Example 1 with KeyChainKeyLoader
use of com.disney.http.auth.client.keyloader.KeyChainKeyLoader in project groovity by disney.
the class TestKeyStoreKeyLoader method testImportKeystoreMissingProperties.
// no alias, no algorithm, throw exception.
@Test(expected = Exception.class)
public void testImportKeystoreMissingProperties() throws Exception {
KeyChainKeyLoader loader = setupKeyLoader(null);
loader.call();
}
Also used :
KeyChainKeyLoader(com.disney.http.auth.client.keyloader.KeyChainKeyLoader)
Test(org.junit.Test)
Example 2 with KeyChainKeyLoader
use of com.disney.http.auth.client.keyloader.KeyChainKeyLoader in project groovity by disney.
the class TestKeyStoreKeyLoader method testImportKeystoreMissingPassword.
// no algorithm, should throw exception
@Test(expected = Exception.class)
public void testImportKeystoreMissingPassword() throws Exception {
KeyChainKeyLoader loader = setupKeyLoader(null);
loader.setAlias("apiUser123");
loader.call();
}
Also used :
KeyChainKeyLoader(com.disney.http.auth.client.keyloader.KeyChainKeyLoader)
Test(org.junit.Test)
Example 3 with KeyChainKeyLoader
use of com.disney.http.auth.client.keyloader.KeyChainKeyLoader in project groovity by disney.
the class TestKeyStoreKeyLoader method setupKeyLoader.
private KeyChainKeyLoader setupKeyLoader(String keystorePassword) {
Map<String, Object> config = new HashMap<String, Object>();
config.put(KeyStoreValueHandler.KEYSTORE_PASSWORD, keystorePassword);
config.put(KeyStoreValueHandler.KEYSTORE_TYPE, "JCEKS");
URIParcel<KeyStore> parcel = new URIParcel<KeyStore>(KeyStore.class, new File("src/test/resources/testKey.store").toURI(), config);
KeyChain chain = new KeyStoreKeyChainImpl(parcel, "".toCharArray());
KeyChainKeyLoader loader = new KeyChainKeyLoader(chain);
return loader;
}
Also used :
KeyStoreKeyChainImpl(com.disney.http.auth.keychain.KeyStoreKeyChainImpl)
HashMap(java.util.HashMap)
URIParcel(com.disney.uriparcel.URIParcel)
KeyChainKeyLoader(com.disney.http.auth.client.keyloader.KeyChainKeyLoader)
KeyChain(com.disney.http.auth.keychain.KeyChain)
KeyStore(java.security.KeyStore)
File(java.io.File)
Example 4 with KeyChainKeyLoader
use of com.disney.http.auth.client.keyloader.KeyChainKeyLoader in project groovity by disney.
the class TestSignatureAuth method testRSA.
@Test
public void testRSA() throws Exception {
HttpGet request = new HttpGet("http://localhost:8080/");
HttpClientContext localContext = new HttpClientContext();
HttpSignatureSigner signer = new HttpSignatureSigner();
signer.setHeaderName(SIGNATURE_HEADER);
String keyId = "apiUser123";
String headers = "(request-target) host x-date";
KeyPair pair = KeyUtils.generateKeyPair();
PrivateKey privateKey = pair.getPrivate();
PublicKey publicKey = pair.getPublic();
KeyObjectKeyLoader privateKeyLoader = new KeyObjectKeyLoader(privateKey);
signer.setAlgorithm("rsa-sha256");
signer.setKeyId(keyId);
signer.setHeaders(Arrays.asList(headers.split(" ")));
signer.setKeyLoader(privateKeyLoader);
signer.process(request, localContext);
SignatureAuthorization testAuth = new SignatureAuthorization();
testAuth.setAlgorithm("rsa-sha256");
testAuth.setHeaders(signer.getHeaders());
String signingString = testAuth.generateSigningString(new ClientAuthorizationRequest(request));
byte[] encryptedString = signer.doAuthorization(request).getSignature();
boolean verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
Assert.assertTrue(verify);
// can choose algorithm
signer.setAlgorithm("rsa-md5");
signer.process(request, localContext);
encryptedString = signer.doAuthorization(request).getSignature();
verify = verifyRsa("MD5withRSA", publicKey, signingString, encryptedString);
Assert.assertTrue(verify);
// wrong keyid, not a key loader so no effect
signer.setAlgorithm("rsa-sha256");
signer.setKeyId("something else");
signer.process(request, localContext);
encryptedString = signer.doAuthorization(request).getSignature();
verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
Assert.assertTrue(verify);
// different headers
signer.setHeaders(Arrays.asList("host", "x-date"));
signer.process(request, localContext);
encryptedString = signer.doAuthorization(request).getSignature();
verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
Assert.assertFalse(verify);
// load plain key from file;
String location = "target/priv.pem";
File pemFile = new File(location);
URIParcel.put(pemFile.toURI(), pair);
URIParcel<KeyPair> pemParcel = new URIParcel<KeyPair>(KeyPair.class, pemFile.toURI());
signer = new HttpSignatureSigner();
signer.setHeaderName(SIGNATURE_HEADER);
signer.setKeyId("defaultValue");
signer.setAlgorithm("rsa-sha256");
signer.setHeaders(Arrays.asList(headers.split(" ")));
signer.setKeyPairLoader(pemParcel);
signingString = testAuth.generateSigningString(new ClientAuthorizationRequest(request));
encryptedString = signer.doAuthorization(request).getSignature();
verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
Assert.assertTrue(verify);
// try using a KeyStoreLoader
signer = new HttpSignatureSigner();
signer.setHeaderName(SIGNATURE_HEADER);
signer.setAlgorithm("rsa-sha256");
location = "target/testKeytool.store";
Map<String, Object> config = new HashMap<String, Object>();
config.put(KeyStoreValueHandler.KEYSTORE_PASSWORD, "rachel");
config.put(KeyStoreValueHandler.KEYSTORE_TYPE, "JCEKS");
URIParcel<KeyStore> parcel = new URIParcel<KeyStore>(KeyStore.class, new File(location).toURI(), config);
KeyChain chain = new KeyStoreKeyChainImpl(parcel, "".toCharArray());
KeyChainKeyLoader keystoreLoader = new KeyChainKeyLoader(chain);
keystoreLoader.setAlias("test");
signer.setKeyId("test");
signer.setHeaders(Arrays.asList(headers.split(" ")));
signer.setKeyLoader(keystoreLoader);
signer.process(request, localContext);
signingString = testAuth.generateSigningString(new ClientAuthorizationRequest(request));
encryptedString = signer.doAuthorization(request).getSignature();
// check again public key
KeyStore importedKeystore = parcel.call();
PublicKey loadedPublicKey = importedKeystore.getCertificate("test").getPublicKey();
verifyRsa("SHA256withRSA", loadedPublicKey, signingString, encryptedString);
Assert.assertTrue(verify);
}
Also used :
URIParcel(com.disney.uriparcel.URIParcel)
HashMap(java.util.HashMap)
HttpGet(org.apache.http.client.methods.HttpGet)
HttpClientContext(org.apache.http.client.protocol.HttpClientContext)
KeyChain(com.disney.http.auth.keychain.KeyChain)
KeyStoreKeyChainImpl(com.disney.http.auth.keychain.KeyStoreKeyChainImpl)
ClientAuthorizationRequest(com.disney.http.auth.client.ClientAuthorizationRequest)
SignatureAuthorization(com.disney.http.auth.SignatureAuthorization)
KeyChainKeyLoader(com.disney.http.auth.client.keyloader.KeyChainKeyLoader)
HttpSignatureSigner(com.disney.http.auth.client.signer.HttpSignatureSigner)
KeyObjectKeyLoader(com.disney.http.auth.client.keyloader.KeyObjectKeyLoader)
File(java.io.File)
Test(org.junit.Test)
Example 5 with KeyChainKeyLoader
use of com.disney.http.auth.client.keyloader.KeyChainKeyLoader in project groovity by disney.
the class SampleClient method main.
public static void main(String[] args) throws Exception {
try {
HttpClientBuilder clientBuilder = HttpClients.custom();
// /// Ways to get the private key data (RSA):
/*
* Import KeyStore from file/url/etc.
* - assumes file has password but alias does not
* - must set loader password and type
*/
Map<String, Object> config = new HashMap<String, Object>();
config.put(KeyStoreValueHandler.KEYSTORE_PASSWORD, "filePassword");
config.put(KeyStoreValueHandler.KEYSTORE_TYPE, "JCEKS");
URIParcel<KeyStore> ks = new URIParcel<KeyStore>(KeyStore.class, new File("client_keystore.jceks").toURI(), config);
KeyChain chain = new KeyStoreKeyChainImpl(ks, "passwordForPrivateKey".toCharArray());
KeyChainKeyLoader loader = new KeyChainKeyLoader(chain);
loader.setAlias("sample_webapp");
/*
* Import PrivateKey from PKCS8 pem file
* - assumes no password protection or encryption
*/
// ExternalKeyLoader keyLoader = new ExternalKeyLoader("/client_key.pem", localContext);
// keyLoader.setAlgorithm("RSA");
URIParcel<PrivateKey> keyLoader = new URIParcel<PrivateKey>(PrivateKey.class, new java.net.URI("file:client_key.pem"));
/*
* Create own key and to set that in the signer. Can write key to file as desired
*
* Here, generate a KeyPair
* - only RSA
* - can set bit size to 1024 or 2048
* - must save the public key for verification use
*/
KeyPair pair = KeyUtils.generateKeyPair(2048);
// // Write privateKey to a file (PKCS8, uses base64encoding)
// KeyUtils.writePrivateKeyToFile(pair,"/Users/kobar004/misc/auth-backup/newKey-priv.pem");
KeyObjectKeyLoader privateKeyLoader = new KeyObjectKeyLoader(pair.getPrivate());
// // write public KeyStore to file.
// String publicKeyStoreLocation = "/Users/kobar004/misc/auth-backup/newKey-pub.store";
// KeyUtils.writePublicKeyStoreToFile(pair.getPublic(), publicKeyStoreLocation, "RSA", "rachel");
// Ways to set the symmetric key data (HMAC):
/*
* Set Key value explicitly
*/
KeyObjectKeyLoader simpleLoader = new KeyObjectKeyLoader("hmac-sha256", "someBase64Secret");
/*
* Configuring the HttpSignatureSigner (HttpRequestInterceptor)
*
* - must set the keyId / alias
* - must set key/encryption/algorithm
* - if no headers are set, default to just using the Date header
* - Lastly, the signer must be added to the clientBuilder
*/
// /// Signing for SIGNATURE Authorization with imported RSA key
// setting the key of the singer either with a loader or a key.
HttpSignatureSigner signer = new HttpSignatureSigner();
signer.setKeyId("apiUser123");
signer.setHeaders(Arrays.asList("(request-target)", "host", "x-date"));
// set key (choose one)
// signer.setKey(loader);
// signer.setKey(keyLoader);
signer.setKeyLoader(simpleLoader);
clientBuilder.addInterceptorLast(signer);
// ///
CloseableHttpClient client = clientBuilder.build();
getRequest(client, "http://localhost:8080/");
client.close();
} catch (Exception e) {
e.printStackTrace();
}
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
HashMap(java.util.HashMap)
URIParcel(com.disney.uriparcel.URIParcel)
KeyChain(com.disney.http.auth.keychain.KeyChain)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
KeyStoreKeyChainImpl(com.disney.http.auth.keychain.KeyStoreKeyChainImpl)
KeyChainKeyLoader(com.disney.http.auth.client.keyloader.KeyChainKeyLoader)
HttpSignatureSigner(com.disney.http.auth.client.signer.HttpSignatureSigner)
KeyObjectKeyLoader(com.disney.http.auth.client.keyloader.KeyObjectKeyLoader)
File(java.io.File)
Aggregations
KeyChainKeyLoader (com.disney.http.auth.client.keyloader.KeyChainKeyLoader)9
Test (org.junit.Test)6
KeyStoreKeyChainImpl (com.disney.http.auth.keychain.KeyStoreKeyChainImpl)5
URIParcel (com.disney.uriparcel.URIParcel)5
HashMap (java.util.HashMap)5
KeyChain (com.disney.http.auth.keychain.KeyChain)4
File (java.io.File)4
KeyObjectKeyLoader (com.disney.http.auth.client.keyloader.KeyObjectKeyLoader)3
HttpSignatureSigner (com.disney.http.auth.client.signer.HttpSignatureSigner)3
KeyStore (java.security.KeyStore)3
Key (java.security.Key)2
SignatureAuthorization (com.disney.http.auth.SignatureAuthorization)1
ClientAuthorizationRequest (com.disney.http.auth.client.ClientAuthorizationRequest)1
URI (java.net.URI)1
KeyPair (java.security.KeyPair)1
PrivateKey (java.security.PrivateKey)1
PublicKey (java.security.PublicKey)1
Signature (java.security.Signature)1
List (java.util.List)1
Map (java.util.Map)1
