Search in sources :

Example 1 with KeyStoreKeyChainImpl

use of com.disney.http.auth.keychain.KeyStoreKeyChainImpl in project groovity by disney.

the class TestKeyStoreKeyLoader method setupKeyLoader.

private KeyChainKeyLoader setupKeyLoader(String keystorePassword) {
    Map<String, Object> config = new HashMap<String, Object>();
    config.put(KeyStoreValueHandler.KEYSTORE_PASSWORD, keystorePassword);
    config.put(KeyStoreValueHandler.KEYSTORE_TYPE, "JCEKS");
    URIParcel<KeyStore> parcel = new URIParcel<KeyStore>(KeyStore.class, new File("src/test/resources/testKey.store").toURI(), config);
    KeyChain chain = new KeyStoreKeyChainImpl(parcel, "".toCharArray());
    KeyChainKeyLoader loader = new KeyChainKeyLoader(chain);
    return loader;
}
Also used : KeyStoreKeyChainImpl(com.disney.http.auth.keychain.KeyStoreKeyChainImpl) HashMap(java.util.HashMap) URIParcel(com.disney.uriparcel.URIParcel) KeyChainKeyLoader(com.disney.http.auth.client.keyloader.KeyChainKeyLoader) KeyChain(com.disney.http.auth.keychain.KeyChain) KeyStore(java.security.KeyStore) File(java.io.File)

Example 2 with KeyStoreKeyChainImpl

use of com.disney.http.auth.keychain.KeyStoreKeyChainImpl in project groovity by disney.

the class TestSignatureAuth method testRSA.

@Test
public void testRSA() throws Exception {
    HttpGet request = new HttpGet("http://localhost:8080/");
    HttpClientContext localContext = new HttpClientContext();
    HttpSignatureSigner signer = new HttpSignatureSigner();
    signer.setHeaderName(SIGNATURE_HEADER);
    String keyId = "apiUser123";
    String headers = "(request-target) host x-date";
    KeyPair pair = KeyUtils.generateKeyPair();
    PrivateKey privateKey = pair.getPrivate();
    PublicKey publicKey = pair.getPublic();
    KeyObjectKeyLoader privateKeyLoader = new KeyObjectKeyLoader(privateKey);
    signer.setAlgorithm("rsa-sha256");
    signer.setKeyId(keyId);
    signer.setHeaders(Arrays.asList(headers.split(" ")));
    signer.setKeyLoader(privateKeyLoader);
    signer.process(request, localContext);
    SignatureAuthorization testAuth = new SignatureAuthorization();
    testAuth.setAlgorithm("rsa-sha256");
    testAuth.setHeaders(signer.getHeaders());
    String signingString = testAuth.generateSigningString(new ClientAuthorizationRequest(request));
    byte[] encryptedString = signer.doAuthorization(request).getSignature();
    boolean verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
    Assert.assertTrue(verify);
    // can choose algorithm
    signer.setAlgorithm("rsa-md5");
    signer.process(request, localContext);
    encryptedString = signer.doAuthorization(request).getSignature();
    verify = verifyRsa("MD5withRSA", publicKey, signingString, encryptedString);
    Assert.assertTrue(verify);
    // wrong keyid, not a key loader so no effect
    signer.setAlgorithm("rsa-sha256");
    signer.setKeyId("something else");
    signer.process(request, localContext);
    encryptedString = signer.doAuthorization(request).getSignature();
    verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
    Assert.assertTrue(verify);
    // different headers
    signer.setHeaders(Arrays.asList("host", "x-date"));
    signer.process(request, localContext);
    encryptedString = signer.doAuthorization(request).getSignature();
    verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
    Assert.assertFalse(verify);
    // load plain key from file;
    String location = "target/priv.pem";
    File pemFile = new File(location);
    URIParcel.put(pemFile.toURI(), pair);
    URIParcel<KeyPair> pemParcel = new URIParcel<KeyPair>(KeyPair.class, pemFile.toURI());
    signer = new HttpSignatureSigner();
    signer.setHeaderName(SIGNATURE_HEADER);
    signer.setKeyId("defaultValue");
    signer.setAlgorithm("rsa-sha256");
    signer.setHeaders(Arrays.asList(headers.split(" ")));
    signer.setKeyPairLoader(pemParcel);
    signingString = testAuth.generateSigningString(new ClientAuthorizationRequest(request));
    encryptedString = signer.doAuthorization(request).getSignature();
    verify = verifyRsa("SHA256withRSA", publicKey, signingString, encryptedString);
    Assert.assertTrue(verify);
    // try using a KeyStoreLoader
    signer = new HttpSignatureSigner();
    signer.setHeaderName(SIGNATURE_HEADER);
    signer.setAlgorithm("rsa-sha256");
    location = "target/testKeytool.store";
    Map<String, Object> config = new HashMap<String, Object>();
    config.put(KeyStoreValueHandler.KEYSTORE_PASSWORD, "rachel");
    config.put(KeyStoreValueHandler.KEYSTORE_TYPE, "JCEKS");
    URIParcel<KeyStore> parcel = new URIParcel<KeyStore>(KeyStore.class, new File(location).toURI(), config);
    KeyChain chain = new KeyStoreKeyChainImpl(parcel, "".toCharArray());
    KeyChainKeyLoader keystoreLoader = new KeyChainKeyLoader(chain);
    keystoreLoader.setAlias("test");
    signer.setKeyId("test");
    signer.setHeaders(Arrays.asList(headers.split(" ")));
    signer.setKeyLoader(keystoreLoader);
    signer.process(request, localContext);
    signingString = testAuth.generateSigningString(new ClientAuthorizationRequest(request));
    encryptedString = signer.doAuthorization(request).getSignature();
    // check again public key
    KeyStore importedKeystore = parcel.call();
    PublicKey loadedPublicKey = importedKeystore.getCertificate("test").getPublicKey();
    verifyRsa("SHA256withRSA", loadedPublicKey, signingString, encryptedString);
    Assert.assertTrue(verify);
}
Also used : URIParcel(com.disney.uriparcel.URIParcel) HashMap(java.util.HashMap) HttpGet(org.apache.http.client.methods.HttpGet) HttpClientContext(org.apache.http.client.protocol.HttpClientContext) KeyChain(com.disney.http.auth.keychain.KeyChain) KeyStoreKeyChainImpl(com.disney.http.auth.keychain.KeyStoreKeyChainImpl) ClientAuthorizationRequest(com.disney.http.auth.client.ClientAuthorizationRequest) SignatureAuthorization(com.disney.http.auth.SignatureAuthorization) KeyChainKeyLoader(com.disney.http.auth.client.keyloader.KeyChainKeyLoader) HttpSignatureSigner(com.disney.http.auth.client.signer.HttpSignatureSigner) KeyObjectKeyLoader(com.disney.http.auth.client.keyloader.KeyObjectKeyLoader) File(java.io.File) Test(org.junit.Test)

Example 3 with KeyStoreKeyChainImpl

use of com.disney.http.auth.keychain.KeyStoreKeyChainImpl in project groovity by disney.

the class XmlPolicyParser method processKeystore.

private static KeyChain processKeystore(Element keystore, ServletContext context) throws MalformedURLException, URISyntaxException {
    String location = null;
    long ttl = -1;
    String password = null;
    String type = "JCEKS";
    NodeList kids = keystore.getChildNodes();
    for (int i = 0; i < kids.getLength(); i++) {
        Node n = kids.item(i);
        if ("location".equals(n.getNodeName())) {
            location = n.getTextContent().trim();
        } else if ("ttl".equals(n.getNodeName())) {
            ttl = Long.parseLong(n.getTextContent().trim());
        } else if ("type".equals(n.getNodeName())) {
            type = n.getTextContent().trim();
        } else if ("password".equals(n.getNodeName())) {
            password = n.getTextContent().trim();
        }
    }
    URL ku = location.contains(":") ? new URL(location) : context.getResource(location);
    Map<String, Object> config = new HashMap<String, Object>();
    config.put(KeyStoreValueHandler.KEYSTORE_PASSWORD, password);
    config.put(KeyStoreValueHandler.KEYSTORE_TYPE, type);
    URIParcel<KeyStore> parcel = new URIParcel<KeyStore>(KeyStore.class, ku.toURI(), ttl, config);
    return new KeyStoreKeyChainImpl(parcel, password.toCharArray());
}
Also used : HashMap(java.util.HashMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) URIParcel(com.disney.uriparcel.URIParcel) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) KeyStore(java.security.KeyStore) URL(java.net.URL) KeyStoreKeyChainImpl(com.disney.http.auth.keychain.KeyStoreKeyChainImpl)

Example 4 with KeyStoreKeyChainImpl

use of com.disney.http.auth.keychain.KeyStoreKeyChainImpl in project groovity by disney.

the class SampleClient method main.

public static void main(String[] args) throws Exception {
    try {
        HttpClientBuilder clientBuilder = HttpClients.custom();
        // /// Ways to get the private key data (RSA):
        /*
         * Import KeyStore from file/url/etc.
         *   - assumes file has password but alias does not
         *   - must set loader password and type
         */
        Map<String, Object> config = new HashMap<String, Object>();
        config.put(KeyStoreValueHandler.KEYSTORE_PASSWORD, "filePassword");
        config.put(KeyStoreValueHandler.KEYSTORE_TYPE, "JCEKS");
        URIParcel<KeyStore> ks = new URIParcel<KeyStore>(KeyStore.class, new File("client_keystore.jceks").toURI(), config);
        KeyChain chain = new KeyStoreKeyChainImpl(ks, "passwordForPrivateKey".toCharArray());
        KeyChainKeyLoader loader = new KeyChainKeyLoader(chain);
        loader.setAlias("sample_webapp");
        /*
         * Import PrivateKey from PKCS8 pem file
         *   - assumes no password protection or encryption
         */
        // ExternalKeyLoader keyLoader = new ExternalKeyLoader("/client_key.pem", localContext);
        // keyLoader.setAlgorithm("RSA");
        URIParcel<PrivateKey> keyLoader = new URIParcel<PrivateKey>(PrivateKey.class, new java.net.URI("file:client_key.pem"));
        /*
         * Create own key and to set that in the signer. Can write key to file as desired
         *
         * Here, generate a KeyPair
         *   - only RSA
         *   - can set bit size to 1024 or 2048
         *   - must save the public key for verification use
         */
        KeyPair pair = KeyUtils.generateKeyPair(2048);
        // // Write privateKey to a file (PKCS8, uses base64encoding)
        // KeyUtils.writePrivateKeyToFile(pair,"/Users/kobar004/misc/auth-backup/newKey-priv.pem");
        KeyObjectKeyLoader privateKeyLoader = new KeyObjectKeyLoader(pair.getPrivate());
        // // write public KeyStore to file.
        // String publicKeyStoreLocation = "/Users/kobar004/misc/auth-backup/newKey-pub.store";
        // KeyUtils.writePublicKeyStoreToFile(pair.getPublic(), publicKeyStoreLocation, "RSA", "rachel");
        // Ways to set the symmetric key data (HMAC):
        /*
         * Set Key value explicitly
         */
        KeyObjectKeyLoader simpleLoader = new KeyObjectKeyLoader("hmac-sha256", "someBase64Secret");
        /*
         * Configuring the HttpSignatureSigner (HttpRequestInterceptor)
         *
         *   - must set the keyId / alias
         *   - must set key/encryption/algorithm
         *   - if no headers are set, default to just using the Date header
         *   - Lastly, the signer must be added to the clientBuilder
         */
        // /// Signing for SIGNATURE Authorization with imported RSA key
        // setting the key of the singer either with a loader or a key.
        HttpSignatureSigner signer = new HttpSignatureSigner();
        signer.setKeyId("apiUser123");
        signer.setHeaders(Arrays.asList("(request-target)", "host", "x-date"));
        // set key (choose one)
        // signer.setKey(loader);
        // signer.setKey(keyLoader);
        signer.setKeyLoader(simpleLoader);
        clientBuilder.addInterceptorLast(signer);
        // ///
        CloseableHttpClient client = clientBuilder.build();
        getRequest(client, "http://localhost:8080/");
        client.close();
    } catch (Exception e) {
        e.printStackTrace();
    }
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HashMap(java.util.HashMap) URIParcel(com.disney.uriparcel.URIParcel) KeyChain(com.disney.http.auth.keychain.KeyChain) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) KeyStoreKeyChainImpl(com.disney.http.auth.keychain.KeyStoreKeyChainImpl) KeyChainKeyLoader(com.disney.http.auth.client.keyloader.KeyChainKeyLoader) HttpSignatureSigner(com.disney.http.auth.client.signer.HttpSignatureSigner) KeyObjectKeyLoader(com.disney.http.auth.client.keyloader.KeyObjectKeyLoader) File(java.io.File)

Example 5 with KeyStoreKeyChainImpl

use of com.disney.http.auth.keychain.KeyStoreKeyChainImpl in project groovity by disney.

the class VerifierFactory method makeKeyStoreLoader.

@SuppressWarnings("rawtypes")
private KeyChain makeKeyStoreLoader(final Map conf) throws MalformedURLException, URISyntaxException {
    Callable<URI> uri;
    final Object loc = conf.get("location");
    if (loc instanceof Closure) {
        uri = new Callable<URI>() {

            public URI call() throws Exception {
                String location = ((Closure) loc).call().toString();
                if (location.startsWith("/")) {
                    // look for webapp resource
                    URL url = viewResolver.getServletContext().getResource(location);
                    if (url != null) {
                        return url.toURI();
                    }
                }
                return new URI(location);
            }
        };
    } else {
        final URI mUri = new URI(loc.toString());
        uri = new Callable<URI>() {

            public URI call() throws Exception {
                return mUri;
            }
        };
    }
    Callable<Long> refresh;
    final Object ttl = (Object) conf.get("ttl");
    if (ttl != null) {
        if (ttl instanceof Closure) {
            refresh = new Callable<Long>() {

                public Long call() throws Exception {
                    return ((Number) (((Closure) ttl).call())).longValue();
                }
            };
        } else {
            refresh = new Callable<Long>() {

                public Long call() throws Exception {
                    return ((Number) ttl).longValue();
                }
            };
        }
    } else {
        refresh = new Callable<Long>() {

            public Long call() throws Exception {
                return 120000l;
            }
        };
    }
    Callable<Map<String, Object>> confg = new Callable<Map<String, Object>>() {

        public Map<String, Object> call() throws Exception {
            String password = resolve(conf, "password", String.class);
            String tp = resolve(conf, "type", String.class);
            String type = tp != null ? (String) tp.toString() : "PKCS12";
            Map<String, Object> config = new HashMap<>();
            config.put(KeyStoreValueHandler.KEYSTORE_PASSWORD, password);
            if (type != null) {
                config.put(KeyStoreValueHandler.KEYSTORE_TYPE, type);
            }
            return config;
        }
    };
    Callable<char[]> passwd = new Callable<char[]>() {

        public char[] call() throws Exception {
            String password = resolve(conf, "password", String.class);
            return password.toCharArray();
        }
    };
    URIParcel<KeyStore> parcel = new URIParcel<KeyStore>(KeyStore.class, uri, refresh, confg);
    return new KeyStoreKeyChainImpl(parcel, passwd);
}
Also used : Closure(groovy.lang.Closure) HashMap(java.util.HashMap) URIParcel(com.disney.uriparcel.URIParcel) URI(java.net.URI) KeyStore(java.security.KeyStore) URISyntaxException(java.net.URISyntaxException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) MalformedURLException(java.net.MalformedURLException) CertificateException(java.security.cert.CertificateException) URL(java.net.URL) Callable(java.util.concurrent.Callable) KeyStoreKeyChainImpl(com.disney.http.auth.keychain.KeyStoreKeyChainImpl) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

KeyStoreKeyChainImpl (com.disney.http.auth.keychain.KeyStoreKeyChainImpl)8 URIParcel (com.disney.uriparcel.URIParcel)7 HashMap (java.util.HashMap)7 KeyStore (java.security.KeyStore)6 KeyChainKeyLoader (com.disney.http.auth.client.keyloader.KeyChainKeyLoader)5 KeyChain (com.disney.http.auth.keychain.KeyChain)5 File (java.io.File)4 KeyObjectKeyLoader (com.disney.http.auth.client.keyloader.KeyObjectKeyLoader)3 HttpSignatureSigner (com.disney.http.auth.client.signer.HttpSignatureSigner)3 Key (java.security.Key)3 Callable (java.util.concurrent.Callable)3 Test (org.junit.Test)3 SignatureAuthorization (com.disney.http.auth.SignatureAuthorization)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 URI (java.net.URI)2 URL (java.net.URL)2 KeyPair (java.security.KeyPair)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 PrivateKey (java.security.PrivateKey)2 Map (java.util.Map)2