Coverage Report

Coverage Report - org.kuali.rice.ksb.security.SignatureVerifyingRequestWrapper

Classes in this File

Line Coverage

Branch Coverage

Complexity

SignatureVerifyingRequestWrapper

0/20

0/10

5.5

 /**
  * Copyright 2005-2011 The Kuali Foundation
  *
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.opensource.org/licenses/ecl2.php
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.ksb.security;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.security.Signature;
 import java.security.cert.CertificateFactory;
 
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.StringUtils;
 import org.kuali.rice.ksb.service.KSBServiceLocator;
 import org.kuali.rice.ksb.util.KSBConstants;
 
 /**
  * An HttpServletRequestWrapper which will wraps the underlying request's InputStream in a 
  * SignatureVerifyingInputStream which will verify the digital signature of the request after 
  * all of the data has been read from the input stream.
  * 
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class SignatureVerifyingRequestWrapper extends HttpServletRequestWrapper {
 
         private byte[] digitalSignature;
         private Signature signature;
         
         public SignatureVerifyingRequestWrapper(HttpServletRequest request) {
                 super(request);
                 String encodedSignature = request.getHeader(KSBConstants.DIGITAL_SIGNATURE_HEADER);
                 if (StringUtils.isEmpty(encodedSignature)) {
                         throw new RuntimeException("A digital signature was required on the request but none was found.");
                 }
                 String verificationAlias = request.getHeader(KSBConstants.KEYSTORE_ALIAS_HEADER);
                 String encodedCertificate = request.getHeader(KSBConstants.KEYSTORE_CERTIFICATE_HEADER);
                 if ( (StringUtils.isEmpty(verificationAlias)) && (StringUtils.isEmpty(encodedCertificate)) ) {
             throw new RuntimeException("A verification alias or certificate was required on the request but neither was found.");
                 }
                 try {
             this.digitalSignature = Base64.decodeBase64(encodedSignature.getBytes("UTF-8"));
             if (StringUtils.isNotBlank(encodedCertificate)) {
                 byte[] certificate = Base64.decodeBase64(encodedCertificate.getBytes("UTF-8"));
                 CertificateFactory cf = CertificateFactory.getInstance("X.509");
                 this.signature = KSBServiceLocator.getDigitalSignatureService().getSignatureForVerification(cf.generateCertificate(new ByteArrayInputStream(certificate)));
             } else if (StringUtils.isNotBlank(verificationAlias)) {
                 this.signature = KSBServiceLocator.getDigitalSignatureService().getSignatureForVerification(verificationAlias);
             }
                 } catch (Exception e) {
                         throw new RuntimeException("Failed to initialize digital signature verification.", e);
                 }
         }
 
         @Override
         public ServletInputStream getInputStream() throws IOException {
                 return new SignatureVerifyingInputStream(this.digitalSignature, this.signature, super.getInputStream());
         }
         
 }

1		/**
2		* Copyright 2005-2011 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl2.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16		package org.kuali.rice.ksb.security;
17
18		import java.io.ByteArrayInputStream;
19		import java.io.IOException;
20		import java.security.Signature;
21		import java.security.cert.CertificateFactory;
22
23		import javax.servlet.ServletInputStream;
24		import javax.servlet.http.HttpServletRequest;
25		import javax.servlet.http.HttpServletRequestWrapper;
26
27		import org.apache.commons.codec.binary.Base64;
28		import org.apache.commons.lang.StringUtils;
29		import org.kuali.rice.ksb.service.KSBServiceLocator;
30		import org.kuali.rice.ksb.util.KSBConstants;
31
32		/**
33		* An HttpServletRequestWrapper which will wraps the underlying request's InputStream in a
34		* SignatureVerifyingInputStream which will verify the digital signature of the request after
35		* all of the data has been read from the input stream.
36		*
37		* @author Kuali Rice Team (rice.collab@kuali.org)
38		*/
39		public class SignatureVerifyingRequestWrapper extends HttpServletRequestWrapper {
40
41		private byte[] digitalSignature;
42		private Signature signature;
43
44		public SignatureVerifyingRequestWrapper(HttpServletRequest request) {
45	0	super(request);
46	0	String encodedSignature = request.getHeader(KSBConstants.DIGITAL_SIGNATURE_HEADER);
47	0	if (StringUtils.isEmpty(encodedSignature)) {
48	0	throw new RuntimeException("A digital signature was required on the request but none was found.");
49		}
50	0	String verificationAlias = request.getHeader(KSBConstants.KEYSTORE_ALIAS_HEADER);
51	0	String encodedCertificate = request.getHeader(KSBConstants.KEYSTORE_CERTIFICATE_HEADER);
52	0	if ( (StringUtils.isEmpty(verificationAlias)) && (StringUtils.isEmpty(encodedCertificate)) ) {
53	0	throw new RuntimeException("A verification alias or certificate was required on the request but neither was found.");
54		}
55		try {
56	0	this.digitalSignature = Base64.decodeBase64(encodedSignature.getBytes("UTF-8"));
57	0	if (StringUtils.isNotBlank(encodedCertificate)) {
58	0	byte[] certificate = Base64.decodeBase64(encodedCertificate.getBytes("UTF-8"));
59	0	CertificateFactory cf = CertificateFactory.getInstance("X.509");
60	0	this.signature = KSBServiceLocator.getDigitalSignatureService().getSignatureForVerification(cf.generateCertificate(new ByteArrayInputStream(certificate)));
61	0	} else if (StringUtils.isNotBlank(verificationAlias)) {
62	0	this.signature = KSBServiceLocator.getDigitalSignatureService().getSignatureForVerification(verificationAlias);
63		}
64	0	} catch (Exception e) {
65	0	throw new RuntimeException("Failed to initialize digital signature verification.", e);
66	0	}
67	0	}
68
69		@Override
70		public ServletInputStream getInputStream() throws IOException {
71	0	return new SignatureVerifyingInputStream(this.digitalSignature, this.signature, super.getInputStream());
72		}
73
74		}