You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by sn...@apache.org on 2016/10/31 15:46:29 UTC
[34/37] usergrid git commit: If claims cannot be parsed,
fetch new JWT token
If claims cannot be parsed, fetch new JWT token
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/d7c14bbc
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/d7c14bbc
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/d7c14bbc
Branch: refs/heads/usergrid-1318-queue
Commit: d7c14bbc8d24cbbb721817a08eeb50cc7081d7ab
Parents: 77ad91a
Author: Dave Johnson <sn...@apache.org>
Authored: Mon Oct 24 14:53:54 2016 -0400
Committer: Dave Johnson <sn...@apache.org>
Committed: Mon Oct 24 14:53:54 2016 -0400
----------------------------------------------------------------------
.../security/sso/ApigeeSSO2Provider.java | 55 +++++++++++---------
1 file changed, 29 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/d7c14bbc/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java b/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java
index 8ee8e03..27843b5 100644
--- a/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java
+++ b/stack/services/src/main/java/org/apache/usergrid/security/sso/ApigeeSSO2Provider.java
@@ -37,9 +37,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import java.security.KeyFactory;
-import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
-import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
@@ -146,38 +144,43 @@ public class ApigeeSSO2Provider implements ExternalSSOProvider {
return properties.getProperty(USERGRID_EXTERNAL_PUBLICKEY_URL);
}
- public Jws<Claims> getClaimsForKeyUrl(String token, PublicKey ssoPublicKey) throws NoSuchAlgorithmException, InvalidKeySpecException, BadTokenException, ExpiredTokenException {
+ public Jws<Claims> getClaimsForKeyUrl(String token, PublicKey ssoPublicKey) throws BadTokenException {
+
Jws<Claims> claims = null;
- if(ssoPublicKey == null){
- throw new IllegalArgumentException("Public key must be provided with Apigee " +
- "token in order to verify signature.");
+ if (ssoPublicKey == null) {
+ throw new IllegalArgumentException( "Public key must be provided with Apigee JWT " +
+ "token in order to verify signature." );
}
- try {
- claims = Jwts.parser().setSigningKey(ssoPublicKey).parseClaimsJws(token);
- } catch (SignatureException se) {
- if(logger.isDebugEnabled()) {
- logger.debug("Signature was invalid for Apigee JWT: {} and key: {}", token, ssoPublicKey);
- }
- throw new BadTokenException("Invalid Apigee SSO token signature");
- } catch (MalformedJwtException me){
- if(logger.isDebugEnabled()) {
- logger.debug("Beginning JSON object section of Apigee JWT invalid for token: {}", token);
+ int tries = 0;
+ int maxTries = 2;
+ while ( claims == null && tries++ < maxTries ) {
+ try {
+ claims = Jwts.parser().setSigningKey( ssoPublicKey ).parseClaimsJws( token );
+
+ } catch (SignatureException se) {
+ logger.warn( "Signature was invalid for Apigee JWT token: {} and key: {}", token, ssoPublicKey );
+
+ } catch (ExpiredJwtException e) {
+ final long expiry = Long.valueOf( e.getClaims().get( "exp" ).toString() );
+ final long expirationDelta = ((System.currentTimeMillis() / 1000) - expiry) * 1000;
+ logger.info(String.format("Apigee JWT Token expired %d milliseconds ago.", expirationDelta));
+
+ } catch (MalformedJwtException me) {
+ logger.error("Malformed JWT token", me);
+ throw new BadTokenException( "Malformed Apigee JWT token", me );
+
+ } catch (ArrayIndexOutOfBoundsException aio) {
+ logger.error("Error parsing JWT token", aio);
+ throw new BadTokenException( "Error parsing Apigee JWT token", aio );
}
- throw new BadTokenException("Malformed Apigee JWT");
- } catch (ArrayIndexOutOfBoundsException aio){
- if(logger.isDebugEnabled()) {
- logger.debug("Signature section of Apigee JWT invalid for token: {}", token);
+
+ if ( claims == null ) {
+ this.publicKey = getPublicKey( getExternalSSOUrl() );
}
- throw new BadTokenException("Malformed Apigee JWT");
- } catch ( ExpiredJwtException e ){
- final long expiry = Long.valueOf(e.getClaims().get("exp").toString());
- final long expirationDelta = ((System.currentTimeMillis()/1000) - expiry)*1000;
- throw new ExpiredTokenException(String.format("Token expired %d milliseconds ago.", expirationDelta ));
}
-
return claims;
}