use of java.util.Base64 in project vert.x by eclipse.
the class HttpProxy method start.
/**
* Start the server.
*
* @param vertx
* Vertx instance to use for creating the server and client
* @param finishedHandler
* will be called when the server has started
*/
@Override
public void start(Vertx vertx, Handler<Void> finishedHandler) {
HttpServerOptions options = new HttpServerOptions();
options.setHost("localhost").setPort(PORT);
server = vertx.createHttpServer(options);
server.requestHandler(request -> {
HttpMethod method = request.method();
String uri = request.uri();
if (username != null) {
String auth = request.getHeader("Proxy-Authorization");
String expected = "Basic " + Base64.getEncoder().encodeToString((username + ":" + username).getBytes());
if (auth == null || !auth.equals(expected)) {
request.response().setStatusCode(407).end("proxy authentication failed");
return;
}
}
lastRequestHeaders = MultiMap.caseInsensitiveMultiMap().addAll(request.headers());
if (error != 0) {
request.response().setStatusCode(error).end("proxy request failed");
} else if (method == HttpMethod.CONNECT) {
if (!uri.contains(":")) {
request.response().setStatusCode(403).end("invalid request");
} else {
lastUri = uri;
if (forceUri != null) {
uri = forceUri;
}
String[] split = uri.split(":");
String host = split[0];
int port;
try {
port = Integer.parseInt(split[1]);
} catch (NumberFormatException ex) {
port = 443;
}
if (port == 8080 || port < 1024 && port != 443) {
request.response().setStatusCode(403).end("access to port denied");
return;
}
NetSocket serverSocket = request.netSocket();
NetClientOptions netOptions = new NetClientOptions();
NetClient netClient = vertx.createNetClient(netOptions);
netClient.connect(port, host, result -> {
if (result.succeeded()) {
NetSocket clientSocket = result.result();
serverSocket.write("HTTP/1.0 200 Connection established\n\n");
serverSocket.closeHandler(v -> clientSocket.close());
clientSocket.closeHandler(v -> serverSocket.close());
Pump.pump(serverSocket, clientSocket).start();
Pump.pump(clientSocket, serverSocket).start();
} else {
request.response().setStatusCode(403).end("request failed");
}
});
}
} else if (method == HttpMethod.GET) {
lastUri = request.uri();
HttpClient client = vertx.createHttpClient();
HttpClientRequest clientRequest = client.getAbs(request.uri(), resp -> {
for (String name : resp.headers().names()) {
request.response().putHeader(name, resp.headers().getAll(name));
}
resp.bodyHandler(body -> {
request.response().end(body);
});
});
for (String name : request.headers().names()) {
if (!name.equals("Proxy-Authorization")) {
clientRequest.putHeader(name, request.headers().getAll(name));
}
}
clientRequest.exceptionHandler(e -> {
log.debug("exception", e);
int status;
if (e instanceof UnknownHostException) {
status = 504;
} else {
status = 400;
}
request.response().setStatusCode(status).end(e.toString() + " on client request");
});
clientRequest.end();
} else {
request.response().setStatusCode(405).end("method not supported");
}
});
server.listen(server -> {
finishedHandler.handle(null);
});
}
use of java.util.Base64 in project jdk8u_jdk by JetBrains.
the class TestBase64 method testMalformedPadding.
private static void testMalformedPadding() throws Throwable {
Object[] data = new Object[] { // illegal ending unit
"$=#", // illegal ending unit
"", // illegal ending unit
0, // dangling single byte
"A", // dangling single byte
"", // dangling single byte
0, "A=", "", 0, "A==", "", 0, "QUJDA", "ABC", 4, "QUJDA=", "ABC", 4, "QUJDA==", "ABC", 4, // unnecessary padding
"=", // unnecessary padding
"", // unnecessary padding
0, //"ABC".encode() -> "QUJD"
"QUJD=", //"ABC".encode() -> "QUJD"
"ABC", //"ABC".encode() -> "QUJD"
4, // incomplete padding
"AA=", // incomplete padding
"", // incomplete padding
0, "QQ=", "", 0, // incorrect padding
"QQ=N", // incorrect padding
"", // incorrect padding
0, "QQ=?", "", 0, "QUJDQQ=", "ABC", 4, "QUJDQQ=N", "ABC", 4, "QUJDQQ=?", "ABC", 4 };
Base64.Decoder[] decs = new Base64.Decoder[] { Base64.getDecoder(), Base64.getUrlDecoder(), Base64.getMimeDecoder() };
for (Base64.Decoder dec : decs) {
for (int i = 0; i < data.length; i += 3) {
final String srcStr = (String) data[i];
final byte[] srcBytes = srcStr.getBytes("ASCII");
final ByteBuffer srcBB = ByteBuffer.wrap(srcBytes);
byte[] expected = ((String) data[i + 1]).getBytes("ASCII");
int pos = (Integer) data[i + 2];
// decode(byte[])
checkIAE(() -> dec.decode(srcBytes));
// decode(String)
checkIAE(() -> dec.decode(srcStr));
// decode(ByteBuffer)
checkIAE(() -> dec.decode(srcBB));
// wrap stream
checkIOE(new Testable() {
public void test() throws IOException {
try (InputStream is = dec.wrap(new ByteArrayInputStream(srcBytes))) {
while (is.read() != -1) ;
}
}
});
}
}
}
use of java.util.Base64 in project curiostack by curioswitch.
the class RequestNamespaceCertTask method exec.
@TaskAction
public void exec() {
ImmutableClusterExtension cluster = getProject().getExtensions().getByType(ClusterExtension.class);
final KeyPairGenerator keygen;
try {
keygen = KeyPairGenerator.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME);
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
throw new IllegalStateException("Could not find RSA, can't happen.", e);
}
keygen.initialize(256, new SecureRandom());
KeyPair keyPair = keygen.generateKeyPair();
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=" + cluster.namespace() + ".ns.cluster.stellarstation.com"), keyPair.getPublic());
Stream<GeneralName> generalNames = Streams.concat(Stream.of(new GeneralName(GeneralName.dNSName, "*." + cluster.namespace()), new GeneralName(GeneralName.dNSName, "*." + cluster.namespace() + ".svc"), new GeneralName(GeneralName.dNSName, "*." + cluster.namespace() + ".svc.cluster.local")), cluster.extraNamespaceTlsHosts().stream().map(name -> new GeneralName(GeneralName.dNSName, name)));
GeneralNames subjectAltNames = new GeneralNames(generalNames.toArray(GeneralName[]::new));
ExtensionsGenerator extensions = new ExtensionsGenerator();
try {
extensions.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
p10Builder.setAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions.generate());
} catch (IOException e) {
throw new IllegalStateException("Could not encode cert name, can't happen.", e);
}
final ContentSigner signer;
try {
signer = new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate());
} catch (OperatorCreationException e) {
throw new IllegalStateException("Could not find signer, can't happen.", e);
}
PKCS10CertificationRequest csr = p10Builder.build(signer);
StringWriter csrWriter = new StringWriter();
try (JcaPEMWriter pemWriter = new JcaPEMWriter(csrWriter)) {
pemWriter.writeObject(csr);
} catch (IOException e) {
throw new IllegalStateException("Could not encode csr, can't happen.", e);
}
String encodedCsr = Base64.getEncoder().encodeToString(csrWriter.toString().getBytes(StandardCharsets.UTF_8));
Map<Object, Object> csrApiRequest = ImmutableMap.of("apiVersion", "certificates.k8s.io/v1beta1", "kind", "CertificateSigningRequest", "metadata", ImmutableMap.of("name", cluster.namespace() + ".server.crt"), "spec", ImmutableMap.of("request", encodedCsr, "usages", ImmutableList.of("digital signature", "key encipherment", "server auth", "client auth")));
final byte[] encodedApiRequest;
try {
encodedApiRequest = OBJECT_MAPPER.writeValueAsBytes(csrApiRequest);
} catch (JsonProcessingException e) {
throw new IllegalStateException("Could not encode yaml", e);
}
ImmutableGcloudExtension config = getProject().getRootProject().getExtensions().getByType(GcloudExtension.class);
String command = config.download() ? CommandUtil.getGcloudSdkBinDir(getProject()).resolve("kubectl").toAbsolutePath().toString() : "kubectl";
getProject().exec(exec -> {
exec.executable(command);
exec.args("create", "-f", "-");
exec.setStandardInput(new ByteArrayInputStream(encodedApiRequest));
});
getProject().exec(exec -> {
exec.executable(command);
exec.args("certificate", "approve", cluster.namespace() + ".server.crt");
});
// Need to wait a bit for certificate to propagate before fetching.
try {
TimeUnit.SECONDS.sleep(5);
} catch (InterruptedException e) {
throw new RuntimeException(e);
}
// Gradle Exec seems to be flaky when reading from stdout, so use normal ProcessBuilder.
final byte[] certificateBytes;
try {
Process getCertProcess = new ProcessBuilder(command, "get", "csr", cluster.namespace() + ".server.crt", "-o", "jsonpath={.status.certificate}").start();
certificateBytes = ByteStreams.toByteArray(getCertProcess.getInputStream());
} catch (IOException e) {
throw new UncheckedIOException("Could not fetch certificate.", e);
}
String certificate = new String(Base64.getDecoder().decode(certificateBytes), StandardCharsets.UTF_8);
final JcaPKCS8Generator keyGenerator;
final PemObject keyObject;
try {
keyGenerator = new JcaPKCS8Generator(keyPair.getPrivate(), null);
keyObject = keyGenerator.generate();
} catch (PemGenerationException e) {
throw new IllegalStateException("Could not encode to pkcs8.", e);
}
StringWriter keyWriter = new StringWriter();
try (JcaPEMWriter pemWriter = new JcaPEMWriter(keyWriter)) {
pemWriter.writeObject(keyObject);
} catch (IOException e) {
throw new IllegalStateException("Could not encode csr, can't happen.", e);
}
String key = keyWriter.toString();
KubernetesClient client = new DefaultKubernetesClient();
Secret certificateSecret = new SecretBuilder().withMetadata(new ObjectMetaBuilder().withName("server-tls").withNamespace(cluster.namespace()).build()).withType("Opaque").withData(ImmutableMap.of("server.crt", Base64.getEncoder().encodeToString(certificate.getBytes(StandardCharsets.UTF_8)), "server-key.pem", Base64.getEncoder().encodeToString(key.getBytes(StandardCharsets.UTF_8)))).build();
client.resource(certificateSecret).createOrReplace();
}
use of java.util.Base64 in project fru-paqx-parent by dellemc-symphony.
the class ContextConfig method servletContainer.
@Bean
public /**
* This container is required in order to implement the redirect from http 8080 to https 18443 in spring boot.
* This means that http can continue to be used but will automatically redirect to https
* The responses from FRU will be https regardless of the protocol/port used by the cli.
*/
EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
@Override
protected /**
* This is the method where ssl is configured in the tomcat container.
* We want to override this in order to be able to take an encrypted-base64-encoded password from
* application.properties and to decode+decrypt it and provide it to the Ssl object before ssl configuration begins.
*/
void configureSsl(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
if (LOG.isDebugEnabled()) {
LOG.debug("ContextConfig: servletContainer: encoded password = " + ssl.getKeyStorePassword());
}
byte[] decodedBytes = Base64.getDecoder().decode(ssl.getKeyStorePassword());
ssl.setKeyStorePassword(new String(decodedBytes));
super.configureSsl(protocol, ssl);
}
};
//Setup the redirection
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
//Setup the custom realm, which sets the custom redirect code.
//By default the redirect is 302. But if the request to be redirected is a post,
//then the post is converted to a get and therefore the post's body is removed in the redirect. (e.g. using CURL)
//We need to set the redirection with code 307 so that the origin method is used in the redirect
//e.g. get uses get on redirect and post uses post on redirect.
//This conforms to standard RFC 2616
tomcat.addContextCustomizers((TomcatContextCustomizer) context -> {
RealmBase base = new CombinedRealm();
base.setTransportGuaranteeRedirectStatus(307);
context.setRealm(base);
});
return tomcat;
}
use of java.util.Base64 in project mzzb-server by mingzuozhibi.
the class SignedRequestsHelper method hmac.
private String hmac(String stringToSign) {
String signature;
byte[] data;
byte[] rawHmac;
try {
data = stringToSign.getBytes(UTF8_CHARSET);
rawHmac = mac.doFinal(data);
Encoder encoder = Base64.getEncoder();
signature = new String(encoder.encode(rawHmac));
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);
}
return signature;
}
Aggregations