org.jbei.auth.hmac

Class HmacSignatureFactory

java.lang.Object

org.jbei.auth.hmac.HmacSignatureFactory

public class HmacSignatureFactory
extends Object

Generates HmacSignature objects for use in authenticating requests to a REST service. By default this class will generate HmacSignature objects conforming to version 1 of the JBEI authentication specification. An HTTP Authorization header is set with the format Version:KeyId:UserId:Signature, with:

• Version = 1,
• KeyId is a string identifying the key used to sign the request,
• UserId is a string identifying the user (if any) the request is submitted on behalf of,
• Signature is a Base64-encoded string of the request content signed with the SHA-1 HMAC algorithm (specified in RFC 2104)

This class builds objects to generate the Signature portion of the header, given a request object and a UserId. The Signature is generated by constructing a string containing the following separated by a newline character:

• UserId
• the HTTP Method (e.g. GET, POST)
• the HTTP Host
• the request path
• the query string, sorted by natural UTF-8 byte ordering of parameter names
• the content of the request entity body

This constructed string is then signed with the key used to initialize this object.

Since:

1.0

Version:

1.0

Author:

wcmorrell

Constructor Summary

Constructors

Constructor and Description
HmacSignatureFactory(KeyTable table) Constructor initializes factory with the secret used to sign requests.

Method Summary

Modifier and Type	Method and Description
HmacSignature	buildSignature(org.apache.http.client.methods.HttpRequestBase request, String keyId, String userId)
HmacSignature	buildSignature(javax.servlet.http.HttpServletRequest request, String keyId, String userId)
HmacSignature	buildSignature(String keyId, String userId, String method, String host, String path, Map<String,? extends Iterable<String>> params) Builds initial signature object from raw individual components.
static Key	createKey() Convenience method to create a new random key for signing requests.
static Key	decodeKey(String encodedKey) Convenience method to decode a key stored in Base64 encoding.
static String	encodeKey(Key key) Convenience method to encode a key to a Base64 String.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HmacSignatureFactory

public HmacSignatureFactory(KeyTable table)

Constructor initializes factory with the secret used to sign requests.

Parameters:

table - object used to look up keys for signing

Method Detail

createKey

public static Key createKey()
                     throws NoSuchAlgorithmException

Convenience method to create a new random key for signing requests.

Returns:

a SecretKey instance

Throws:

NoSuchAlgorithmException - if the system has no registered security providers able to generate the key

decodeKey

public static Key decodeKey(String encodedKey)

Convenience method to decode a key stored in Base64 encoding.

Parameters:

encodedKey - the encoded key String

Returns:

a SecretKey object for the decoded key

encodeKey

public static String encodeKey(Key key)

Convenience method to encode a key to a Base64 String.

Parameters:

key - the key to encode

Returns:

a Base64 String representation of the key

buildSignature

public HmacSignature buildSignature(javax.servlet.http.HttpServletRequest request,
                                    String keyId,
                                    String userId)
                             throws SignatureException

Parameters:

request - a request received via Servlet API

keyId - the key identifier signing the request

userId - the user creating the request

Returns:

an HmacSignature initialized with the request headers; the request stream may need to be passed through HmacSignature.filterInput(InputStream) to calculate the correct signature

Throws:

SignatureException - if there is an error setting up the signature

buildSignature

public HmacSignature buildSignature(org.apache.http.client.methods.HttpRequestBase request,
                                    String keyId,
                                    String userId)
                             throws SignatureException

Parameters:

request - a request to be sent via HttpClient API

keyId - the key identifier signing the request

userId - the user creating the request

Returns:

an HmacSignature initialized with the request headers; the request stream may need to be passed through HmacSignature.filterOutput(OutputStream) to calculate the correct signature

Throws:

SignatureException - if there is an error setting up the signature

buildSignature

public HmacSignature buildSignature(String keyId,
                                    String userId,
                                    String method,
                                    String host,
                                    String path,
                                    Map<String,? extends Iterable<String>> params)
                             throws SignatureException

Builds initial signature object from raw individual components.

Parameters:

keyId -

userId -

method -

host -

path -

params -

Returns:

an HmacSignature initialized with the request headers; the request stream may need to be passed through HmacSignature.filterOutput(OutputStream) to calculate the correct signature

Throws:

SignatureException