use of org.apache.cxf.rs.security.httpsignature.exception.DigestFailureException in project cxf by apache.
the class AbstractSignatureInFilter method verifyDigest.
protected byte[] verifyDigest(MultivaluedMap<String, String> headers, InputStream entityStream) {
byte[] messageBody = null;
if (!enabled) {
return messageBody;
}
// configuration to require that the digest is signed (and hence present)
if (entityStream != null && headers.containsKey("Digest")) {
LOG.fine("Digesting message body");
try {
messageBody = IOUtils.readBytesFromStream(entityStream);
} catch (IOException e) {
throw new DigestFailureException("failed to validate the digest", e);
}
DigestVerifier digestVerifier = new DigestVerifier();
try {
digestVerifier.inspectDigest(messageBody, headers);
} catch (DigestFailureException | DifferentDigestsException | MissingDigestException ex) {
Message message = PhaseInterceptorChain.getCurrentMessage();
if (MessageUtils.isRequestor(message)) {
throw ex;
}
throw new BadRequestException(ex);
}
}
LOG.fine("Finished digest message verification process");
return messageBody;
}
Aggregations