From a5ae714ed5188c435cf39a4e6558db108152f39e Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Fri, 6 Jul 2018 16:35:30 -0500 Subject: [PATCH] NimbusReactiveJwtDecoder propagates errors looking up keys Fixes: gh-5490 --- .../oauth2/jwt/NimbusReactiveJwtDecoder.java | 3 ++- .../oauth2/jwt/NimbusReactiveJwtDecoderTests.java | 13 ++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java index 4b439f57f5..67cb0f5e54 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoder.java @@ -127,9 +127,10 @@ public final class NimbusReactiveJwtDecoder implements ReactiveJwtDecoder { JWKSelector selector = this.jwkSelectorFactory .createSelector(parsedToken.getHeader()); return this.reactiveJwkSource.get(selector) + .onErrorMap(e -> new IllegalStateException("Could not obtain the keys", e)) .map(jwkList -> createClaimsSet(parsedToken, jwkList)) .map(set -> createJwt(parsedToken, set)) - .onErrorMap(e -> new JwtException("An error occurred while attempting to decode the Jwt: ", e)); + .onErrorMap(e -> !(e instanceof IllegalStateException), e -> new JwtException("An error occurred while attempting to decode the Jwt: ", e)); } catch (RuntimeException ex) { throw new JwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex); } diff --git a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java index d37e1bdde6..2b3ca53adf 100644 --- a/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java +++ b/oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/NimbusReactiveJwtDecoderTests.java @@ -22,6 +22,7 @@ import org.junit.After; import org.junit.Before; import org.junit.Test; +import java.net.UnknownHostException; import java.security.KeyFactory; import java.security.interfaces.RSAPublicKey; import java.security.spec.X509EncodedKeySpec; @@ -72,6 +73,16 @@ public class NimbusReactiveJwtDecoderTests { this.server.shutdown(); } + @Test + public void decodeWhenInvalidUrl() { + this.decoder = new NimbusReactiveJwtDecoder("https://s"); + + assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()) + .isInstanceOf(IllegalStateException.class) + .hasCauseInstanceOf(UnknownHostException.class); + + } + @Test public void decodeWhenMessageReadScopeThenSuccess() { Jwt jwt = this.decoder.decode(this.messageReadToken).block(); @@ -116,7 +127,7 @@ public class NimbusReactiveJwtDecoderTests { public void decodeWhenInvalidJwkSetUrlThenFail() { this.decoder = new NimbusReactiveJwtDecoder("http://localhost:1280/certs"); assertThatCode(() -> this.decoder.decode(this.messageReadToken).block()) - .isInstanceOf(JwtException.class); + .isInstanceOf(IllegalStateException.class); } @Test