From 33eae1aac45f3b687d1513a2b22b880c01b3e9f2 Mon Sep 17 00:00:00 2001 From: Dolph Flynn <96876199+DolphFlynn@users.noreply.github.com> Date: Sat, 9 Mar 2024 17:33:29 +0000 Subject: [PATCH] Select first signing key and first algorithm if signing keys present, but none selected to prevent view and model getting out of sync. --- .../java/burp/intruder/IntruderConfig.java | 9 +- .../view/config/IntruderConfigModel.java | 14 ++- .../java/burp/config/IntruderConfigTest.java | 90 ------------------- .../IntruderConfigModelFromJsonTest.java | 37 ++++++++ 4 files changed, 48 insertions(+), 102 deletions(-) delete mode 100644 src/test/java/burp/config/IntruderConfigTest.java create mode 100644 src/test/java/com/blackberry/jwteditor/view/config/IntruderConfigModelFromJsonTest.java diff --git a/src/main/java/burp/intruder/IntruderConfig.java b/src/main/java/burp/intruder/IntruderConfig.java index 83c75ce..c0d25e0 100644 --- a/src/main/java/burp/intruder/IntruderConfig.java +++ b/src/main/java/burp/intruder/IntruderConfig.java @@ -21,7 +21,6 @@ import com.nimbusds.jose.JWSAlgorithm; import static burp.intruder.FuzzLocation.PAYLOAD; -import static org.apache.commons.lang3.StringUtils.isNotEmpty; public class IntruderConfig { private String fuzzParameter; @@ -57,7 +56,6 @@ public String signingKeyId() { public void setSigningKeyId(String signingKeyId) { this.signingKeyId = signingKeyId; - this.resign = resign && canSign(); } public boolean resign() { @@ -65,7 +63,7 @@ public boolean resign() { } public void setResign(boolean resign) { - this.resign = resign && canSign(); + this.resign = resign; } public JWSAlgorithm signingAlgorithm() { @@ -74,10 +72,5 @@ public JWSAlgorithm signingAlgorithm() { public void setSigningAlgorithm(JWSAlgorithm signingAlgorithm) { this.signingAlgorithm = signingAlgorithm; - this.resign = resign && canSign(); - } - - private boolean canSign() { - return isNotEmpty(signingKeyId) && signingAlgorithm != null; } } diff --git a/src/main/java/com/blackberry/jwteditor/view/config/IntruderConfigModel.java b/src/main/java/com/blackberry/jwteditor/view/config/IntruderConfigModel.java index a3dd2e1..e83d020 100644 --- a/src/main/java/com/blackberry/jwteditor/view/config/IntruderConfigModel.java +++ b/src/main/java/com/blackberry/jwteditor/view/config/IntruderConfigModel.java @@ -71,7 +71,9 @@ String[] signingKeyIds() { } String signingKeyId() { - return intruderConfig.signingKeyId(); + String keyId = intruderConfig.signingKeyId(); + + return keyId == null && hasSigningKeys() ? signingKeyIds()[0] : keyId; } public void setSigningKeyId(String signingKeyId) { @@ -88,19 +90,23 @@ public void setSigningKeyId(String signingKeyId) { } JWSAlgorithm[] signingAlgorithms() { - if (intruderConfig.signingKeyId() == null) { + String keyId = signingKeyId(); + + if (keyId == null) { return NO_ALGORITHMS; } return keysModel.getSigningKeys().stream() - .filter(k -> k.getID().equals(intruderConfig.signingKeyId())) + .filter(k -> k.getID().equals(keyId)) .findFirst() .orElseThrow() .getSigningAlgorithms(); } JWSAlgorithm signingAlgorithm() { - return intruderConfig.signingAlgorithm(); + JWSAlgorithm signingAlgorithm = intruderConfig.signingAlgorithm(); + + return signingAlgorithm == null && hasSigningKeys() ? signingAlgorithms()[0] : signingAlgorithm; } void setSigningAlgorithm(JWSAlgorithm signingAlgorithm) { diff --git a/src/test/java/burp/config/IntruderConfigTest.java b/src/test/java/burp/config/IntruderConfigTest.java deleted file mode 100644 index 4e1fb1d..0000000 --- a/src/test/java/burp/config/IntruderConfigTest.java +++ /dev/null @@ -1,90 +0,0 @@ -/* -Author : Dolph Flynn - -Copyright 2022 Dolph Flynn - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package burp.config; - -import burp.intruder.IntruderConfig; -import org.junit.jupiter.api.Test; - -import static com.nimbusds.jose.JWSAlgorithm.HS256; -import static org.assertj.core.api.Assertions.assertThat; - -class IntruderConfigTest { - @Test - void givenNullKeyID_whenResignIsSetTrue_thenResignIsFalse() { - IntruderConfig config = new IntruderConfig(); - config.setSigningKeyId(null); - - config.setResign(true); - - assertThat(config.resign()).isFalse(); - } - - @Test - void givenEmptyKeyID_whenResignIsSetTrue_thenResignIsFalse() { - IntruderConfig config = new IntruderConfig(); - config.setSigningKeyId(""); - - config.setResign(true); - - assertThat(config.resign()).isFalse(); - } - - @Test - void givenValidKeyIDAndNullSigningAlgorithm_whenResignIsSetTrue_thenResignIsFalse() { - IntruderConfig config = new IntruderConfig(); - config.setSigningKeyId("keyID"); - - config.setResign(true); - - assertThat(config.resign()).isFalse(); - } - - @Test - void givenValidKeyIDAndNonNullSigningAlgorithm_whenResignIsSetTrue_thenResignIsTrue() { - IntruderConfig config = new IntruderConfig(); - config.setSigningKeyId("keyID"); - config.setSigningAlgorithm(HS256); - - config.setResign(true); - - assertThat(config.resign()).isTrue(); - } - - @Test - void givenResignIsSetTrue_whenNullKeyID_thenResignIsFalse() { - IntruderConfig config = new IntruderConfig(); - config.setSigningKeyId("keyId"); - config.setResign(true); - - config.setSigningKeyId(null); - - assertThat(config.resign()).isFalse(); - } - - @Test - void givenResignIsSetTrue_whenEmptyKeyID_thenResignIsFalse() { - IntruderConfig config = new IntruderConfig(); - config.setSigningKeyId("keyId"); - config.setResign(true); - - config.setSigningKeyId(""); - - assertThat(config.resign()).isFalse(); - } -} \ No newline at end of file diff --git a/src/test/java/com/blackberry/jwteditor/view/config/IntruderConfigModelFromJsonTest.java b/src/test/java/com/blackberry/jwteditor/view/config/IntruderConfigModelFromJsonTest.java new file mode 100644 index 0000000..7d91c67 --- /dev/null +++ b/src/test/java/com/blackberry/jwteditor/view/config/IntruderConfigModelFromJsonTest.java @@ -0,0 +1,37 @@ +package com.blackberry.jwteditor.view.config; + +import burp.intruder.IntruderConfig; +import com.blackberry.jwteditor.model.keys.KeysModel; +import org.junit.jupiter.api.Test; + +import static com.nimbusds.jose.JWSAlgorithm.ES256; +import static org.assertj.core.api.Assertions.assertThat; + +class IntruderConfigModelFromJsonTest { + private static final String KEYS_JSON = """ + [ + {"kty":"EC","d":"R7xUBrtHikGBXsJkDekdUxWWC2YhYMKTDXILREc4_7s","crv":"P-256","kid":"1","x":"Kxyedi_DE6wZdC1shMeYVx9IvSXl14RRp_Z5tZjBodo","y":"UXtt70JCve0c_puZsjyTHtLD6xfBvoI3fVoh9WzhH-M"}, + {"kty":"EC","crv":"P-256","kid":"2","x":"Kxyedi_DE6wZdC1shMeYVx9IvSXl14RRp_Z5tZjBodo","y":"UXtt70JCve0c_puZsjyTHtLD6xfBvoI3fVoh9WzhH-M"} + ]"""; + + @Test + void givenKeysLoadedJson_butNoSelectedKey_whenGetSigningKeyId_thenFirstKeyIdReturned() throws Exception { + IntruderConfigModel model = new IntruderConfigModel(KeysModel.parse(KEYS_JSON), new IntruderConfig()); + + assertThat(model.signingKeyId()).isEqualTo("1"); + } + + @Test + void givenKeysLoadedJson_butNoSelectedKey_whenGetSigningAlgorithms_thenFirstKeysAlgorithmsReturned() throws Exception { + IntruderConfigModel model = new IntruderConfigModel(KeysModel.parse(KEYS_JSON), new IntruderConfig()); + + assertThat(model.signingAlgorithms()).containsExactly(ES256); + } + + @Test + void givenKeysLoadedJson_butNoSelectedKey_whenGetSigningAlgorithm_thenFirstAlgorithmReturned() throws Exception { + IntruderConfigModel model = new IntruderConfigModel(KeysModel.parse(KEYS_JSON), new IntruderConfig()); + + assertThat(model.signingAlgorithm()).isEqualTo(ES256); + } +} \ No newline at end of file