Example 1 with InvalidJwtException
use of io.jans.as.model.exception.InvalidJwtException in project jans by JanssenProject.
the class JweDecrypterImpl method decrypt.
@Override
public Jwe decrypt(String encryptedJwe) throws InvalidJweException {
try {
String[] jweParts = encryptedJwe.split("\\.");
if (jweParts.length != 5) {
throw new InvalidJwtException("Invalid JWS format.");
}
String encodedHeader = jweParts[0];
String encodedEncryptedKey = jweParts[1];
String encodedInitializationVector = jweParts[2];
String encodedCipherText = jweParts[3];
String encodedIntegrityValue = jweParts[4];
Jwe jwe = new Jwe();
jwe.setEncodedHeader(encodedHeader);
jwe.setEncodedEncryptedKey(encodedEncryptedKey);
jwe.setEncodedInitializationVector(encodedInitializationVector);
jwe.setEncodedCiphertext(encodedCipherText);
jwe.setEncodedIntegrityValue(encodedIntegrityValue);
jwe.setHeader(new JwtHeader(encodedHeader));
EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptedJwe);
setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM)));
setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(JwtHeaderName.ENCRYPTION_METHOD)));
final KeyEncryptionAlgorithm keyEncryptionAlgorithm = getKeyEncryptionAlgorithm();
Key encriptionKey = null;
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5 || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP) {
encriptionKey = privateKey;
} else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
if (sharedSymmetricKey == null) {
throw new InvalidJweException("The shared symmetric key is null");
}
int keyLength = 16;
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
keyLength = 32;
}
if (sharedSymmetricKey.length != keyLength) {
MessageDigest sha = MessageDigest.getInstance("SHA-256");
sharedSymmetricKey = sha.digest(sharedSymmetricKey);
sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, keyLength);
}
encriptionKey = new SecretKeySpec(sharedSymmetricKey, 0, sharedSymmetricKey.length, "AES");
} else {
throw new InvalidJweException("The key encryption algorithm is not supported");
}
JWEDecrypter decrypter = DECRYPTER_FACTORY.createJWEDecrypter(encryptedJwt.getHeader(), encriptionKey);
decrypter.getJCAContext().setProvider(SecurityProviderUtility.getInstance());
encryptedJwt.decrypt(decrypter);
final SignedJWT signedJWT = encryptedJwt.getPayload().toSignedJWT();
if (signedJWT != null) {
final Jwt jwt = Jwt.parse(signedJWT.serialize());
jwe.setSignedJWTPayload(jwt);
jwe.setClaims(jwt.getClaims());
} else {
final String base64encodedPayload = encryptedJwt.getPayload().toString();
validateNestedJwt(base64encodedPayload);
jwe.setClaims(new JwtClaims(base64encodedPayload));
}
return jwe;
} catch (Exception e) {
throw new InvalidJweException(e);
}
}
Also used :
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
JwtClaims(io.jans.as.model.jwt.JwtClaims)
Jwt(io.jans.as.model.jwt.Jwt)
SignedJWT(com.nimbusds.jwt.SignedJWT)
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
InvalidJweException(io.jans.as.model.exception.InvalidJweException)
JWEDecrypter(com.nimbusds.jose.JWEDecrypter)
JwtHeader(io.jans.as.model.jwt.JwtHeader)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)
MessageDigest(java.security.MessageDigest)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
InvalidJweException(io.jans.as.model.exception.InvalidJweException)
Example 2 with InvalidJwtException
use of io.jans.as.model.exception.InvalidJwtException in project jans by JanssenProject.
the class JweEncrypterImpl method encrypt.
@Override
public Jwe encrypt(Jwe jwe) throws InvalidJweException {
try {
JWEEncrypter encrypter = createJweEncrypter();
if (jwe.getSignedJWTPayload() != null) {
jwe.getHeader().setContentType(JwtType.JWT);
}
JWEObject jweObject = new JWEObject(JWEHeader.parse(jwe.getHeader().toJsonObject().toString()), createPayload(jwe));
jweObject.encrypt(encrypter);
String encryptedJwe = jweObject.serialize();
String[] jweParts = encryptedJwe.split("\\.");
if (jweParts.length != 5) {
throw new InvalidJwtException("Invalid JWS format.");
}
String encodedHeader = jweParts[0];
String encodedEncryptedKey = jweParts[1];
String encodedInitializationVector = jweParts[2];
String encodedCipherText = jweParts[3];
String encodedIntegrityValue = jweParts[4];
jwe.setEncodedHeader(encodedHeader);
jwe.setEncodedEncryptedKey(encodedEncryptedKey);
jwe.setEncodedInitializationVector(encodedInitializationVector);
jwe.setEncodedCiphertext(encodedCipherText);
jwe.setEncodedIntegrityValue(encodedIntegrityValue);
jwe.setHeader(new JwtHeader(encodedHeader));
return jwe;
} catch (Exception e) {
throw new InvalidJweException(e);
}
}
Also used :
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
JwtHeader(io.jans.as.model.jwt.JwtHeader)
JWEObject(com.nimbusds.jose.JWEObject)
JWEEncrypter(com.nimbusds.jose.JWEEncrypter)
JOSEException(com.nimbusds.jose.JOSEException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
InvalidJweException(io.jans.as.model.exception.InvalidJweException)
ParseException(java.text.ParseException)
InvalidJweException(io.jans.as.model.exception.InvalidJweException)
Example 3 with InvalidJwtException
use of io.jans.as.model.exception.InvalidJwtException in project jans by JanssenProject.
the class Jwt method parse.
@NotNull
public static Jwt parse(String encodedJwt) throws InvalidJwtException {
if (StringUtils.isBlank(encodedJwt)) {
throw new InvalidJwtException("Jwt is blank.");
}
String encodedHeader = null;
String encodedClaims = null;
String encodedSignature = null;
String[] jwtParts = encodedJwt.split("\\.");
if (jwtParts.length == 2) {
// Signature Algorithm NONE
encodedHeader = jwtParts[0];
encodedClaims = jwtParts[1];
encodedSignature = "";
} else if (jwtParts.length == 3) {
encodedHeader = jwtParts[0];
encodedClaims = jwtParts[1];
encodedSignature = jwtParts[2];
} else {
throw new InvalidJwtException("Invalid JWT format.");
}
Jwt jwt = new Jwt();
jwt.setHeader(new JwtHeader(encodedHeader));
jwt.setClaims(new JwtClaims(encodedClaims));
jwt.setEncodedSignature(encodedSignature);
jwt.encodedHeader = encodedHeader;
jwt.encodedClaims = encodedClaims;
jwt.loaded = true;
return jwt;
}
Also used :
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
NotNull(org.jetbrains.annotations.NotNull)
Example 4 with InvalidJwtException
use of io.jans.as.model.exception.InvalidJwtException in project jans by JanssenProject.
the class JwtClaimSet method load.
public void load(String base64JsonObject) throws InvalidJwtException {
try {
String jsonObjectString = new String(Base64Util.base64urldecode(base64JsonObject), StandardCharsets.UTF_8);
load(new JSONObject(jsonObjectString));
} catch (Exception e) {
throw new InvalidJwtException(e);
}
}
Also used :
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
JSONObject(org.json.JSONObject)
JSONException(org.json.JSONException)
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
Example 5 with InvalidJwtException
use of io.jans.as.model.exception.InvalidJwtException in project jans by JanssenProject.
the class AuthorizeAction method getRequestedClaims.
public List<String> getRequestedClaims() {
Set<String> result = new HashSet<String>();
String requestJwt = request;
if (StringUtils.isBlank(requestJwt) && StringUtils.isNotBlank(requestUri)) {
try {
URI reqUri = new URI(requestUri);
String reqUriHash = reqUri.getFragment();
String reqUriWithoutFragment = reqUri.getScheme() + ":" + reqUri.getSchemeSpecificPart();
javax.ws.rs.client.Client clientRequest = ClientBuilder.newClient();
try {
Response clientResponse = clientRequest.target(reqUriWithoutFragment).request().buildGet().invoke();
clientRequest.close();
int status = clientResponse.getStatus();
if (status == 200) {
String entity = clientResponse.readEntity(String.class);
if (StringUtils.isBlank(reqUriHash)) {
requestJwt = entity;
} else {
String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(entity));
if (StringUtils.equals(reqUriHash, hash)) {
requestJwt = entity;
}
}
}
} finally {
clientRequest.close();
}
} catch (Exception e) {
log.error(e.getMessage(), e);
}
}
if (StringUtils.isNotBlank(requestJwt)) {
try {
Client client = clientService.getClient(clientId);
if (client != null) {
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(appConfiguration, cryptoProvider, request, client);
if (jwtAuthorizationRequest.getUserInfoMember() != null) {
for (Claim claim : jwtAuthorizationRequest.getUserInfoMember().getClaims()) {
result.add(claim.getName());
}
}
if (jwtAuthorizationRequest.getIdTokenMember() != null) {
for (Claim claim : jwtAuthorizationRequest.getIdTokenMember().getClaims()) {
result.add(claim.getName());
}
}
}
} catch (EntryPersistenceException | InvalidJwtException e) {
log.error(e.getMessage(), e);
}
}
return new ArrayList<>(result);
}
Also used :
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException)
URI(java.net.URI)
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
AcrChangedException(io.jans.as.server.model.exception.AcrChangedException)
WebApplicationException(javax.ws.rs.WebApplicationException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException)
IOException(java.io.IOException)
Response(javax.ws.rs.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
JwtAuthorizationRequest(io.jans.as.server.model.authorize.JwtAuthorizationRequest)
Client(io.jans.as.common.model.registration.Client)
Claim(io.jans.as.server.model.authorize.Claim)
Aggregations
InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)34
Jwt (io.jans.as.model.jwt.Jwt)20
WebApplicationException (javax.ws.rs.WebApplicationException)12
JSONException (org.json.JSONException)10
Test (org.testng.annotations.Test)10
Date (java.util.Date)8
JSONObject (org.json.JSONObject)8
Response (javax.ws.rs.core.Response)7
HttpException (io.jans.ca.server.HttpException)6
Client (io.jans.as.common.model.registration.Client)4
SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)4
BaseTest (io.jans.as.server.BaseTest)4
AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)4
URISyntaxException (java.net.URISyntaxException)4
Builder (javax.ws.rs.client.Invocation.Builder)4
ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)4
Parameters (org.testng.annotations.Parameters)4
UserInfoRequest (io.jans.as.client.UserInfoRequest)3
JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)3
User (io.jans.as.common.model.common.User)2
