Example 1 with ServerErrorException
use of com.ddf.boot.common.core.exception200.ServerErrorException in project gravitee-access-management by gravitee-io.
the class UserAuthProviderImpl method parseClient.
private void parseClient(String clientId, Handler<AsyncResult<Client>> authHandler) {
logger.debug("Attempt authentication with client " + clientId);
clientSyncService.findByClientId(clientId).subscribe(client -> authHandler.handle(Future.succeededFuture(client)), error -> authHandler.handle(Future.failedFuture(new ServerErrorException("Server error: unable to find client with client_id " + clientId))), () -> authHandler.handle(Future.failedFuture(new InvalidRequestException("No client found for client_id " + clientId))));
}
Also used :
InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException)
ServerErrorException(io.gravitee.am.common.exception.oauth2.ServerErrorException)
Example 2 with ServerErrorException
use of com.ddf.boot.common.core.exception200.ServerErrorException in project gravitee-access-management by gravitee-io.
the class JWEServiceImpl method decrypt.
@Override
public Single<JWT> decrypt(String jwt, Client client, boolean encRequired) {
try {
// Parse a first time to check if the JWT is encrypted
JWT parsedJwt = JWTParser.parse(jwt);
if (parsedJwt instanceof EncryptedJWT) {
JWEObject jweObject = JWEObject.parse(jwt);
JWEAlgorithm algorithm = jweObject.getHeader().getAlgorithm();
if (this.domain.useFapiBrazilProfile() && !(isKeyEncCompliantWithFapiBrazil(algorithm.getName()) && isContentEncCompliantWithFapiBrazil(jweObject.getHeader().getEncryptionMethod().getName()))) {
return Single.error(new InvalidRequestObjectException("Request object must be encrypted using RSA-OAEP with A256GCM"));
}
// RSA decryption
if (RSACryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
return decrypt(jweObject, client, JWKFilter.RSA_KEY_ENCRYPTION(), jwk -> new RSADecrypter(JWKConverter.convert((RSAKey) jwk)));
} else // Curve decryption (Elliptic "EC" & Edward "OKP")
if (ECDHCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
return decrypt(jweObject, client, JWKFilter.CURVE_KEY_ENCRYPTION(), jwk -> {
if (KeyType.EC.getValue().equals(jwk.getKty())) {
return new ECDHDecrypter(JWKConverter.convert((ECKey) jwk));
}
return new X25519Decrypter(JWKConverter.convert((OKPKey) jwk));
});
} else // AES decryption ("OCT" keys)
if (AESCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
return decrypt(jweObject, client, JWKFilter.OCT_KEY_ENCRYPTION(algorithm), jwk -> new AESDecrypter(JWKConverter.convert((OCTKey) jwk)));
} else // Direct decryption ("OCT" keys)
if (DirectCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
return decrypt(jweObject, client, JWKFilter.OCT_KEY_ENCRYPTION(jweObject.getHeader().getEncryptionMethod()), jwk -> new DirectDecrypter(JWKConverter.convert((OCTKey) jwk)));
} else // Password Base decryption ("OCT" keys)
if (PasswordBasedCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
return decrypt(jweObject, client, JWKFilter.OCT_KEY_ENCRYPTION(), jwk -> {
OctetSequenceKey octKey = JWKConverter.convert((OCTKey) jwk);
return new PasswordBasedDecrypter(octKey.getKeyValue().decode());
});
}
return Single.error(new ServerErrorException("Unable to perform Json Web Decryption, unsupported algorithm: " + algorithm.getName()));
} else if (encRequired) {
return Single.error(new InvalidRequestObjectException("Request Object must be encrypted"));
} else {
return Single.just(parsedJwt);
}
} catch (Exception ex) {
return Single.error(ex);
}
}
Also used :
JWKSet(io.gravitee.am.model.oidc.JWKSet)
Client(io.gravitee.am.model.oidc.Client)
JWKFilter(io.gravitee.am.gateway.handler.oidc.service.jwk.JWKFilter)
Completable(io.reactivex.Completable)
Maybe(io.reactivex.Maybe)
LoggerFactory(org.slf4j.LoggerFactory)
Autowired(org.springframework.beans.factory.annotation.Autowired)
com.nimbusds.jose(com.nimbusds.jose)
JWTParser(com.nimbusds.jwt.JWTParser)
Single(io.reactivex.Single)
Flowable(io.reactivex.Flowable)
OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception)
io.gravitee.am.model.jose(io.gravitee.am.model.jose)
JWT(com.nimbusds.jwt.JWT)
JWKService(io.gravitee.am.gateway.handler.oidc.service.jwk.JWKService)
InvalidClientMetadataException(io.gravitee.am.service.exception.InvalidClientMetadataException)
OctetSequenceKey(com.nimbusds.jose.jwk.OctetSequenceKey)
KeyType(com.nimbusds.jose.jwk.KeyType)
JWEService(io.gravitee.am.gateway.handler.oidc.service.jwe.JWEService)
Predicate(java.util.function.Predicate)
Domain(io.gravitee.am.model.Domain)
InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException)
ServerErrorException(io.gravitee.am.common.exception.oauth2.ServerErrorException)
JWKConverter(io.gravitee.am.gateway.handler.oidc.service.jwk.converter.JWKConverter)
KeyUse(com.nimbusds.jose.jwk.KeyUse)
Optional(java.util.Optional)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
JWAlgorithmUtils(io.gravitee.am.gateway.handler.oidc.service.utils.JWAlgorithmUtils)
com.nimbusds.jose.crypto(com.nimbusds.jose.crypto)
com.nimbusds.jose.crypto.impl(com.nimbusds.jose.crypto.impl)
JWT(com.nimbusds.jwt.JWT)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException)
OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception)
InvalidClientMetadataException(io.gravitee.am.service.exception.InvalidClientMetadataException)
InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException)
ServerErrorException(io.gravitee.am.common.exception.oauth2.ServerErrorException)
OctetSequenceKey(com.nimbusds.jose.jwk.OctetSequenceKey)
ServerErrorException(io.gravitee.am.common.exception.oauth2.ServerErrorException)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
Example 3 with ServerErrorException
use of com.ddf.boot.common.core.exception200.ServerErrorException in project ddf-common by dongfangding.
the class HttpUtil method doPost.
/**
* post请求
*
* @param url
* @param body
* @param callbackResult
* @return T
* @author dongfang.ding
* @date 2019/12/7 0007 19:51
*/
public static <T> T doPost(String url, String body, Class<T> callbackResult) {
CloseableHttpClient httpClient = HttpClientBuilder.create().build();
HttpPost httpPost = new HttpPost(url);
StringEntity entity = new StringEntity(body, "UTF-8");
log.debug("发送数据内容: {}", body);
httpPost.setEntity(entity);
httpPost.setConfig(RequestConfig.custom().setSocketTimeout(6000).setConnectTimeout(6000).build());
httpPost.setHeader("Content-Type", "application/json;charset=utf8");
CloseableHttpResponse response = null;
try {
response = httpClient.execute(httpPost);
HttpEntity responseEntity = response.getEntity();
log.debug("响应状态为: {}", response.getStatusLine());
if (responseEntity != null) {
String returnStr = EntityUtils.toString(responseEntity);
log.debug("响应内容长度为: {}", responseEntity.getContentLength());
log.debug("响应内容为: {}", returnStr);
return JsonUtil.toBean(returnStr, callbackResult);
}
return null;
} catch (ParseException | IOException e) {
log.error("{}接口发送失败!", url, e);
throw new ServerErrorException("处理失败!");
} finally {
try {
if (httpClient != null) {
httpClient.close();
}
if (response != null) {
response.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
HttpPost(org.apache.http.client.methods.HttpPost)
StringEntity(org.apache.http.entity.StringEntity)
HttpEntity(org.apache.http.HttpEntity)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
ParseException(org.apache.http.ParseException)
IOException(java.io.IOException)
ServerErrorException(com.ddf.boot.common.core.exception200.ServerErrorException)
Example 4 with ServerErrorException
use of com.ddf.boot.common.core.exception200.ServerErrorException in project ddf-common by dongfangding.
the class OssHelper method getAcsResponse.
/**
* 获取Acs 响应属性
*
* @param path
* @return
*/
private AssumeRoleResponse getAcsResponse(String path) {
final AssumeRoleRequest request = new AssumeRoleRequest();
request.setSysMethod(MethodType.POST);
request.setRoleArn(ossProperties.getRoleArn());
request.setRoleSessionName(ossProperties.getRoleSessionName());
// 若policy为空,则用户将获得该角色下所有权限
request.setPolicy(getPolicy(primaryBucketProperty.getBucketName(), path));
// 设置凭证有效时间
request.setDurationSeconds(ossProperties.getDurationSeconds());
try {
return defaultAcsClient.getAcsResponse(request);
} catch (ClientException e) {
log.error("处理阿里云OSS异常!", e);
throw new ServerErrorException("处理阿里云OSS异常");
}
}
Also used :
AssumeRoleRequest(com.aliyuncs.sts.model.v20150401.AssumeRoleRequest)
ClientException(com.aliyuncs.exceptions.ClientException)
ServerErrorException(com.ddf.boot.common.core.exception200.ServerErrorException)
Aggregations
ServerErrorException (com.ddf.boot.common.core.exception200.ServerErrorException)2
ServerErrorException (io.gravitee.am.common.exception.oauth2.ServerErrorException)2
ClientException (com.aliyuncs.exceptions.ClientException)1
AssumeRoleRequest (com.aliyuncs.sts.model.v20150401.AssumeRoleRequest)1
com.nimbusds.jose (com.nimbusds.jose)1
com.nimbusds.jose.crypto (com.nimbusds.jose.crypto)1
com.nimbusds.jose.crypto.impl (com.nimbusds.jose.crypto.impl)1
KeyType (com.nimbusds.jose.jwk.KeyType)1
KeyUse (com.nimbusds.jose.jwk.KeyUse)1
OctetSequenceKey (com.nimbusds.jose.jwk.OctetSequenceKey)1
EncryptedJWT (com.nimbusds.jwt.EncryptedJWT)1
JWT (com.nimbusds.jwt.JWT)1
JWTParser (com.nimbusds.jwt.JWTParser)1
InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)1
InvalidRequestObjectException (io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException)1
OAuth2Exception (io.gravitee.am.common.exception.oauth2.OAuth2Exception)1
JWEService (io.gravitee.am.gateway.handler.oidc.service.jwe.JWEService)1
JWKFilter (io.gravitee.am.gateway.handler.oidc.service.jwk.JWKFilter)1
JWKService (io.gravitee.am.gateway.handler.oidc.service.jwk.JWKService)1
JWKConverter (io.gravitee.am.gateway.handler.oidc.service.jwk.converter.JWKConverter)1
