Search in sources :

Example 1 with SignatureException

use of org.apache.cxf.rs.security.httpsignature.exception.SignatureException in project cxf by apache.

the class AbstractSignatureInFilter method createMessageVerifier.

protected MessageVerifier createMessageVerifier() {
    Properties props = KeyManagementUtils.loadSignatureInProperties();
    if (props == null) {
        throw new SignatureException("Signature properties are not configured correctly");
    }
    Message m = PhaseInterceptorChain.getCurrentMessage();
    PublicKey publicKey = KeyManagementUtils.loadPublicKey(m, props);
    String signatureAlgorithm = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_SIGNATURE_ALGORITHM);
    if (signatureAlgorithm == null) {
        signatureAlgorithm = DefaultSignatureConstants.SIGNING_ALGORITHM;
    }
    final String finalSignatureAlgorithm = signatureAlgorithm;
    final Provider provider = Security.getProvider(DefaultSignatureConstants.SECURITY_PROVIDER);
    return new MessageVerifier(keyId -> publicKey, keyId -> provider, keyId -> finalSignatureAlgorithm);
}
Also used : Message(org.apache.cxf.message.Message) PublicKey(java.security.PublicKey) MessageVerifier(org.apache.cxf.rs.security.httpsignature.MessageVerifier) SignatureException(org.apache.cxf.rs.security.httpsignature.exception.SignatureException) InvalidDataToVerifySignatureException(org.apache.cxf.rs.security.httpsignature.exception.InvalidDataToVerifySignatureException) InvalidSignatureException(org.apache.cxf.rs.security.httpsignature.exception.InvalidSignatureException) Properties(java.util.Properties) Provider(java.security.Provider)

Example 2 with SignatureException

use of org.apache.cxf.rs.security.httpsignature.exception.SignatureException in project cxf by apache.

the class AbstractSignatureOutFilter method performSignature.

protected void performSignature(MultivaluedMap<String, Object> headers, String uriPath, String httpMethod) {
    if (!enabled) {
        LOG.fine("Create signature filter is disabled");
        return;
    }
    if (messageSigner == null) {
        messageSigner = createMessageSigner();
    }
    if (headers.containsKey("Signature")) {
        LOG.fine("Message already contains a signature");
        return;
    }
    LOG.fine("Starting filter message signing process");
    Map<String, List<String>> convertedHeaders = convertHeaders(headers);
    try {
        messageSigner.sign(convertedHeaders, uriPath, httpMethod);
    } catch (IOException ex) {
        throw new SignatureException("Error creating signature", ex);
    }
    headers.put("Signature", Collections.singletonList(convertedHeaders.get("Signature").get(0)));
    LOG.fine("Finished filter message verification process");
}
Also used : List(java.util.List) IOException(java.io.IOException) SignatureException(org.apache.cxf.rs.security.httpsignature.exception.SignatureException)

Example 3 with SignatureException

use of org.apache.cxf.rs.security.httpsignature.exception.SignatureException in project cxf by apache.

the class KeyManagementUtils method loadStoreProperties.

private static Properties loadStoreProperties(Message m, String storeProp1, String storeProp2) {
    if (m == null) {
        return null;
    }
    Properties props = null;
    String propLoc = (String) MessageUtils.getContextualProperty(m, storeProp1, storeProp2);
    if (propLoc != null) {
        try {
            props = loadProperties(propLoc, m.getExchange().getBus());
        } catch (Exception ex) {
            LOG.warning("Properties resource is not identified");
            throw new SignatureException("Properties resource is not identified", ex);
        }
    } else {
        String keyFile = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_FILE);
        if (keyFile != null) {
            props = new Properties();
            props.setProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_FILE, keyFile);
            String type = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_TYPE);
            if (type == null) {
                type = "JKS";
            }
            props.setProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_TYPE, type);
            String alias = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_ALIAS);
            if (alias != null) {
                props.setProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_ALIAS, alias);
            }
            String keystorePassword = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_PSWD);
            if (keystorePassword != null) {
                props.setProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_PSWD, keystorePassword);
            }
            String keyPassword = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_KEY_PSWD);
            if (keyPassword != null) {
                props.setProperty(HTTPSignatureConstants.RSSEC_KEY_PSWD, keyPassword);
            }
        }
    }
    return props;
}
Also used : SignatureException(org.apache.cxf.rs.security.httpsignature.exception.SignatureException) Properties(java.util.Properties) SignatureException(org.apache.cxf.rs.security.httpsignature.exception.SignatureException)

Example 4 with SignatureException

use of org.apache.cxf.rs.security.httpsignature.exception.SignatureException in project cxf by apache.

the class AbstractSignatureOutFilter method createMessageSigner.

private MessageSigner createMessageSigner() {
    Properties props = KeyManagementUtils.loadSignatureOutProperties();
    if (props == null) {
        throw new SignatureException("Signature properties are not configured correctly");
    }
    Message m = PhaseInterceptorChain.getCurrentMessage();
    KeyProvider keyProvider = keyId -> KeyManagementUtils.loadPrivateKey(m, props);
    String signatureAlgorithm = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_SIGNATURE_ALGORITHM);
    if (signatureAlgorithm == null) {
        signatureAlgorithm = DefaultSignatureConstants.SIGNING_ALGORITHM;
    }
    String keyId = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_HTTP_SIGNATURE_KEY_ID);
    if (keyId == null) {
        keyId = props.getProperty(HTTPSignatureConstants.RSSEC_HTTP_SIGNATURE_KEY_ID);
        if (keyId == null) {
            throw new SignatureException("The signature key id is a required configuration property");
        }
    }
    List<String> signedHeaders = CastUtils.cast((List<?>) m.getContextualProperty(HTTPSignatureConstants.RSSEC_HTTP_SIGNATURE_OUT_HEADERS));
    if (signedHeaders == null) {
        signedHeaders = Collections.emptyList();
    }
    return new MessageSigner(signatureAlgorithm, keyProvider, keyId, signedHeaders);
}
Also used : KeyProvider(org.apache.cxf.rs.security.httpsignature.provider.KeyProvider) Properties(java.util.Properties) CastUtils(org.apache.cxf.helpers.CastUtils) Message(org.apache.cxf.message.Message) IOException(java.io.IOException) HashMap(java.util.HashMap) KeyProvider(org.apache.cxf.rs.security.httpsignature.provider.KeyProvider) Logger(java.util.logging.Logger) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) MessageSigner(org.apache.cxf.rs.security.httpsignature.MessageSigner) DefaultSignatureConstants(org.apache.cxf.rs.security.httpsignature.utils.DefaultSignatureConstants) List(java.util.List) LogUtils(org.apache.cxf.common.logging.LogUtils) Map(java.util.Map) PhaseInterceptorChain(org.apache.cxf.phase.PhaseInterceptorChain) HTTPSignatureConstants(org.apache.cxf.rs.security.httpsignature.HTTPSignatureConstants) KeyManagementUtils(org.apache.cxf.rs.security.httpsignature.utils.KeyManagementUtils) Collections(java.util.Collections) SignatureException(org.apache.cxf.rs.security.httpsignature.exception.SignatureException) MessageSigner(org.apache.cxf.rs.security.httpsignature.MessageSigner) Message(org.apache.cxf.message.Message) SignatureException(org.apache.cxf.rs.security.httpsignature.exception.SignatureException) Properties(java.util.Properties)

Example 5 with SignatureException

use of org.apache.cxf.rs.security.httpsignature.exception.SignatureException in project cxf by apache.

the class KeyManagementUtils method loadPersistKeyStore.

private static KeyStore loadPersistKeyStore(Message m, Properties props) {
    KeyStore keyStore = null;
    if (props.containsKey(HTTPSignatureConstants.RSSEC_KEY_STORE)) {
        keyStore = (KeyStore) props.get(HTTPSignatureConstants.RSSEC_KEY_STORE);
    }
    if (keyStore == null) {
        if (!props.containsKey(HTTPSignatureConstants.RSSEC_KEY_STORE_FILE)) {
            LOG.warning("No keystore file has been configured");
            throw new SignatureException("No keystore file has been configured");
        }
        if (m != null) {
            Object keyStoreProp = m.getExchange().get(props.get(HTTPSignatureConstants.RSSEC_KEY_STORE_FILE));
            if (keyStoreProp != null && !(keyStoreProp instanceof KeyStore)) {
                throw new SignatureException("Unexpected key store class: " + keyStoreProp.getClass().getName());
            } else {
                keyStore = (KeyStore) keyStoreProp;
            }
        }
    }
    if (keyStore == null) {
        Bus bus = m != null ? m.getExchange().getBus() : null;
        keyStore = loadKeyStore(props, bus);
        if (m != null) {
            m.getExchange().put((String) props.get(HTTPSignatureConstants.RSSEC_KEY_STORE_FILE), keyStore);
        }
    }
    return keyStore;
}
Also used : Bus(org.apache.cxf.Bus) SignatureException(org.apache.cxf.rs.security.httpsignature.exception.SignatureException) KeyStore(java.security.KeyStore)

Aggregations

SignatureException (org.apache.cxf.rs.security.httpsignature.exception.SignatureException)5 Properties (java.util.Properties)3 IOException (java.io.IOException)2 List (java.util.List)2 Message (org.apache.cxf.message.Message)2 KeyStore (java.security.KeyStore)1 Provider (java.security.Provider)1 PublicKey (java.security.PublicKey)1 Collections (java.util.Collections)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 Objects (java.util.Objects)1 Logger (java.util.logging.Logger)1 Collectors (java.util.stream.Collectors)1 MultivaluedMap (javax.ws.rs.core.MultivaluedMap)1 Bus (org.apache.cxf.Bus)1 LogUtils (org.apache.cxf.common.logging.LogUtils)1 CastUtils (org.apache.cxf.helpers.CastUtils)1 PhaseInterceptorChain (org.apache.cxf.phase.PhaseInterceptorChain)1 HTTPSignatureConstants (org.apache.cxf.rs.security.httpsignature.HTTPSignatureConstants)1