From 54ac211cd16f8b97bb4069084da679e513ef4d7f Mon Sep 17 00:00:00 2001 From: Mathias Vandaele Date: Mon, 13 Jan 2025 13:32:12 +0100 Subject: [PATCH 1/3] feat(authentication-webhook): change way to retrieve algorithm, more flexible --- .../inbound/authorization/JWTAuthHandler.java | 94 +++++++++---------- .../authorization/JWTAuthHandlerTest.java | 43 +++++++-- 2 files changed, 82 insertions(+), 55 deletions(-) diff --git a/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java b/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java index 9f0e31e0ae..d59e9c5fdd 100644 --- a/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java +++ b/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java @@ -26,6 +26,7 @@ import io.camunda.connector.inbound.authorization.AuthorizationResult.Success; import io.camunda.connector.inbound.model.JWTProperties; import io.camunda.connector.inbound.model.WebhookAuthorization.JwtAuth; +import java.security.PublicKey; import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; @@ -39,7 +40,10 @@ final class JWTAuthHandler extends WebhookAuthorizationHandler { private static final Logger LOGGER = LoggerFactory.getLogger(JWTAuthHandler.class); - + private static final AuthorizationResult JWT_AUTH_FAILED_RESULT = + new InvalidCredentials("JWT auth failed"); + private static final AuthorizationResult JWT_AUTH_MISSING_PERMISSIONS_RESULT = + new Forbidden("Missing required permissions"); private final JwkProvider jwkProvider; private final ObjectMapper objectMapper; @@ -49,29 +53,6 @@ public JWTAuthHandler(JwtAuth authorization, JwkProvider jwkProvider, ObjectMapp this.objectMapper = objectMapper; } - @Override - public AuthorizationResult checkAuthorization(WebhookProcessingPayload payload) { - - JWTProperties jwtProperties = expectedAuthorization.jwt(); - Map headers = payload.headers(); - - Optional decodedJWT = getDecodedVerifiedJWT(headers, jwkProvider); - if (decodedJWT.isEmpty()) { - return JWT_AUTH_FAILED_RESULT; - } - if (jwtProperties.requiredPermissions() != null - && !jwtProperties.requiredPermissions().isEmpty()) { - - List roles = extractRoles(jwtProperties, decodedJWT.get(), objectMapper); - if (!roles.containsAll(jwtProperties.requiredPermissions())) { - LOGGER.debug("JWT auth failed"); - return JWT_AUTH_MISSING_PERMISSIONS_RESULT; - } - } - LOGGER.debug("JWT auth was successful"); - return Success.INSTANCE; - } - private static Optional getDecodedVerifiedJWT( Map headers, JwkProvider jwkProvider) { final String jwtToken = @@ -127,23 +108,23 @@ private static Optional extractJWTFomHeader(final Map he private static DecodedJWT verifyJWT(String jwtToken, JwkProvider jwkProvider) throws SignatureVerificationException, TokenExpiredException { DecodedJWT verifiedJWT = - Optional.ofNullable(JWT.decode(jwtToken)) + Optional.of(JWT.decode(jwtToken)) .map( decodedJWT -> { try { - return jwkProvider.get(decodedJWT.getKeyId()); - } catch (JwkException e) { - LOGGER.warn("Cannot find JWK for the JWT token: " + e.getMessage()); - throw new RuntimeException(e); - } - }) - .map( - jwk -> { - try { - return JWT.require(getAlgorithm(jwk)).build(); + Jwk jwk = jwkProvider.get(decodedJWT.getKeyId()); + return JWT.require( + getAlgorithm( + Optional.ofNullable(jwk.getAlgorithm()) + .orElse(decodedJWT.getAlgorithm()), + jwk.getPublicKey())) + .build(); } catch (InvalidPublicKeyException e) { LOGGER.warn("Token verification failed: " + e.getMessage()); throw new RuntimeException(e); + } catch (JwkException e) { + LOGGER.warn("Cannot find JWK for the JWT token: " + e.getMessage()); + throw new RuntimeException(e); } }) .map(jwtVerifier -> jwtVerifier.verify(jwtToken)) @@ -152,20 +133,39 @@ private static DecodedJWT verifyJWT(String jwtToken, JwkProvider jwkProvider) return verifiedJWT; } - private static Algorithm getAlgorithm(Jwk jwk) throws InvalidPublicKeyException { - return switch (jwk.getAlgorithm()) { - case "RS256" -> Algorithm.RSA256((RSAPublicKey) jwk.getPublicKey()); - case "RS384" -> Algorithm.RSA384((RSAPublicKey) jwk.getPublicKey()); - case "RS512" -> Algorithm.RSA512((RSAPublicKey) jwk.getPublicKey()); - case "ES256" -> Algorithm.ECDSA256((ECPublicKey) jwk.getPublicKey(), null); - case "ES384" -> Algorithm.ECDSA384((ECPublicKey) jwk.getPublicKey(), null); - case "ES512" -> Algorithm.ECDSA512((ECPublicKey) jwk.getPublicKey(), null); + private static Algorithm getAlgorithm(String algorithm, PublicKey publicKey) + throws InvalidPublicKeyException { + return switch (algorithm) { + case "RS256" -> Algorithm.RSA256((RSAPublicKey) publicKey); + case "RS384" -> Algorithm.RSA384((RSAPublicKey) publicKey); + case "RS512" -> Algorithm.RSA512((RSAPublicKey) publicKey); + case "ES256" -> Algorithm.ECDSA256((ECPublicKey) publicKey, null); + case "ES384" -> Algorithm.ECDSA384((ECPublicKey) publicKey, null); + case "ES512" -> Algorithm.ECDSA512((ECPublicKey) publicKey, null); default -> throw new RuntimeException("Unknown algorithm!"); }; } - private static final AuthorizationResult JWT_AUTH_FAILED_RESULT = - new InvalidCredentials("JWT auth failed"); - private static final AuthorizationResult JWT_AUTH_MISSING_PERMISSIONS_RESULT = - new Forbidden("Missing required permissions"); + @Override + public AuthorizationResult checkAuthorization(WebhookProcessingPayload payload) { + + JWTProperties jwtProperties = expectedAuthorization.jwt(); + Map headers = payload.headers(); + + Optional decodedJWT = getDecodedVerifiedJWT(headers, jwkProvider); + if (decodedJWT.isEmpty()) { + return JWT_AUTH_FAILED_RESULT; + } + if (jwtProperties.requiredPermissions() != null + && !jwtProperties.requiredPermissions().isEmpty()) { + + List roles = extractRoles(jwtProperties, decodedJWT.get(), objectMapper); + if (!roles.containsAll(jwtProperties.requiredPermissions())) { + LOGGER.debug("JWT auth failed"); + return JWT_AUTH_MISSING_PERMISSIONS_RESULT; + } + } + LOGGER.debug("JWT auth was successful"); + return Success.INSTANCE; + } } diff --git a/connectors/webhook/src/test/java/io/camunda/connector/inbound/authorization/JWTAuthHandlerTest.java b/connectors/webhook/src/test/java/io/camunda/connector/inbound/authorization/JWTAuthHandlerTest.java index a2e2f61772..27538753a8 100644 --- a/connectors/webhook/src/test/java/io/camunda/connector/inbound/authorization/JWTAuthHandlerTest.java +++ b/connectors/webhook/src/test/java/io/camunda/connector/inbound/authorization/JWTAuthHandlerTest.java @@ -26,24 +26,20 @@ public class JWTAuthHandlerTest { - private final ObjectMapper objectMapper; - - private final FeelEngineWrapper feelEngineWrapper; - private static final String JWT_TOKEN = "eyJ0eXAiOiJhdCtqd3QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImM2ZjgzODZkMzFiOThiNzdkODNiYmEzNWE0NTdhZWY0In0.eyJpc3MiOiJodHRwczovL2lkcC5sb2NhbCIsImF1ZCI6ImFwaTEiLCJzdWIiOiI1YmU4NjM1OTA3M2M0MzRiYWQyZGEzOTMyMjIyZGFiZSIsImNsaWVudF9pZCI6Im15X2NsaWVudF9hcHAiLCJleHAiOjE3ODY4MjI2MTYsImlhdCI6MTY4NjgxOTAxNiwianRpIjoiMTE0ZjhjODRjNTM3MDNhYzIxMjBkMzAyNjExZTM1OGMiLCJyb2xlcyI6WyJhZG1pbiIsInN1cGVyYWRtaW4iXSwiYWRtaW4iOnRydWV9.KsjyrTJdpJnnji3c57wkc6REMl-501n2Nn98xd_2wZSGwpzHtf1ocsouudJ7hm-4W1dLUHJTLYJAO9thzWtH1Yomyq029ffz5CU8B7gtcrqg9OP_QuVCOcb9KPzjA_Lc5s4SELzDrJoedR90W-nL_7BYPvhrhu9dZcH3NbcaeU_531Yqc-YhVByBX_f6MwnpXYJECNGIx9F70SHrEI58paa8KLCvDu5Kcps480YsYHKCo9k5LoSmcDBGG_-n0riWfei0wGCFcHdhdI6ag08-C109oh7Po-PQ7GVTkEJ4pFmQ7dxBxsq_X39jh8w_9XynqbTaQhbwfNZ5u0SLWEp-n2yzxYFMLONI0VtSxw4zUfMUMJFW4iZvduxe_Ui4Jlj4ZmVxa60l7Wb3k4fi6C5-3hXOvb1XngFElSdFvIC2WGlaIfDfb82Bzq41PJc8Fqm3VRVWN7y5gpADT_Y9PYvZWP98AmogEMR_-l7gCr5ICDRlDpoNcCv3vVbJ6rTLvkAC"; - private static final String JWT_WITH_ES512_ALGORITHM_TOKEN = "eyJ0eXAiOiJhdCtqd3QiLCJhbGciOiJFUzUxMiIsImtpZCI6ImZjYWYxMGJlMzdhZDhiNzQ2MWY4ZGFhYjZkMzkwYzcwIn0.eyJpc3MiOiJodHRwczovL2lkcC5sb2NhbCIsImF1ZCI6ImFwaTEiLCJzdWIiOiI1YmU4NjM1OTA3M2M0MzRiYWQyZGEzOTMyMjIyZGFiZSIsImNsaWVudF9pZCI6Im15X2NsaWVudF9hcHAiLCJleHAiOjE3ODY4MjI2MTYsImlhdCI6MTY4NjgxOTAxNiwianRpIjoiMTE0ZjhjODRjNTM3MDNhYzIxMjBkMzAyNjExZTM1OGMiLCJyb2xlcyI6WyJhZG1pbiIsInN1cGVyYWRtaW4iXSwiYWRtaW4iOnRydWV9.AGpm312EBWHyjLDh3nd6hyKQ3xQDJCpTwYYbufQ_ZQzT0URFC24TeR_8Rc-ITrCIv6sSc1JoNFUdEt1PEpiiZ1mZAN0X4LGlrDUVvIgAR2YJbc9vFSCn7rGHvN6gQjKXYB8ZTjYefgqSusGugdKwTolpKQP-Zm_C3vp-S5cUG0oGWejX"; - private static final String WRONG_JWT_TOKEN = "eyJ0eXAiOiJhdCtqd3QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjNjZDljMWM4NDU3ZjRkMDhiNDlkMDI2OGNhNWYwMDhiIn0.eyJpc3MiOiJodHRwczovL2lkcC5sb2NhbCIsImF1ZCI6ImFwaTEiLCJzdWIiOiI1YmU4NjM1OTA3M2M0MzRiYWQyZGEzOTMyMjIyZGFiZSIsImNsaWVudF9pZCI6Im15X2NsaWVudF9hcHAiLCJleHAiOjE2ODc3OTM4MzUsImlhdCI6MTY4Nzc5MDIzNSwianRpIjoiNmE3ZDllNDljNWViZjYzNWM2MjVjNWQwZDAxOGNmYjIiLCJyb2xlcyI6WyJhZG1pbiIsInN1cGVyYWRtaW4iXSwiYWRtaW4iOnRydWV9.YP4Zw8graOY5wMJpxIZzYNN01xtOquWzT74boxMkhCdKMU_35PCoufZqUbyvNTD5YLltBe_dYe-sLuN4s-ZjeivL4ySSDtaeCd60D5JnjLq7vuC6MUd9nBHo2fIbIAwkEiWi_flCCiyzNa3Ir4KPCWxEL2cdibnjxeovUKBhnjRdf3tq4ADWrczHpf4wxZXL8aLEHzM6I5nSV6I3R9Arb6Cie-gHDfwxjGB_PoD3L5syB7izdNAMJPLlv4XHwIZ_5Pdsle546cwaZqJhmEjjHgsRJ_JEa_Xpm1zfmShHCDixkEKGfQ0JN5nYqE2JCnhlpjyWNrkqMmnAxb1AsDzwrA"; - private static final String EXPIRED_JWT_TOKEN = "eyJ0eXAiOiJhdCtqd3QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImM2ZjgzODZkMzFiOThiNzdkODNiYmEzNWE0NTdhZWY0In0.eyJpc3MiOiJodHRwczovL2lkcC5sb2NhbCIsImF1ZCI6ImFwaTEiLCJzdWIiOiI1YmU4NjM1OTA3M2M0MzRiYWQyZGEzOTMyMjIyZGFiZSIsImNsaWVudF9pZCI6Im15X2NsaWVudF9hcHAiLCJleHAiOjE2ODcwMDAwMDAsImlhdCI6MTY4NzAwMDAwMCwianRpIjoiZTg0MWU1NzczZmUxN2ExNTYzNTM0ZWFhODRkOTNiNGQiLCJyb2xlcyI6WyJhZG1pbiIsInN1cGVyYWRtaW4iXSwiYWRtaW4iOnRydWV9.e0w7LwLKIpeXnms1eUHuNysoqxPzvhreVLKBhtOpRgiFr60Nrmn04EXEU4YdzGW4zU9tDdc9z8xTyfouQ7ImcLAj7p74v3fsIpckHwaAvi9FRu0kPVrCsmNC8a9M7pwRJsPPCi8DReQVnR0G0mTF12m9SIIpdf6VfaJeuNsHhQB5on6md4uxZ7X5fXZz3Z9A5xp3ZjPji6nknZUyTyTNcJ_GvEzZ4Jx9svHOm6OpDjVM57D8WI_6YNwqnEMQs-JxYNoWBSoIm1V_0rvMxLltINv0G6kvHjDApxcyUAbarpYVUUe0Sm2CoefNVXZPbb-X5gabqGrlKCFOf9ovprZ9NbgpHGawrhUgrJ3-ltkwwpi4zs7i0kj3iuGBRPh_8qJhH5NRvuPJVWN4RUhnuLuxhjenbE9UGPjIkqgYdWUHQ19qCVhf52m3UdHRatKG0GG1DLH4BEDZysvpa9y112oHSvWRmIasJMC3r4hrXnV1iLLIqZz7lv3UfTtXJAjqwGyY"; - private static final String NOT_ENOUGH_PERMISSION_JWT_TOKEN = "eyJ0eXAiOiJhdCtqd3QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImM2ZjgzODZkMzFiOThiNzdkODNiYmEzNWE0NTdhZWY0In0.eyJpc3MiOiJodHRwczovL2lkcC5sb2NhbCIsImF1ZCI6ImFwaTEiLCJzdWIiOiI1YmU4NjM1OTA3M2M0MzRiYWQyZGEzOTMyMjIyZGFiZSIsImNsaWVudF9pZCI6Im15X2NsaWVudF9hcHAiLCJleHAiOjE3ODY4MjI2MTYsImlhdCI6MTY4NjgxOTAxNiwianRpIjoiMTE0ZjhjODRjNTM3MDNhYzIxMjBkMzAyNjExZTM1OGMiLCJyb2xlcyI6WyJ1c2VyIl19.Tcicz2XdMXI4Kios6fqND_gmg5DdD0U_VdraGSh6Qylv_PJYWCDXsGCbt7GofDMYML60tqikj-LvWPeZ7O-rS8Fy0jke3a866AAj1PA0Pbf1_jYJIMdiuhK1F983RDRNPNVSjPWPqKWftmDAX-S1_k2zmX3yUPakFzlAvtF7emue9K-lueJwi3x_0raq3k4YtQYfqV9Dt9kDv-S51wjnvnhJSaKu77uYYZjH92ud-OVh-AkBoH7XC6-W3WUpKXKpGQO4QkeVnTSAuXOMLw9Yn1v-rtiS0zJ9WknyydAeg9KTLZtORjgXji4QR1VqCoCxt3LvHA7PHNuIevDw4L5aMdNMRMpN0urCAegoPWYQ011n15yMD_7GfC4wlDK9XyNsWjilVoxoZIP8QhZh1IoH1XDd3YjbmIFC04yYmV-jNRS8TOzrvd4iQOmKzT7E4n58JNB9OWONKYDMbtihSy9zCpufOfVjUmItBxYFJyd_sWtOtN3gtL4Ru6Y_IKa8Ahdm"; + private static final String NO_ALG_PRESENT_JWT = + "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6InoxcnNZSEhKOS04bWdndDRIc1p1OEJLa0JQdyIsImtpZCI6InoxcnNZSEhKOS04bWdndDRIc1p1OEJLa0JQdyJ9.eyJhdWQiOiJhcGk6Ly83YWJlOGQzNi1iMDViLTQ1OGItOTdkNy0zYjhiM2VjOWM4ZTkiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC84ZWJlMjQ5ZC04MzEyLTRmZmItOWI2Yi0wOGU1NjY2OWQ1NzgvIiwiaWF0IjoxNzM2NzYzMDk4LCJuYmYiOjE3MzY3NjMwOTgsImV4cCI6MTczNjc2Njk5OCwiYWlvIjoiazJSZ1lJaHp2Tzg4MldoMnBwV0M3cjdyaVpsbUFBPT0iLCJhcHBpZCI6IjdhYmU4ZDM2LWIwNWItNDU4Yi05N2Q3LTNiOGIzZWM5YzhlOSIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzhlYmUyNDlkLTgzMTItNGZmYi05YjZiLTA4ZTU2NjY5ZDU3OC8iLCJvaWQiOiIxOTZkYzU0NC1kMzAyLTQxYmQtYjJiMS04ODE0YWUzNmRmZmEiLCJyaCI6IjEuQVRrQW5TUy1qaEtELTAtYmF3amxabW5WZURhTnZucGJzSXRGbDljN2l6N0p5T2s1QUFBNUFBLiIsInN1YiI6IjE5NmRjNTQ0LWQzMDItNDFiZC1iMmIxLTg4MTRhZTM2ZGZmYSIsInRpZCI6IjhlYmUyNDlkLTgzMTItNGZmYi05YjZiLTA4ZTU2NjY5ZDU3OCIsInV0aSI6InZkaDlRQjBySEVlUm1fZFZ4VkVLQUEiLCJ2ZXIiOiIxLjAifQ.kAEtEYbMD47IyhgZL8KDX1I65j7gPtjXdL9iv4JwcCwTx8NL0R1gKHZPvWyyg09XqyQxVF8m5r0SxXVhvaGZCbMDrkaGOKDlwNjTzQIta3gtCiLxHdsmbrMAOt8ktVGRHLKzQcvYpVSUJhSxX4XikqugusNlU1acvKWUgkzal98YF-RvwcqlevkbHeyYmaful-6gP9Yf7p4mawlupOzl_A30Qf13a07kH-39CO5H2z_akA1eB0u8sINY-Y8l0We0ncKmP-C0vlQe5T2z3vyWuTPESRtCWgXipuYzzD1T9ZupkMTa72DAWhCOLCHKeuckLTajhj_9ZmfWRkePZUC0SQ"; + private final ObjectMapper objectMapper; + private final FeelEngineWrapper feelEngineWrapper; /* JWT token content * { @@ -222,6 +218,22 @@ public void jwtCheckWithOutRoles() { assertThat(verificationResult).isInstanceOf(Success.class); } + @Test + public void noAlgProvidedByJwkProvider() { + // given jwt, check only signature + JwkProvider jwkProvider = new JwkProviderNoAlg(); + JWTProperties jwtProperties = new JWTProperties("https://mockUrl.com", null, null); + var headers = Map.of("Authorization", "Bearer " + NO_ALG_PRESENT_JWT); + var handler = new JWTAuthHandler(new JwtAuth(jwtProperties), jwkProvider, objectMapper); + var payload = new TestWebhookProcessingPayload(headers); + + // when + var verificationResult = handler.checkAuthorization(payload); + + // then + assertThat(verificationResult).isInstanceOf(Success.class); + } + static class TestJwkProvider implements JwkProvider { @Override @@ -281,4 +293,19 @@ public Jwk get(String keyId) { return Jwk.fromValues(jwkMap); } } + + static class JwkProviderNoAlg implements JwkProvider { + + @Override + public Jwk get(String keyId) { + Map jwkMap = new HashMap<>(); + jwkMap.put("use", "sig"); + jwkMap.put("kty", "RSA"); + jwkMap.put( + "n", + "pOe4GbleFDT1u5ioOQjNMmhvkDVoVD9cBKvX7AlErtWA_D6wc1w1iwkd6arYVCPObZbAB4vLSXrlpBSOuP6VYnXw_cTgniv_c82ra-mfqCpM-SbqzZ3sVqlcE_bwxvci_4PrxAW4R85ok12NXyZ2371H3yGevabi35AlVm-bQ24azo1hLK_0DzB6TxsAIOTOcKfIugOfqP-B2R4vR4u6pYftS8MWcxegr9iJ5JNtubI1X2JHpxJhkRoMVwKFna2GXmtzdxLi3yS_GffVCKfTbFMhalbJS1lSmLqhmLZZL-lrQZ6fansTl1vcGcoxnzPTwBkZMks0iVV4yfym_gKBXQ"); + jwkMap.put("e", "AQAB"); + return Jwk.fromValues(jwkMap); + } + } } From d69fcfef1586860e579b432fad610f784b12898b Mon Sep 17 00:00:00 2001 From: Mathias Vandaele Date: Mon, 13 Jan 2025 14:30:57 +0100 Subject: [PATCH 2/3] feat(authentication-webhook): change way to retrieve algorithm, more flexible 2 --- .../camunda/connector/inbound/authorization/JWTAuthHandler.java | 1 + 1 file changed, 1 insertion(+) diff --git a/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java b/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java index d59e9c5fdd..7a572557c3 100644 --- a/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java +++ b/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java @@ -135,6 +135,7 @@ private static DecodedJWT verifyJWT(String jwtToken, JwkProvider jwkProvider) private static Algorithm getAlgorithm(String algorithm, PublicKey publicKey) throws InvalidPublicKeyException { + LOGGER.debug("Using algorithm: " + algorithm); return switch (algorithm) { case "RS256" -> Algorithm.RSA256((RSAPublicKey) publicKey); case "RS384" -> Algorithm.RSA384((RSAPublicKey) publicKey); From 2209944cbd90645e25c0fe41b42de7c75620c0ce Mon Sep 17 00:00:00 2001 From: Mathias Vandaele Date: Mon, 13 Jan 2025 15:39:31 +0100 Subject: [PATCH 3/3] feat(authentication-webhook): change way to retrieve algorithm, more flexible 3 --- .../connector/inbound/authorization/JWTAuthHandler.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java b/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java index 7a572557c3..fb0faf894a 100644 --- a/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java +++ b/connectors/webhook/src/main/java/io/camunda/connector/inbound/authorization/JWTAuthHandler.java @@ -135,7 +135,6 @@ private static DecodedJWT verifyJWT(String jwtToken, JwkProvider jwkProvider) private static Algorithm getAlgorithm(String algorithm, PublicKey publicKey) throws InvalidPublicKeyException { - LOGGER.debug("Using algorithm: " + algorithm); return switch (algorithm) { case "RS256" -> Algorithm.RSA256((RSAPublicKey) publicKey); case "RS384" -> Algorithm.RSA384((RSAPublicKey) publicKey); @@ -143,7 +142,7 @@ private static Algorithm getAlgorithm(String algorithm, PublicKey publicKey) case "ES256" -> Algorithm.ECDSA256((ECPublicKey) publicKey, null); case "ES384" -> Algorithm.ECDSA384((ECPublicKey) publicKey, null); case "ES512" -> Algorithm.ECDSA512((ECPublicKey) publicKey, null); - default -> throw new RuntimeException("Unknown algorithm!"); + default -> throw new RuntimeException("Unknown algorithm: " + algorithm); }; }