use of org.apache.cxf.rs.security.httpsignature.exception.SignatureException in project cxf by apache.
the class AbstractSignatureInFilter method createMessageVerifier.
protected MessageVerifier createMessageVerifier() {
Properties props = KeyManagementUtils.loadSignatureInProperties();
if (props == null) {
throw new SignatureException("Signature properties are not configured correctly");
}
Message m = PhaseInterceptorChain.getCurrentMessage();
PublicKey publicKey = KeyManagementUtils.loadPublicKey(m, props);
String signatureAlgorithm = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_SIGNATURE_ALGORITHM);
if (signatureAlgorithm == null) {
signatureAlgorithm = DefaultSignatureConstants.SIGNING_ALGORITHM;
}
final String finalSignatureAlgorithm = signatureAlgorithm;
final Provider provider = Security.getProvider(DefaultSignatureConstants.SECURITY_PROVIDER);
return new MessageVerifier(keyId -> publicKey, keyId -> provider, keyId -> finalSignatureAlgorithm);
}
use of org.apache.cxf.rs.security.httpsignature.exception.SignatureException in project cxf by apache.
the class AbstractSignatureOutFilter method performSignature.
protected void performSignature(MultivaluedMap<String, Object> headers, String uriPath, String httpMethod) {
if (!enabled) {
LOG.fine("Create signature filter is disabled");
return;
}
if (messageSigner == null) {
messageSigner = createMessageSigner();
}
if (headers.containsKey("Signature")) {
LOG.fine("Message already contains a signature");
return;
}
LOG.fine("Starting filter message signing process");
Map<String, List<String>> convertedHeaders = convertHeaders(headers);
try {
messageSigner.sign(convertedHeaders, uriPath, httpMethod);
} catch (IOException ex) {
throw new SignatureException("Error creating signature", ex);
}
headers.put("Signature", Collections.singletonList(convertedHeaders.get("Signature").get(0)));
LOG.fine("Finished filter message verification process");
}
use of org.apache.cxf.rs.security.httpsignature.exception.SignatureException in project cxf by apache.
the class KeyManagementUtils method loadStoreProperties.
private static Properties loadStoreProperties(Message m, String storeProp1, String storeProp2) {
if (m == null) {
return null;
}
Properties props = null;
String propLoc = (String) MessageUtils.getContextualProperty(m, storeProp1, storeProp2);
if (propLoc != null) {
try {
props = loadProperties(propLoc, m.getExchange().getBus());
} catch (Exception ex) {
LOG.warning("Properties resource is not identified");
throw new SignatureException("Properties resource is not identified", ex);
}
} else {
String keyFile = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_FILE);
if (keyFile != null) {
props = new Properties();
props.setProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_FILE, keyFile);
String type = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_TYPE);
if (type == null) {
type = "JKS";
}
props.setProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_TYPE, type);
String alias = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_ALIAS);
if (alias != null) {
props.setProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_ALIAS, alias);
}
String keystorePassword = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_PSWD);
if (keystorePassword != null) {
props.setProperty(HTTPSignatureConstants.RSSEC_KEY_STORE_PSWD, keystorePassword);
}
String keyPassword = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_KEY_PSWD);
if (keyPassword != null) {
props.setProperty(HTTPSignatureConstants.RSSEC_KEY_PSWD, keyPassword);
}
}
}
return props;
}
use of org.apache.cxf.rs.security.httpsignature.exception.SignatureException in project cxf by apache.
the class AbstractSignatureOutFilter method createMessageSigner.
private MessageSigner createMessageSigner() {
Properties props = KeyManagementUtils.loadSignatureOutProperties();
if (props == null) {
throw new SignatureException("Signature properties are not configured correctly");
}
Message m = PhaseInterceptorChain.getCurrentMessage();
KeyProvider keyProvider = keyId -> KeyManagementUtils.loadPrivateKey(m, props);
String signatureAlgorithm = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_SIGNATURE_ALGORITHM);
if (signatureAlgorithm == null) {
signatureAlgorithm = DefaultSignatureConstants.SIGNING_ALGORITHM;
}
String keyId = (String) m.getContextualProperty(HTTPSignatureConstants.RSSEC_HTTP_SIGNATURE_KEY_ID);
if (keyId == null) {
keyId = props.getProperty(HTTPSignatureConstants.RSSEC_HTTP_SIGNATURE_KEY_ID);
if (keyId == null) {
throw new SignatureException("The signature key id is a required configuration property");
}
}
List<String> signedHeaders = CastUtils.cast((List<?>) m.getContextualProperty(HTTPSignatureConstants.RSSEC_HTTP_SIGNATURE_OUT_HEADERS));
if (signedHeaders == null) {
signedHeaders = Collections.emptyList();
}
return new MessageSigner(signatureAlgorithm, keyProvider, keyId, signedHeaders);
}
use of org.apache.cxf.rs.security.httpsignature.exception.SignatureException in project cxf by apache.
the class KeyManagementUtils method loadPersistKeyStore.
private static KeyStore loadPersistKeyStore(Message m, Properties props) {
KeyStore keyStore = null;
if (props.containsKey(HTTPSignatureConstants.RSSEC_KEY_STORE)) {
keyStore = (KeyStore) props.get(HTTPSignatureConstants.RSSEC_KEY_STORE);
}
if (keyStore == null) {
if (!props.containsKey(HTTPSignatureConstants.RSSEC_KEY_STORE_FILE)) {
LOG.warning("No keystore file has been configured");
throw new SignatureException("No keystore file has been configured");
}
if (m != null) {
Object keyStoreProp = m.getExchange().get(props.get(HTTPSignatureConstants.RSSEC_KEY_STORE_FILE));
if (keyStoreProp != null && !(keyStoreProp instanceof KeyStore)) {
throw new SignatureException("Unexpected key store class: " + keyStoreProp.getClass().getName());
} else {
keyStore = (KeyStore) keyStoreProp;
}
}
}
if (keyStore == null) {
Bus bus = m != null ? m.getExchange().getBus() : null;
keyStore = loadKeyStore(props, bus);
if (m != null) {
m.getExchange().put((String) props.get(HTTPSignatureConstants.RSSEC_KEY_STORE_FILE), keyStore);
}
}
return keyStore;
}
Aggregations