Examples with ServiceApplicationException org.sasanlabs.service.exception.ServiceApplicationException used on opensource projects

Search in sources :

Example 6 with ServiceApplicationException

use of org.sasanlabs.service.exception.ServiceApplicationException in project VulnerableApp by SasanLabs.

the class JWTUtils method getRSAPublicKeyFromProvidedPEMFilePath.

/**
 * Utility method for reading the PEM file and building RSAPublicKey from it. Note: This method
 * assumes that PEM file contains PKCS#8 encoded Key format please check the format.
 *
 * @param pemFile InputStream of PEM file containing RSA Public Key.
 * @return RSAPublicKey by reading PEM file containing the RSA Private Key.
 * @throws JWTException if unable to read the provided file path or key specification is
 *     incorrect etc.
 */
public static RSAPublicKey getRSAPublicKeyFromProvidedPEMFilePath(InputStream pemFile) throws ServiceApplicationException {
    try {
        String certAndKey = IOUtils.toString(pemFile, StandardCharsets.US_ASCII);
        byte[] keyBytes = parseDERFromPEM(certAndKey, BEGIN_PUBLIC_KEY_TOKEN, END_PUBLIC_KEY_TOKEN);
        X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
        KeyFactory factory = KeyFactory.getInstance("RSA");
        return (RSAPublicKey) factory.generatePublic(spec);
    } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
        throw new ServiceApplicationException(ExceptionStatusCodeEnum.SYSTEM_ERROR, e);
    }
}
Also used : ServiceApplicationException(org.sasanlabs.service.exception.ServiceApplicationException) RSAPublicKey(java.security.interfaces.RSAPublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) KeyFactory(java.security.KeyFactory)

Example 7 with ServiceApplicationException

use of org.sasanlabs.service.exception.ServiceApplicationException in project VulnerableApp by SasanLabs.

the class JWTValidator method customHMACNoneAlgorithmVulnerableValidator.

@Override
public boolean customHMACNoneAlgorithmVulnerableValidator(String token, byte[] key, String algorithm) throws ServiceApplicationException {
    try {
        String[] jwtParts = token.split(JWTUtils.JWT_TOKEN_PERIOD_CHARACTER_REGEX, -1);
        JSONObject header = new JSONObject(JWTUtils.getString(Base64.getUrlDecoder().decode(jwtParts[0].getBytes(StandardCharsets.UTF_8))));
        if (header.has(JWTUtils.JWT_ALGORITHM_KEY_HEADER)) {
            String alg = header.getString(JWTUtils.JWT_ALGORITHM_KEY_HEADER);
            if (JWTUtils.NONE_ALGORITHM.contentEquals(alg.toLowerCase())) {
                return true;
            }
        }
        return this.customHMACValidator(token, key, algorithm);
    } catch (UnsupportedEncodingException ex) {
        throw new ServiceApplicationException("Following exception occurred: ", ex, ExceptionStatusCodeEnum.SYSTEM_ERROR);
    }
}
Also used : ServiceApplicationException(org.sasanlabs.service.exception.ServiceApplicationException) JSONObject(org.json.JSONObject) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 8 with ServiceApplicationException

use of org.sasanlabs.service.exception.ServiceApplicationException in project VulnerableApp by SasanLabs.

the class JWTValidator method customHMACValidator.

@Override
public boolean customHMACValidator(String token, byte[] key, String algorithm) throws ServiceApplicationException {
    try {
        String[] jwtParts = token.split(JWTUtils.JWT_TOKEN_PERIOD_CHARACTER_REGEX, -1);
        String newTokenSigned = libBasedJWTGenerator.getHMACSignedJWTToken(jwtParts[0] + JWTUtils.JWT_TOKEN_PERIOD_CHARACTER + jwtParts[1], key, algorithm);
        if (newTokenSigned.equals(token)) {
            return true;
        } else {
            return false;
        }
    } catch (UnsupportedEncodingException ex) {
        throw new ServiceApplicationException("Following exception occurred: ", ex, ExceptionStatusCodeEnum.SYSTEM_ERROR);
    }
}
Also used : ServiceApplicationException(org.sasanlabs.service.exception.ServiceApplicationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 9 with ServiceApplicationException

use of org.sasanlabs.service.exception.ServiceApplicationException in project VulnerableApp by SasanLabs.

the class JWTValidator method jwkKeyHeaderPublicKeyTrustingVulnerableValidator.

@Override
public boolean jwkKeyHeaderPublicKeyTrustingVulnerableValidator(String token) throws ServiceApplicationException {
    try {
        String[] jwtParts = token.split(JWTUtils.JWT_TOKEN_PERIOD_CHARACTER_REGEX, -1);
        JSONObject header = new JSONObject(JWTUtils.getString(Base64.getUrlDecoder().decode(jwtParts[0].getBytes(StandardCharsets.UTF_8))));
        if (header.has(JWTUtils.JWT_ALGORITHM_KEY_HEADER)) {
            String alg = header.getString(JWTUtils.JWT_ALGORITHM_KEY_HEADER);
            if (!alg.startsWith(JWTUtils.JWT_HMAC_ALGORITHM_IDENTIFIER)) {
                JWSVerifier verifier = null;
                if (header.has(JWTUtils.JSON_WEB_KEY_HEADER)) {
                    if (alg.startsWith(JWTUtils.JWT_RSA_ALGORITHM_IDENTIFIER) || alg.startsWith(JWTUtils.JWT_RSA_PSS_ALGORITHM_IDENTIFIER)) {
                        RSAKey rsaKey = RSAKey.parse(header.getJSONObject(JWTUtils.JSON_WEB_KEY_HEADER).toString());
                        verifier = new RSASSAVerifier(rsaKey.toRSAPublicKey());
                    } else if (alg.startsWith(JWTUtils.JWT_EC_ALGORITHM_IDENTIFIER)) {
                        ECKey ecKey = ECKey.parse(header.getJSONObject(JWTUtils.JSON_WEB_KEY_HEADER).toString());
                        verifier = new ECDSAVerifier(ecKey.toECPublicKey());
                    } else if (alg.startsWith(JWTUtils.JWT_OCTET_ALGORITHM_IDENTIFIER)) {
                        verifier = new Ed25519Verifier(OctetKeyPair.parse(header.getString(JWTUtils.JSON_WEB_KEY_HEADER)));
                    }
                    SignedJWT signedJWT = SignedJWT.parse(token);
                    return signedJWT.verify(verifier);
                }
            }
        }
    } catch (UnsupportedEncodingException | ParseException | JOSEException ex) {
        throw new ServiceApplicationException("Following exception occurred: ", ex, ExceptionStatusCodeEnum.SYSTEM_ERROR);
    }
    return false;
}
Also used : ServiceApplicationException(org.sasanlabs.service.exception.ServiceApplicationException) RSAKey(com.nimbusds.jose.jwk.RSAKey) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) JWSVerifier(com.nimbusds.jose.JWSVerifier) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ECKey(com.nimbusds.jose.jwk.ECKey) SignedJWT(com.nimbusds.jwt.SignedJWT) ECDSAVerifier(com.nimbusds.jose.crypto.ECDSAVerifier) Ed25519Verifier(com.nimbusds.jose.crypto.Ed25519Verifier) JSONObject(org.json.JSONObject) ParseException(java.text.ParseException) JOSEException(com.nimbusds.jose.JOSEException)

Example 10 with ServiceApplicationException

use of org.sasanlabs.service.exception.ServiceApplicationException in project VulnerableApp by SasanLabs.

the class LibBasedJWTGenerator method getJWTToken_RS256.

@Override
public String getJWTToken_RS256(String tokenToBeSigned, PrivateKey privateKey) throws ServiceApplicationException {
    RSASSASigner rsassaSigner = new RSASSASigner(privateKey);
    String[] jwtParts = tokenToBeSigned.split(JWTUtils.JWT_TOKEN_PERIOD_CHARACTER_REGEX, -1);
    try {
        return tokenToBeSigned + JWTUtils.JWT_TOKEN_PERIOD_CHARACTER + rsassaSigner.sign(JWSHeader.parse(Base64URL.from(jwtParts[0])), JWTUtils.getBytes(tokenToBeSigned));
    } catch (UnsupportedEncodingException | JOSEException | ParseException e) {
        throw new ServiceApplicationException(ExceptionStatusCodeEnum.SYSTEM_ERROR, "Exception occurred while Signing token: " + tokenToBeSigned, e);
    }
}
Also used : ServiceApplicationException(org.sasanlabs.service.exception.ServiceApplicationException) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ParseException(java.text.ParseException) JOSEException(com.nimbusds.jose.JOSEException)

Aggregations

ServiceApplicationException (org.sasanlabs.service.exception.ServiceApplicationException)11 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 JOSEException (com.nimbusds.jose.JOSEException)3 IOException (java.io.IOException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 ParseException (java.text.ParseException)3 JSONObject (org.json.JSONObject)3 JWSVerifier (com.nimbusds.jose.JWSVerifier)2 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)2 SignedJWT (com.nimbusds.jwt.SignedJWT)2 KeyFactory (java.security.KeyFactory)2 RSAPublicKey (java.security.interfaces.RSAPublicKey)2 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)2 ECDSAVerifier (com.nimbusds.jose.crypto.ECDSAVerifier)1 Ed25519Verifier (com.nimbusds.jose.crypto.Ed25519Verifier)1 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)1 ECKey (com.nimbusds.jose.jwk.ECKey)1 RSAKey (com.nimbusds.jose.jwk.RSAKey)1 InvalidKeyException (java.security.InvalidKeyException)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial