Example 11 with JwsSignatureVerifier
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier in project cxf by apache.
the class JwsContainerRequestFilter method filter.
@Override
public void filter(ContainerRequestContext context) throws IOException {
if (isMethodWithNoContent(context.getMethod()) || isCheckEmptyStream() && !context.hasEntity()) {
return;
}
JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(context.getEntityStream()));
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(p.getJwsHeaders());
if (!p.verifySignatureWith(theSigVerifier)) {
context.abortWith(JAXRSUtils.toResponse(400));
return;
}
JoseUtils.validateRequestContextProperty(p.getJwsHeaders());
byte[] bytes = p.getDecodedJwsPayloadBytes();
context.setEntityStream(new ByteArrayInputStream(bytes));
context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
String ct = JoseUtils.checkContentType(p.getJwsHeaders().getContentType(), getDefaultMediaType());
if (ct != null) {
context.getHeaders().putSingle("Content-Type", ct);
}
if (super.isValidateHttpHeaders()) {
super.validateHttpHeadersIfNeeded(context.getHeaders(), p.getJwsHeaders());
}
Principal currentPrincipal = context.getSecurityContext().getUserPrincipal();
if (currentPrincipal == null || currentPrincipal.getName() == null) {
SecurityContext securityContext = configureSecurityContext(theSigVerifier);
if (securityContext != null) {
JAXRSUtils.getCurrentMessage().put(SecurityContext.class, securityContext);
}
}
}
Also used :
PublicKeyJwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.PublicKeyJwsSignatureVerifier)
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
SecurityContext(org.apache.cxf.security.SecurityContext)
Principal(java.security.Principal)
Example 12 with JwsSignatureVerifier
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier in project cxf by apache.
the class JwsJsonClientResponseFilter method filter.
@Override
public void filter(ClientRequestContext req, ClientResponseContext res) throws IOException {
if (isMethodWithNoContent(req.getMethod()) || isCheckEmptyStream() && !res.hasEntity()) {
return;
}
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
JwsJsonConsumer c = new JwsJsonConsumer(IOUtils.readStringFromStream(res.getEntityStream()));
validate(c, theSigVerifier);
byte[] bytes = c.getDecodedJwsPayloadBytes();
res.setEntityStream(new ByteArrayInputStream(bytes));
res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
// the list is guaranteed to be non-empty
JwsJsonSignatureEntry sigEntry = c.getSignatureEntries().get(0);
String ct = JoseUtils.checkContentType(sigEntry.getUnionHeader().getContentType(), getDefaultMediaType());
if (ct != null) {
res.getHeaders().putSingle("Content-Type", ct);
}
}
Also used :
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JwsJsonSignatureEntry(org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry)
JwsJsonConsumer(org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)
Example 13 with JwsSignatureVerifier
use of org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier in project cxf by apache.
the class JoseClientCodeStateManager method fromRedirectState.
@Override
public MultivaluedMap<String, String> fromRedirectState(MessageContext mc, MultivaluedMap<String, String> redirectState) {
String stateParam = redirectState.getFirst(OAuthConstants.STATE);
if (storeInSession) {
stateParam = OAuthUtils.getSessionToken(mc, stateParam);
}
JweDecryptionProvider jwe = getInitializedDecryptionProvider();
if (jwe != null) {
stateParam = jwe.decrypt(stateParam).getContentText();
}
JwsCompactConsumer jws = new JwsCompactConsumer(stateParam);
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
if (!jws.verifySignatureWith(theSigVerifier)) {
throw new SecurityException();
}
String json = jws.getUnsignedEncodedSequence();
// CHECKSTYLE:OFF
Map<String, List<String>> map = CastUtils.cast((Map<?, ?>) jsonp.fromJson(json));
// NOPMD
return (MultivaluedMap<String, String>) map;
// CHECKSTYLE:ON
}
Also used :
JwsSignatureVerifier(org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)
JwsCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)
JweDecryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)
List(java.util.List)
MultivaluedMap(javax.ws.rs.core.MultivaluedMap)
Aggregations
JwsSignatureVerifier (org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier)13
ByteArrayInputStream (java.io.ByteArrayInputStream)4
JweDecryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)4
JwsCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer)4
Principal (java.security.Principal)2
List (java.util.List)2
Properties (java.util.Properties)2
MultivaluedMap (javax.ws.rs.core.MultivaluedMap)2
JwsException (org.apache.cxf.rs.security.jose.jws.JwsException)2
JwsJsonConsumer (org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer)2
JwsJsonSignatureEntry (org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry)2
JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)2
JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)2
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)2
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
URL (java.net.URL)1
KeyStore (java.security.KeyStore)1
X509Certificate (java.security.cert.X509Certificate)1
Map (java.util.Map)1
