Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9430D18557 for ; Mon, 16 Nov 2015 11:16:24 +0000 (UTC) Received: (qmail 38322 invoked by uid 500); 16 Nov 2015 11:16:24 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 38259 invoked by uid 500); 16 Nov 2015 11:16:24 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 38250 invoked by uid 99); 16 Nov 2015 11:16:24 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Nov 2015 11:16:24 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 532CAE009E; Mon, 16 Nov 2015 11:16:24 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Message-Id: <7194058c50d24c0ebd93dcc94d19ddc4@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Updating the OAuth2 utility code to load client secret providers Date: Mon, 16 Nov 2015 11:16:24 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/3.1.x-fixes dd3c8f9d0 -> 36dc41e1b Updating the OAuth2 utility code to load client secret providers Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/36dc41e1 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/36dc41e1 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/36dc41e1 Branch: refs/heads/3.1.x-fixes Commit: 36dc41e1b2bddd02def5dafbafd4a86443ab5e30 Parents: dd3c8f9 Author: Sergey Beryozkin Authored: Mon Nov 16 11:15:06 2015 +0000 Committer: Sergey Beryozkin Committed: Mon Nov 16 11:16:01 2015 +0000 ---------------------------------------------------------------------- .../cxf/rs/security/jose/jwe/JweUtils.java | 39 ++++++++++------- .../security/jose/jwe/JweJsonProducerTest.java | 2 +- .../provider/AbstractOAuthJoseJwtConsumer.java | 40 +++++------------ .../provider/AbstractOAuthJoseJwtProducer.java | 33 +++----------- .../security/oauth2/utils/OAuthConstants.java | 5 ++- .../rs/security/oauth2/utils/OAuthUtils.java | 46 ++++++++++++++++++++ 6 files changed, 91 insertions(+), 74 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/36dc41e1/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 08e5bf9..8168184 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -216,26 +216,30 @@ public final class JweUtils { return getContentEncryptionProvider(jwk, null); } public static ContentEncryptionProvider getContentEncryptionProvider(JsonWebKey jwk, - String defaultAlgorithm) { - String ctEncryptionAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm : jwk.getAlgorithm(); - ContentEncryptionProvider contentEncryptionProvider = null; + ContentAlgorithm defaultAlgorithm) { + ContentAlgorithm ctAlgo = jwk.getAlgorithm() == null ? defaultAlgorithm + : getContentAlgo(jwk.getAlgorithm()); KeyType keyType = jwk.getKeyType(); if (KeyType.OCTET == keyType) { - return getContentEncryptionProvider(JwkUtils.toSecretKey(jwk), - getContentAlgo(ctEncryptionAlgo)); + return getContentEncryptionProvider(JwkUtils.toSecretKey(jwk), ctAlgo); + } else { + return null; } - return contentEncryptionProvider; } public static ContentEncryptionProvider getContentEncryptionProvider(SecretKey key, ContentAlgorithm algorithm) { + return getContentEncryptionProvider(key.getEncoded(), algorithm); + } + public static ContentEncryptionProvider getContentEncryptionProvider(byte[] key, + ContentAlgorithm algorithm) { if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) { return new AesGcmContentEncryptionAlgorithm(key, null, algorithm); } return null; } - public static ContentEncryptionProvider getContentEncryptionProvider(String algorithm) { - if (AlgorithmUtils.isAesGcm(algorithm)) { - return new AesGcmContentEncryptionAlgorithm(getContentAlgo(algorithm)); + public static ContentEncryptionProvider getContentEncryptionProvider(ContentAlgorithm algorithm) { + if (AlgorithmUtils.isAesGcm(algorithm.getJwaName())) { + return new AesGcmContentEncryptionAlgorithm(algorithm); } return null; } @@ -264,9 +268,11 @@ public final class JweUtils { getContentAlgo(key.getAlgorithm())); } public static JweEncryption getDirectKeyJweEncryption(SecretKey key, ContentAlgorithm algo) { + return getDirectKeyJweEncryption(key.getEncoded(), algo); + } + public static JweEncryption getDirectKeyJweEncryption(byte[] key, ContentAlgorithm algo) { if (AlgorithmUtils.isAesCbcHmac(algo.getJwaName())) { - return new AesCbcHmacJweEncryption(algo, key.getEncoded(), - null, new DirectKeyEncryptionAlgorithm()); + return new AesCbcHmacJweEncryption(algo, key, null, new DirectKeyEncryptionAlgorithm()); } else { return new JweEncryption(new DirectKeyEncryptionAlgorithm(), getContentEncryptionProvider(key, algo)); @@ -276,6 +282,9 @@ public final class JweUtils { return getDirectKeyJweDecryption(JwkUtils.toSecretKey(key), getContentAlgo(key.getAlgorithm())); } public static JweDecryption getDirectKeyJweDecryption(SecretKey key, ContentAlgorithm algorithm) { + return getDirectKeyJweDecryption(key.getEncoded(), algorithm); + } + public static JweDecryption getDirectKeyJweDecryption(byte[] key, ContentAlgorithm algorithm) { if (AlgorithmUtils.isAesCbcHmac(algorithm.getJwaName())) { return new AesCbcHmacJweDecryption(new DirectKeyDecryptionAlgorithm(key), algorithm); } else { @@ -318,7 +327,7 @@ public final class JweUtils { contentAlgo = getContentEncryptionAlgorithm(m, props, ContentAlgorithm.getAlgorithm(jwk.getAlgorithm()), ContentAlgorithm.A128GCM); - ctEncryptionProvider = getContentEncryptionProvider(jwk, contentAlgo.getJwaName()); + ctEncryptionProvider = getContentEncryptionProvider(jwk, contentAlgo); } else { keyAlgo = getKeyEncryptionAlgorithm(m, props, KeyAlgorithm.getAlgorithm(jwk.getAlgorithm()), @@ -486,9 +495,9 @@ public final class JweUtils { } public static JweEncryptionProvider createJweEncryptionProvider(KeyEncryptionProvider keyEncryptionProvider, JweHeaders headers) { - String contentEncryptionAlgo = headers.getContentEncryptionAlgorithm().getJwaName(); - if (AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgo)) { - return new AesCbcHmacJweEncryption(getContentAlgo(contentEncryptionAlgo), keyEncryptionProvider); + ContentAlgorithm contentEncryptionAlgo = headers.getContentEncryptionAlgorithm(); + if (AlgorithmUtils.isAesCbcHmac(contentEncryptionAlgo.getJwaName())) { + return new AesCbcHmacJweEncryption(contentEncryptionAlgo, keyEncryptionProvider); } else { return new JweEncryption(keyEncryptionProvider, getContentEncryptionProvider(contentEncryptionAlgo)); http://git-wip-us.apache.org/repos/asf/cxf/blob/36dc41e1/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java index 67d7105..fb3785d 100644 --- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweJsonProducerTest.java @@ -282,7 +282,7 @@ public class JweJsonProducerTest extends Assert { KeyEncryptionProvider keyEncryption1 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey1, KeyAlgorithm.A128KW); ContentEncryptionProvider contentEncryption = - JweUtils.getContentEncryptionProvider(AlgorithmUtils.A128GCM_ALGO); + JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM); JweEncryptionProvider jwe1 = new JweEncryption(keyEncryption1, contentEncryption); KeyEncryptionProvider keyEncryption2 = JweUtils.getSecretKeyEncryptionAlgorithm(wrapperKey2, KeyAlgorithm.A128KW); http://git-wip-us.apache.org/repos/asf/cxf/blob/36dc41e1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java index 175346e..4e6e7a7 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java @@ -18,21 +18,12 @@ */ package org.apache.cxf.rs.security.oauth2.provider; -import java.util.Properties; - -import javax.crypto.SecretKey; - -import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; -import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; -import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; +import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; -import org.apache.cxf.rs.security.jose.jwe.JweUtils; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; -import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer; import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; -import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsumer { @@ -46,29 +37,18 @@ public abstract class AbstractOAuthJoseJwtConsumer extends AbstractJoseJwtConsum } protected JwsSignatureVerifier getInitializedSignatureVerifier(String clientSecret) { - if (verifyWithClientSecret) { - Properties props = JwsUtils.loadSignatureInProperties(false); - SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm( - props.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM)); - sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256; - if (AlgorithmUtils.isHmacSign(sigAlgo)) { - return JwsUtils.getHmacSignatureVerifier(clientSecret, sigAlgo); - } + if (verifyWithClientSecret && !StringUtils.isEmpty(clientSecret)) { + return OAuthUtils.getClientSecretSignatureVerifier(clientSecret); + } else { + return null; } - return null; } protected JweDecryptionProvider getInitializedDecryptionProvider(String clientSecret) { - JweDecryptionProvider theDecryptionProvider = null; - if (decryptWithClientSecret) { - SecretKey key = CryptoUtils.decodeSecretKey(clientSecret); - Properties props = JweUtils.loadEncryptionInProperties(false); - ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm( - props.getProperty(OAuthConstants.CLIENT_SECRET_ENCRYPTION_ALGORITHM)); - ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM; - theDecryptionProvider = JweUtils.getDirectKeyJweDecryption(key, ctAlgo); + if (decryptWithClientSecret && !StringUtils.isEmpty(clientSecret)) { + return OAuthUtils.getClientSecretDecryptionProvider(clientSecret); + } else { + return null; } - return theDecryptionProvider; - } public void setDecryptWithClientSecret(boolean decryptWithClientSecret) { http://git-wip-us.apache.org/repos/asf/cxf/blob/36dc41e1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java index 5e1c870..4563842 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java @@ -18,22 +18,12 @@ */ package org.apache.cxf.rs.security.oauth2.provider; -import java.util.Properties; - -import javax.crypto.SecretKey; - import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; -import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; -import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; -import org.apache.cxf.rs.security.jose.jwe.JweUtils; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; -import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer; import org.apache.cxf.rs.security.jose.jwt.JwtToken; -import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; -import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; public abstract class AbstractOAuthJoseJwtProducer extends AbstractJoseJwtProducer { private boolean encryptWithClientSecret; @@ -47,26 +37,17 @@ public abstract class AbstractOAuthJoseJwtProducer extends AbstractJoseJwtProduc protected JwsSignatureProvider getInitializedSignatureProvider(String clientSecret) { if (signWithClientSecret && !StringUtils.isEmpty(clientSecret)) { - Properties props = JwsUtils.loadSignatureOutProperties(false); - SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm( - props.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM)); - sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256; - if (AlgorithmUtils.isHmacSign(sigAlgo)) { - return JwsUtils.getHmacSignatureProvider(clientSecret, sigAlgo); - } + return OAuthUtils.getClientSecretSignatureProvider(clientSecret); + } else { + return null; } - return null; } protected JweEncryptionProvider getInitializedEncryptionProvider(String clientSecret) { if (encryptWithClientSecret && !StringUtils.isEmpty(clientSecret)) { - SecretKey key = CryptoUtils.decodeSecretKey(clientSecret); - Properties props = JweUtils.loadEncryptionOutProperties(false); - ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm( - props.getProperty(OAuthConstants.CLIENT_SECRET_ENCRYPTION_ALGORITHM)); - ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM; - return JweUtils.getDirectKeyJweEncryption(key, ctAlgo); + return OAuthUtils.getClientSecretEncryptionProvider(clientSecret); + } else { + return null; } - return null; } public void setEncryptWithClientSecret(boolean encryptWithClientSecret) { http://git-wip-us.apache.org/repos/asf/cxf/blob/36dc41e1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java index e15f85e..b8f3687 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java @@ -131,8 +131,9 @@ public final class OAuthConstants { // Client Secret (JWS) Signature Algorithm public static final String CLIENT_SECRET_SIGNATURE_ALGORITHM = "client.secret.signature.algorithm"; - // Client Secret (JWE) Encryption Algorithm - public static final String CLIENT_SECRET_ENCRYPTION_ALGORITHM = "client.secret.encryption.algorithm"; + // Client Secret (JWE) Content Encryption Algorithm + public static final String CLIENT_SECRET_CONTENT_ENCRYPTION_ALGORITHM = + "client.secret.content.encryption.algorithm"; // Client Secret Encrypting Algorithm private OAuthConstants() { http://git-wip-us.apache.org/repos/asf/cxf/blob/36dc41e1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java index ad190df..51a67a2 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java @@ -23,6 +23,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.LinkedList; import java.util.List; +import java.util.Properties; import java.util.Set; import javax.servlet.http.HttpSession; @@ -34,6 +35,15 @@ import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.jaxrs.model.URITemplate; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; +import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; +import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; +import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; +import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; +import org.apache.cxf.rs.security.jose.jwe.JweUtils; +import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; +import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; +import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.oauth2.common.AuthenticationMethod; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; @@ -253,5 +263,41 @@ public final class OAuthUtils { return clientToken; } + public static JwsSignatureProvider getClientSecretSignatureProvider(String clientSecret) { + return JwsUtils.getHmacSignatureProvider(clientSecret, getClientSecretSignatureAlgorithm()); + } + public static JwsSignatureVerifier getClientSecretSignatureVerifier(String clientSecret) { + return JwsUtils.getHmacSignatureVerifier(clientSecret, getClientSecretSignatureAlgorithm()); + } + + public static JweDecryptionProvider getClientSecretDecryptionProvider(String clientSecret) { + byte[] key = StringUtils.toBytesUTF8(clientSecret); + return JweUtils.getDirectKeyJweDecryption(key, getClientSecretContentAlgorithm()); + } + + public static JweEncryptionProvider getClientSecretEncryptionProvider(String clientSecret) { + byte[] key = StringUtils.toBytesUTF8(clientSecret); + return JweUtils.getDirectKeyJweEncryption(key, getClientSecretContentAlgorithm()); + } + private static ContentAlgorithm getClientSecretContentAlgorithm() { + Properties props = JweUtils.loadEncryptionInProperties(false); + ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm( + props.getProperty(OAuthConstants.CLIENT_SECRET_CONTENT_ENCRYPTION_ALGORITHM)); + ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM; + return ctAlgo; + } + + private static SignatureAlgorithm getClientSecretSignatureAlgorithm() { + Properties sigProps = JwsUtils.loadSignatureOutProperties(false); + SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm( + sigProps.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM)); + sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256; + if (!AlgorithmUtils.isHmacSign(sigAlgo)) { + // Must be HS-based for the symmetric signature + throw new OAuthServiceException(OAuthConstants.SERVER_ERROR); + } else { + return sigAlgo; + } + } }