Example 1 with Signature
use of org.tomitribe.auth.signatures.Signature in project cxf by apache.
the class TomitribeSignatureCreator method createSignature.
@Override
public String createSignature(Map<String, List<String>> messageHeaders, String uri, String method) throws IOException {
if (messageHeaders == null) {
throw new IllegalArgumentException("message headers cannot be null");
}
final List<String> headers;
// Otherwise sign all headers including "(request-target)" (if on an outbound service request)
if (headersToSign.isEmpty()) {
headers = messageHeaders.keySet().stream().map(String::toLowerCase).collect(Collectors.toList());
Message m = PhaseInterceptorChain.getCurrentMessage();
if (MessageUtils.isRequestor(m)) {
headers.add(HTTPSignatureConstants.REQUEST_TARGET);
}
} else {
headers = headersToSign.stream().map(String::toLowerCase).collect(Collectors.toList());
}
if (keyId == null) {
throw new IllegalArgumentException("key id cannot be null");
}
final Signature signature = new Signature(keyId, signatureAlgorithmName, null, headers);
final org.tomitribe.auth.signatures.Signer signer = new org.tomitribe.auth.signatures.Signer(keyProvider.getKey(keyId), signature);
Signature outputSignature = signer.sign(method, uri, SignatureHeaderUtils.mapHeaders(messageHeaders));
StringBuilder sb = new StringBuilder(128);
sb.append("keyId=\"");
sb.append(outputSignature.getKeyId());
sb.append('"');
sb.append(",algorithm=\"");
sb.append(outputSignature.getAlgorithm());
sb.append('"');
sb.append(",headers=\"");
sb.append(Join.join(" ", outputSignature.getHeaders()));
sb.append('"');
sb.append(",signature=\"");
sb.append(outputSignature.getSignature());
sb.append('"');
return sb.toString();
}Example 2 with Signature
use of org.tomitribe.auth.signatures.Signature in project cxf by apache.
the class TomitribeSignatureValidator method validate.
@Override
public void validate(Map<String, List<String>> messageHeaders, AlgorithmProvider algorithmProvider, KeyProvider keyProvider, SecurityProvider securityProvider, String method, String uri, List<String> requiredHeaders) {
Signature signature = extractSignatureFromHeader(messageHeaders.get("Signature").get(0));
String providedAlgorithm = algorithmProvider.getAlgorithmName(signature.getKeyId());
String signatureAlgorithm = signature.getAlgorithm().toString();
if (!providedAlgorithm.equals(signatureAlgorithm)) {
throw new DifferentAlgorithmsException("signature algorithm from header and provided are different");
}
Key key = keyProvider.getKey(signature.getKeyId());
java.security.Provider provider = securityProvider != null ? securityProvider.getProvider(signature.getKeyId()) : null;
runVerifier(messageHeaders, key, signature, provider, method, uri, requiredHeaders);
}
Also used :
Signature(org.tomitribe.auth.signatures.Signature)
Key(java.security.Key)
DifferentAlgorithmsException(org.apache.cxf.rs.security.httpsignature.exception.DifferentAlgorithmsException)
Aggregations
Signature (org.tomitribe.auth.signatures.Signature)2
Key (java.security.Key)1
Message (org.apache.cxf.message.Message)1
DifferentAlgorithmsException (org.apache.cxf.rs.security.httpsignature.exception.DifferentAlgorithmsException)1
