Search in sources :

Example 1 with JwsInputStream

use of org.apache.cxf.rs.security.jose.jws.JwsInputStream in project cxf by apache.

the class JwsMultipartSignatureInFilter method filter.

@Override
public void filter(List<Attachment> atts) {
    if (atts.size() < 2) {
        throw ExceptionUtils.toBadRequestException(null, null);
    }
    Attachment sigPart = atts.remove(atts.size() - 1);
    String jwsSequence = null;
    try {
        jwsSequence = IOUtils.readStringFromStream(sigPart.getDataHandler().getInputStream());
    } catch (IOException ex) {
        throw ExceptionUtils.toBadRequestException(null, null);
    }
    String base64UrlEncodedHeaders = null;
    String base64UrlEncodedSignature = null;
    if (!useJwsJsonSignatureFormat) {
        String[] parts = JoseUtils.getCompactParts(jwsSequence);
        if (parts.length != 3 || parts[1].length() > 0) {
            throw ExceptionUtils.toBadRequestException(null, null);
        }
        base64UrlEncodedHeaders = parts[0];
        base64UrlEncodedSignature = parts[2];
    } else {
        Map<String, Object> parts = reader.fromJson(jwsSequence);
        if (parts.size() != 2 || !parts.containsKey("protected") || !parts.containsKey("signature")) {
            throw ExceptionUtils.toBadRequestException(null, null);
        }
        base64UrlEncodedHeaders = (String) parts.get("protected");
        base64UrlEncodedSignature = (String) parts.get("signature");
    }
    JwsHeaders headers = new JwsHeaders(new JsonMapObjectReaderWriter().fromJson(JoseUtils.decodeToString(base64UrlEncodedHeaders)));
    JoseUtils.traceHeaders(headers);
    if (Boolean.FALSE != headers.getPayloadEncodingStatus()) {
        throw ExceptionUtils.toBadRequestException(null, null);
    }
    JwsSignatureVerifier theVerifier = null;
    if (verifier == null) {
        Properties props = KeyManagementUtils.loadStoreProperties(message, true, JoseConstants.RSSEC_SIGNATURE_IN_PROPS, JoseConstants.RSSEC_SIGNATURE_PROPS);
        theVerifier = JwsUtils.loadSignatureVerifier(message, props, headers);
    } else {
        theVerifier = verifier;
    }
    JwsVerificationSignature sig = theVerifier.createJwsVerificationSignature(headers);
    if (sig == null) {
        throw ExceptionUtils.toBadRequestException(null, null);
    }
    byte[] signatureBytes = JoseUtils.decode(base64UrlEncodedSignature);
    byte[] headerBytesWithDot = StringUtils.toBytesASCII(base64UrlEncodedHeaders + ".");
    sig.update(headerBytesWithDot, 0, headerBytesWithDot.length);
    int attSize = atts.size();
    for (int i = 0; i < attSize; i++) {
        Attachment dataPart = atts.remove(i);
        InputStream dataPartStream = null;
        try {
            dataPartStream = dataPart.getDataHandler().getDataSource().getInputStream();
        } catch (IOException ex) {
            throw ExceptionUtils.toBadRequestException(ex, null);
        }
        boolean verifyOnLastRead = i == attSize - 1 ? true : false;
        JwsInputStream jwsStream = new JwsInputStream(dataPartStream, sig, signatureBytes, verifyOnLastRead);
        InputStream newStream = null;
        if (bufferPayload) {
            CachedOutputStream cos = new CachedOutputStream();
            try {
                IOUtils.copy(jwsStream, cos);
                newStream = cos.getInputStream();
            } catch (Exception ex) {
                throw ExceptionUtils.toBadRequestException(ex, null);
            }
        } else {
            newStream = jwsStream;
        }
        Attachment newDataPart = new Attachment(newStream, dataPart.getHeaders());
        atts.add(i, newDataPart);
    }
}
Also used : JwsInputStream(org.apache.cxf.rs.security.jose.jws.JwsInputStream) InputStream(java.io.InputStream) JsonMapObjectReaderWriter(org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter) Attachment(org.apache.cxf.jaxrs.ext.multipart.Attachment) IOException(java.io.IOException) Properties(java.util.Properties) IOException(java.io.IOException) CachedOutputStream(org.apache.cxf.io.CachedOutputStream) JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier) JwsHeaders(org.apache.cxf.rs.security.jose.jws.JwsHeaders) JwsVerificationSignature(org.apache.cxf.rs.security.jose.jws.JwsVerificationSignature) JwsInputStream(org.apache.cxf.rs.security.jose.jws.JwsInputStream)

Aggregations

IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 Properties (java.util.Properties)1 CachedOutputStream (org.apache.cxf.io.CachedOutputStream)1 Attachment (org.apache.cxf.jaxrs.ext.multipart.Attachment)1 JsonMapObjectReaderWriter (org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter)1 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)1 JwsInputStream (org.apache.cxf.rs.security.jose.jws.JwsInputStream)1 JwsSignatureVerifier (org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)1 JwsVerificationSignature (org.apache.cxf.rs.security.jose.jws.JwsVerificationSignature)1