Xinwen Deng / aem-src

JwsValidatorImpl.java 4.77 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 
/*
 * Decompiled with CFR 0_118.
 * 
 * Could not load the following classes:
 *  com.adobe.granite.crypto.CryptoSupport
 *  org.apache.felix.scr.annotations.Component
 *  org.apache.felix.scr.annotations.Reference
 *  org.apache.felix.scr.annotations.Service
 *  org.apache.oltu.jose.jws.Header
 *  org.apache.oltu.jose.jws.JWS
 *  org.apache.oltu.jose.jws.io.JWSReader
 *  org.apache.oltu.jose.jws.signature.SignatureMethod
 *  org.apache.oltu.jose.jws.signature.VerifyingKey
 *  org.slf4j.Logger
 *  org.slf4j.LoggerFactory
 */
package com.adobe.granite.oauth.jwt.impl;

import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.oauth.jwt.JwsValidator;
import com.adobe.granite.oauth.jwt.JwtValidator;
import com.adobe.granite.oauth.jwt.impl.HMACSignatureMethodsImpl;
import com.adobe.granite.oauth.jwt.impl.PublicKey;
import com.adobe.granite.oauth.jwt.impl.RSASignatureMethodImpl;
import com.adobe.granite.oauth.jwt.impl.SymmetricKey;
import java.security.Key;
import javax.crypto.spec.SecretKeySpec;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.oltu.jose.jws.Header;
import org.apache.oltu.jose.jws.JWS;
import org.apache.oltu.jose.jws.io.JWSReader;
import org.apache.oltu.jose.jws.signature.SignatureMethod;
import org.apache.oltu.jose.jws.signature.VerifyingKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component
@Service
public class JwsValidatorImpl
implements JwsValidator {
    private static final Logger logger = LoggerFactory.getLogger(JwsValidatorImpl.class);
    @Reference
    private CryptoSupport cryptoSupport;
    @Reference
    JwtValidator jwtValidator;

    public boolean validate(String jws, Key verifyingKey) {
        try {
            JWS token = (JWS)new JWSReader().read(jws);
            String algorithm = token.getHeader().getAlgorithm();
            SignatureMethod signatureMethod = this.getSignatureMethod(algorithm);
            if (signatureMethod == null) {
                return false;
            }
            VerifyingKey vk = this.getVerifyingKey(algorithm, verifyingKey);
            if (vk == null) {
                return false;
            }
            boolean valid = token.validate(signatureMethod, vk);
            if (valid) {
                valid = this.jwtValidator.validate(jws, System.currentTimeMillis());
            }
            return valid;
        }
        catch (Exception e) {
            logger.warn("exception while validating the token ", (Throwable)e);
            return false;
        }
    }

    public boolean validate(String jws) {
        return this.validate(jws, null);
    }

    private SignatureMethod getSignatureMethod(String algorithm) {
        Object signatureMethod = null;
        if ("HS256".equals(algorithm)) {
            signatureMethod = new HMACSignatureMethodsImpl(this.cryptoSupport);
        } else if ("RS256".equals(algorithm) || "RS384".equals(algorithm) || "RS512".equals(algorithm)) {
            signatureMethod = new RSASignatureMethodImpl(this.cryptoSupport, algorithm);
        } else {
            logger.warn("algorithm " + algorithm + " not supported");
        }
        return signatureMethod;
    }

    private VerifyingKey getVerifyingKey(String algorithm, Key key) {
        Object verifyingKey = null;
        if ("HS256".equals(algorithm)) {
            if (key == null) {
                verifyingKey = new SymmetricKey(null);
            } else if (key instanceof SecretKeySpec) {
                verifyingKey = new SymmetricKey(key.getEncoded());
            } else {
                logger.warn("The given algorithm " + algorithm + " is not compatible with the given key " + key);
            }
        } else if ("RS256".equals(algorithm) || "RS384".equals(algorithm) || "RS512".equals(algorithm)) {
            if (key instanceof java.security.PublicKey) {
                verifyingKey = new PublicKey((java.security.PublicKey)key);
            } else {
                logger.warn("The given algorithm " + algorithm + " is not compatible with the given key " + key);
            }
        } else {
            logger.warn("algorithm " + algorithm + " not supported");
        }
        return verifyingKey;
    }

    protected void bindCryptoSupport(CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
    }

    protected void unbindCryptoSupport(CryptoSupport cryptoSupport) {
        if (this.cryptoSupport == cryptoSupport) {
            this.cryptoSupport = null;
        }
    }

    protected void bindJwtValidator(JwtValidator jwtValidator) {
        this.jwtValidator = jwtValidator;
    }

    protected void unbindJwtValidator(JwtValidator jwtValidator) {
        if (this.jwtValidator == jwtValidator) {
            this.jwtValidator = null;
        }
    }
}