Coverage Report

Coverage Report - org.kuali.rice.ksb.security.SignatureVerifyingRequestWrapper

Classes in this File

Line Coverage

Branch Coverage

Complexity

SignatureVerifyingRequestWrapper

0/20

0/10

5.5

 /*
  * Copyright 2005-2007 The Kuali Foundation
  * 
  * 
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  * 
  * http://www.opensource.org/licenses/ecl2.php
  * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.ksb.security;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.security.Signature;
 import java.security.cert.CertificateFactory;
 
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.StringUtils;
 import org.kuali.rice.ksb.service.KSBServiceLocator;
 import org.kuali.rice.ksb.util.KSBConstants;
 
 /**
  * An HttpServletRequestWrapper which will wraps the underlying request's InputStream in a 
  * SignatureVerifyingInputStream which will verify the digital signature of the request after 
  * all of the data has been read from the input stream.
  * 
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class SignatureVerifyingRequestWrapper extends HttpServletRequestWrapper {
 
         private byte[] digitalSignature;
         private Signature signature;
         
         public SignatureVerifyingRequestWrapper(HttpServletRequest request) {
                 super(request);
                 String encodedSignature = request.getHeader(KSBConstants.DIGITAL_SIGNATURE_HEADER);
                 if (StringUtils.isEmpty(encodedSignature)) {
                         throw new RuntimeException("A digital signature was required on the request but none was found.");
                 }
                 String verificationAlias = request.getHeader(KSBConstants.KEYSTORE_ALIAS_HEADER);
                 String encodedCertificate = request.getHeader(KSBConstants.KEYSTORE_CERTIFICATE_HEADER);
                 if ( (StringUtils.isEmpty(verificationAlias)) && (StringUtils.isEmpty(encodedCertificate)) ) {
             throw new RuntimeException("A verification alias or certificate was required on the request but neither was found.");
                 }
                 try {
             this.digitalSignature = Base64.decodeBase64(encodedSignature.getBytes("UTF-8"));
             if (StringUtils.isNotBlank(encodedCertificate)) {
                 byte[] certificate = Base64.decodeBase64(encodedCertificate.getBytes("UTF-8"));
                 CertificateFactory cf = CertificateFactory.getInstance("X.509");
                 this.signature = KSBServiceLocator.getDigitalSignatureService().getSignatureForVerification(cf.generateCertificate(new ByteArrayInputStream(certificate)));
             } else if (StringUtils.isNotBlank(verificationAlias)) {
                 this.signature = KSBServiceLocator.getDigitalSignatureService().getSignatureForVerification(verificationAlias);
             }
                 } catch (Exception e) {
                         throw new RuntimeException("Failed to initialize digital signature verification.", e);
                 }
         }
 
         @Override
         public ServletInputStream getInputStream() throws IOException {
                 return new SignatureVerifyingInputStream(this.digitalSignature, this.signature, super.getInputStream());
         }
         
 }

1		/*
2		* Copyright 2005-2007 The Kuali Foundation
3		*
4		*
5		* Licensed under the Educational Community License, Version 2.0 (the "License");
6		* you may not use this file except in compliance with the License.
7		* You may obtain a copy of the License at
8		*
9		* http://www.opensource.org/licenses/ecl2.php
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.kuali.rice.ksb.security;
18
19		import java.io.ByteArrayInputStream;
20		import java.io.IOException;
21		import java.security.Signature;
22		import java.security.cert.CertificateFactory;
23
24		import javax.servlet.ServletInputStream;
25		import javax.servlet.http.HttpServletRequest;
26		import javax.servlet.http.HttpServletRequestWrapper;
27
28		import org.apache.commons.codec.binary.Base64;
29		import org.apache.commons.lang.StringUtils;
30		import org.kuali.rice.ksb.service.KSBServiceLocator;
31		import org.kuali.rice.ksb.util.KSBConstants;
32
33		/**
34		* An HttpServletRequestWrapper which will wraps the underlying request's InputStream in a
35		* SignatureVerifyingInputStream which will verify the digital signature of the request after
36		* all of the data has been read from the input stream.
37		*
38		* @author Kuali Rice Team (rice.collab@kuali.org)
39		*/
40		public class SignatureVerifyingRequestWrapper extends HttpServletRequestWrapper {
41
42		private byte[] digitalSignature;
43		private Signature signature;
44
45		public SignatureVerifyingRequestWrapper(HttpServletRequest request) {
46	0	super(request);
47	0	String encodedSignature = request.getHeader(KSBConstants.DIGITAL_SIGNATURE_HEADER);
48	0	if (StringUtils.isEmpty(encodedSignature)) {
49	0	throw new RuntimeException("A digital signature was required on the request but none was found.");
50		}
51	0	String verificationAlias = request.getHeader(KSBConstants.KEYSTORE_ALIAS_HEADER);
52	0	String encodedCertificate = request.getHeader(KSBConstants.KEYSTORE_CERTIFICATE_HEADER);
53	0	if ( (StringUtils.isEmpty(verificationAlias)) && (StringUtils.isEmpty(encodedCertificate)) ) {
54	0	throw new RuntimeException("A verification alias or certificate was required on the request but neither was found.");
55		}
56		try {
57	0	this.digitalSignature = Base64.decodeBase64(encodedSignature.getBytes("UTF-8"));
58	0	if (StringUtils.isNotBlank(encodedCertificate)) {
59	0	byte[] certificate = Base64.decodeBase64(encodedCertificate.getBytes("UTF-8"));
60	0	CertificateFactory cf = CertificateFactory.getInstance("X.509");
61	0	this.signature = KSBServiceLocator.getDigitalSignatureService().getSignatureForVerification(cf.generateCertificate(new ByteArrayInputStream(certificate)));
62	0	} else if (StringUtils.isNotBlank(verificationAlias)) {
63	0	this.signature = KSBServiceLocator.getDigitalSignatureService().getSignatureForVerification(verificationAlias);
64		}
65	0	} catch (Exception e) {
66	0	throw new RuntimeException("Failed to initialize digital signature verification.", e);
67	0	}
68	0	}
69
70		@Override
71		public ServletInputStream getInputStream() throws IOException {
72	0	return new SignatureVerifyingInputStream(this.digitalSignature, this.signature, super.getInputStream());
73		}
74
75		}