Examples with ServiceApplicationException org.sasanlabs.service.exception.ServiceApplicationException used on opensource projects

Example 1 with ServiceApplicationException

use of org.sasanlabs.service.exception.ServiceApplicationException in project VulnerableApp by SasanLabs.

the class JWTUtils method getRSAPrivateKeyFromProvidedPEMFilePath.

/**
 * Utility method for reading the PEM file and building RSAPrivateKey from it. Note: This method
 * assumes that PEM file contains PKCS#8 encoded Key format please check the format.
 *
 * @param pemFile InputStream of PEM file containing RSA Private Key
 * @return RSAPrivateKey by reading PEM file containing the RSA Private Key.
 * @throws JWTException if unable to read the provided file path or key specification is
 *     incorrect etc.
 */
public static RSAPrivateKey getRSAPrivateKeyFromProvidedPEMFilePath(InputStream pemFile) throws ServiceApplicationException {
    try {
        String certAndKey = IOUtils.toString(pemFile, StandardCharsets.US_ASCII);
        byte[] keyBytes = parseDERFromPEM(certAndKey, BEGIN_PRIVATE_KEY_TOKEN, END_PRIVATE_KEY_TOKEN);
        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
        KeyFactory factory = KeyFactory.getInstance("RSA");
        return (RSAPrivateKey) factory.generatePrivate(spec);
    } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
        throw new ServiceApplicationException(ExceptionStatusCodeEnum.SYSTEM_ERROR, e);
    }
}

Example 2 with ServiceApplicationException

use of org.sasanlabs.service.exception.ServiceApplicationException in project VulnerableApp by SasanLabs.

the class JWTValidator method customHMACNullByteVulnerableValidator.

@Override
public boolean customHMACNullByteVulnerableValidator(String token, byte[] key, String algorithm) throws ServiceApplicationException {
    try {
        String[] jwtParts = token.split(JWTUtils.JWT_TOKEN_PERIOD_CHARACTER_REGEX, -1);
        if (jwtParts.length < 3) {
            return false;
        }
        int nullByteIndex = jwtParts[2].indexOf(URLEncoder.encode(String.valueOf((char) 0), StandardCharsets.UTF_8.name()));
        if (nullByteIndex > 0) {
            jwtParts[2] = jwtParts[2].substring(0, nullByteIndex);
        }
        return this.customHMACValidator(jwtParts[0] + JWTUtils.JWT_TOKEN_PERIOD_CHARACTER + jwtParts[1] + JWTUtils.JWT_TOKEN_PERIOD_CHARACTER + jwtParts[2], key, algorithm);
    } catch (UnsupportedEncodingException ex) {
        throw new ServiceApplicationException("Following exception occurred: ", ex, ExceptionStatusCodeEnum.SYSTEM_ERROR);
    }
}

Example 3 with ServiceApplicationException

use of org.sasanlabs.service.exception.ServiceApplicationException in project VulnerableApp by SasanLabs.

the class JWTValidator method confusionAlgorithmVulnerableValidator.

@Override
public boolean confusionAlgorithmVulnerableValidator(String token, Key key) throws ServiceApplicationException {
    try {
        String[] jwtParts = token.split(JWTUtils.JWT_TOKEN_PERIOD_CHARACTER_REGEX, -1);
        JSONObject header = new JSONObject(JWTUtils.getString(Base64.getUrlDecoder().decode(jwtParts[0].getBytes(StandardCharsets.UTF_8))));
        if (header.has(JWTUtils.JWT_ALGORITHM_KEY_HEADER)) {
            String alg = header.getString(JWTUtils.JWT_ALGORITHM_KEY_HEADER);
            return this.genericJWTTokenValidator(token, key, alg);
        }
    } catch (UnsupportedEncodingException ex) {
        throw new ServiceApplicationException("Following exception occurred: ", ex, ExceptionStatusCodeEnum.SYSTEM_ERROR);
    }
    return false;
}

Example 4 with ServiceApplicationException

use of org.sasanlabs.service.exception.ServiceApplicationException in project VulnerableApp by SasanLabs.

the class JWTValidator method genericJWTTokenValidator.

@Override
public boolean genericJWTTokenValidator(String token, Key key, String algorithm) throws ServiceApplicationException {
    try {
        if (algorithm.startsWith(JWTUtils.JWT_HMAC_ALGORITHM_IDENTIFIER)) {
            return this.customHMACValidator(token, key.getEncoded(), algorithm);
        } else {
            JWSVerifier verifier = null;
            if (algorithm.startsWith(JWTUtils.JWT_RSA_PSS_ALGORITHM_IDENTIFIER) || algorithm.startsWith(JWTUtils.JWT_RSA_ALGORITHM_IDENTIFIER)) {
                verifier = new RSASSAVerifier((RSAPublicKey) key);
            } else if (algorithm.startsWith(JWTUtils.JWT_EC_ALGORITHM_IDENTIFIER)) {
                // TODO adding EC and OCTET for now not needed so not writing that.
                return false;
            }
            SignedJWT signedJWT = SignedJWT.parse(token);
            return signedJWT.verify(verifier);
        }
    } catch (JOSEException | ParseException | ServiceApplicationException ex) {
        throw new ServiceApplicationException("Following exception occurred: ", ex, ExceptionStatusCodeEnum.SYSTEM_ERROR);
    }
}

Example 5 with ServiceApplicationException

use of org.sasanlabs.service.exception.ServiceApplicationException in project VulnerableApp by SasanLabs.

the class ControllerExceptionHandlerTest method shouldHandleControllerExceptions.

@Test
void shouldHandleControllerExceptions() {
    // Arrange
    when(messageBundle.getString(any(), any())).thenReturn("Exception occurred");
    ServiceApplicationException serviceApplicationException = new ServiceApplicationException(ExceptionStatusCodeEnum.SYSTEM_ERROR, new NullPointerException("ex"));
    // Act
    ResponseEntity<String> responseEntity = controllerExceptionHandler.handleControllerExceptions(new ControllerException(serviceApplicationException), webRequest);
    // Assert
    assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, responseEntity.getStatusCode());
    assertEquals("Exception occurred", responseEntity.getBody());
    verify(messageBundle).getString(any(), any());
}