use of org.apache.cxf.rs.security.httpsignature.exception.MissingDigestException in project cxf by apache.
the class AbstractSignatureInFilter method verifyDigest.
protected byte[] verifyDigest(MultivaluedMap<String, String> headers, InputStream entityStream) {
byte[] messageBody = null;
if (!enabled) {
return messageBody;
}
// configuration to require that the digest is signed (and hence present)
if (entityStream != null && headers.containsKey("Digest")) {
LOG.fine("Digesting message body");
try {
messageBody = IOUtils.readBytesFromStream(entityStream);
} catch (IOException e) {
throw new DigestFailureException("failed to validate the digest", e);
}
DigestVerifier digestVerifier = new DigestVerifier();
try {
digestVerifier.inspectDigest(messageBody, headers);
} catch (DigestFailureException | DifferentDigestsException | MissingDigestException ex) {
Message message = PhaseInterceptorChain.getCurrentMessage();
if (MessageUtils.isRequestor(message)) {
throw ex;
}
throw new BadRequestException(ex);
}
}
LOG.fine("Finished digest message verification process");
return messageBody;
}
use of org.apache.cxf.rs.security.httpsignature.exception.MissingDigestException in project cxf by apache.
the class DigestVerifier method inspectDigest.
public void inspectDigest(byte[] messageBody, Map<String, List<String>> responseHeaders) {
LOG.fine("Starting digest verification");
if (responseHeaders.containsKey("Digest")) {
MessageDigest messageDigest = SignatureHeaderUtils.createMessageDigestWithAlgorithm(splitDigestHeader(responseHeaders.get("Digest").get(0)).get(0));
messageDigest.update(messageBody);
byte[] generatedDigest = messageDigest.digest();
byte[] headerDigest = Base64.getDecoder().decode(splitDigestHeader(responseHeaders.get("Digest").get(0)).get(1));
if (!Arrays.equals(generatedDigest, headerDigest)) {
throw new DifferentDigestsException("the digest does not match the body of the message");
}
} else {
throw new MissingDigestException("found no digest header");
}
LOG.fine("Finished digest verification");
}
Aggregations