cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [4/4] cxf git commit: Don't configure the decryption stuff if not required
Date Fri, 09 Oct 2015 14:07:33 GMT
Don't configure the decryption stuff if not required


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/aad9d04b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/aad9d04b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/aad9d04b

Branch: refs/heads/master
Commit: aad9d04b3598b1c4b6910accb61130c06ab250c2
Parents: 08fbde3
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Oct 9 12:06:39 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Oct 9 15:07:26 2015 +0100

----------------------------------------------------------------------
 .../jose/jwt/AbstractJoseJwtConsumer.java       | 36 ++++++++++++--------
 1 file changed, 22 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/aad9d04b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
index 4de976d..d4cdf48 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/AbstractJoseJwtConsumer.java
@@ -38,29 +38,37 @@ public abstract class AbstractJoseJwtConsumer extends AbstractJoseConsumer
{
         if (!isJwsRequired() && !isJweRequired()) {
             throw new JwtException("Unable to process JWT");
         }
-        if (jweDecryptor == null) {
-            jweDecryptor = getInitializedDecryptionProvider();
-        }
-        if (jweDecryptor != null) {
+        
+        if (isJweRequired()) {
+            if (jweDecryptor == null) {
+                jweDecryptor = getInitializedDecryptionProvider();
+            }
+            if (jweDecryptor == null) {
+                throw new JwtException("Unable to decrypt JWT");
+            }
+            
             if (!isJwsRequired()) {
                 return new JweJwtCompactConsumer(wrappedJwtToken).decryptWith(jweDecryptor);
   
             }
             wrappedJwtToken = jweDecryptor.decrypt(wrappedJwtToken).getContentText();
-        } else if (isJweRequired()) {
-            throw new JwtException("Unable to decrypt JWT");
         }
+        
 
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken);
         JwtToken jwt = jwtConsumer.getJwtToken();
-        if (theSigVerifier == null) {
-            theSigVerifier = getInitializedSignatureVerifier(jwt);
-        }
-        if (theSigVerifier == null && isJwsRequired()) {
-            throw new JwtException("Unable to validate JWT");
-        }
-        if (!jwtConsumer.verifySignatureWith(theSigVerifier)) {
-            throw new JwtException("Invalid Signature");
+        if (isJwsRequired()) {
+            if (theSigVerifier == null) {
+                theSigVerifier = getInitializedSignatureVerifier(jwt);
+            }
+            if (theSigVerifier == null) {
+                throw new JwtException("Unable to validate JWT");
+            }
+            
+            if (!jwtConsumer.verifySignatureWith(theSigVerifier)) {
+                throw new JwtException("Invalid Signature");
+            }
         }
+        
         validateToken(jwt);
         return jwt; 
     }


Mime
View raw message