Search in sources :

Example 1 with ServerErrorException

use of io.gravitee.am.common.exception.oauth2.ServerErrorException in project gravitee-access-management by gravitee-io.

the class UserAuthProviderImpl method parseClient.

private void parseClient(String clientId, Handler<AsyncResult<Client>> authHandler) {
    logger.debug("Attempt authentication with client " + clientId);
    clientSyncService.findByClientId(clientId).subscribe(client -> authHandler.handle(Future.succeededFuture(client)), error -> authHandler.handle(Future.failedFuture(new ServerErrorException("Server error: unable to find client with client_id " + clientId))), () -> authHandler.handle(Future.failedFuture(new InvalidRequestException("No client found for client_id " + clientId))));
}
Also used : InvalidRequestException(io.gravitee.am.common.exception.oauth2.InvalidRequestException) ServerErrorException(io.gravitee.am.common.exception.oauth2.ServerErrorException)

Example 2 with ServerErrorException

use of io.gravitee.am.common.exception.oauth2.ServerErrorException in project gravitee-access-management by gravitee-io.

the class JWEServiceImpl method decrypt.

@Override
public Single<JWT> decrypt(String jwt, Client client, boolean encRequired) {
    try {
        // Parse a first time to check if the JWT is encrypted
        JWT parsedJwt = JWTParser.parse(jwt);
        if (parsedJwt instanceof EncryptedJWT) {
            JWEObject jweObject = JWEObject.parse(jwt);
            JWEAlgorithm algorithm = jweObject.getHeader().getAlgorithm();
            if (this.domain.useFapiBrazilProfile() && !(isKeyEncCompliantWithFapiBrazil(algorithm.getName()) && isContentEncCompliantWithFapiBrazil(jweObject.getHeader().getEncryptionMethod().getName()))) {
                return Single.error(new InvalidRequestObjectException("Request object must be encrypted using RSA-OAEP with A256GCM"));
            }
            // RSA decryption
            if (RSACryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
                return decrypt(jweObject, client, JWKFilter.RSA_KEY_ENCRYPTION(), jwk -> new RSADecrypter(JWKConverter.convert((RSAKey) jwk)));
            } else // Curve decryption (Elliptic "EC" & Edward "OKP")
            if (ECDHCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
                return decrypt(jweObject, client, JWKFilter.CURVE_KEY_ENCRYPTION(), jwk -> {
                    if (KeyType.EC.getValue().equals(jwk.getKty())) {
                        return new ECDHDecrypter(JWKConverter.convert((ECKey) jwk));
                    }
                    return new X25519Decrypter(JWKConverter.convert((OKPKey) jwk));
                });
            } else // AES decryption ("OCT" keys)
            if (AESCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
                return decrypt(jweObject, client, JWKFilter.OCT_KEY_ENCRYPTION(algorithm), jwk -> new AESDecrypter(JWKConverter.convert((OCTKey) jwk)));
            } else // Direct decryption ("OCT" keys)
            if (DirectCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
                return decrypt(jweObject, client, JWKFilter.OCT_KEY_ENCRYPTION(jweObject.getHeader().getEncryptionMethod()), jwk -> new DirectDecrypter(JWKConverter.convert((OCTKey) jwk)));
            } else // Password Base decryption ("OCT" keys)
            if (PasswordBasedCryptoProvider.SUPPORTED_ALGORITHMS.contains(algorithm)) {
                return decrypt(jweObject, client, JWKFilter.OCT_KEY_ENCRYPTION(), jwk -> {
                    OctetSequenceKey octKey = JWKConverter.convert((OCTKey) jwk);
                    return new PasswordBasedDecrypter(octKey.getKeyValue().decode());
                });
            }
            return Single.error(new ServerErrorException("Unable to perform Json Web Decryption, unsupported algorithm: " + algorithm.getName()));
        } else if (encRequired) {
            return Single.error(new InvalidRequestObjectException("Request Object must be encrypted"));
        } else {
            return Single.just(parsedJwt);
        }
    } catch (Exception ex) {
        return Single.error(ex);
    }
}
Also used : JWKSet(io.gravitee.am.model.oidc.JWKSet) Client(io.gravitee.am.model.oidc.Client) JWKFilter(io.gravitee.am.gateway.handler.oidc.service.jwk.JWKFilter) Completable(io.reactivex.Completable) Maybe(io.reactivex.Maybe) LoggerFactory(org.slf4j.LoggerFactory) Autowired(org.springframework.beans.factory.annotation.Autowired) com.nimbusds.jose(com.nimbusds.jose) JWTParser(com.nimbusds.jwt.JWTParser) Single(io.reactivex.Single) Flowable(io.reactivex.Flowable) OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception) io.gravitee.am.model.jose(io.gravitee.am.model.jose) JWT(com.nimbusds.jwt.JWT) JWKService(io.gravitee.am.gateway.handler.oidc.service.jwk.JWKService) InvalidClientMetadataException(io.gravitee.am.service.exception.InvalidClientMetadataException) OctetSequenceKey(com.nimbusds.jose.jwk.OctetSequenceKey) KeyType(com.nimbusds.jose.jwk.KeyType) JWEService(io.gravitee.am.gateway.handler.oidc.service.jwe.JWEService) Predicate(java.util.function.Predicate) Domain(io.gravitee.am.model.Domain) InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException) ServerErrorException(io.gravitee.am.common.exception.oauth2.ServerErrorException) JWKConverter(io.gravitee.am.gateway.handler.oidc.service.jwk.converter.JWKConverter) KeyUse(com.nimbusds.jose.jwk.KeyUse) Optional(java.util.Optional) EncryptedJWT(com.nimbusds.jwt.EncryptedJWT) JWAlgorithmUtils(io.gravitee.am.gateway.handler.oidc.service.utils.JWAlgorithmUtils) com.nimbusds.jose.crypto(com.nimbusds.jose.crypto) com.nimbusds.jose.crypto.impl(com.nimbusds.jose.crypto.impl) JWT(com.nimbusds.jwt.JWT) EncryptedJWT(com.nimbusds.jwt.EncryptedJWT) InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException) OAuth2Exception(io.gravitee.am.common.exception.oauth2.OAuth2Exception) InvalidClientMetadataException(io.gravitee.am.service.exception.InvalidClientMetadataException) InvalidRequestObjectException(io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException) ServerErrorException(io.gravitee.am.common.exception.oauth2.ServerErrorException) OctetSequenceKey(com.nimbusds.jose.jwk.OctetSequenceKey) ServerErrorException(io.gravitee.am.common.exception.oauth2.ServerErrorException) EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)

Example 3 with ServerErrorException

use of io.gravitee.am.common.exception.oauth2.ServerErrorException in project ddf-common by dongfangding.

the class HttpUtil method doPost.

/**
 * post请求
 *
 * @param url
 * @param body
 * @param callbackResult
 * @return T
 * @author dongfang.ding
 * @date 2019/12/7 0007 19:51
 */
public static <T> T doPost(String url, String body, Class<T> callbackResult) {
    CloseableHttpClient httpClient = HttpClientBuilder.create().build();
    HttpPost httpPost = new HttpPost(url);
    StringEntity entity = new StringEntity(body, "UTF-8");
    log.debug("发送数据内容: {}", body);
    httpPost.setEntity(entity);
    httpPost.setConfig(RequestConfig.custom().setSocketTimeout(6000).setConnectTimeout(6000).build());
    httpPost.setHeader("Content-Type", "application/json;charset=utf8");
    CloseableHttpResponse response = null;
    try {
        response = httpClient.execute(httpPost);
        HttpEntity responseEntity = response.getEntity();
        log.debug("响应状态为: {}", response.getStatusLine());
        if (responseEntity != null) {
            String returnStr = EntityUtils.toString(responseEntity);
            log.debug("响应内容长度为: {}", responseEntity.getContentLength());
            log.debug("响应内容为: {}", returnStr);
            return JsonUtil.toBean(returnStr, callbackResult);
        }
        return null;
    } catch (ParseException | IOException e) {
        log.error("{}接口发送失败!", url, e);
        throw new ServerErrorException("处理失败!");
    } finally {
        try {
            if (httpClient != null) {
                httpClient.close();
            }
            if (response != null) {
                response.close();
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpPost(org.apache.http.client.methods.HttpPost) StringEntity(org.apache.http.entity.StringEntity) HttpEntity(org.apache.http.HttpEntity) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) ParseException(org.apache.http.ParseException) IOException(java.io.IOException) ServerErrorException(com.ddf.boot.common.core.exception200.ServerErrorException)

Example 4 with ServerErrorException

use of io.gravitee.am.common.exception.oauth2.ServerErrorException in project ddf-common by dongfangding.

the class OssHelper method getAcsResponse.

/**
 * 获取Acs 响应属性
 *
 * @param path
 * @return
 */
private AssumeRoleResponse getAcsResponse(String path) {
    final AssumeRoleRequest request = new AssumeRoleRequest();
    request.setSysMethod(MethodType.POST);
    request.setRoleArn(ossProperties.getRoleArn());
    request.setRoleSessionName(ossProperties.getRoleSessionName());
    // 若policy为空,则用户将获得该角色下所有权限
    request.setPolicy(getPolicy(primaryBucketProperty.getBucketName(), path));
    // 设置凭证有效时间
    request.setDurationSeconds(ossProperties.getDurationSeconds());
    try {
        return defaultAcsClient.getAcsResponse(request);
    } catch (ClientException e) {
        log.error("处理阿里云OSS异常!", e);
        throw new ServerErrorException("处理阿里云OSS异常");
    }
}
Also used : AssumeRoleRequest(com.aliyuncs.sts.model.v20150401.AssumeRoleRequest) ClientException(com.aliyuncs.exceptions.ClientException) ServerErrorException(com.ddf.boot.common.core.exception200.ServerErrorException)

Aggregations

ServerErrorException (com.ddf.boot.common.core.exception200.ServerErrorException)2 ServerErrorException (io.gravitee.am.common.exception.oauth2.ServerErrorException)2 ClientException (com.aliyuncs.exceptions.ClientException)1 AssumeRoleRequest (com.aliyuncs.sts.model.v20150401.AssumeRoleRequest)1 com.nimbusds.jose (com.nimbusds.jose)1 com.nimbusds.jose.crypto (com.nimbusds.jose.crypto)1 com.nimbusds.jose.crypto.impl (com.nimbusds.jose.crypto.impl)1 KeyType (com.nimbusds.jose.jwk.KeyType)1 KeyUse (com.nimbusds.jose.jwk.KeyUse)1 OctetSequenceKey (com.nimbusds.jose.jwk.OctetSequenceKey)1 EncryptedJWT (com.nimbusds.jwt.EncryptedJWT)1 JWT (com.nimbusds.jwt.JWT)1 JWTParser (com.nimbusds.jwt.JWTParser)1 InvalidRequestException (io.gravitee.am.common.exception.oauth2.InvalidRequestException)1 InvalidRequestObjectException (io.gravitee.am.common.exception.oauth2.InvalidRequestObjectException)1 OAuth2Exception (io.gravitee.am.common.exception.oauth2.OAuth2Exception)1 JWEService (io.gravitee.am.gateway.handler.oidc.service.jwe.JWEService)1 JWKFilter (io.gravitee.am.gateway.handler.oidc.service.jwk.JWKFilter)1 JWKService (io.gravitee.am.gateway.handler.oidc.service.jwk.JWKService)1 JWKConverter (io.gravitee.am.gateway.handler.oidc.service.jwk.converter.JWKConverter)1