Example 6 with EncryptContext
use of org.apache.servicecomb.demo.edge.service.encrypt.EncryptContext in project java-chassis by ServiceComb.
the class EdgeSignatureResponseFilter method beforeSendResponse.
@Override
public void beforeSendResponse(Invocation invocation, HttpServletResponseEx responseEx) {
if (invocation == null) {
return;
}
EncryptContext encryptContext = (EncryptContext) invocation.getHandlerContext().get(EdgeConst.ENCRYPT_CONTEXT);
if (encryptContext == null) {
return;
}
Hcr hcr = encryptContext.getHcr();
// bad practice: it's better to set signature in response header
Buffer bodyBuffer = responseEx.getBodyBuffer();
String body = bodyBuffer.toString();
if (body.endsWith("}")) {
Hasher hasher = Hashing.sha256().newHasher();
hasher.putString(hcr.getSignatureKey(), StandardCharsets.UTF_8);
hasher.putString(body, StandardCharsets.UTF_8);
String signature = hasher.hash().toString();
LOGGER.info("beforeSendResponse signature: {}", signature);
body = body.substring(0, body.length() - 1) + ",\"signature\":\"" + signature + "\"}";
responseEx.setBodyBuffer(Buffer.buffer(body));
}
}
Also used :
Buffer(io.vertx.core.buffer.Buffer)
Hasher(com.google.common.hash.Hasher)
Hcr(org.apache.servicecomb.demo.edge.authentication.encrypt.Hcr)
EncryptContext(org.apache.servicecomb.demo.edge.service.encrypt.EncryptContext)
Example 7 with EncryptContext
use of org.apache.servicecomb.demo.edge.service.encrypt.EncryptContext in project java-chassis by ServiceComb.
the class EdgeSignatureRequestFilter method afterReceiveRequest.
@Override
public Response afterReceiveRequest(Invocation invocation, HttpServletRequestEx requestEx) {
EncryptContext encryptContext = (EncryptContext) invocation.getHandlerContext().get(EdgeConst.ENCRYPT_CONTEXT);
if (encryptContext == null) {
return null;
}
Hcr hcr = encryptContext.getHcr();
// signature for query and form
List<String> names = Collections.list(requestEx.getParameterNames());
names.sort(Comparator.naturalOrder());
Hasher hasher = Hashing.sha256().newHasher();
hasher.putString(hcr.getSignatureKey(), StandardCharsets.UTF_8);
for (String name : names) {
hasher.putString(name, StandardCharsets.UTF_8);
hasher.putString(requestEx.getParameter(name), StandardCharsets.UTF_8);
}
LOGGER.info("afterReceiveRequest signature: {}", hasher.hash().toString());
return null;
}
Also used :
Hasher(com.google.common.hash.Hasher)
Hcr(org.apache.servicecomb.demo.edge.authentication.encrypt.Hcr)
EncryptContext(org.apache.servicecomb.demo.edge.service.encrypt.EncryptContext)
Example 8 with EncryptContext
use of org.apache.servicecomb.demo.edge.service.encrypt.EncryptContext in project incubator-servicecomb-java-chassis by apache.
the class DecodeBodyFilter method afterReceiveRequest.
@Override
public Response afterReceiveRequest(Invocation invocation, HttpServletRequestEx requestEx) {
EncryptContext encryptContext = (EncryptContext) invocation.getHandlerContext().get(EdgeConst.ENCRYPT_CONTEXT);
if (encryptContext == null) {
return null;
}
Hcr hcr = encryptContext.getHcr();
String encodedBody = requestEx.getParameter("body");
if (encodedBody == null) {
return null;
}
encodedBody = encodedBody.substring(hcr.getBodyKey().length());
try {
Map<String, String[]> decodedBody = RestObjectMapperFactory.getRestObjectMapper().readValue(encodedBody, bodyType);
requestEx.getParameterMap().putAll(decodedBody);
} catch (Throwable e) {
// should be a meaning exception response
return Response.producerFailResp(e);
}
return null;
}
Also used :
Hcr(org.apache.servicecomb.demo.edge.authentication.encrypt.Hcr)
EncryptContext(org.apache.servicecomb.demo.edge.service.encrypt.EncryptContext)
Aggregations
EncryptContext (org.apache.servicecomb.demo.edge.service.encrypt.EncryptContext)8
Hcr (org.apache.servicecomb.demo.edge.authentication.encrypt.Hcr)6
Hasher (com.google.common.hash.Hasher)4
Buffer (io.vertx.core.buffer.Buffer)2
