You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by sn...@apache.org on 2016/10/31 15:46:29 UTC
[34/37] usergrid git commit: If claims cannot be parsed, fetch new JWT token

If claims cannot be parsed, fetch new JWT token


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/d7c14bbc
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/d7c14bbc
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/d7c14bbc

Branch: refs/heads/usergrid-1318-queue
Commit: d7c14bbc8d24cbbb721817a08eeb50cc7081d7ab
Parents: 77ad91a
Author: Dave Johnson <sn...@apache.org>
Authored: Mon Oct 24 14:53:54 2016 -0400
Committer: Dave Johnson <sn...@apache.org>
Committed: Mon Oct 24 14:53:54 2016 -0400

----------------------------------------------------------------------
 .../security/sso/ApigeeSSO2Provider.java        | 55 +++++++++++---------
 1 file changed, 29 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/d7c14bbc/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java b/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java
index 8ee8e03..27843b5 100644
--- a/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java
+++ b/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java
@@ -37,9 +37,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
 import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
-import java.security.spec.InvalidKeySpecException;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.HashMap;
 import java.util.Map;
@@ -146,38 +144,43 @@ public class ApigeeSSO2Provider implements ExternalSSOProvider {
         return properties.getProperty(USERGRID_EXTERNAL_PUBLICKEY_URL);
     }
 
-    public Jws<Claims> getClaimsForKeyUrl(String token, PublicKey ssoPublicKey) throws NoSuchAlgorithmException, InvalidKeySpecException, BadTokenException, ExpiredTokenException {
+    public Jws<Claims> getClaimsForKeyUrl(String token, PublicKey ssoPublicKey) throws BadTokenException {
+
         Jws<Claims> claims = null;
 
-        if(ssoPublicKey == null){
-            throw new IllegalArgumentException("Public key must be provided with Apigee " +
-                "token in order to verify signature.");
+        if (ssoPublicKey == null) {
+            throw new IllegalArgumentException( "Public key must be provided with Apigee JWT " +
+                "token in order to verify signature." );
         }
 
-        try {
-            claims = Jwts.parser().setSigningKey(ssoPublicKey).parseClaimsJws(token);
-        } catch (SignatureException se) {
-            if(logger.isDebugEnabled()) {
-                logger.debug("Signature was invalid for Apigee JWT: {} and key: {}", token, ssoPublicKey);
-            }
-            throw new BadTokenException("Invalid Apigee SSO token signature");
-        } catch (MalformedJwtException me){
-            if(logger.isDebugEnabled()) {
-                logger.debug("Beginning JSON object section of Apigee JWT invalid for token: {}", token);
+        int tries = 0;
+        int maxTries = 2;
+        while ( claims == null && tries++ < maxTries ) {
+            try {
+                claims = Jwts.parser().setSigningKey( ssoPublicKey ).parseClaimsJws( token );
+
+            } catch (SignatureException se) {
+                logger.warn( "Signature was invalid for Apigee JWT token: {} and key: {}", token, ssoPublicKey );
+
+            } catch (ExpiredJwtException e) {
+                final long expiry = Long.valueOf( e.getClaims().get( "exp" ).toString() );
+                final long expirationDelta = ((System.currentTimeMillis() / 1000) - expiry) * 1000;
+                logger.info(String.format("Apigee JWT Token expired %d milliseconds ago.", expirationDelta));
+
+            } catch (MalformedJwtException me) {
+                logger.error("Malformed JWT token", me);
+                throw new BadTokenException( "Malformed Apigee JWT token", me );
+
+            } catch (ArrayIndexOutOfBoundsException aio) {
+                logger.error("Error parsing JWT token", aio);
+                throw new BadTokenException( "Error parsing Apigee JWT token", aio );
             }
-            throw new BadTokenException("Malformed Apigee JWT");
-        } catch (ArrayIndexOutOfBoundsException aio){
-            if(logger.isDebugEnabled()) {
-                logger.debug("Signature section of Apigee JWT invalid for token: {}", token);
+
+            if ( claims == null ) {
+                this.publicKey =  getPublicKey( getExternalSSOUrl() );
             }
-            throw new BadTokenException("Malformed Apigee JWT");
-        } catch ( ExpiredJwtException e ){
-            final long expiry = Long.valueOf(e.getClaims().get("exp").toString());
-            final long expirationDelta = ((System.currentTimeMillis()/1000) - expiry)*1000;
-            throw new ExpiredTokenException(String.format("Token expired %d milliseconds ago.", expirationDelta ));
         }
 
-
         return claims;
     }