Search in sources :

Example 1 with Verifier

use of org.tomitribe.auth.signatures.Verifier in project cxf by apache.

the class TomitribeSignatureValidator method runVerifier.

private void runVerifier(Map<String, List<String>> messageHeaders, Key key, Signature signature, java.security.Provider provider, String method, String uri, List<String> requiredHeaders) {
    LOG.fine("Starting signature validation");
    boolean success;
    try {
        Verifier verifier = new Verifier(key, signature, provider);
        success = verifier.verify(method, uri, SignatureHeaderUtils.mapHeaders(messageHeaders));
        if (!signature.getHeaders().containsAll(requiredHeaders)) {
            LOG.warning("Not all of the required headers are signed");
            throw new InvalidDataToVerifySignatureException();
        }
    } catch (Exception e) {
        throw new InvalidDataToVerifySignatureException("Error validating the signature", e);
    }
    if (!success) {
        throw new InvalidSignatureException("signature is not valid");
    }
    LOG.fine("Finished signature validation");
}
Also used : InvalidSignatureException(org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureException) InvalidDataToVerifySignatureException(org.apache.cxf.rs.security.httpsignature.exception.InvalidDataToVerifySignatureException) Verifier(org.tomitribe.auth.signatures.Verifier) InvalidDataToVerifySignatureException(org.apache.cxf.rs.security.httpsignature.exception.InvalidDataToVerifySignatureException) InvalidSignatureHeaderException(org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureHeaderException) DifferentAlgorithmsException(org.apache.cxf.rs.security.httpsignature.exception.DifferentAlgorithmsException) InvalidSignatureException(org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureException)

Aggregations

DifferentAlgorithmsException (org.apache.cxf.rs.security.httpsignature.exception.DifferentAlgorithmsException)1 InvalidDataToVerifySignatureException (org.apache.cxf.rs.security.httpsignature.exception.InvalidDataToVerifySignatureException)1 InvalidSignatureException (org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureException)1 InvalidSignatureHeaderException (org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureHeaderException)1 Verifier (org.tomitribe.auth.signatures.Verifier)1