Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow to not browse all headers when not needed #9

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

allow to not browse all headers when not needed #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
<parent>
<groupId>org.tomitribe</groupId>
<artifactId>oss-parent</artifactId>
<version>2</version>
<version>5</version>
</parent>

<artifactId>tomitribe-http-signatures</artifactId>
Expand All @@ -42,6 +42,12 @@
</properties>

<dependencies>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-servlet-api</artifactId>
<version>8.5.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
Expand Down
51 changes: 51 additions & 0 deletions src/main/java/org/tomitribe/auth/signatures/HeaderReader.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.tomitribe.auth.signatures;

import javax.servlet.http.HttpServletRequest;
import java.util.TreeMap;

public interface HeaderReader {
String read(String header);

class Servlet implements HeaderReader {
private final HttpServletRequest request;

public Servlet(final HttpServletRequest request) {
this.request = request;
}

@Override
public String read(final String header) {
return request.getHeader(header);
}
}

class Map implements HeaderReader {
private final java.util.Map<String, String> delegate;

public Map(final java.util.Map<String, String> source) {
this.delegate = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
this.delegate.putAll(source);
}

@Override
public String read(final String header) {
return delegate.get(header);
}
}
}
24 changes: 7 additions & 17 deletions src/main/java/org/tomitribe/auth/signatures/Signatures.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,25 +17,24 @@
package org.tomitribe.auth.signatures;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Locale;

public enum Signatures {
;

public static String createSigningString(final List<String> required, String method, final String uri, Map<String, String> headers) {
private static final String REQUEST_TARGET = "(request-target)";

public static String createSigningString(final List<String> required, String method, final String uri, final HeaderReader headers) {
method = lowercase(method);
headers = lowercase(headers);

final List<String> list = new ArrayList<String>(required.size());

for (final String key : required) {
if ("(request-target)".equals(key)) {
if (REQUEST_TARGET.equals(key)) {
list.add(Join.join(" ", "(request-target):", method, uri));

} else {
final String value = headers.get(key);
final String value = headers.read(key);
if (value == null) throw new MissingRequiredHeaderException(key);

list.add(key + ": " + value);
Expand All @@ -45,16 +44,7 @@ public static String createSigningString(final List<String> required, String met
return Join.join("\n", list);
}

private static Map<String, String> lowercase(final Map<String, String> headers) {
final Map<String, String> map = new HashMap<String, String>();
for (final Map.Entry<String, String> entry : headers.entrySet()) {
map.put(entry.getKey().toLowerCase(), entry.getValue());
}

return map;
}

private static String lowercase(final String spec) {
return spec.toLowerCase();
return spec.toLowerCase(Locale.ENGLISH);
}
}
15 changes: 11 additions & 4 deletions src/main/java/org/tomitribe/auth/signatures/Signer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,16 +75,18 @@ public Signer(final Key key, final Signature signature, final Provider provider)
sign.sign("validation".getBytes());

} catch (final RuntimeException e) {

throw (RuntimeException) e;

throw e;
} catch (final Exception e) {

throw new IllegalStateException("Can't initialise the Signer using the provided algorithm and key", e);
}
}

@Deprecated // use sign(String, String, HeaderReader headers)
public Signature sign(final String method, final String uri, final Map<String, String> headers) throws IOException {
return sign(method, uri, new HeaderReader.Map(headers));
}

public Signature sign(final String method, final String uri, final HeaderReader headers) throws IOException {

final String signingString = createSigningString(method, uri, headers);

Expand All @@ -97,7 +99,12 @@ public Signature sign(final String method, final String uri, final Map<String, S
return new Signature(signature.getKeyId(), signature.getAlgorithm(), signedAndEncodedString, signature.getHeaders());
}

@Deprecated // use createSigningString(String, String, HeaderReader)
public String createSigningString(final String method, final String uri, final Map<String, String> headers) throws IOException {
return createSigningString(method, uri, new HeaderReader.Map(headers));
}

public String createSigningString(final String method, final String uri, final HeaderReader headers) throws IOException {
return Signatures.createSigningString(signature.getHeaders(), method, uri, headers);
}

Expand Down
16 changes: 8 additions & 8 deletions src/test/java/org/tomitribe/auth/signatures/SignerTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ public void testSign() throws Exception {
headers.put("Digest", "SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=");
headers.put("Accept", "*/*");
headers.put("Content-Length", "18");
final Signature signed = signer.sign(method, uri, headers);
final Signature signed = signer.sign(method, uri, new HeaderReader.Map(headers));
assertEquals("yT/NrPI9mKB5R7FTLRyFWvB+QLQOEAvbGmauC0tI+Jg=", signed.getSignature());
}

Expand All @@ -104,7 +104,7 @@ public void testSign() throws Exception {
headers.put("Digest", "SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=");
headers.put("Accept", "*/*");
headers.put("Content-Length", "18");
final Signature signed = signer.sign(method, uri, headers);
final Signature signed = signer.sign(method, uri, new HeaderReader.Map(headers));
assertEquals("DPIsA/PWeYjySmfjw2P2SLJXZj1szDOei/Hh8nTcaPo=", signed.getSignature());
}

Expand All @@ -118,7 +118,7 @@ public void testSign() throws Exception {
headers.put("Digest", "SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu8DBPE=");
headers.put("Accept", "*/*");
headers.put("Content-Length", "18");
final Signature signed = signer.sign(method, uri, headers);
final Signature signed = signer.sign(method, uri, new HeaderReader.Map(headers));
assertEquals("DPIsA/PWeYjySmfjw2P2SLJXZj1szDOei/Hh8nTcaPo=", signed.getSignature());
}

Expand All @@ -132,7 +132,7 @@ public void testSign() throws Exception {
headers.put("Digest", "SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu8DBPE=");
headers.put("Accept", "*/*");
headers.put("Content-Length", "18");
final Signature signed = signer.sign(method, uri, headers);
final Signature signed = signer.sign(method, uri, new HeaderReader.Map(headers));
assertEquals("IWTDxmOoEJI67YxY3eDIRzxrsAtlYYCuGZxKlkUSYdA=", signed.getSignature());
}
}
Expand All @@ -148,15 +148,15 @@ public void defaultHeaderList() throws Exception {
final Map<String, String> headers = new HashMap<String, String>();
headers.put("Date", "Tue, 07 Jun 2014 20:51:35 GMT");

final Signature signed = signer.sign("GET", "/foo/Bar", headers);
final Signature signed = signer.sign("GET", "/foo/Bar", new HeaderReader.Map(headers));
assertEquals("WbB9VXuVdRt1LKQ5mDuT+tiaChn8R7WhdAWAY1lhKZQ=", signed.getSignature());
}

{ // one second later
final Map<String, String> headers = new HashMap<String, String>();
headers.put("Date", "Tue, 07 Jun 2014 20:51:36 GMT");

final Signature signed = signer.sign("GET", "/foo/Bar", headers);
final Signature signed = signer.sign("GET", "/foo/Bar", new HeaderReader.Map(headers));
assertEquals("kRkh0bV1wKZSXBgexUB+zlPU88/za5K/gk/F0Aikg7Q=", signed.getSignature());
}

Expand All @@ -168,7 +168,7 @@ public void defaultHeaderList() throws Exception {
headers.put("Accept", "*/*");
headers.put("Content-Length", "18");

final Signature signed = signer.sign("GET", "/foo/Bar", headers);
final Signature signed = signer.sign("GET", "/foo/Bar", new HeaderReader.Map(headers));
assertEquals("kRkh0bV1wKZSXBgexUB+zlPU88/za5K/gk/F0Aikg7Q=", signed.getSignature());
}
}
Expand All @@ -181,7 +181,7 @@ public void missingDefaultHeader() throws Exception {
final Signer signer = new Signer(key, signature);

final Map<String, String> headers = new HashMap<String, String>();
signer.sign("GET", "/foo/Bar", headers);
signer.sign("GET", "/foo/Bar", new HeaderReader.Map(headers));
}

@Test(expected = MissingRequiredHeaderException.class)
Expand Down