No sign

BappManifest.bmf

@@ -2,12 +2,12 @@ Uuid: 26aaa5ded2f74beea19e2ed8345a93dd
 ExtensionType: 1
 Name: JWT Editor
 RepoName: jwt-editor
-ScreenVersion: 2.1.1
+ScreenVersion: 2.2
 SerialVersion: 6
 MinPlatformVersion: 8
 ProOnly: False
 Author: Fraser Winterborn and Dolph Flynn.
 ShortDescription: Edit, sign, verify, encrypt and decrypt JSON Web Tokens (JWTs).
-EntryPoint: build/libs/jwt-editor-2.1.1.jar
+EntryPoint: build/libs/jwt-editor-2.2.jar
 BuildCommand: ./gradlew jar
 SupportedProducts: Pro, Community

README.md

@@ -152,7 +152,7 @@ This option is automatically enabled if it is detected that the original JWT did
 *JWT Editor* can be built from source.
 * Ensure that Java JDK 17 or newer is installed
 * From root of project, run the command `./gradlew jar`
-* This should place the JAR file `jwt-editor-2.1.1.jar` within the `build/libs` directory
+* This should place the JAR file `jwt-editor-2.2.jar` within the `build/libs` directory
 * This can be loaded into Burp Suite by navigating to the `Extensions` tab, `Installed` sub-tab, clicking `Add` and loading the JAR file
 * This BApp is using the newer Montoya API so it's best to use the latest version of Burp Suite (try the earlier adopter channel if there are issues with the latest stable release)
 

build.gradle

@@ -3,7 +3,7 @@ plugins {
 }
 
 group = 'com.blackberry'
-version = '2.1.1'
+version = '2.2'
 description = 'jwt-editor'
 
 repositories {

src/main/java/burp/intruder/IntruderConfig.java

@@ -19,7 +19,6 @@
 package burp.intruder;
 
 import static burp.intruder.FuzzLocation.PAYLOAD;
-import static com.blackberry.jwteditor.utils.Constants.INTRUDER_NO_SIGNING_KEY_ID_LABEL;
 import static org.apache.commons.lang3.StringUtils.isNotEmpty;
 
 public class IntruderConfig {
@@ -67,6 +66,6 @@ public void setResign(boolean resign) {
     }
 
     private boolean isSigningKeyIdValid() {
-        return !INTRUDER_NO_SIGNING_KEY_ID_LABEL.equals(signingKeyId) && isNotEmpty(signingKeyId);
+        return isNotEmpty(signingKeyId);
     }
 }

src/main/java/burp/intruder/JWSPayloadProcessor.java

@@ -18,7 +18,7 @@
 
 import static burp.intruder.FuzzLocation.PAYLOAD;
 import static com.blackberry.jwteditor.model.jose.JOSEObjectFinder.parseJOSEObject;
-import static com.blackberry.jwteditor.utils.Constants.INTRUDER_NO_SIGNING_KEY_ID_LABEL;
+import static org.apache.commons.lang3.StringUtils.isNotEmpty;
 
 public class JWSPayloadProcessor implements PayloadProcessor {
     private final Logging logging;
@@ -63,8 +63,7 @@ public PayloadProcessingResult processPayload(PayloadData payloadData) {
     private Optional<Key> loadKey() {
         String keyId = intruderConfig.signingKeyId();
 
-        // only try to load key if the input value is non-empty
-        if (keyId == INTRUDER_NO_SIGNING_KEY_ID_LABEL || keyId == null || keyId.trim().isEmpty()) {
+        if (isNotEmpty(keyId)) {
             return Optional.empty();
         }
 

src/main/java/com/blackberry/jwteditor/view/config/ConfigView.form

@@ -3,7 +3,7 @@
   <grid id="cbd77" binding="mainPanel" layout-manager="GridLayoutManager" row-count="7" column-count="1" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
     <margin top="10" left="10" bottom="10" right="10"/>
     <constraints>
-      <xy x="48" y="54" width="947" height="758"/>
+      <xy x="48" y="54" width="947" height="945"/>
     </constraints>
     <properties/>
     <border type="none"/>
@@ -173,7 +173,7 @@
               <text value="Intruder"/>
             </properties>
           </component>
-          <grid id="23fd" layout-manager="GridLayoutManager" row-count="3" column-count="3" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
+          <grid id="23fd" layout-manager="GridLayoutManager" row-count="4" column-count="3" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
             <margin top="0" left="0" bottom="0" right="0"/>
             <constraints>
               <grid row="2" column="0" row-span="3" col-span="2" vsize-policy="3" hsize-policy="3" anchor="9" fill="0" indent="0" use-parent-layout="false"/>
@@ -214,10 +214,9 @@
                 </constraints>
                 <properties/>
               </component>
-
               <component id="f80c6" class="javax.swing.JLabel">
                 <constraints>
-                  <grid row="2" column="1" row-span="1" col-span="1" vsize-policy="0" hsize-policy="0" anchor="8" fill="0" indent="0" use-parent-layout="false"/>
+                  <grid row="3" column="1" row-span="1" col-span="1" vsize-policy="0" hsize-policy="0" anchor="8" fill="0" indent="0" use-parent-layout="false"/>
                 </constraints>
                 <properties>
                   <horizontalTextPosition value="2"/>
@@ -226,11 +225,10 @@
               </component>
               <component id="1892c" class="javax.swing.JComboBox" binding="comboBoxIntruderSigningKeyId">
                 <constraints>
-                  <grid row="2" column="2" row-span="1" col-span="1" vsize-policy="0" hsize-policy="2" anchor="8" fill="1" indent="0" use-parent-layout="false"/>
+                  <grid row="3" column="2" row-span="1" col-span="1" vsize-policy="0" hsize-policy="2" anchor="8" fill="1" indent="0" use-parent-layout="false"/>
                 </constraints>
                 <properties/>
               </component>
-
               <component id="cd314" class="javax.swing.JLabel" binding="spacerLabel">
                 <constraints>
                   <grid row="0" column="0" row-span="1" col-span="1" vsize-policy="0" hsize-policy="0" anchor="8" fill="0" indent="0" use-parent-layout="false"/>
@@ -239,6 +237,23 @@
                   <text value="    "/>
                 </properties>
               </component>
+              <component id="95dba" class="javax.swing.JLabel">
+                <constraints>
+                  <grid row="2" column="1" row-span="1" col-span="1" vsize-policy="0" hsize-policy="0" anchor="8" fill="0" indent="0" use-parent-layout="false"/>
+                </constraints>
+                <properties>
+                  <text value="Resign:"/>
+                </properties>
+              </component>
+              <component id="4c059" class="javax.swing.JCheckBox" binding="resignIntruderJWS">
+                <constraints>
+                  <grid row="2" column="2" row-span="1" col-span="1" vsize-policy="0" hsize-policy="3" anchor="8" fill="0" indent="0" use-parent-layout="false"/>
+                </constraints>
+                <properties>
+                  <enabled value="true"/>
+                  <text value=""/>
+                </properties>
+              </component>
             </children>
           </grid>
           <grid id="5df6b" layout-manager="GridLayoutManager" row-count="1" column-count="1" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">

src/main/java/com/blackberry/jwteditor/view/config/ConfigView.java

@@ -18,35 +18,29 @@
 
 package com.blackberry.jwteditor.view.config;
 
-import burp.api.montoya.logging.Logging;
 import burp.api.montoya.ui.UserInterface;
 import burp.config.BurpConfig;
 import burp.intruder.FuzzLocation;
 import burp.intruder.IntruderConfig;
 import burp.proxy.HighlightColor;
 import burp.proxy.ProxyConfig;
 import burp.scanner.ScannerConfig;
-
 import com.blackberry.jwteditor.model.keys.Key;
 import com.blackberry.jwteditor.model.keys.KeysModel;
 import com.blackberry.jwteditor.model.keys.KeysModelListener;
 import com.blackberry.jwteditor.view.utils.DocumentAdapter;
-import static com.blackberry.jwteditor.utils.Constants.INTRUDER_NO_SIGNING_KEY_ID_LABEL;
 
 import javax.swing.*;
-
-import org.apache.commons.lang3.ArrayUtils;
-
 import java.awt.*;
-import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
 
 import static java.awt.Font.BOLD;
 
 
-/**
- *  Config panel
- */
 public class ConfigView implements KeysModelListener {
+    private final IntruderConfig intruderConfig;
+
     private JPanel mainPanel;
     private JCheckBox checkBoxHighlightJWT;
     private JLabel labelHighlightColor;
@@ -63,11 +57,14 @@ public class ConfigView implements KeysModelListener {
     private JLabel scannerLabel;
     private JPanel intruderPanel;
     private JLabel spacerLabel;
+    private JCheckBox resignIntruderJWS;
     private KeysModel keysModel;
 
     public ConfigView(BurpConfig burpConfig, UserInterface userInterface, boolean isProVersion, KeysModel keysModel) {
-        ProxyConfig proxyConfig = burpConfig.proxyConfig();
         this.keysModel = keysModel;
+        this.intruderConfig = burpConfig.intruderConfig();
+
+        ProxyConfig proxyConfig = burpConfig.proxyConfig();
         keysModel.addKeyModelListener(this);
 
         checkBoxHighlightJWT.setSelected(proxyConfig.highlightJWT());
@@ -81,8 +78,6 @@ public ConfigView(BurpConfig burpConfig, UserInterface userInterface, boolean is
         comboBoxHighlightColor.setEnabled(proxyConfig.highlightJWT());
         comboBoxHighlightColor.addActionListener(e -> proxyConfig.setHighlightColor((HighlightColor) comboBoxHighlightColor.getSelectedItem()));
 
-        IntruderConfig intruderConfig = burpConfig.intruderConfig();
-
         intruderParameterName.setText(intruderConfig.fuzzParameter());
         intruderParameterName.getDocument().addDocumentListener(
                 new DocumentAdapter(e -> intruderConfig.setFuzzParameter(intruderParameterName.getText()))
@@ -93,8 +88,8 @@ public ConfigView(BurpConfig burpConfig, UserInterface userInterface, boolean is
         comboBoxPayloadPosition.addActionListener(e -> intruderConfig.setFuzzLocation((FuzzLocation) comboBoxPayloadPosition.getSelectedItem()));
 
         this.updateSigningKeyList();
-        comboBoxIntruderSigningKeyId.setSelectedItem(intruderConfig.signingKeyId());
         comboBoxIntruderSigningKeyId.addActionListener(e -> intruderConfig.setSigningKeyId((String) comboBoxIntruderSigningKeyId.getSelectedItem()));
+        resignIntruderJWS.addActionListener(e -> intruderConfig.setResign(resignIntruderJWS.isSelected()));
 
         ScannerConfig scannerConfig = burpConfig.scannerConfig();
 
@@ -120,18 +115,33 @@ public ConfigView(BurpConfig burpConfig, UserInterface userInterface, boolean is
     }
 
     public void updateSigningKeyList() {
-        String[] noSigningKey = {INTRUDER_NO_SIGNING_KEY_ID_LABEL};
-        String[] signingKeyIds = this.keysModel.getSigningKeys().stream().map(key -> key.getID()).toArray(String[]::new);
-        String[] items = ArrayUtils.addAll(noSigningKey, signingKeyIds);
-
-        String currentSelection = (String) comboBoxIntruderSigningKeyId.getSelectedItem();
-        boolean resetSelection = currentSelection != null && !Arrays.stream(items).anyMatch(currentSelection::equals);
-
-        comboBoxIntruderSigningKeyId.setModel(new DefaultComboBoxModel<>(items));
-        if (resetSelection) {
-            comboBoxIntruderSigningKeyId.setSelectedItem(INTRUDER_NO_SIGNING_KEY_ID_LABEL);
+        List<Key> signingKeys = keysModel.getSigningKeys();
+        String[] signingKeyIds = signingKeys.stream().map(Key::getID).toArray(String[]::new);
+        String selectedSigningId = intruderConfig.signingKeyId();
+
+        comboBoxIntruderSigningKeyId.setModel(new DefaultComboBoxModel<>(signingKeyIds));
+
+        if (signingKeys.isEmpty()) {
+            resignIntruderJWS.setSelected(false);
+            resignIntruderJWS.setEnabled(false);
+            comboBoxIntruderSigningKeyId.setEnabled(false);
+            intruderConfig.setResign(false);
+            intruderConfig.setSigningKeyId(null);
         } else {
-            comboBoxIntruderSigningKeyId.setSelectedItem(currentSelection);
+            resignIntruderJWS.setEnabled(true);
+            comboBoxIntruderSigningKeyId.setEnabled(true);
+
+            Optional<Key> selectedKey = signingKeys.stream()
+                    .filter(k -> k.getID().equals(selectedSigningId))
+                    .findFirst();
+
+            if (selectedKey.isPresent()) {
+                resignIntruderJWS.setSelected(intruderConfig.resign());
+                comboBoxIntruderSigningKeyId.setSelectedItem(selectedKey.get());
+            } else {
+                resignIntruderJWS.setSelected(false);
+                comboBoxIntruderSigningKeyId.setSelectedIndex(0);
+            }
         }
     }