Example 1 with ClientAuthorizationRequest
use of com.disney.http.auth.client.ClientAuthorizationRequest in project groovity by disney.
the class HttpSignatureSigner method doAuthorization.
public SignatureAuthorization doAuthorization(HttpRequest request) throws HttpException {
if (keyId == null || keyId.isEmpty()) {
throw new HttpException("Signer Configuration Error: no KeyId set");
}
// fill in date field if missing from request;
if (request.getLastHeader("x-date") == null && request.getLastHeader("date") == null) {
request.addHeader("Date", DateUtils.formatDate(new Date()));
}
SignatureAuthorization sa = new SignatureAuthorization();
sa.setAlgorithm(algorithm);
sa.setHeaders(headers);
sa.setKeyId(keyId);
String signingString = sa.generateSigningString(new ClientAuthorizationRequest(request));
try {
// System.out.println("Client signing string "+signingString);
String signingAlgorithm = Algorithms.getSecurityAlgorithm(algorithm);
Key key = null;
if (keyLoader != null) {
key = keyLoader.call();
} else if (getKeyPairLoader() != null) {
// always sign with the private key, validate with the public key
key = getKeyPairLoader().call().getPrivate();
} else {
throw new RuntimeException("No key loader provided for HTTP Signature Signer");
}
// keyId must be set, as per protocol
if (signingAlgorithm.startsWith("Hmac")) {
Mac mac = Mac.getInstance(signingAlgorithm);
mac.init(key);
sa.setSignature(mac.doFinal(signingString.getBytes("UTF-8")));
} else if (signingAlgorithm.endsWith("RSA")) {
// rsa
Signature rsaSigner = Signature.getInstance(signingAlgorithm);
rsaSigner.initSign((PrivateKey) key);
rsaSigner.update(signingString.getBytes("UTF-8"));
sa.setSignature(rsaSigner.sign());
} else {
throw new NoSuchAlgorithmException("No known algorithm for " + signingAlgorithm);
}
return sa;
} catch (Exception e) {
throw new HttpException("Invalid Signature Authorization: signer was not correctly configured.", e);
}
}
Also used :
ClientAuthorizationRequest(com.disney.http.auth.client.ClientAuthorizationRequest)
SignatureAuthorization(com.disney.http.auth.SignatureAuthorization)
HttpException(org.apache.http.HttpException)
Date(java.util.Date)
Mac(javax.crypto.Mac)
HttpException(org.apache.http.HttpException)
Example 2 with ClientAuthorizationRequest
use of com.disney.http.auth.client.ClientAuthorizationRequest in project groovity by disney.
the class TestSignatureAuth method testRSA.
@Test
public void testRSA() throws Exception {
HttpGet request = new HttpGet("http://localhost:8080/");
HttpClientContext localContext = new HttpClientContext();
HttpSignatureSigner signer = new HttpSignatureSigner();
signer.setHeaderName(SIGNATURE_HEADER);
String keyId = "apiUser123";
String headers = "(request-target) host x-date";
KeyPair pair = KeyUtils.generateKeyPair();
PrivateKey privateKey = pair.getPrivate();
PublicKey publicKey = pair.getPublic();
KeyObjectKeyLoader privateKeyLoader = new KeyObjectKeyLoader(privateKey);
signer.setAlgorithm("rsa-sha256");
signer.setKeyId(keyId);
signer.setHeaders(Arrays.asList(headers.split(" ")));
signer.setKeyLoader(privateKeyLoader);
signer.process(request, localContext);
SignatureAuthorization testAuth = new SignatureAuthorization();
testAuth.setAlgorithm("rsa-sha256");
testAuth.setHeaders(signer.getHeaders());
String signingString = testAuth.generateSigningString(new ClientAuthorizationRequest(request));
byte[] encryptedString = signer.doAuthorization(request).getSignature();
boolean verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
Assert.assertTrue(verify);
// can choose algorithm
signer.setAlgorithm("rsa-md5");
signer.process(request, localContext);
encryptedString = signer.doAuthorization(request).getSignature();
verify = verifyRsa("MD5withRSA", publicKey, signingString, encryptedString);
Assert.assertTrue(verify);
// wrong keyid, not a key loader so no effect
signer.setAlgorithm("rsa-sha256");
signer.setKeyId("something else");
signer.process(request, localContext);
encryptedString = signer.doAuthorization(request).getSignature();
verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
Assert.assertTrue(verify);
// different headers
signer.setHeaders(Arrays.asList("host", "x-date"));
signer.process(request, localContext);
encryptedString = signer.doAuthorization(request).getSignature();
verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
Assert.assertFalse(verify);
// load plain key from file;
String location = "target/priv.pem";
File pemFile = new File(location);
URIParcel.put(pemFile.toURI(), pair);
URIParcel<KeyPair> pemParcel = new URIParcel<KeyPair>(KeyPair.class, pemFile.toURI());
signer = new HttpSignatureSigner();
signer.setHeaderName(SIGNATURE_HEADER);
signer.setKeyId("defaultValue");
signer.setAlgorithm("rsa-sha256");
signer.setHeaders(Arrays.asList(headers.split(" ")));
signer.setKeyPairLoader(pemParcel);
signingString = testAuth.generateSigningString(new ClientAuthorizationRequest(request));
encryptedString = signer.doAuthorization(request).getSignature();
verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
Assert.assertTrue(verify);
// try using a KeyStoreLoader
signer = new HttpSignatureSigner();
signer.setHeaderName(SIGNATURE_HEADER);
signer.setAlgorithm("rsa-sha256");
location = "target/testKeytool.store";
Map<String, Object> config = new HashMap<String, Object>();
config.put(KeyStoreValueHandler.KEYSTORE_PASSWORD, "rachel");
config.put(KeyStoreValueHandler.KEYSTORE_TYPE, "JCEKS");
URIParcel<KeyStore> parcel = new URIParcel<KeyStore>(KeyStore.class, new File(location).toURI(), config);
KeyChain chain = new KeyStoreKeyChainImpl(parcel, "".toCharArray());
KeyChainKeyLoader keystoreLoader = new KeyChainKeyLoader(chain);
keystoreLoader.setAlias("test");
signer.setKeyId("test");
signer.setHeaders(Arrays.asList(headers.split(" ")));
signer.setKeyLoader(keystoreLoader);
signer.process(request, localContext);
signingString = testAuth.generateSigningString(new ClientAuthorizationRequest(request));
encryptedString = signer.doAuthorization(request).getSignature();
// check again public key
KeyStore importedKeystore = parcel.call();
PublicKey loadedPublicKey = importedKeystore.getCertificate("test").getPublicKey();
verifyRsa("SHA256withRSA", loadedPublicKey, signingString, encryptedString);
Assert.assertTrue(verify);
}
Also used :
URIParcel(com.disney.uriparcel.URIParcel)
HashMap(java.util.HashMap)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpClientContext(org.apache.http.client.protocol.HttpClientContext)
KeyChain(com.disney.http.auth.keychain.KeyChain)
KeyStoreKeyChainImpl(com.disney.http.auth.keychain.KeyStoreKeyChainImpl)
ClientAuthorizationRequest(com.disney.http.auth.client.ClientAuthorizationRequest)
SignatureAuthorization(com.disney.http.auth.SignatureAuthorization)
KeyChainKeyLoader(com.disney.http.auth.client.keyloader.KeyChainKeyLoader)
HttpSignatureSigner(com.disney.http.auth.client.signer.HttpSignatureSigner)
KeyObjectKeyLoader(com.disney.http.auth.client.keyloader.KeyObjectKeyLoader)
File(java.io.File)
Test(org.junit.Test)
Example 3 with ClientAuthorizationRequest
use of com.disney.http.auth.client.ClientAuthorizationRequest in project groovity by disney.
the class TestSignatureAuth method testHmac.
@Test
public void testHmac() throws Exception {
HttpGet request = new HttpGet("http://localhost:8080/");
HttpClientContext localContext = new HttpClientContext();
HttpSignatureSigner signer = new HttpSignatureSigner();
signer.setHeaderName(SIGNATURE_HEADER);
String keyId = "apiUser123";
String keyValue = "someBase64Secret";
String headers = "(request-target) host x-date";
String algorithm = "hmac-sha256";
KeyObjectKeyLoader hmacKey = new KeyObjectKeyLoader(algorithm, keyValue);
signer.setHeaderName(SIGNATURE_HEADER);
signer.setKeyId(keyId);
signer.setKeyLoader(hmacKey);
signer.setAlgorithm(algorithm);
signer.process(request, localContext);
SignatureAuthorization testAuth = new SignatureAuthorization();
testAuth.setHeaders(signer.getHeaders());
Assert.assertNotNull(signer.getHeaderName());
Assert.assertNotNull(getAuthHeader(request));
String signingString = testAuth.generateSigningString(new ClientAuthorizationRequest(request));
byte[] expectedResult = signHmac(algorithm, keyValue, signingString);
byte[] signature = signer.doAuthorization(request).getSignature();
Assert.assertArrayEquals(expectedResult, signature);
// bad signing string
Assert.assertFalse(Arrays.equals(signHmac(algorithm, keyValue, signingString + "invalid"), signature));
// wrong key
signer.setKeyLoader(new KeyObjectKeyLoader(algorithm, "differentKeyValue"));
signer.process(request, localContext);
signature = signer.doAuthorization(request).getSignature();
Assert.assertFalse("Wrong Key", Arrays.equals(expectedResult, signature));
// wrong algorithm
signer.setAlgorithm("hmac-md5");
signer.process(request, localContext);
signature = signer.doAuthorization(request).getSignature();
Assert.assertFalse("Wrong algorithm", Arrays.equals(expectedResult, signature));
// wrong headers
signer.setHeaders(Arrays.asList(headers.split(" ")));
signer.setAlgorithm(algorithm);
signer.setKeyLoader(hmacKey);
signer.process(request, localContext);
signature = signer.doAuthorization(request).getSignature();
Assert.assertFalse("Incorrect Headers", Arrays.equals(expectedResult, signature));
// wrong header order
signer.setHeaders(Arrays.asList("host (request-target) x-date"));
signer.process(request, localContext);
signature = signer.doAuthorization(request).getSignature();
Assert.assertFalse("Incorrect header order", Arrays.equals(expectedResult, signature));
}
Also used :
ClientAuthorizationRequest(com.disney.http.auth.client.ClientAuthorizationRequest)
SignatureAuthorization(com.disney.http.auth.SignatureAuthorization)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpSignatureSigner(com.disney.http.auth.client.signer.HttpSignatureSigner)
HttpClientContext(org.apache.http.client.protocol.HttpClientContext)
KeyObjectKeyLoader(com.disney.http.auth.client.keyloader.KeyObjectKeyLoader)
Test(org.junit.Test)
Aggregations
SignatureAuthorization (com.disney.http.auth.SignatureAuthorization)3
ClientAuthorizationRequest (com.disney.http.auth.client.ClientAuthorizationRequest)3
KeyObjectKeyLoader (com.disney.http.auth.client.keyloader.KeyObjectKeyLoader)2
HttpSignatureSigner (com.disney.http.auth.client.signer.HttpSignatureSigner)2
HttpGet (org.apache.http.client.methods.HttpGet)2
HttpClientContext (org.apache.http.client.protocol.HttpClientContext)2
Test (org.junit.Test)2
KeyChainKeyLoader (com.disney.http.auth.client.keyloader.KeyChainKeyLoader)1
KeyChain (com.disney.http.auth.keychain.KeyChain)1
KeyStoreKeyChainImpl (com.disney.http.auth.keychain.KeyStoreKeyChainImpl)1
URIParcel (com.disney.uriparcel.URIParcel)1
File (java.io.File)1
Date (java.util.Date)1
HashMap (java.util.HashMap)1
Mac (javax.crypto.Mac)1
HttpException (org.apache.http.HttpException)1
