From 5cae544bb7ca4d03f7cf6f5700e3c39fbf075df3 Mon Sep 17 00:00:00 2001 From: YuriyZ Date: Fri, 28 Jan 2022 14:28:17 +0200 Subject: [PATCH] fix(jans-auth-server): corrected npe in jarm https://github.com/JanssenProject/jans/issues/728 --- .../ws/rs/AuthorizeRestWebServiceImpl.java | 28 ++++++++++++------- .../rs/AuthorizeRestWebServiceValidator.java | 25 +++++++++-------- 2 files changed, 31 insertions(+), 22 deletions(-) diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java index 78114b684a8..1b7b3082c48 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceImpl.java @@ -66,6 +66,7 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.ArrayUtils; import org.apache.commons.lang.StringUtils; +import org.jetbrains.annotations.Nullable; import org.json.JSONObject; import org.slf4j.Logger; @@ -86,7 +87,6 @@ import java.util.*; import java.util.Map.Entry; import java.util.function.Function; -import io.jans.as.model.util.Base64Util; import static io.jans.as.model.util.StringUtils.implode; import static org.apache.commons.lang3.BooleanUtils.isTrue; @@ -403,14 +403,13 @@ private Response requestAuthorization( if (responseMode == ResponseMode.JWT) { Jwt jwt = Jwt.parseSilently(request); fillRedirectUriResponseforJARM(redirectUriResponse, jwt, client); - state = jwt.getClaims().getClaimAsString("state"); // state is needed by the - // craeteInvalidJwtRequestExceptionWithJarm - // to pass with error - authorizeRestWebServiceValidator.createInvalidJwtRequestExceptionAsJwtMode(redirectUriResponse, - "Invalid JWT authorization request", state, httpRequest); - } else { - throw e; + if (appConfiguration.isFapi()) { + authorizeRestWebServiceValidator.throwInvalidJwtRequestExceptionAsJwtMode(redirectUriResponse, + "Invalid JWT authorization request", jwt.getClaims().getClaimAsString("state"), httpRequest); + } } + + throw e; } catch (Exception e) { log.error("Invalid JWT authorization request. Message : " + e.getMessage(), e); throw authorizeRestWebServiceValidator.createInvalidJwtRequestException(redirectUriResponse, "Invalid JWT authorization request"); @@ -780,14 +779,23 @@ private Response requestAuthorization( applicationAuditLogger.sendMessage(oAuth2AuditLog); return builder.build(); } - + + @Nullable private ResponseMode extractResponseMode(String request) { - JwtClaims jwtClaims = Jwt.parseSilently(request).getClaims(); + final Jwt jwt = Jwt.parseSilently(request); + if (jwt == null) { + return null; + } + JwtClaims jwtClaims = jwt.getClaims(); return ResponseMode.getByValue(jwtClaims.getClaimAsString("response_mode")); } private void fillRedirectUriResponseforJARM(RedirectUriResponse redirectUriResponse, Jwt jwt, Client client) { try { + if (jwt == null) { + return; + } + JwtClaims jwtClaims = jwt.getClaims(); String tempRedirectUri = jwtClaims.getClaimAsString("redirect_uri"); if (tempRedirectUri != null) { diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidator.java b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidator.java index cfea0b2c92c..28d9e2dad9d 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidator.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeRestWebServiceValidator.java @@ -38,7 +38,11 @@ import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; -import java.util.*; +import java.util.Calendar; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.List; +import java.util.TimeZone; import static io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType.INVALID_REQUEST; import static io.jans.as.model.crypto.signature.SignatureAlgorithm.NONE; @@ -324,17 +328,14 @@ public String validateRedirectUri(@NotNull Client client, @Nullable String redir .build()); } - public void createInvalidJwtRequestExceptionAsJwtMode(RedirectUriResponse redirectUriResponse, String reason, - String state, HttpServletRequest httpRequest) { - if (appConfiguration.isFapi()) { - log.debug(reason); // in FAPI case log reason but don't send it since it's `reason` is not known - log.debug("Invalid JWT authorization request."); - redirectUriResponse.getRedirectUri().parseQueryString(errorResponseFactory - .getErrorAsQueryString(AuthorizeErrorResponseType.INVALID_REQUEST_OBJECT, state)); - throw new WebApplicationException( - RedirectUtil.getRedirectResponseBuilder(redirectUriResponse.getRedirectUri(), httpRequest).build()); - } - } + public void throwInvalidJwtRequestExceptionAsJwtMode(RedirectUriResponse redirectUriResponse, String reason, String state, HttpServletRequest httpRequest) { + log.debug(reason); // in FAPI case log reason but don't send it since it's `reason` is not known + log.debug("Invalid JWT authorization request."); + redirectUriResponse.getRedirectUri().parseQueryString(errorResponseFactory + .getErrorAsQueryString(AuthorizeErrorResponseType.INVALID_REQUEST_OBJECT, state)); + throw new WebApplicationException( + RedirectUtil.getRedirectResponseBuilder(redirectUriResponse.getRedirectUri(), httpRequest).build()); + } public WebApplicationException createInvalidJwtRequestException(RedirectUriResponse redirectUriResponse, String reason) { if (appConfiguration.isFapi()) {