Skip to content

Bugfix: Nested collection replacment #970

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 21 commits into
base: master
Choose a base branch
from
Open

Bugfix: Nested collection replacment #970

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
b83bd89
Implement DefaultCollectionMutator.replace(E e)
lhy-hoyin Oct 16, 2024
508227c
tests: Add tests for DefaultCollectionMutator.replace(E e)
lhy-hoyin Oct 16, 2024
01003bf
Implement overloaded Assert.notEmpty for asserting Object
lhy-hoyin Oct 17, 2024
da96e8b
Change method signature of replace
lhy-hoyin Oct 19, 2024
8e8fd6c
Implement DefaultMacAlgorithm.equals
lhy-hoyin Oct 19, 2024
fd8dc5e
Modify add(e) logic to replace existing with same ID
lhy-hoyin Oct 19, 2024
0c15467
Modify tests to explicitly test for situation mentioned in #961
lhy-hoyin Oct 19, 2024
57e4268
fix: Fix issue where replace does not do a in-place replacement
lhy-hoyin Oct 19, 2024
a480d1e
Integrate replacement logic directly into add
lhy-hoyin Oct 29, 2024
f973a3d
Changing JDK 17 build to use GitHub's 'setup-java' instead of Oracle'…
lhazlewood Mar 13, 2025
053855f
Use SPDX identifier in POMs (#979)
TheMrMilchmann Mar 13, 2025
4beef3a
Implement DefaultCollectionMutator.replace(E e)
lhy-hoyin Oct 16, 2024
3e407f6
tests: Add tests for DefaultCollectionMutator.replace(E e)
lhy-hoyin Oct 16, 2024
de9f3d9
Implement overloaded Assert.notEmpty for asserting Object
lhy-hoyin Oct 17, 2024
db865ee
Change method signature of replace
lhy-hoyin Oct 19, 2024
d0bad35
Implement DefaultMacAlgorithm.equals
lhy-hoyin Oct 19, 2024
6d7a100
Modify add(e) logic to replace existing with same ID
lhy-hoyin Oct 19, 2024
8e36dce
Modify tests to explicitly test for situation mentioned in #961
lhy-hoyin Oct 19, 2024
8ab77ec
fix: Fix issue where replace does not do a in-place replacement
lhy-hoyin Oct 19, 2024
d50700f
Integrate replacement logic directly into add
lhy-hoyin Oct 29, 2024
484872b
Merge branch 'nested-collection-replace' of https://github.com/lhy-ho…
lhazlewood Mar 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions api/src/main/java/io/jsonwebtoken/lang/Assert.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,33 @@ public static void notEmpty(Map map) {
notEmpty(map, "[Assertion failed] - this map must not be empty; it must contain at least one entry");
}

/**
* Assert that an Object is not <code>null</code> or empty.
* <pre class="code">Assert.notEmpty(object, "Object cannot be null or empty");</pre>
*
* @param object the object to check
* @param message the exception message to use if the assertion fails
* @return the non-null, non-empty object
* @throws IllegalArgumentException if the object is <code>null</code> or empty
*/
public static Object notEmpty(Object object, String message) {
if (Objects.isEmpty(object)) {
throw new IllegalArgumentException(message);
}
return object;
}

/**
* Assert that an Object is not <code>null</code> or empty.
* <pre class="code">Assert.notEmpty(object);</pre>
*
* @param object the object to check
* @throws IllegalArgumentException if the object is <code>null</code> or empty
*/
public static void notEmpty(Object object) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just did a code search, and this method isn't used anywhere, so it's best to remove it, as well as the newly added notEmpty(Object, String) method above.

notEmpty(object, "[Assertion failed] - this object must not be null or empty");
}


/**
* Assert that the provided object is an instance of the provided class.
Expand Down
56 changes: 55 additions & 1 deletion impl/src/main/java/io/jsonwebtoken/impl/lang/DefaultCollectionMutator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,16 @@
package io.jsonwebtoken.impl.lang;

import io.jsonwebtoken.Identifiable;
import io.jsonwebtoken.lang.Assert;
import io.jsonwebtoken.lang.CollectionMutator;
import io.jsonwebtoken.lang.Collections;
import io.jsonwebtoken.lang.Objects;
import io.jsonwebtoken.lang.Strings;

import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.NoSuchElementException;

public class DefaultCollectionMutator<E, M extends CollectionMutator<E, M>> implements CollectionMutator<E, M> {

Expand All @@ -46,9 +49,60 @@ private boolean doAdd(E e) {
return this.collection.add(e);
}

public M replace(E existingElement, E newElement) {
Assert.notEmpty(existingElement, "existingElement cannot be null or empty.");
Assert.notEmpty(newElement, "newElement cannot be null or empty.");

// Same item, nothing to do
if (existingElement.equals(newElement))
return self();

// Does not contain existingElement to replace
if (!this.collection.contains(existingElement)) {
String msg = this.getClass() + " does not contain " + existingElement + ".";
throw new NoSuchElementException(msg);
}

// Replacement step 1: iterate until element to replace
Iterator<E> it = this.collection.iterator();
while (it.hasNext())
if (it.next().equals(existingElement)) {
it.remove(); // step 2: remove existingElement
break;
}

// Replacement step 3: collect and remove elements after element to replace
Collection<E> elementsAfterExisting = new LinkedHashSet<>();
while (it.hasNext()) {
elementsAfterExisting.add(it.next());
it.remove();
}

this.doAdd(newElement); // step 4: add replacer element (position will be at the existingElement)
this.collection.addAll(elementsAfterExisting); // step 5: add back the elemnts found after existingElement

changed(); // trigger changed()

return self();
}

@Override
public M add(E e) {
if (doAdd(e)) changed();
E existing = null;
for (E item : collection) {
boolean bothIdentifiable = e instanceof Identifiable && item instanceof Identifiable;
boolean sameId = bothIdentifiable && ((Identifiable) item).getId().equals(((Identifiable) e).getId());
if (sameId) {
existing = item;
break;
}
}

if (Objects.isEmpty(existing)) {
if (doAdd(e)) changed();
}
else replace(existing, e);

return self();
}

Expand Down
12 changes: 12 additions & 0 deletions impl/src/main/java/io/jsonwebtoken/impl/security/DefaultMacAlgorithm.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,4 +222,16 @@ protected boolean doVerify(VerifySecureDigestRequest<SecretKey> request) {
byte[] computedSignature = digest(request);
return MessageDigest.isEqual(providedSignature, computedSignature);
}

@Override
public boolean equals(Object obj) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ordinarily, I agree that sub-type checking with specific properties should be performed in sub-classes, but in this case, all crypto JWT algorithms are guaranteed to be uniquely defined by their ID (and JCA name), regardless of internal implementation details. (In this particular case, the minKeyBitLength is really an internal convenience and not needed for algorithm equality check).

Additionally, if we changed DefaultMacAlgorithm, we'd have to change every other subclass of the parent CryptoAlgorithm and that could have far reaching consequences.

Based on this, we don't want to override equals at all, so please remove this method.

if (this == obj) {
return true;
}
if (obj instanceof DefaultMacAlgorithm) {
DefaultMacAlgorithm other = (DefaultMacAlgorithm) obj;
return super.equals(obj) && this.minKeyBitLength == other.minKeyBitLength;
}
return false;
}
}
99 changes: 85 additions & 14 deletions impl/src/test/groovy/io/jsonwebtoken/impl/lang/DefaultCollectionMutatorTest.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,14 @@
package io.jsonwebtoken.impl.lang

import io.jsonwebtoken.Identifiable
import io.jsonwebtoken.Jwts
import io.jsonwebtoken.lang.Strings
import io.jsonwebtoken.security.MacAlgorithm
import org.junit.Before
import org.junit.Test

import java.lang.reflect.Constructor

import static org.junit.Assert.*

/**
Expand Down Expand Up @@ -95,24 +99,35 @@ class DefaultCollectionMutatorTest {

@Test(expected = IllegalArgumentException)
void addIdentifiableWithNullId() {
def e = new Identifiable() {
@Override
String getId() {
return null
}
}
m.add(e)
m.add(new IdentifiableObject(null, null))
}

@Test(expected = IllegalArgumentException)
void addIdentifiableWithEmptyId() {
def e = new Identifiable() {
@Override
String getId() {
return ' '
}
}
m.add(e)
m.add(new IdentifiableObject(' ', null))
}

@Test
void addIdentifiableWithSameIdEvictsExisting() {
m.add(new IdentifiableObject('sameId', 'foo'))
m.add(new IdentifiableObject('sameId', 'bar'))
assertEquals 2, changeCount
assertEquals 1, m.collection.size() // second 'add' should evict first
assertEquals 'bar', ((IdentifiableObject) m.collection.toArray()[0]).obj
}

@Test
void addSecureDigestAlgorithmWithSameIdReplacesExisting() {
Class<?> c = Class.forName("io.jsonwebtoken.impl.security.DefaultMacAlgorithm")
Constructor<?> ctor = c.getDeclaredConstructor(String.class, String.class, int.class)
ctor.setAccessible(true)
MacAlgorithm custom = (MacAlgorithm) ctor.newInstance('HS512', 'HmacSHA512', 80)

m.add(Jwts.SIG.HS512)
m.add(custom)
assertEquals 2, changeCount // replace is count as one change
assertEquals 1, m.getCollection().size() // existing is removed as part of replacement
assertEquals 80, ((MacAlgorithm) m.getCollection().toArray()[0]).getKeyBitLength()
}

@Test
Expand All @@ -128,11 +143,67 @@ class DefaultCollectionMutatorTest {
assertEquals 0, changeCount
}

@Test
void replace() {
def e1 = new IdentifiableObject('sameId', 'e1')
def e2 = new IdentifiableObject('sameId', 'e2')

m.add(e1)
m.replace(e1, e2)
assertEquals 2, changeCount // replace is count as one change
assertEquals 1, m.getCollection().size() // existing is removed as part of replacement
assertEquals 'e2', ((IdentifiableObject) m.getCollection().toArray()[0]).obj
}

@Test
void replaceSameObject() {
m.add('hello')
m.replace('hello', 'hello') // replace with the same object, no change should be reflected
assertEquals 1, changeCount
}

@Test(expected = NoSuchElementException)
void replaceMissing() {
m.replace('foo', 'bar')
}

@Test(expected = IllegalArgumentException)
void replaceNull() {
m.replace('foo', null)
}

@Test(expected = IllegalArgumentException)
void replaceEmpty() {
m.replace('foo', Strings.EMPTY)
}

@Test
void replaceMaintainsOrder() {
m.add(['1', '2', '3'])
m.replace('2', 'B')
assertArrayEquals(new Object[] {'1', 'B', '3'}, m.collection.toArray())
}

@Test
void clear() {
m.add('one').add('two').add(['three', 'four'])
assertEquals 4, m.getCollection().size()
m.clear()
assertTrue m.getCollection().isEmpty()
}

private class IdentifiableObject implements Identifiable {
String id
Object obj

IdentifiableObject(String id, Object obj) {
this.id = id
this.obj = obj
}

@Override
String getId() {
return id
}
}
}