Fix IllegalArgumentException when using EdDSA signature algorithm

This fixes `java.lang.IllegalArgumentException: No enum constant io.smallrye.jwt.algorithm.SignatureAlgorithm.EdDSA` when `EDDSA` is set through `smallrye.jwt.new-token.signature-algorithm` property, or when it is set with `JwtClaimsBuilderImpl`. Currently, `JwtSignatureImpl.getConfiguredSignatureAlgorithm()` returns algorithm name as a String from `SignatureAlgorithm.algorithmName` field, in case of it being loaded from a configuration file. If the algorithm was set through `JwtClaimsBuilderImpl`, the value is returned as-is from the header, which means `EdDSA`, because this is how `JwtClaimsBuilderImpl` puts the value there. This name is then used to get appropriate `SignatureAlgorithm` enum variant in `JwtSignatureImpl.getSigningKeyFromKeyContent(String)`, but without using `toUpperCase()` on the name, causing exception when `EdDSA` is used. The fix adds `toUpperCase()` call on algorithm name before passing it to `SignatureAlgorithm.valueOf(String)`.
smallrye · May 31, 2024 · 4841482 · 4841482
1 parent 7807b3f
commit 4841482
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/implementation/common/src/main/java/io/smallrye/jwt/algorithm/SignatureAlgorithm.java b/implementation/common/src/main/java/io/smallrye/jwt/algorithm/SignatureAlgorithm.java
@@ -1,5 +1,7 @@
 package io.smallrye.jwt.algorithm;
 
+import java.util.StringJoiner;
+
 /**
  * JWT JSON Web Signature Algorithms.
  *
@@ -31,6 +33,19 @@ public String getAlgorithm() {
     }
 
     public static SignatureAlgorithm fromAlgorithm(String algorithmName) {
-        return SignatureAlgorithm.valueOf(algorithmName);
+        try {
+            return SignatureAlgorithm.valueOf(algorithmName.toUpperCase());
+        } catch (Exception e) {
+            throw new IllegalArgumentException(
+                    "Invalid signature algorithm name: " + algorithmName + ", expected one of: " + getValidNames(), e);
+        }
+    }
+
+    private static String getValidNames() {
+        var names = new StringJoiner(", ");
+        for (var alg : values()) {
+            names.add(alg.getAlgorithm());
+        }
+        return names.toString();
     }
 }
diff --git a/implementation/jwt-build/src/main/java/io/smallrye/jwt/build/impl/JwtSignatureImpl.java b/implementation/jwt-build/src/main/java/io/smallrye/jwt/build/impl/JwtSignatureImpl.java
@@ -200,7 +200,7 @@ private String getConfiguredSignatureAlgorithm() {
             try {
                 alg = JwtBuildUtils.getConfigProperty(JwtBuildUtils.NEW_TOKEN_SIGNATURE_ALG_PROPERTY, String.class);
                 if (alg != null) {
-                    alg = SignatureAlgorithm.valueOf(alg.toUpperCase()).getAlgorithm();
+                    alg = SignatureAlgorithm.fromAlgorithm(alg).getAlgorithm();
                     headers.put(HeaderParameterNames.ALGORITHM, alg);
                 }
             } catch (Exception ex) {