Skip to content

Commit

Permalink
fix(jans-auth-server): corrected npe in jarm
Browse files Browse the repository at this point in the history
  • Loading branch information
yuriyz committed Jan 28, 2022
1 parent 80725f7 commit 5cae544
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 22 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.jetbrains.annotations.Nullable;
import org.json.JSONObject;
import org.slf4j.Logger;

Expand All @@ -86,7 +87,6 @@
import java.util.*;
import java.util.Map.Entry;
import java.util.function.Function;
import io.jans.as.model.util.Base64Util;

import static io.jans.as.model.util.StringUtils.implode;
import static org.apache.commons.lang3.BooleanUtils.isTrue;
Expand Down Expand Up @@ -403,14 +403,13 @@ private Response requestAuthorization(
if (responseMode == ResponseMode.JWT) {
Jwt jwt = Jwt.parseSilently(request);
fillRedirectUriResponseforJARM(redirectUriResponse, jwt, client);
state = jwt.getClaims().getClaimAsString("state"); // state is needed by the
// craeteInvalidJwtRequestExceptionWithJarm
// to pass with error
authorizeRestWebServiceValidator.createInvalidJwtRequestExceptionAsJwtMode(redirectUriResponse,
"Invalid JWT authorization request", state, httpRequest);
} else {
throw e;
if (appConfiguration.isFapi()) {
authorizeRestWebServiceValidator.throwInvalidJwtRequestExceptionAsJwtMode(redirectUriResponse,
"Invalid JWT authorization request", jwt.getClaims().getClaimAsString("state"), httpRequest);
}
}

throw e;
} catch (Exception e) {
log.error("Invalid JWT authorization request. Message : " + e.getMessage(), e);
throw authorizeRestWebServiceValidator.createInvalidJwtRequestException(redirectUriResponse, "Invalid JWT authorization request");
Expand Down Expand Up @@ -780,14 +779,23 @@ private Response requestAuthorization(
applicationAuditLogger.sendMessage(oAuth2AuditLog);
return builder.build();
}


@Nullable
private ResponseMode extractResponseMode(String request) {
JwtClaims jwtClaims = Jwt.parseSilently(request).getClaims();
final Jwt jwt = Jwt.parseSilently(request);
if (jwt == null) {
return null;
}
JwtClaims jwtClaims = jwt.getClaims();
return ResponseMode.getByValue(jwtClaims.getClaimAsString("response_mode"));
}

private void fillRedirectUriResponseforJARM(RedirectUriResponse redirectUriResponse, Jwt jwt, Client client) {
try {
if (jwt == null) {
return;
}

JwtClaims jwtClaims = jwt.getClaims();
String tempRedirectUri = jwtClaims.getClaimAsString("redirect_uri");
if (tempRedirectUri != null) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,11 @@
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.*;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
import java.util.TimeZone;

import static io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType.INVALID_REQUEST;
import static io.jans.as.model.crypto.signature.SignatureAlgorithm.NONE;
Expand Down Expand Up @@ -324,17 +328,14 @@ public String validateRedirectUri(@NotNull Client client, @Nullable String redir
.build());
}

public void createInvalidJwtRequestExceptionAsJwtMode(RedirectUriResponse redirectUriResponse, String reason,
String state, HttpServletRequest httpRequest) {
if (appConfiguration.isFapi()) {
log.debug(reason); // in FAPI case log reason but don't send it since it's `reason` is not known
log.debug("Invalid JWT authorization request.");
redirectUriResponse.getRedirectUri().parseQueryString(errorResponseFactory
.getErrorAsQueryString(AuthorizeErrorResponseType.INVALID_REQUEST_OBJECT, state));
throw new WebApplicationException(
RedirectUtil.getRedirectResponseBuilder(redirectUriResponse.getRedirectUri(), httpRequest).build());
}
}
public void throwInvalidJwtRequestExceptionAsJwtMode(RedirectUriResponse redirectUriResponse, String reason, String state, HttpServletRequest httpRequest) {
log.debug(reason); // in FAPI case log reason but don't send it since it's `reason` is not known
log.debug("Invalid JWT authorization request.");
redirectUriResponse.getRedirectUri().parseQueryString(errorResponseFactory
.getErrorAsQueryString(AuthorizeErrorResponseType.INVALID_REQUEST_OBJECT, state));
throw new WebApplicationException(
RedirectUtil.getRedirectResponseBuilder(redirectUriResponse.getRedirectUri(), httpRequest).build());
}

public WebApplicationException createInvalidJwtRequestException(RedirectUriResponse redirectUriResponse, String reason) {
if (appConfiguration.isFapi()) {
Expand Down

0 comments on commit 5cae544

Please sign in to comment.