Search in sources :

Example 1 with InvalidJwtException

use of io.jans.as.model.exception.InvalidJwtException in project jans by JanssenProject.

the class JweDecrypterImpl method decrypt.

@Override
public Jwe decrypt(String encryptedJwe) throws InvalidJweException {
    try {
        String[] jweParts = encryptedJwe.split("\\.");
        if (jweParts.length != 5) {
            throw new InvalidJwtException("Invalid JWS format.");
        }
        String encodedHeader = jweParts[0];
        String encodedEncryptedKey = jweParts[1];
        String encodedInitializationVector = jweParts[2];
        String encodedCipherText = jweParts[3];
        String encodedIntegrityValue = jweParts[4];
        Jwe jwe = new Jwe();
        jwe.setEncodedHeader(encodedHeader);
        jwe.setEncodedEncryptedKey(encodedEncryptedKey);
        jwe.setEncodedInitializationVector(encodedInitializationVector);
        jwe.setEncodedCiphertext(encodedCipherText);
        jwe.setEncodedIntegrityValue(encodedIntegrityValue);
        jwe.setHeader(new JwtHeader(encodedHeader));
        EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptedJwe);
        setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)));
        setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ENCRYPTION_METHOD)));
        final KeyEncryptionAlgorithm keyEncryptionAlgorithm = getKeyEncryptionAlgorithm();
        Key encriptionKey = null;
        if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP) {
            encriptionKey = privateKey;
        } else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
            if (sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            int keyLength = 16;
            if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
                keyLength = 32;
            }
            if (sharedSymmetricKey.length != keyLength) {
                MessageDigest sha = MessageDigest.getInstance("SHA-256");
                sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, keyLength);
            }
            encriptionKey = new SecretKeySpec(sharedSymmetricKey, 0, sharedSymmetricKey.length, "AES");
        } else {
            throw new InvalidJweException("The key encryption algorithm is not supported");
        }
        JWEDecrypter decrypter = DECRYPTER_FACTORY.createJWEDecrypter(encryptedJwt.getHeader(), encriptionKey);
        decrypter.getJCAContext().setProvider(SecurityProviderUtility.getInstance());
        encryptedJwt.decrypt(decrypter);
        final SignedJWT signedJWT = encryptedJwt.getPayload().toSignedJWT();
        if (signedJWT != null) {
            final Jwt jwt = Jwt.parse(signedJWT.serialize());
            jwe.setSignedJWTPayload(jwt);
            jwe.setClaims(jwt.getClaims());
        } else {
            final String base64encodedPayload = encryptedJwt.getPayload().toString();
            validateNestedJwt(base64encodedPayload);
            jwe.setClaims(new JwtClaims(base64encodedPayload));
        }
        return jwe;
    } catch (Exception e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) JwtClaims(io.jans.as.model.jwt.JwtClaims) Jwt(io.jans.as.model.jwt.Jwt) SignedJWT(com.nimbusds.jwt.SignedJWT) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) InvalidJweException(io.jans.as.model.exception.InvalidJweException) JWEDecrypter(com.nimbusds.jose.JWEDecrypter) JwtHeader(io.jans.as.model.jwt.JwtHeader) SecretKeySpec(javax.crypto.spec.SecretKeySpec) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) MessageDigest(java.security.MessageDigest) EncryptedJWT(com.nimbusds.jwt.EncryptedJWT) Key(java.security.Key) PrivateKey(java.security.PrivateKey) InvalidJweException(io.jans.as.model.exception.InvalidJweException)

Example 2 with InvalidJwtException

use of io.jans.as.model.exception.InvalidJwtException in project jans by JanssenProject.

the class JweEncrypterImpl method encrypt.

@Override
public Jwe encrypt(Jwe jwe) throws InvalidJweException {
    try {
        JWEEncrypter encrypter = createJweEncrypter();
        if (jwe.getSignedJWTPayload() != null) {
            jwe.getHeader().setContentType(JwtType.JWT);
        }
        JWEObject jweObject = new JWEObject(JWEHeader.parse(jwe.getHeader().toJsonObject().toString()), createPayload(jwe));
        jweObject.encrypt(encrypter);
        String encryptedJwe = jweObject.serialize();
        String[] jweParts = encryptedJwe.split("\\.");
        if (jweParts.length != 5) {
            throw new InvalidJwtException("Invalid JWS format.");
        }
        String encodedHeader = jweParts[0];
        String encodedEncryptedKey = jweParts[1];
        String encodedInitializationVector = jweParts[2];
        String encodedCipherText = jweParts[3];
        String encodedIntegrityValue = jweParts[4];
        jwe.setEncodedHeader(encodedHeader);
        jwe.setEncodedEncryptedKey(encodedEncryptedKey);
        jwe.setEncodedInitializationVector(encodedInitializationVector);
        jwe.setEncodedCiphertext(encodedCipherText);
        jwe.setEncodedIntegrityValue(encodedIntegrityValue);
        jwe.setHeader(new JwtHeader(encodedHeader));
        return jwe;
    } catch (Exception e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) JwtHeader(io.jans.as.model.jwt.JwtHeader) JWEObject(com.nimbusds.jose.JWEObject) JWEEncrypter(com.nimbusds.jose.JWEEncrypter) JOSEException(com.nimbusds.jose.JOSEException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) InvalidJweException(io.jans.as.model.exception.InvalidJweException) ParseException(java.text.ParseException) InvalidJweException(io.jans.as.model.exception.InvalidJweException)

Example 3 with InvalidJwtException

use of io.jans.as.model.exception.InvalidJwtException in project jans by JanssenProject.

the class Jwt method parse.

@NotNull
public static Jwt parse(String encodedJwt) throws InvalidJwtException {
    if (StringUtils.isBlank(encodedJwt)) {
        throw new InvalidJwtException("Jwt is blank.");
    }
    String encodedHeader = null;
    String encodedClaims = null;
    String encodedSignature = null;
    String[] jwtParts = encodedJwt.split("\\.");
    if (jwtParts.length == 2) {
        // Signature Algorithm NONE
        encodedHeader = jwtParts[0];
        encodedClaims = jwtParts[1];
        encodedSignature = "";
    } else if (jwtParts.length == 3) {
        encodedHeader = jwtParts[0];
        encodedClaims = jwtParts[1];
        encodedSignature = jwtParts[2];
    } else {
        throw new InvalidJwtException("Invalid JWT format.");
    }
    Jwt jwt = new Jwt();
    jwt.setHeader(new JwtHeader(encodedHeader));
    jwt.setClaims(new JwtClaims(encodedClaims));
    jwt.setEncodedSignature(encodedSignature);
    jwt.encodedHeader = encodedHeader;
    jwt.encodedClaims = encodedClaims;
    jwt.loaded = true;
    return jwt;
}
Also used : InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) NotNull(org.jetbrains.annotations.NotNull)

Example 4 with InvalidJwtException

use of io.jans.as.model.exception.InvalidJwtException in project jans by JanssenProject.

the class JwtClaimSet method load.

public void load(String base64JsonObject) throws InvalidJwtException {
    try {
        String jsonObjectString = new String(Base64Util.base64urldecode(base64JsonObject), StandardCharsets.UTF_8);
        load(new JSONObject(jsonObjectString));
    } catch (Exception e) {
        throw new InvalidJwtException(e);
    }
}
Also used : InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) JSONObject(org.json.JSONObject) JSONException(org.json.JSONException) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)

Example 5 with InvalidJwtException

use of io.jans.as.model.exception.InvalidJwtException in project jans by JanssenProject.

the class AuthorizeAction method getRequestedClaims.

public List<String> getRequestedClaims() {
    Set<String> result = new HashSet<String>();
    String requestJwt = request;
    if (StringUtils.isBlank(requestJwt) && StringUtils.isNotBlank(requestUri)) {
        try {
            URI reqUri = new URI(requestUri);
            String reqUriHash = reqUri.getFragment();
            String reqUriWithoutFragment = reqUri.getScheme() + ":" + reqUri.getSchemeSpecificPart();
            javax.ws.rs.client.Client clientRequest = ClientBuilder.newClient();
            try {
                Response clientResponse = clientRequest.target(reqUriWithoutFragment).request().buildGet().invoke();
                clientRequest.close();
                int status = clientResponse.getStatus();
                if (status == 200) {
                    String entity = clientResponse.readEntity(String.class);
                    if (StringUtils.isBlank(reqUriHash)) {
                        requestJwt = entity;
                    } else {
                        String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(entity));
                        if (StringUtils.equals(reqUriHash, hash)) {
                            requestJwt = entity;
                        }
                    }
                }
            } finally {
                clientRequest.close();
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
    }
    if (StringUtils.isNotBlank(requestJwt)) {
        try {
            Client client = clientService.getClient(clientId);
            if (client != null) {
                JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(appConfiguration, cryptoProvider, request, client);
                if (jwtAuthorizationRequest.getUserInfoMember() != null) {
                    for (Claim claim : jwtAuthorizationRequest.getUserInfoMember().getClaims()) {
                        result.add(claim.getName());
                    }
                }
                if (jwtAuthorizationRequest.getIdTokenMember() != null) {
                    for (Claim claim : jwtAuthorizationRequest.getIdTokenMember().getClaims()) {
                        result.add(claim.getName());
                    }
                }
            }
        } catch (EntryPersistenceException | InvalidJwtException e) {
            log.error(e.getMessage(), e);
        }
    }
    return new ArrayList<>(result);
}
Also used : InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException) URI(java.net.URI) InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) AcrChangedException(io.jans.as.server.model.exception.AcrChangedException) WebApplicationException(javax.ws.rs.WebApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException) IOException(java.io.IOException) Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) JwtAuthorizationRequest(io.jans.as.server.model.authorize.JwtAuthorizationRequest) Client(io.jans.as.common.model.registration.Client) Claim(io.jans.as.server.model.authorize.Claim)

Aggregations

InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)34 Jwt (io.jans.as.model.jwt.Jwt)20 WebApplicationException (javax.ws.rs.WebApplicationException)12 JSONException (org.json.JSONException)10 Test (org.testng.annotations.Test)10 Date (java.util.Date)8 JSONObject (org.json.JSONObject)8 Response (javax.ws.rs.core.Response)7 HttpException (io.jans.ca.server.HttpException)6 Client (io.jans.as.common.model.registration.Client)4 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)4 BaseTest (io.jans.as.server.BaseTest)4 AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)4 URISyntaxException (java.net.URISyntaxException)4 Builder (javax.ws.rs.client.Invocation.Builder)4 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)4 Parameters (org.testng.annotations.Parameters)4 UserInfoRequest (io.jans.as.client.UserInfoRequest)3 JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)3 User (io.jans.as.common.model.common.User)2