From e9569a726cc95e5b1f6ce00a889ecb83303bcb2b Mon Sep 17 00:00:00 2001 From: aleksandra-bel Date: Mon, 26 Feb 2024 10:21:48 +0100 Subject: [PATCH] chore: reformat and fix exception handling --- .../service/STSTokenValidationService.java | 9 +-- .../utils/CustomSignedJWTVerifier.java | 55 ++++++++----------- .../utils/TokenValidationUtils.java | 6 +- 3 files changed, 32 insertions(+), 38 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java index c3d580a77..74b7659ef 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java @@ -49,6 +49,7 @@ public class STSTokenValidationService { private final CustomSignedJWTVerifier customSignedJWTverifier; private final TokenValidationUtils tokenValidationUtils; private static final String ACCESS_TOKEN = "access_token"; + private static final String PARSING_TOKEN_ERROR = "Could not parse jwt token"; /** * Validates SI token and Access token. @@ -94,7 +95,7 @@ private JWTClaimsSet getClaimsSet(SignedJWT tokenParsed) { try { return tokenParsed.getJWTClaimsSet(); } catch (ParseException e) { - throw new BadDataException("Could not parse jwt token", e); + throw new BadDataException(PARSING_TOKEN_ERROR, e); } } @@ -102,7 +103,7 @@ private SignedJWT parseToken(String token) { try { return SignedJWT.parse(token); } catch (ParseException e) { - throw new BadDataException("Could not parse jwt token", e); + throw new BadDataException(PARSING_TOKEN_ERROR, e); } } @@ -111,7 +112,7 @@ private Optional getAccessToken(JWTClaimsSet claims) { String accessTokenValue = claims.getStringClaim(ACCESS_TOKEN); return accessTokenValue == null ? Optional.empty() : Optional.of(accessTokenValue); } catch (ParseException e) { - throw new BadDataException("Could not parse jwt token", e); + throw new BadDataException(PARSING_TOKEN_ERROR, e); } } @@ -122,7 +123,7 @@ private ValidationResult verifySignature(String did, SignedJWT signedJWT) { ? tokenValidationUtils.getValidResult() : tokenValidationUtils.getInvalidResult(TokenValidationErrors.SIGNATURE_NOT_VERIFIED); } catch (JOSEException ex) { - throw new BadDataException("Can not verify signature of jwt", ex); + throw new BadDataException("Could not verify signature of jwt", ex); } } diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CustomSignedJWTVerifier.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CustomSignedJWTVerifier.java index 88f958eca..9e5a5dfe1 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CustomSignedJWTVerifier.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CustomSignedJWTVerifier.java @@ -47,40 +47,33 @@ @RequiredArgsConstructor @Data public class CustomSignedJWTVerifier { - private DidResolver didResolver; - private final DidDocumentService didDocumentService; - public static final String KID = "kid"; + private DidResolver didResolver; + private final DidDocumentService didDocumentService; + public static final String KID = "kid"; - public boolean verify(String did, SignedJWT jwt) throws JOSEException { - try { - VerificationMethod verificationMethod = checkVerificationMethod(did, jwt); - if (JWKVerificationMethod.isInstance(verificationMethod)) { - JWKVerificationMethod method = new JWKVerificationMethod(verificationMethod); - String kty = method.getPublicKeyJwk().getKty(); - String crv = method.getPublicKeyJwk().getCrv(); - String x = method.getPublicKeyJwk().getX(); - if (!kty.equals("OKP") || !crv.equals("Ed25519")) { - throw new UnsupportedVerificationMethodException(method, "only kty:OKP with crv:Ed25519 is supported"); - } - - OctetKeyPair keyPair = (new OctetKeyPair.Builder(Curve.Ed25519, Base64URL.from(x))).build(); - if (jwt.verify(new Ed25519Verifier(keyPair))) { - return true; - } - } else if (Ed25519VerificationMethod.isInstance(verificationMethod)) { - Ed25519VerificationMethod method = new Ed25519VerificationMethod(verificationMethod); - MultibaseString multibase = method.getPublicKeyBase58(); - Ed25519PublicKeyParameters publicKeyParameters = new Ed25519PublicKeyParameters(multibase.getDecoded(), 0); - OctetKeyPair keyPair = (new OctetKeyPair.Builder(Curve.Ed25519, Base64URL.encode(publicKeyParameters.getEncoded()))).build(); - if (jwt.verify(new Ed25519Verifier(keyPair))) { - return true; - } - } - } catch (JOSEException var15) { - throw var15; + public boolean verify(String did, SignedJWT jwt) throws JOSEException { + VerificationMethod verificationMethod = checkVerificationMethod(did, jwt); + if (JWKVerificationMethod.isInstance(verificationMethod)) { + JWKVerificationMethod method = new JWKVerificationMethod(verificationMethod); + String kty = method.getPublicKeyJwk().getKty(); + String crv = method.getPublicKeyJwk().getCrv(); + String x = method.getPublicKeyJwk().getX(); + if (!kty.equals("OKP") || !crv.equals("Ed25519")) { + throw new UnsupportedVerificationMethodException(method, "Only kty:OKP with crv:Ed25519 is supported"); } - return false; + + OctetKeyPair keyPair = (new OctetKeyPair.Builder(Curve.Ed25519, Base64URL.from(x))).build(); + return jwt.verify(new Ed25519Verifier(keyPair)); + + } else if (Ed25519VerificationMethod.isInstance(verificationMethod)) { + Ed25519VerificationMethod method = new Ed25519VerificationMethod(verificationMethod); + MultibaseString multibase = method.getPublicKeyBase58(); + Ed25519PublicKeyParameters publicKeyParameters = new Ed25519PublicKeyParameters(multibase.getDecoded(), 0); + OctetKeyPair keyPair = (new OctetKeyPair.Builder(Curve.Ed25519, Base64URL.encode(publicKeyParameters.getEncoded()))).build(); + return jwt.verify(new Ed25519Verifier(keyPair)); } + return false; + } public VerificationMethod checkVerificationMethod(String did, SignedJWT jwt) { Map headers = jwt.getHeader().toJSONObject(); diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtils.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtils.java index d413a1879..b3b824585 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtils.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtils.java @@ -154,9 +154,9 @@ private boolean checkIfAudsAreMissing(List audienceSI, List audi public ValidationResult checkIfNonceClaimsAreEqual(String nonceSI, String nonceAccess) { return checkIfNoncesAreMissing(nonceSI, nonceAccess) ? getInvalidResult(TokenValidationErrors.NONCE_MISSING) - : !nonceSI.equals(nonceAccess) - ? getInvalidResult(TokenValidationErrors.NONCE_CLAIMS_NOT_EQUAL) - : getValidResult(); + : nonceSI.equals(nonceAccess) + ? getValidResult() + : getInvalidResult(TokenValidationErrors.NONCE_CLAIMS_NOT_EQUAL); } private boolean checkIfNoncesAreMissing(String nonceSI, String nonceAccess) {