Example 1 with JwsException
use of org.apache.cxf.rs.security.jose.jws.JwsException in project cxf by apache.
the class JwsJsonContainerRequestFilter method filter.
@Override
public void filter(ContainerRequestContext context) throws IOException {
if (isMethodWithNoContent(context.getMethod()) || isCheckEmptyStream() && !context.hasEntity()) {
return;
}
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
JwsJsonConsumer c = new JwsJsonConsumer(IOUtils.readStringFromStream(context.getEntityStream()));
try {
validate(c, theSigVerifier);
} catch (JwsException ex) {
context.abortWith(JAXRSUtils.toResponse(400));
return;
}
byte[] bytes = c.getDecodedJwsPayloadBytes();
context.setEntityStream(new ByteArrayInputStream(bytes));
context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
// the list is guaranteed to be non-empty
JwsJsonSignatureEntry sigEntry = c.getSignatureEntries().get(0);
String ct = JoseUtils.checkContentType(sigEntry.getUnionHeader().getContentType(), getDefaultMediaType());
if (ct != null) {
context.getHeaders().putSingle("Content-Type", ct);
}
if (super.isValidateHttpHeaders()) {
super.validateHttpHeadersIfNeeded(context.getHeaders(), sigEntry.getProtectedHeader());
}
}
Also used :
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
JwsException(org.apache.cxf.rs.security.jose.jws.JwsException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JwsJsonSignatureEntry(org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry)
JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)
Example 2 with JwsException
use of org.apache.cxf.rs.security.jose.jws.JwsException in project cxf by apache.
the class AbstractJwsJsonWriterProvider method getPropertyLocations.
protected List<String> getPropertyLocations() {
Message m = JAXRSUtils.getCurrentMessage();
Object propLocsProp = MessageUtils.getContextualProperty(m, JoseConstants.RSSEC_SIGNATURE_OUT_PROPS, JoseConstants.RSSEC_SIGNATURE_PROPS);
if (propLocsProp == null) {
if (sigProviders == null) {
LOG.warning("JWS JSON init properties resource is not identified");
throw new JwsException(JwsException.Error.NO_INIT_PROPERTIES);
}
return Collections.emptyList();
}
List<String> propLocs = null;
if (propLocsProp instanceof String) {
String[] props = ((String) propLocsProp).split(",");
propLocs = Arrays.asList(props);
} else {
propLocs = CastUtils.cast((List<?>) propLocsProp);
}
return propLocs;
}
Also used :
JwsException(org.apache.cxf.rs.security.jose.jws.JwsException)
Message(org.apache.cxf.message.Message)
List(java.util.List)
LinkedList(java.util.LinkedList)
Example 3 with JwsException
use of org.apache.cxf.rs.security.jose.jws.JwsException in project cxf by apache.
the class JwsClientResponseFilter method filter.
@Override
public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
if (isMethodWithNoContent(req.getMethod()) || isCheckEmptyStream() && !res.hasEntity()) {
return;
}
JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(res.getEntityStream()));
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders());
if (!p.verifySignatureWith(theSigVerifier)) {
throw new JwsException(JwsException.Error.INVALID_SIGNATURE);
}
byte[] bytes = p.getDecodedJwsPayloadBytes();
res.setEntityStream(new ByteArrayInputStream(bytes));
res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType());
if (ct != null) {
res.getHeaders().putSingle("Content-Type", ct);
}
if (super.isValidateHttpHeaders()) {
super.validateHttpHeadersIfNeeded(res.getHeaders(), p.getJwsHeaders());
}
}
Also used :
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
JwsException(org.apache.cxf.rs.security.jose.jws.JwsException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
Example 4 with JwsException
use of org.apache.cxf.rs.security.jose.jws.JwsException in project cxf by apache.
the class OidcUtils method calculateHash.
private static String calculateHash(String value, SignatureAlgorithm sigAlgo) {
if (sigAlgo == SignatureAlgorithm.NONE) {
throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
}
String algoShaSizeString = sigAlgo.getJwaName().substring(2);
String javaShaAlgo = "SHA-" + algoShaSizeString;
int algoShaSize = Integer.parseInt(algoShaSizeString);
int valueHashSize = (algoShaSize / 8) / 2;
try {
byte[] atBytes = StringUtils.toBytesASCII(value);
byte[] digest = MessageDigestUtils.createDigest(atBytes, javaShaAlgo);
return Base64UrlUtility.encodeChunk(digest, 0, valueHashSize);
} catch (NoSuchAlgorithmException ex) {
throw new OAuthServiceException(ex);
}
}
Also used :
JwsException(org.apache.cxf.rs.security.jose.jws.JwsException)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Aggregations
JwsException (org.apache.cxf.rs.security.jose.jws.JwsException)4
ByteArrayInputStream (java.io.ByteArrayInputStream)2
JwsSignatureVerifier (org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
LinkedList (java.util.LinkedList)1
List (java.util.List)1
Message (org.apache.cxf.message.Message)1
JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)1
JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)1
JwsJsonSignatureEntry (org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry)1
OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)1
