use of io.gravitee.am.common.exception.oauth2.ServerErrorException in project gravitee-access-management by gravitee-io.
the class UserAuthProviderImpl method parseClient.
private void parseClient(String clientId, Handler<AsyncResult<Client>> authHandler) {
logger.debug("Attempt authentication with client " + clientId);
clientSyncService.findByClientId(clientId).subscribe(client -> authHandler.handle(Future.succeededFuture(client)), error -> authHandler.handle(Future.failedFuture(new ServerErrorException("Server error: unable to find client with client_id " + clientId))), () -> authHandler.handle(Future.failedFuture(new InvalidRequestException("No client found for client_id " + clientId))));
}
use of io.gravitee.am.common.exception.oauth2.ServerErrorException in project gravitee-access-management by gravitee-io.
the class JWEServiceImpl method decrypt.
@Override
public Single<JWT> decrypt(String jwt, Client client, boolean encRequired) {
try {
// Parse a first time to check if the JWT is encrypted
JWT parsedJwt = JWTParser.parse(jwt);
if (parsedJwt instanceof EncryptedJWT) {
JWEObject jweObject = JWEObject.parse(jwt);
JWEAlgorithm algorithm = jweObject.getHeader().getAlgorithm();
if (this.domain.useFapiBrazilProfile() && !(isKeyEncCompliantWithFapiBrazil(algorithm.getName()) && isContentEncCompliantWithFapiBrazil(jweObject.getHeader().getEncryptionMethod().getName()))) {
return Single.error(new InvalidRequestObjectException("Request object must be encrypted using RSA-OAEP with A256GCM"));
}
// RSA decryption
if (RSACryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
return decrypt(jweObject, client, JWKFilter.RSA_KEY_ENCRYPTION(), jwk -> new RSADecrypter(JWKConverter.convert((RSAKey) jwk)));
} else // Curve decryption (Elliptic "EC" & Edward "OKP")
if (ECDHCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
return decrypt(jweObject, client, JWKFilter.CURVE_KEY_ENCRYPTION(), jwk -> {
if (KeyType.EC.getValue().equals(jwk.getKty())) {
return new ECDHDecrypter(JWKConverter.convert((ECKey) jwk));
}
return new X25519Decrypter(JWKConverter.convert((OKPKey) jwk));
});
} else // AES decryption ("OCT" keys)
if (AESCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
return decrypt(jweObject, client, JWKFilter.OCT_KEY_ENCRYPTION(algorithm), jwk -> new AESDecrypter(JWKConverter.convert((OCTKey) jwk)));
} else // Direct decryption ("OCT" keys)
if (DirectCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
return decrypt(jweObject, client, JWKFilter.OCT_KEY_ENCRYPTION(jweObject.getHeader().getEncryptionMethod()), jwk -> new DirectDecrypter(JWKConverter.convert((OCTKey) jwk)));
} else // Password Base decryption ("OCT" keys)
if (PasswordBasedCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
return decrypt(jweObject, client, JWKFilter.OCT_KEY_ENCRYPTION(), jwk -> {
OctetSequenceKey octKey = JWKConverter.convert((OCTKey) jwk);
return new PasswordBasedDecrypter(octKey.getKeyValue().decode());
});
}
return Single.error(new ServerErrorException("Unable to perform Json Web Decryption, unsupported algorithm: " + algorithm.getName()));
} else if (encRequired) {
return Single.error(new InvalidRequestObjectException("Request Object must be encrypted"));
} else {
return Single.just(parsedJwt);
}
} catch (Exception ex) {
return Single.error(ex);
}
}
use of io.gravitee.am.common.exception.oauth2.ServerErrorException in project ddf-common by dongfangding.
the class HttpUtil method doPost.
/**
* post请求
*
* @param url
* @param body
* @param callbackResult
* @return T
* @author dongfang.ding
* @date 2019/12/7 0007 19:51
*/
public static <T> T doPost(String url, String body, Class<T> callbackResult) {
CloseableHttpClient httpClient = HttpClientBuilder.create().build();
HttpPost httpPost = new HttpPost(url);
StringEntity entity = new StringEntity(body, "UTF-8");
log.debug("发送数据内容: {}", body);
httpPost.setEntity(entity);
httpPost.setConfig(RequestConfig.custom().setSocketTimeout(6000).setConnectTimeout(6000).build());
httpPost.setHeader("Content-Type", "application/json;charset=utf8");
CloseableHttpResponse response = null;
try {
response = httpClient.execute(httpPost);
HttpEntity responseEntity = response.getEntity();
log.debug("响应状态为: {}", response.getStatusLine());
if (responseEntity != null) {
String returnStr = EntityUtils.toString(responseEntity);
log.debug("响应内容长度为: {}", responseEntity.getContentLength());
log.debug("响应内容为: {}", returnStr);
return JsonUtil.toBean(returnStr, callbackResult);
}
return null;
} catch (ParseException | IOException e) {
log.error("{}接口发送失败!", url, e);
throw new ServerErrorException("处理失败!");
} finally {
try {
if (httpClient != null) {
httpClient.close();
}
if (response != null) {
response.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
}
use of io.gravitee.am.common.exception.oauth2.ServerErrorException in project ddf-common by dongfangding.
the class OssHelper method getAcsResponse.
/**
* 获取Acs 响应属性
*
* @param path
* @return
*/
private AssumeRoleResponse getAcsResponse(String path) {
final AssumeRoleRequest request = new AssumeRoleRequest();
request.setSysMethod(MethodType.POST);
request.setRoleArn(ossProperties.getRoleArn());
request.setRoleSessionName(ossProperties.getRoleSessionName());
// 若policy为空,则用户将获得该角色下所有权限
request.setPolicy(getPolicy(primaryBucketProperty.getBucketName(), path));
// 设置凭证有效时间
request.setDurationSeconds(ossProperties.getDurationSeconds());
try {
return defaultAcsClient.getAcsResponse(request);
} catch (ClientException e) {
log.error("处理阿里云OSS异常!", e);
throw new ServerErrorException("处理阿里云OSS异常");
}
}
Aggregations