Search in sources :

Example 1 with MissingDigestException

use of org.apache.cxf.rs.security.httpsignature.exception.MissingDigestException in project cxf by apache.

the class AbstractSignatureInFilter method verifyDigest.

protected byte[] verifyDigest(MultivaluedMap<String, String> headers, InputStream entityStream) {
    byte[] messageBody = null;
    if (!enabled) {
        return messageBody;
    }
    // configuration to require that the digest is signed (and hence present)
    if (entityStream != null && headers.containsKey("Digest")) {
        LOG.fine("Digesting message body");
        try {
            messageBody = IOUtils.readBytesFromStream(entityStream);
        } catch (IOException e) {
            throw new DigestFailureException("failed to validate the digest", e);
        }
        DigestVerifier digestVerifier = new DigestVerifier();
        try {
            digestVerifier.inspectDigest(messageBody, headers);
        } catch (DigestFailureException | DifferentDigestsException | MissingDigestException ex) {
            Message message = PhaseInterceptorChain.getCurrentMessage();
            if (MessageUtils.isRequestor(message)) {
                throw ex;
            }
            throw new BadRequestException(ex);
        }
    }
    LOG.fine("Finished digest message verification process");
    return messageBody;
}
Also used : Message(org.apache.cxf.message.Message) DigestFailureException(org.apache.cxf.rs.security.httpsignature.exception.DigestFailureException) BadRequestException(javax.ws.rs.BadRequestException) IOException(java.io.IOException) MissingDigestException(org.apache.cxf.rs.security.httpsignature.exception.MissingDigestException) DifferentDigestsException(org.apache.cxf.rs.security.httpsignature.exception.DifferentDigestsException) DigestVerifier(org.apache.cxf.rs.security.httpsignature.DigestVerifier)

Example 2 with MissingDigestException

use of org.apache.cxf.rs.security.httpsignature.exception.MissingDigestException in project cxf by apache.

the class DigestVerifier method inspectDigest.

public void inspectDigest(byte[] messageBody, Map<String, List<String>> responseHeaders) {
    LOG.fine("Starting digest verification");
    if (responseHeaders.containsKey("Digest")) {
        MessageDigest messageDigest = SignatureHeaderUtils.createMessageDigestWithAlgorithm(splitDigestHeader(responseHeaders.get("Digest").get(0)).get(0));
        messageDigest.update(messageBody);
        byte[] generatedDigest = messageDigest.digest();
        byte[] headerDigest = Base64.getDecoder().decode(splitDigestHeader(responseHeaders.get("Digest").get(0)).get(1));
        if (!Arrays.equals(generatedDigest, headerDigest)) {
            throw new DifferentDigestsException("the digest does not match the body of the message");
        }
    } else {
        throw new MissingDigestException("found no digest header");
    }
    LOG.fine("Finished digest verification");
}
Also used : MessageDigest(java.security.MessageDigest) MissingDigestException(org.apache.cxf.rs.security.httpsignature.exception.MissingDigestException) DifferentDigestsException(org.apache.cxf.rs.security.httpsignature.exception.DifferentDigestsException)

Aggregations

DifferentDigestsException (org.apache.cxf.rs.security.httpsignature.exception.DifferentDigestsException)2 MissingDigestException (org.apache.cxf.rs.security.httpsignature.exception.MissingDigestException)2 IOException (java.io.IOException)1 MessageDigest (java.security.MessageDigest)1 BadRequestException (javax.ws.rs.BadRequestException)1 Message (org.apache.cxf.message.Message)1 DigestVerifier (org.apache.cxf.rs.security.httpsignature.DigestVerifier)1 DigestFailureException (org.apache.cxf.rs.security.httpsignature.exception.DigestFailureException)1