Example 1 with MapKeyChainImpl
use of com.disney.http.auth.keychain.MapKeyChainImpl in project groovity by disney.
the class VerifierFactory method processSignature.
@SuppressWarnings({ "unchecked", "rawtypes" })
private SignatureVerifierImpl processSignature(Map signature, Class<Script> scriptClass) throws InstantiationException, IllegalAccessException, ClassNotFoundException, MalformedURLException, URISyntaxException, NoSuchAlgorithmException, InvalidKeySpecException, CertificateException {
SignatureVerifierImpl verifier = new SignatureVerifierImpl();
processCommon(verifier, signature, scriptClass);
List<KeyChain> keyChains = new ArrayList<KeyChain>();
List headers = (List) signature.get("headers");
if (headers != null) {
verifier.setRequiredHeaders(headers);
}
Number drift = (Number) signature.get("drift");
if (drift != null) {
verifier.setMaxDateDrift(drift.longValue());
}
Map<Object, Map> keys = (Map) signature.get("keys");
if (keys != null) {
// we need to convert to proper Key objects
Map<String, Key> realKeys = new HashMap<String, Key>();
for (Entry<Object, Map> entry : keys.entrySet()) {
String algorithm = (String) entry.getValue().get("algorithm");
Object secret = entry.getValue().get("key");
String signingAlg = Algorithms.getSecurityAlgorithm(algorithm);
Key key;
if (signingAlg.startsWith("Hmac")) {
// expect base 64 encoding
key = new SecretKeySpec(DatatypeConverter.parseBase64Binary(secret.toString()), signingAlg);
} else {
// expect x509 encoding
CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(DatatypeConverter.parseBase64Binary(secret.toString())));
key = certificate.getPublicKey();
/*X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(DatatypeConverter.parseBase64Binary(secret.toString()));
KeyFactory factory = KeyFactory.getInstance("rsa");
key = factory.generatePublic(pubKeySpec);
*/
}
realKeys.put(entry.getKey().toString(), key);
}
keyChains.add(new MapKeyChainImpl(realKeys));
}
Map keystore = (Map) signature.get("keystore");
if (keystore != null) {
keyChains.add(makeKeyStoreLoader(keystore));
}
List<Map> keystores = (List<Map>) signature.get("keystores");
if (keystores != null) {
for (Map k : keystores) {
keyChains.add(makeKeyStoreLoader(k));
}
}
Object keychain = signature.get("keychain");
addKeychain(keychain, keyChains, scriptClass);
List kcs = (List) signature.get("keychains");
if (kcs != null) {
for (Object kc : kcs) {
addKeychain(kc, keyChains, scriptClass);
}
}
verifier.setKeyChains(keyChains);
return verifier;
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
KeyChain(com.disney.http.auth.keychain.KeyChain)
MapKeyChainImpl(com.disney.http.auth.keychain.MapKeyChainImpl)
CertificateFactory(java.security.cert.CertificateFactory)
SignatureVerifierImpl(com.disney.http.auth.server.signature.SignatureVerifierImpl)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
List(java.util.List)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
HashMap(java.util.HashMap)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
PublicKey(java.security.PublicKey)
Certificate(java.security.cert.Certificate)
Example 2 with MapKeyChainImpl
use of com.disney.http.auth.keychain.MapKeyChainImpl in project groovity by disney.
the class XmlPolicyParser method processSignature.
private static SignatureVerifierImpl processSignature(Element sig, ServletContext context) throws InstantiationException, IllegalAccessException, ClassNotFoundException, NoSuchAlgorithmException, InvalidKeySpecException, MalformedURLException, URISyntaxException {
SignatureVerifierImpl config = new SignatureVerifierImpl();
List<KeyChain> keyChains = new ArrayList<KeyChain>();
processCommon(config, sig);
NodeList bcnodes = sig.getChildNodes();
for (int j = 0; j < bcnodes.getLength(); j++) {
Node bcnode = bcnodes.item(j);
if (bcnode instanceof Element) {
Element bcel = (Element) bcnode;
if (bcel.getNodeName().equals("drift")) {
config.setMaxDateDrift(Long.parseLong(bcel.getTextContent().trim()));
} else if (bcel.getNodeName().equals("headers")) {
config.setRequiredHeaders(Arrays.asList(bcel.getTextContent().trim().split("(,\\s*|\\s+)")));
} else if (bcel.getNodeName().equals("keys")) {
keyChains.add(new MapKeyChainImpl(processKeys(bcel)));
} else if (bcel.getNodeName().equals("keystore")) {
keyChains.add(processKeystore(bcel, context));
}
}
}
config.setKeyChains(keyChains);
return config;
}
Also used :
SignatureVerifierImpl(com.disney.http.auth.server.signature.SignatureVerifierImpl)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
KeyChain(com.disney.http.auth.keychain.KeyChain)
MapKeyChainImpl(com.disney.http.auth.keychain.MapKeyChainImpl)
Aggregations
KeyChain (com.disney.http.auth.keychain.KeyChain)2
MapKeyChainImpl (com.disney.http.auth.keychain.MapKeyChainImpl)2
SignatureVerifierImpl (com.disney.http.auth.server.signature.SignatureVerifierImpl)2
ArrayList (java.util.ArrayList)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
Key (java.security.Key)1
PrivateKey (java.security.PrivateKey)1
PublicKey (java.security.PublicKey)1
Certificate (java.security.cert.Certificate)1
CertificateFactory (java.security.cert.CertificateFactory)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
SecretKey (javax.crypto.SecretKey)1
SecretKeySpec (javax.crypto.spec.SecretKeySpec)1
Element (org.w3c.dom.Element)1
Node (org.w3c.dom.Node)1
NodeList (org.w3c.dom.NodeList)1
