyId(UUID.randomUUID().toString())
+				.activatedOn(Instant.now())
+				.build();
+	}
+}

jose/spring-security-oauth2-jose2.gradle

@@ -0,0 +1,13 @@
+apply plugin: 'io.spring.convention.spring-module'
+
+dependencies {
+	compile project(':spring-security-crypto2')
+	compile 'org.springframework.security:spring-security-oauth2-core'
+	compile 'org.springframework.security:spring-security-oauth2-jose'
+	compile springCoreDependency
+	compile 'com.nimbusds:nimbus-jose-jwt'
+
+	testCompile 'junit:junit'
+	testCompile 'org.assertj:assertj-core'
+	testCompile 'org.mockito:mockito-core'
+}