Add JWTUtils.decodeHeader

FusionAuth · Feb 23, 2019 · 012a0ea · 012a0ea
1 parent 095947e
commit 012a0ea
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 3 deletions.
diff --git a/src/main/java/io/fusionauth/jwt/JWTUtils.java b/src/main/java/io/fusionauth/jwt/JWTUtils.java
@@ -16,6 +16,7 @@
 
 package io.fusionauth.jwt;
 
+import io.fusionauth.jwt.domain.Header;
 import io.fusionauth.jwt.domain.JWT;
 import io.fusionauth.jwt.domain.KeyPair;
 import io.fusionauth.jwt.domain.KeyType;
@@ -63,6 +64,26 @@ public static String convertThumbprintToFingerprint(String x5tHash) {
     return HexUtils.fromBytes(bytes);
   }
 
+  /**
+   * WARNING!! This is not a secure or safe way to decode a JWT, this will not perform any validation on the signature.
+   * <p>
+   * Consider the header returned from this method as un-trustworthy. This is intended for utility and a nice way to
+   * read the JWT header, but do not use it in production to verify the integrity.
+   *
+   * @param encodedJWT the encoded JWT
+   * @return a Header object
+   */
+  public static Header decodeHeader(String encodedJWT) {
+    Objects.requireNonNull(encodedJWT);
+
+    String[] parts = encodedJWT.split("\\.");
+    if (parts.length == 3 || (parts.length == 2 && encodedJWT.endsWith("."))) {
+      return Mapper.deserialize(Base64.getUrlDecoder().decode(parts[0]), Header.class);
+    }
+
+    throw new InvalidJWTException("The encoded JWT is not properly formatted. Expected a three part dot separated string.");
+  }
+
   /**
    * WARNING!! This is not a secure or safe way to decode a JWT, this will not perform any validation on the signature.
    * <p>

diff --git a/src/test/java/io/fusionauth/jwt/JWTUtilsTest.java b/src/test/java/io/fusionauth/jwt/JWTUtilsTest.java
@@ -16,6 +16,7 @@
 
 package io.fusionauth.jwt;
 
+import io.fusionauth.jwt.domain.Algorithm;
 import io.fusionauth.jwt.domain.JWT;
 import io.fusionauth.jwt.domain.KeyPair;
 import io.fusionauth.jwt.hmac.HMACSigner;
@@ -46,12 +47,14 @@ public void decodePayload() {
     JWT jwt = new JWT().setSubject("123456789");
 
     // HMAC signed
-    JWT actual = JWTUtils.decodePayload(JWT.getEncoder().encode(jwt, HMACSigner.newSHA512Signer("secret1")));
-    assertEquals(actual.subject, jwt.subject);
+    String encodedJWT = JWT.getEncoder().encode(jwt, HMACSigner.newSHA512Signer("secret1"));
+    assertEquals(JWTUtils.decodePayload(encodedJWT).subject, "123456789");
+    assertEquals(JWTUtils.decodeHeader(encodedJWT).algorithm, Algorithm.HS512);
 
     // Test with an unsecured signer
     String unsecuredJWT = JWT.getEncoder().encode(jwt, new UnsecuredSigner());
-    assertEquals(JWTUtils.decodePayload(unsecuredJWT).subject, jwt.subject);
+    assertEquals(JWTUtils.decodePayload(unsecuredJWT).subject, "123456789");
+    assertEquals(JWTUtils.decodeHeader(unsecuredJWT).algorithm, Algorithm.none);
   }
 
   @Test