Skip to content

Commit

Permalink
fix: correction as suggested in review
Browse files Browse the repository at this point in the history
correction to handle both signed and encrypted request.
  • Loading branch information
HemantKMehta authored Feb 3, 2022
1 parent ae0cdb9 commit adddb1a
Showing 1 changed file with 19 additions and 15 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -404,18 +404,19 @@ private Response requestAuthorization(
}
requestParameterService.getCustomParameters(jwtRequest, customParameters);
} catch (WebApplicationException e) {
Jwe jwe = extractJwe(request, client);
responseMode = ResponseMode.getByValue(jwe.getClaims().getClaimAsString("response_mode"));
if (responseMode == ResponseMode.JWT) {
redirectUriResponse.getRedirectUri().setResponseMode(ResponseMode.JWT);
fillRedirectUriResponseforJARM(redirectUriResponse, jwe, client);
if (appConfiguration.isFapi()) {
authorizeRestWebServiceValidator.throwInvalidJwtRequestExceptionAsJwtMode(
redirectUriResponse, "Invalid JWT authorization request",
jwe.getClaims().getClaimAsString("state"), httpRequest);
JsonWebResponse jwe = parseRequestToJweJwt(request);
if (jwe != null) {
responseMode = ResponseMode.getByValue(jwe.getClaims().getClaimAsString("response_mode"));
if (responseMode == ResponseMode.JWT) {
redirectUriResponse.getRedirectUri().setResponseMode(ResponseMode.JWT);
fillRedirectUriResponseforJARM(redirectUriResponse, jwe, client);
if (appConfiguration.isFapi()) {
authorizeRestWebServiceValidator.throwInvalidJwtRequestExceptionAsJwtMode(
redirectUriResponse, "Invalid JWT authorization request",
jwe.getClaims().getClaimAsString("state"), httpRequest);
}
}
}

throw e;
} catch (Exception e) {
log.error("Invalid JWT authorization request. Message : " + e.getMessage(), e);
Expand All @@ -426,7 +427,7 @@ private Response requestAuthorization(
// JARM
if (responseMode == ResponseMode.QUERY_JWT || responseMode == ResponseMode.FRAGMENT_JWT ||
responseMode == ResponseMode.JWT || responseMode == ResponseMode.FORM_POST_JWT) {
Jwe jwe = extractJwe(request, client);
JsonWebResponse jwe = parseRequestToJweJwt(request);
fillRedirectUriResponseforJARM(redirectUriResponse, jwe, client);
}
// Validate JWT request object after JARM check, because we want to return errors well formatted (JSON/JWT).
Expand Down Expand Up @@ -789,12 +790,11 @@ private Response requestAuthorization(
}

@Nullable
private Jwe extractJwe(String request, Client client) {
private JsonWebResponse parseRequestToJweJwt(String request) {
String[] parts = request.split("\\.");
try {
if (parts.length == 5) {
String encodedHeader = parts[0];

JwtHeader jwtHeader = new JwtHeader(encodedHeader);
String keyId = jwtHeader.getKeyId();
PrivateKey privateKey = null;
Expand All @@ -808,15 +808,19 @@ private Jwe extractJwe(String request, Client client) {
return null;
}
return jwe;
} else
}
final Jwt jwt = Jwt.parseSilently(request);
if (jwt == null) {
return null;
}
return jwt;
} catch (Exception e) {
log.error(e.getMessage(), e);
return null;
}
}

private void fillRedirectUriResponseforJARM(RedirectUriResponse redirectUriResponse, Jwe jwt, Client client) {
private void fillRedirectUriResponseforJARM(RedirectUriResponse redirectUriResponse, JsonWebResponse jwt, Client client) {
try {
if (jwt != null) {
String tempRedirectUri = jwt.getClaims().getClaimAsString("redirect_uri");
Expand Down

0 comments on commit adddb1a

Please sign in to comment.