paseto-toolkit
diff --git a/‎coverage/pom.xml‎
Lines changed: 5 additions & 0 deletions b/‎coverage/pom.xml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎fips-integration-tests/README.md‎
Lines changed: 12 additions & 0 deletions b/‎fips-integration-tests/README.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎fips-integration-tests/pom.xml‎
Lines changed: 55 additions & 0 deletions b/‎fips-integration-tests/pom.xml‎
Lines changed: 55 additions & 0 deletions
diff --git a/‎fips-integration-tests/src/test/groovy/dev/paseto/jpaseto/fips/its/PasetoMatcher.groovy‎
Lines changed: 81 additions & 0 deletions b/‎fips-integration-tests/src/test/groovy/dev/paseto/jpaseto/fips/its/PasetoMatcher.groovy‎
Lines changed: 81 additions & 0 deletions
diff --git a/‎fips-integration-tests/src/test/groovy/dev/paseto/jpaseto/fips/its/Util.groovy‎
Lines changed: 54 additions & 0 deletions b/‎fips-integration-tests/src/test/groovy/dev/paseto/jpaseto/fips/its/Util.groovy‎
Lines changed: 54 additions & 0 deletions
@@ -58,6 +58,11 @@
             <artifactId>jpaseto-its-sodium-jackson</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>dev.paseto</groupId>
+            <artifactId>jpaseto-its-fips</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
 
@@ -0,0 +1,12 @@
+# jpaseto-its-fips
+
+This test module contains a set of tests for validating that jpaseto works with the Bouncy Castle
+FIPS (Federal Information Processing Standard) library.  These tests require a separate module because the BC-FIPS
+jar and regular BC jars cannot both be depended on in the same module 
+([it causes a runtime error when adding the BC-FIPS provider](https://stackoverflow.com/questions/60930130/intellij-gradle-unable-to-find-method-org-bouncycastle-crypto-cryptoservicesre)).
+
+Currently, we only have validation for the v1.public specification.
+
+Note that the FIPS standard currently does not support the Ed25519 signature algorithm, so there are no tests here
+to validate that v2.public tokens can be generated while using the BC-FIPS jar. When Ed25519 is added to the standard,
+tests can be added here to validate that jpaseto operates properly in BC-FIPS approved mode.
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2019-Present paseto.dev, Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>dev.paseto</groupId>
+        <artifactId>jpaseto-root</artifactId>
+        <version>0.5.1-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>jpaseto-its-fips</artifactId>
+    <name>JPaseto :: ITs :: FIPS</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>dev.paseto</groupId>
+            <artifactId>jpaseto-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>dev.paseto</groupId>
+            <artifactId>jpaseto-impl</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bc-fips</artifactId>
+            <version>1.0.2</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>dev.paseto</groupId>
+            <artifactId>jpaseto-hkdf</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>dev.paseto</groupId>
+            <artifactId>jpaseto-jackson</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+    </dependencies>
+</project>
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2019-Present paseto.dev, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package dev.paseto.jpaseto.fips.its
+
+import dev.paseto.jpaseto.Paseto
+import org.hamcrest.Description
+import org.hamcrest.TypeSafeMatcher
+
+class PasetoMatcher extends TypeSafeMatcher<Paseto> {
+
+    private final Paseto expected
+
+    PasetoMatcher(Paseto expected) {
+        this.expected = expected
+    }
+
+    @Override
+    protected boolean matchesSafely(Paseto actual) {
+        return expected.equals(actual)
+    }
+
+    @Override
+    void describeTo(Description description) {
+        description.appendText("token with:")
+                .appendText("\n\t\tversion: ").appendValue(expected.version)
+                .appendText("\n\t\tpurpose: ").appendValue(expected.purpose)
+                .appendText("\n\t\tpayload: ").appendValue(expected.claims?.entrySet())
+                .appendText("\n\t\tfooter:  ")
+                .appendText("\n\t\t\tvalue:  ").appendValue(expected.footer?.value())
+                .appendText("\n\t\t\tclaims: ").appendValue(expected.footer?.entrySet())
+    }
+
+    @Override
+    protected void describeMismatchSafely(Paseto item, Description mismatchDescription) {
+        mismatchDescription.appendText( "was token with:")
+        mismatchDescription.appendText("\n\t\tversion: ").appendValue(item.version)
+        if (expected.version != item.version) {
+            mismatchDescription.appendText(" << does not match")
+        }
+        mismatchDescription.appendText("\n\t\tpurpose: ").appendValue(item.purpose)
+        if (expected.purpose != item.purpose) {
+            mismatchDescription.appendText(" << does not match")
+        }
+        mismatchDescription.appendText("\n\t\tpayload: ").appendValue(item.claims?.entrySet())
+        if (expected.claims != item.claims) {
+            mismatchDescription.appendText(" << does not match")
+        }
+        mismatchDescription.appendText("\n\t\tfooter:  ")
+        if (expected.footer != item.footer) {
+            mismatchDescription.appendText(" << does not match")
+        }
+
+        if (item.footer != null) {
+            mismatchDescription.appendText("\n\t\t\tvalue:  ").appendValue(item.footer.value())
+            if (expected.footer == null || item.footer.value() != expected.footer.value()) {
+                mismatchDescription.appendText(" << does not match")
+            }
+            mismatchDescription.appendText("\n\t\t\tclaims: ").appendValue(item.footer.entrySet())
+            if (expected.footer == null || item.footer.claims != expected.footer.claims) {
+                mismatchDescription.appendText(" << does not match")
+            }
+        }
+    }
+
+    static PasetoMatcher paseto(Paseto paseto) {
+        return new PasetoMatcher(paseto)
+    }
+}
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2019-Present paseto.dev, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package dev.paseto.jpaseto.fips.its
+
+import dev.paseto.jpaseto.Paseto
+import dev.paseto.jpaseto.Purpose
+import dev.paseto.jpaseto.Version
+import dev.paseto.jpaseto.impl.DefaultClaims
+import dev.paseto.jpaseto.impl.DefaultFooterClaims
+import dev.paseto.jpaseto.impl.DefaultPaseto
+import org.testng.Assert
+
+import java.time.Clock
+import java.time.Instant
+import java.time.ZoneOffset
+
+class Util {
+    static Paseto v1PublicFromClaims(Map<String, Object> claims, Map<String, Object> footerClaims) {
+        return fromClaims(Version.V1, Purpose.PUBLIC, claims, footerClaims)
+    }
+
+    static Paseto fromClaims(Version version, Purpose purpose, Map<String, Object> claims, Map<String, Object> footerClaims) {
+        new DefaultPaseto(version, purpose, new DefaultClaims(claims), new DefaultFooterClaims(footerClaims))
+    }
+
+    static Clock clockForVectors() {
+        return Clock.fixed(Instant.ofEpochMilli(1544490000000), ZoneOffset.UTC) // December 11, 2018 01:00:00
+    }
+
+    static <T extends Throwable> T expect(Class<T> catchMe, Closure closure) {
+        try {
+            closure.call()
+            Assert.fail("Expected ${catchMe.getName()} to be thrown.")
+        } catch(e) {
+            if (!e.class.isAssignableFrom(catchMe)) {
+                throw e
+            }
+            return e
+        }
+    }
+}