Example 1 with JwsJsonSignatureEntry
use of org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry in project cxf by apache.
the class JwsJsonContainerRequestFilter method filter.
@Override
public void filter(ContainerRequestContext context) throws IOException {
if (isMethodWithNoContent(context.getMethod()) || isCheckEmptyStream() && !context.hasEntity()) {
return;
}
final String content = IOUtils.readStringFromStream(context.getEntityStream());
if (StringUtils.isEmpty(content)) {
return;
}
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
JwsJsonConsumer c = new JwsJsonConsumer(content);
try {
validate(c, theSigVerifier);
} catch (JwsException ex) {
context.abortWith(JAXRSUtils.toResponse(400));
return;
}
byte[] bytes = c.getDecodedJwsPayloadBytes();
context.setEntityStream(new ByteArrayInputStream(bytes));
context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
// the list is guaranteed to be non-empty
JwsJsonSignatureEntry sigEntry = c.getSignatureEntries().get(0);
String ct = JoseUtils.checkContentType(sigEntry.getUnionHeader().getContentType(), getDefaultMediaType());
if (ct != null) {
context.getHeaders().putSingle("Content-Type", ct);
}
if (super.isValidateHttpHeaders()) {
super.validateHttpHeadersIfNeeded(context.getHeaders(), sigEntry.getProtectedHeader());
}
}
Also used :
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
JwsException(org.apache.cxf.rs.security.jose.jws.JwsException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JwsJsonSignatureEntry(org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry)
JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)
Example 2 with JwsJsonSignatureEntry
use of org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry in project cxf by apache.
the class JwsJsonClientResponseFilter method filter.
@Override
public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
if (isMethodWithNoContent(req.getMethod()) || isStatusCodeWithNoContent(res.getStatus()) || isCheckEmptyStream() && !res.hasEntity()) {
return;
}
final String content = IOUtils.readStringFromStream(res.getEntityStream());
if (StringUtils.isEmpty(content)) {
return;
}
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
JwsJsonConsumer c = new JwsJsonConsumer(content);
validate(c, theSigVerifier);
byte[] bytes = c.getDecodedJwsPayloadBytes();
res.setEntityStream(new ByteArrayInputStream(bytes));
res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
// the list is guaranteed to be non-empty
JwsJsonSignatureEntry sigEntry = c.getSignatureEntries().get(0);
String ct = JoseUtils.checkContentType(sigEntry.getUnionHeader().getContentType(), getDefaultMediaType());
if (ct != null) {
res.getHeaders().putSingle("Content-Type", ct);
}
}
Also used :
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JwsJsonSignatureEntry(org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry)
JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)
Aggregations
ByteArrayInputStream (java.io.ByteArrayInputStream)2
JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)2
JwsJsonSignatureEntry (org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry)2
JwsSignatureVerifier (org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)2
JwsException (org.apache.cxf.rs.security.jose.jws.JwsException)1
