Java tutorial
/** * Copyright 2005-2014 The Kuali Foundation * * Licensed under the Educational Community License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.opensource.org/licenses/ecl2.php * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.kuali.rice.ksb.security; import java.io.ByteArrayInputStream; import java.io.IOException; import java.security.Signature; import java.security.cert.CertificateFactory; import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang.StringUtils; import org.kuali.rice.ksb.service.KSBServiceLocator; import org.kuali.rice.ksb.util.KSBConstants; /** * An HttpServletRequestWrapper which will wraps the underlying request's InputStream in a * SignatureVerifyingInputStream which will verify the digital signature of the request after * all of the data has been read from the input stream. * * @author Kuali Rice Team (rice.collab@kuali.org) */ public class SignatureVerifyingRequestWrapper extends HttpServletRequestWrapper { private byte[] digitalSignature; private Signature signature; public SignatureVerifyingRequestWrapper(HttpServletRequest request) { super(request); String encodedSignature = request.getHeader(KSBConstants.DIGITAL_SIGNATURE_HEADER); if (StringUtils.isEmpty(encodedSignature)) { throw new RuntimeException("A digital signature was required on the request but none was found."); } String verificationAlias = request.getHeader(KSBConstants.KEYSTORE_ALIAS_HEADER); String encodedCertificate = request.getHeader(KSBConstants.KEYSTORE_CERTIFICATE_HEADER); if ((StringUtils.isEmpty(verificationAlias)) && (StringUtils.isEmpty(encodedCertificate))) { throw new RuntimeException( "A verification alias or certificate was required on the request but neither was found."); } try { this.digitalSignature = Base64.decodeBase64(encodedSignature.getBytes("UTF-8")); if (StringUtils.isNotBlank(encodedCertificate)) { byte[] certificate = Base64.decodeBase64(encodedCertificate.getBytes("UTF-8")); CertificateFactory cf = CertificateFactory.getInstance("X.509"); this.signature = KSBServiceLocator.getDigitalSignatureService() .getSignatureForVerification(cf.generateCertificate(new ByteArrayInputStream(certificate))); } else if (StringUtils.isNotBlank(verificationAlias)) { this.signature = KSBServiceLocator.getDigitalSignatureService() .getSignatureForVerification(verificationAlias); } } catch (Exception e) { throw new RuntimeException("Failed to initialize digital signature verification.", e); } } @Override public ServletInputStream getInputStream() throws IOException { return new SignatureVerifyingInputStream(this.digitalSignature, this.signature, super.getInputStream()); } }