Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NimbusReactiveJwtDecoder propagates errors looking up keys 

Fixes: gh-5490
This commit is contained in:
Rob Winch 2018-07-06 16:35:30 -05:00
parent 555512e1f0
commit a5ae714ed5
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java
View File

@ -127,9 +127,10 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder {
JWKSelector selector = this.jwkSelectorFactory JWKSelector selector = this.jwkSelectorFactory
.createSelector(parsedToken.getHeader()); .createSelector(parsedToken.getHeader());
return this.reactiveJwkSource.get(selector) return this.reactiveJwkSource.get(selector)
.onErrorMap(e -> new IllegalStateException("Could not obtain the keys", e))
.map(jwkList -> createClaimsSet(parsedToken, jwkList)) .map(jwkList -> createClaimsSet(parsedToken, jwkList))
.map(set -> createJwt(parsedToken, set)) .map(set -> createJwt(parsedToken, set))
.onErrorMap(e -> new JwtException("An error occurred while attempting to decode the Jwt: ", e)); .onErrorMap(e -> !(e instanceof IllegalStateException), e -> new JwtException("An error occurred while attempting to decode the Jwt: ", e));
} catch (RuntimeException ex) { } catch (RuntimeException ex) {
throw new JwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex); throw new JwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex);
} }

13
oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java
View File

@ -22,6 +22,7 @@ import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import java.net.UnknownHostException;
import java.security.KeyFactory; import java.security.KeyFactory;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec; import java.security.spec.X509EncodedKeySpec;
@ -72,6 +73,16 @@ public class NimbusReactiveJwtDecoderTests {
this.server.shutdown(); this.server.shutdown();
} }
@Test
public void decodeWhenInvalidUrl() {
this.decoder = new NimbusReactiveJwtDecoder("https://s");
assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
.isInstanceOf(IllegalStateException.class)
.hasCauseInstanceOf(UnknownHostException.class);
}
@Test @Test
public void decodeWhenMessageReadScopeThenSuccess() { public void decodeWhenMessageReadScopeThenSuccess() {
Jwt jwt = this.decoder.decode(this.messageReadToken).block(); Jwt jwt = this.decoder.decode(this.messageReadToken).block();
@ -116,7 +127,7 @@ public class NimbusReactiveJwtDecoderTests {
public void decodeWhenInvalidJwkSetUrlThenFail() { public void decodeWhenInvalidJwkSetUrlThenFail() {
this.decoder = new NimbusReactiveJwtDecoder("http://localhost:1280/certs"); this.decoder = new NimbusReactiveJwtDecoder("http://localhost:1280/certs");
assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()) assertThatCode(() -> this.decoder.decode(this.messageReadToken).block())
.isInstanceOf(JwtException.class); .isInstanceOf(IllegalStateException.class);
} }
@Test @Test