Repository: cxf Updated Branches: refs/heads/3.0.x-fixes a2e3a5e39 -> caff64536
Don't configure the decryption stuff if not required Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3badd412 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3badd412 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3badd412 Branch: refs/heads/3.0.x-fixes Commit: 3badd4122826a6e21540a90dab6c938e1abe2fe3 Parents: a2e3a5e Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Oct 9 12:06:39 2015 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Oct 9 15:07:44 2015 +0100 ---------------------------------------------------------------------- .../jose/jwt/AbstractJoseJwtConsumer.java | 36 ++++++++++++-------- 1 file changed, 22 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/3badd412/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java index 4de976d..d4cdf48 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java @@ -38,29 +38,37 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer { if (!isJwsRequired() && !isJweRequired()) { throw new JwtException("Unable to process JWT"); } - if (jweDecryptor == null) { - jweDecryptor = getInitializedDecryptionProvider(); - } - if (jweDecryptor != null) { + + if (isJweRequired()) { + if (jweDecryptor == null) { + jweDecryptor = getInitializedDecryptionProvider(); + } + if (jweDecryptor == null) { + throw new JwtException("Unable to decrypt JWT"); + } + if (!isJwsRequired()) { return new JweJwtCompactConsumer(wrappedJwtToken).decryptWith(jweDecryptor); } wrappedJwtToken = jweDecryptor.decrypt(wrappedJwtToken).getContentText(); - } else if (isJweRequired()) { - throw new JwtException("Unable to decrypt JWT"); } + JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken); JwtToken jwt = jwtConsumer.getJwtToken(); - if (theSigVerifier == null) { - theSigVerifier = getInitializedSignatureVerifier(jwt); - } - if (theSigVerifier == null && isJwsRequired()) { - throw new JwtException("Unable to validate JWT"); - } - if (!jwtConsumer.verifySignatureWith(theSigVerifier)) { - throw new JwtException("Invalid Signature"); + if (isJwsRequired()) { + if (theSigVerifier == null) { + theSigVerifier = getInitializedSignatureVerifier(jwt); + } + if (theSigVerifier == null) { + throw new JwtException("Unable to validate JWT"); + } + + if (!jwtConsumer.verifySignatureWith(theSigVerifier)) { + throw new JwtException("Invalid Signature"); + } } + validateToken(jwt); return jwt; }
