feat: hs2019の署名に対応
This commit is contained in:
parent
dfa6a4946f
commit
d023e46351
GPG Key ID:
6556747BF94EEBC8
|
|
@ -11,8 +11,8 @@ repositories {
|
|||
}
|
||||
|
||||
dependencies {
|
||||
testImplementation(kotlin("test"))
|
||||
testImplementation("org.junit.jupiter:junit-jupiter:5.8.1")
|
||||
testImplementation("org.mockito:mockito-inline:5.2.0")
|
||||
}
|
||||
|
||||
tasks.test {
|
||||
|
|
@ -20,7 +20,7 @@ tasks.test {
|
|||
}
|
||||
|
||||
kotlin {
|
||||
jvmToolchain(8)
|
||||
jvmToolchain(11)
|
||||
}
|
||||
|
||||
application {
|
||||
|
|
|
|||
|
|
@ -2,4 +2,4 @@ package dev.usbharu.httpsignature.common
|
|||
|
||||
import java.net.URL
|
||||
|
||||
class HttpRequest(val url: URL, val headers: HttpHeaders, val method: HttpMethod)
|
||||
data class HttpRequest(val url: URL, val headers: HttpHeaders, val method: HttpMethod)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,33 @@
|
|||
package dev.usbharu.httpsignature.sign
|
||||
|
||||
import dev.usbharu.httpsignature.common.HttpHeaders
|
||||
import dev.usbharu.httpsignature.common.HttpMethod
|
||||
import java.net.URL
|
||||
|
||||
abstract class AbstractHttpSignatureSigner : HttpSignatureSigner {
|
||||
override fun buildSignString(
|
||||
url: URL,
|
||||
method: HttpMethod,
|
||||
headers: HttpHeaders,
|
||||
signHeaders: List<String>
|
||||
): String {
|
||||
val result = signHeaders.joinToString("\n") {
|
||||
if (it.startsWith("(")) {
|
||||
specialHeader(it, url, method)
|
||||
} else {
|
||||
generalHeader(it, headers.get(it)!!)
|
||||
}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
protected open fun specialHeader(fieldName: String, url: URL, method: HttpMethod): String {
|
||||
if (fieldName != "(request-target)") {
|
||||
throw IllegalArgumentException(fieldName + "is unsupported type")
|
||||
}
|
||||
return "(request-target): ${method.value.lowercase()} ${url.path}"
|
||||
}
|
||||
|
||||
// TODO: 複数ヘッダーの正規化をする
|
||||
protected open fun generalHeader(fieldName: String, value: List<String>): String = "$fieldName: ${value.first()}"
|
||||
}
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
package dev.usbharu.httpsignature.sign
|
||||
|
||||
import dev.usbharu.httpsignature.common.HttpMethod
|
||||
import dev.usbharu.httpsignature.common.HttpRequest
|
||||
import dev.usbharu.httpsignature.common.PrivateKey
|
||||
import java.net.URL
|
||||
import java.security.spec.MGF1ParameterSpec
|
||||
import java.security.spec.PSSParameterSpec
|
||||
import java.time.Instant
|
||||
import java.util.*
|
||||
|
||||
class Hs2019HttpSignatureSigner(private val expires: Long,private val salt:Int = 64) :
|
||||
AbstractHttpSignatureSigner() {
|
||||
override fun sign(httpRequest: HttpRequest, privateKey: PrivateKey, signHeaders: List<String>): Signature {
|
||||
val buildSignString = buildSignString(httpRequest.url, httpRequest.method, httpRequest.headers, signHeaders)
|
||||
val signature = signRaw(buildSignString, privateKey, signHeaders)
|
||||
|
||||
val split = buildSignString.split("\n")
|
||||
|
||||
val created = if (signHeaders.contains("(created)")) {
|
||||
",created=\"${split.first { it.startsWith("(created)") }.substringAfterLast(": ")}\""
|
||||
} else {
|
||||
""
|
||||
}
|
||||
val expires = if (signHeaders.contains("(expires)")) {
|
||||
",expires=\"${split.first { it.startsWith("(expires)") }.substringAfterLast(": ")}\""
|
||||
} else {
|
||||
""
|
||||
}
|
||||
|
||||
val signatureHeader =
|
||||
"""keyId="${privateKey.keyId}",algorithm="hs2019"$created$expires,headers="${signHeaders.joinToString(" ")}",signature="$signature""""
|
||||
|
||||
val request = httpRequest.copy(headers = httpRequest.headers.plus("Signature", listOf(signatureHeader)))
|
||||
return Signature(request, signature, signatureHeader)
|
||||
}
|
||||
|
||||
override fun signRaw(signString: String, privateKey: PrivateKey, signHeaders: List<String>): String {
|
||||
val signer = java.security.Signature.getInstance("RSASSA-PSS")
|
||||
signer.setParameter(PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, salt, 1))
|
||||
signer.initSign(privateKey.privateKey)
|
||||
signer.update(signString.toByteArray())
|
||||
val sign = signer.sign()
|
||||
return Base64.getEncoder().encodeToString(sign)
|
||||
}
|
||||
|
||||
@Throws(IllegalArgumentException::class)
|
||||
override fun specialHeader(fieldName: String, url: URL, method: HttpMethod): String {
|
||||
return when (fieldName) {
|
||||
"(request-target)" -> {
|
||||
"(request-target): ${method.value.lowercase()} ${url.path}"
|
||||
}
|
||||
|
||||
"(created)" -> {
|
||||
"(created): ${Instant.now().epochSecond}"
|
||||
}
|
||||
|
||||
"(expires)" -> {
|
||||
"(expires): ${Instant.now().plusSeconds(expires).epochSecond}"
|
||||
}
|
||||
|
||||
else -> {
|
||||
throw IllegalArgumentException("${fieldName}is unsupported type.")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
package dev.usbharu.httpsignature.sign
|
||||
|
||||
import dev.usbharu.httpsignature.common.HttpHeaders
|
||||
import dev.usbharu.httpsignature.common.HttpMethod
|
||||
import dev.usbharu.httpsignature.common.HttpRequest
|
||||
import dev.usbharu.httpsignature.common.PrivateKey
|
||||
import java.net.URL
|
||||
import java.util.*
|
||||
|
||||
class HttpSignatureSignerImpl : HttpSignatureSigner {
|
||||
override fun sign(httpRequest: HttpRequest, privateKey: PrivateKey, signHeaders: List<String>): Signature {
|
||||
val buildSignString = buildSignString(httpRequest.url, httpRequest.method, httpRequest.headers, signHeaders)
|
||||
val signature = signRaw(buildSignString, privateKey, signHeaders)
|
||||
|
||||
val signatureHeader =
|
||||
"""keyId="${privateKey.keyId}",algorithm="rsa-sha256",headers="${signHeaders.joinToString(" ")}",signature="$signature""""
|
||||
|
||||
return Signature(httpRequest, signature, signatureHeader)
|
||||
|
||||
}
|
||||
|
||||
override fun signRaw(signString: String, privateKey: PrivateKey, signHeaders: List<String>): String {
|
||||
val signer = java.security.Signature.getInstance("SHA256withRSA")
|
||||
signer.initSign(privateKey.privateKey)
|
||||
signer.update(signString.toByteArray())
|
||||
val sign = signer.sign()
|
||||
return Base64.getEncoder().encodeToString(sign)
|
||||
}
|
||||
|
||||
override fun buildSignString(
|
||||
url: URL,
|
||||
method: HttpMethod,
|
||||
headers: HttpHeaders,
|
||||
signHeaders: List<String>
|
||||
): String {
|
||||
val result = signHeaders.joinToString("\n") {
|
||||
if (it.startsWith("(")) {
|
||||
specialHeader(it, url, method)
|
||||
} else {
|
||||
generalHeader(it, headers.get(it)!!)
|
||||
}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
private fun specialHeader(fieldName: String, url: URL, method: HttpMethod): String {
|
||||
if (fieldName != "(request-target)") {
|
||||
throw IllegalArgumentException(fieldName + "is unsupported type")
|
||||
}
|
||||
return "(request-target): ${method.value.lowercase()} ${url.path}"
|
||||
}
|
||||
|
||||
// TODO: 複数ヘッダーの正規化をする
|
||||
private fun generalHeader(fieldName: String, value: List<String>): String = "$fieldName: ${value.first()}"
|
||||
}
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
package dev.usbharu.httpsignature.sign
|
||||
|
||||
import dev.usbharu.httpsignature.common.HttpRequest
|
||||
import dev.usbharu.httpsignature.common.PrivateKey
|
||||
import java.util.*
|
||||
|
||||
class RsaSha256HttpSignatureSigner : AbstractHttpSignatureSigner() {
|
||||
override fun sign(httpRequest: HttpRequest, privateKey: PrivateKey, signHeaders: List<String>): Signature {
|
||||
val buildSignString = buildSignString(httpRequest.url, httpRequest.method, httpRequest.headers, signHeaders)
|
||||
val signature = signRaw(buildSignString, privateKey, signHeaders)
|
||||
|
||||
val signatureHeader =
|
||||
"""keyId="${privateKey.keyId}",algorithm="rsa-sha256",headers="${signHeaders.joinToString(" ")}",signature="$signature""""
|
||||
|
||||
val request = httpRequest.copy(headers = httpRequest.headers.plus("Signature", listOf(signatureHeader)))
|
||||
return Signature(request, signature, signatureHeader)
|
||||
|
||||
}
|
||||
|
||||
override fun signRaw(signString: String, privateKey: PrivateKey, signHeaders: List<String>): String {
|
||||
val signer = java.security.Signature.getInstance("SHA256withRSA")
|
||||
signer.initSign(privateKey.privateKey)
|
||||
signer.update(signString.toByteArray())
|
||||
val sign = signer.sign()
|
||||
return Base64.getEncoder().encodeToString(sign)
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,201 @@
|
|||
package dev.usbharu.httpsignature.sign
|
||||
|
||||
import dev.usbharu.httpsignature.common.HttpHeaders
|
||||
import dev.usbharu.httpsignature.common.HttpMethod
|
||||
import dev.usbharu.httpsignature.common.HttpRequest
|
||||
import dev.usbharu.httpsignature.common.PrivateKey
|
||||
import org.junit.jupiter.api.Assertions.*
|
||||
import org.junit.jupiter.api.Test
|
||||
import org.mockito.MockSettings
|
||||
import org.mockito.Mockito
|
||||
import org.mockito.Mockito.*
|
||||
import java.net.URL
|
||||
import java.security.KeyFactory
|
||||
import java.security.SignatureSpi
|
||||
import java.security.interfaces.RSAPrivateKey
|
||||
import java.security.interfaces.RSAPublicKey
|
||||
import java.security.spec.PKCS8EncodedKeySpec
|
||||
import java.security.spec.X509EncodedKeySpec
|
||||
import java.time.Instant
|
||||
import java.util.*
|
||||
|
||||
class Hs2019HttpSignatureSignerTest{
|
||||
@Test
|
||||
fun Hs2019で署名を作成できる() {
|
||||
val privateKey = Base64.getDecoder().decode(
|
||||
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDH+8IRQdB9vhej" +
|
||||
"eNQqwxlIutt4Xxjg3eZ5XYm7KgR4jAT/q7+cfsz2/fVTNwDOBpG2H1YJZRLUsrVI" +
|
||||
"3Pia8k7oFyemYKEUN6kaKioO5C9hB0TaiTGlxAKI7syitvedH1YtHqf4zvqgtI2y" +
|
||||
"Lv0NAXja3nUoWZWgZg8ZUHWAGhtHd/BpLiyvlwXAydFHl/eN5u8uCZhQD0bKI5KJ" +
|
||||
"qi8Vcs59Q13+ZNHFdgvNjeD+Hc2AdOmbB5HrW2wREgd1sygBcZ77sSLyleeel8+d" +
|
||||
"VkDsq/l4MQV5/0PeOn+PI8pJkyQUpqnExqzku354XW9ZE6XjREgBb9M0AEdyBLk5" +
|
||||
"+YbZwiqrAgMBAAECggEAIDgmKB7xDDvYFcpIbytHo47B/+ldBL2Q0vTdqn3hLTAX" +
|
||||
"OL80URj3b25dsVknPrToPO4HhTP3jgp3Z+nR/oS+Gb5r8O5DMBKs9+jbJdMK9G2g" +
|
||||
"tjoW+ZypcTj9VynLSFEy0nTMndVwTlFIkvCRwcqpl07yk9xQXas+ZixZrJiIKeyW" +
|
||||
"rCmBDJAjUSknljHDnULxAXvk6K7Y5uqPCv9DQ1362ZopY56H0++9ZMaJwr5PYJMT" +
|
||||
"QoKVeZCGLvfY29rUrhV0/CvC7cfxrPbSuQ7Tr/WrpxFpz9H/Dnc8uePoUEmMP2GM" +
|
||||
"ozjXaJDQrzOVMOpn/2uGinmrcR5/8ETsYruGG96kAQKBgQDoS4PyiZ93zTv5Yvo/" +
|
||||
"aWX5IvieMO/w3kRvsdq0IM27Gd+Ck+0C7WBUqljuU4ql10mp67MFkj7ZmECWCAKa" +
|
||||
"OfE3NtXKqnRgixDhM4Q7nfolhkN08CxRrYP3dBh7HJMDtb2YzPDdwV+PSbL6AM8o" +
|
||||
"oOvxjABJQk6CaGdmL8sQwnHwgQKBgQDcZCJbwDyLPJo04dXkhPBWoH5hGjbtsAv9" +
|
||||
"whhjY9IWFN/0KvJfzfoTWtgCkpYT3wgMYBVp0aTextbg1euim7X+iVL6TRq4QaVk" +
|
||||
"Jv6dRnNZPrY7MlnXxIXE81z6syVjChrJBWi81s14SDKtGOpvghLiKUR29wvGjfER" +
|
||||
"jY/X1MxFKwKBgAUyOz9fqLuLUb4gYqysdOV/zMPtIFDpB+rftZ615SQ8Te2j1Xdt" +
|
||||
"S+xY6yhZog5XpIQyi4yiWtmPOFKi1zwP879icKHZ8kR+l+ARwPF8dS4FtNiWzsb8" +
|
||||
"9KjCZhHK79bzZ8xVOUYcn0CbS2+gOQIVp3F9yjvZSdxM7ZMxmn9Dej0BAoGBAJuf" +
|
||||
"ZZeOLfJPz8AJvCSKLr+swrDEdwbtqfn8xYXhJacMBHwAm3dFFhH2stNWOP09HwzG" +
|
||||
"CDjZnWbl1zOaOrJu61saEurF6Vk0mZoX4vChn6/kFX/FdSVkEuVYx04LlBnUN8e8" +
|
||||
"txGpSBtoN8h88IXevoDOjRbIKZuB/Tjc0jagf8FTAoGAWW8uXsWS4c2nBGNdodqL" +
|
||||
"xJHcNZVMenHPqdkm7rHEYdf1sdbM7r7Q+oj0cifhbZwaRG9HiRGUAgJerLGEqe+x" +
|
||||
"vNeYuKRF3A5xBFUTw/t+XFhUZ1sSyvOordp0uNahQqkAx1UQFWUBCEkG2k/X81fY" +
|
||||
"trEnKP2IjOJDzoXGvc4TG0w="
|
||||
)
|
||||
|
||||
val pkcS8EncodedKeySpec = PKCS8EncodedKeySpec(privateKey)
|
||||
val rsaPrivateKey = KeyFactory.getInstance("RSA").generatePrivate(pkcS8EncodedKeySpec) as RSAPrivateKey
|
||||
|
||||
val publicKey = Base64.getDecoder().decode(
|
||||
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/vCEUHQfb4Xo3jUKsMZ" +
|
||||
"SLrbeF8Y4N3meV2JuyoEeIwE/6u/nH7M9v31UzcAzgaRth9WCWUS1LK1SNz4mvJO" +
|
||||
"6BcnpmChFDepGioqDuQvYQdE2okxpcQCiO7Morb3nR9WLR6n+M76oLSNsi79DQF4" +
|
||||
"2t51KFmVoGYPGVB1gBobR3fwaS4sr5cFwMnRR5f3jebvLgmYUA9GyiOSiaovFXLO" +
|
||||
"fUNd/mTRxXYLzY3g/h3NgHTpmweR61tsERIHdbMoAXGe+7Ei8pXnnpfPnVZA7Kv5" +
|
||||
"eDEFef9D3jp/jyPKSZMkFKapxMas5Lt+eF1vWROl40RIAW/TNABHcgS5OfmG2cIq" +
|
||||
"qwIDAQAB"
|
||||
)
|
||||
|
||||
val x509EncodedKeySpec = X509EncodedKeySpec(publicKey)
|
||||
val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey
|
||||
|
||||
val rsaSha256HttpSignatureSigner = Hs2019HttpSignatureSigner(10L,0)
|
||||
val headers = HttpHeaders(
|
||||
mapOf(
|
||||
"X-Request-Id" to listOf("00000000-0000-0000-0000-000000000004"),
|
||||
"Tpp-Redirect-Uri" to listOf("https://www.sometpp.com/redirect/"),
|
||||
"Digest" to listOf("SHA-256=TGGHcPGLechhcNo4gndoKUvCBhWaQOPgtoVDIpxc6J4="),
|
||||
"Psu-Id" to listOf("1337")
|
||||
)
|
||||
)
|
||||
val httpRequest = HttpRequest(URL("https://example.com/"), headers, HttpMethod.GET)
|
||||
val signature = rsaSha256HttpSignatureSigner.sign(
|
||||
httpRequest, PrivateKey(rsaPrivateKey, "https://test-hideout.usbharu.dev/users/c#pubkey"),
|
||||
listOf("x-request-id", "tpp-redirect-uri", "digest", "psu-id")
|
||||
)
|
||||
|
||||
assertEquals(
|
||||
"rvkWT/VgG5yVcr1D9bL3LB8Y2g6H92A3LoI8QomjbYOgJG5yLLz9dyE335pU7N2fXAbqBkEFssM77QGOx1Mp1XPUhgXO6SKu03B9ZtRdci1yBMovAd44sbDN3jt4sMSAO7nfeE1wvqJsf70bxXuc5bUat9ij8xNDA2G1W5xYV2uvSzdkeOlQd+LxfKfoLJEHwAeYMkKt2MPlDvVGJspkXh8OwIAFODXrY/k6BW1gaUTj+n9xoHrNQtFa3hTJGdDxF2Ntpn2W5Vt1Wg0hNK/fXK1pedCdyR6LgW9jyyeNamjsg36bbcyNYgS4b7L0vHXxvLaNXATojqmW43/UFF5BNA==",
|
||||
signature.signature
|
||||
)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun 特殊ヘッダーcreatedを指定したときに作成日時が追加される() {
|
||||
val ofEpochMilli = Instant.ofEpochSecond(1402170695)
|
||||
val instantMockedStatic = mockStatic(Instant::class.java)
|
||||
instantMockedStatic.`when`<Instant>(Instant::now).thenReturn(ofEpochMilli)
|
||||
|
||||
val hs2019HttpSignatureSigner = Hs2019HttpSignatureSigner(10)
|
||||
val buildSignString = hs2019HttpSignatureSigner.buildSignString(
|
||||
URL("https://example.com"), HttpMethod.GET, HttpHeaders(mapOf()),
|
||||
listOf("(created)")
|
||||
)
|
||||
instantMockedStatic.close()
|
||||
assertEquals("(created): ${ofEpochMilli.epochSecond}",buildSignString)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun 特殊ヘッダーexpiresを指定したときに作成日時に指定時間を足したものが追加される() {
|
||||
val ofEpochSecond = Instant.ofEpochSecond(1402170695)
|
||||
|
||||
val mock = spy(ofEpochSecond)
|
||||
val mockStatic = mockStatic(Instant::class.java,Mockito.CALLS_REAL_METHODS)
|
||||
mock.plusSeconds(10)
|
||||
mockStatic.`when`<Instant>(Instant::now).thenReturn(mock)
|
||||
|
||||
|
||||
mockStatic.use {
|
||||
|
||||
val hs2019HttpSignatureSigner = Hs2019HttpSignatureSigner(10)
|
||||
val buildSignString = hs2019HttpSignatureSigner.buildSignString(
|
||||
URL("https://example.com"), HttpMethod.GET, HttpHeaders(mapOf()),
|
||||
listOf("(expires)")
|
||||
)
|
||||
assertEquals("(expires): ${ofEpochSecond.plusSeconds(10).epochSecond}",buildSignString)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
fun 特殊ヘッダー付きのリクエストを署名できる() {
|
||||
|
||||
val ofEpochSecond = Instant.ofEpochSecond(1402170695)
|
||||
val mockStatic = mockStatic(Instant::class.java, CALLS_REAL_METHODS)
|
||||
mockStatic.`when`<Instant>(Instant::now).thenReturn(ofEpochSecond)
|
||||
mockStatic.use {
|
||||
|
||||
|
||||
val privateKey = Base64.getDecoder().decode(
|
||||
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDH+8IRQdB9vhej" +
|
||||
"eNQqwxlIutt4Xxjg3eZ5XYm7KgR4jAT/q7+cfsz2/fVTNwDOBpG2H1YJZRLUsrVI" +
|
||||
"3Pia8k7oFyemYKEUN6kaKioO5C9hB0TaiTGlxAKI7syitvedH1YtHqf4zvqgtI2y" +
|
||||
"Lv0NAXja3nUoWZWgZg8ZUHWAGhtHd/BpLiyvlwXAydFHl/eN5u8uCZhQD0bKI5KJ" +
|
||||
"qi8Vcs59Q13+ZNHFdgvNjeD+Hc2AdOmbB5HrW2wREgd1sygBcZ77sSLyleeel8+d" +
|
||||
"VkDsq/l4MQV5/0PeOn+PI8pJkyQUpqnExqzku354XW9ZE6XjREgBb9M0AEdyBLk5" +
|
||||
"+YbZwiqrAgMBAAECggEAIDgmKB7xDDvYFcpIbytHo47B/+ldBL2Q0vTdqn3hLTAX" +
|
||||
"OL80URj3b25dsVknPrToPO4HhTP3jgp3Z+nR/oS+Gb5r8O5DMBKs9+jbJdMK9G2g" +
|
||||
"tjoW+ZypcTj9VynLSFEy0nTMndVwTlFIkvCRwcqpl07yk9xQXas+ZixZrJiIKeyW" +
|
||||
"rCmBDJAjUSknljHDnULxAXvk6K7Y5uqPCv9DQ1362ZopY56H0++9ZMaJwr5PYJMT" +
|
||||
"QoKVeZCGLvfY29rUrhV0/CvC7cfxrPbSuQ7Tr/WrpxFpz9H/Dnc8uePoUEmMP2GM" +
|
||||
"ozjXaJDQrzOVMOpn/2uGinmrcR5/8ETsYruGG96kAQKBgQDoS4PyiZ93zTv5Yvo/" +
|
||||
"aWX5IvieMO/w3kRvsdq0IM27Gd+Ck+0C7WBUqljuU4ql10mp67MFkj7ZmECWCAKa" +
|
||||
"OfE3NtXKqnRgixDhM4Q7nfolhkN08CxRrYP3dBh7HJMDtb2YzPDdwV+PSbL6AM8o" +
|
||||
"oOvxjABJQk6CaGdmL8sQwnHwgQKBgQDcZCJbwDyLPJo04dXkhPBWoH5hGjbtsAv9" +
|
||||
"whhjY9IWFN/0KvJfzfoTWtgCkpYT3wgMYBVp0aTextbg1euim7X+iVL6TRq4QaVk" +
|
||||
"Jv6dRnNZPrY7MlnXxIXE81z6syVjChrJBWi81s14SDKtGOpvghLiKUR29wvGjfER" +
|
||||
"jY/X1MxFKwKBgAUyOz9fqLuLUb4gYqysdOV/zMPtIFDpB+rftZ615SQ8Te2j1Xdt" +
|
||||
"S+xY6yhZog5XpIQyi4yiWtmPOFKi1zwP879icKHZ8kR+l+ARwPF8dS4FtNiWzsb8" +
|
||||
"9KjCZhHK79bzZ8xVOUYcn0CbS2+gOQIVp3F9yjvZSdxM7ZMxmn9Dej0BAoGBAJuf" +
|
||||
"ZZeOLfJPz8AJvCSKLr+swrDEdwbtqfn8xYXhJacMBHwAm3dFFhH2stNWOP09HwzG" +
|
||||
"CDjZnWbl1zOaOrJu61saEurF6Vk0mZoX4vChn6/kFX/FdSVkEuVYx04LlBnUN8e8" +
|
||||
"txGpSBtoN8h88IXevoDOjRbIKZuB/Tjc0jagf8FTAoGAWW8uXsWS4c2nBGNdodqL" +
|
||||
"xJHcNZVMenHPqdkm7rHEYdf1sdbM7r7Q+oj0cifhbZwaRG9HiRGUAgJerLGEqe+x" +
|
||||
"vNeYuKRF3A5xBFUTw/t+XFhUZ1sSyvOordp0uNahQqkAx1UQFWUBCEkG2k/X81fY" +
|
||||
"trEnKP2IjOJDzoXGvc4TG0w="
|
||||
)
|
||||
|
||||
val pkcS8EncodedKeySpec = PKCS8EncodedKeySpec(privateKey)
|
||||
val rsaPrivateKey = KeyFactory.getInstance("RSA").generatePrivate(pkcS8EncodedKeySpec) as RSAPrivateKey
|
||||
|
||||
val publicKey = Base64.getDecoder().decode(
|
||||
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/vCEUHQfb4Xo3jUKsMZ" +
|
||||
"SLrbeF8Y4N3meV2JuyoEeIwE/6u/nH7M9v31UzcAzgaRth9WCWUS1LK1SNz4mvJO" +
|
||||
"6BcnpmChFDepGioqDuQvYQdE2okxpcQCiO7Morb3nR9WLR6n+M76oLSNsi79DQF4" +
|
||||
"2t51KFmVoGYPGVB1gBobR3fwaS4sr5cFwMnRR5f3jebvLgmYUA9GyiOSiaovFXLO" +
|
||||
"fUNd/mTRxXYLzY3g/h3NgHTpmweR61tsERIHdbMoAXGe+7Ei8pXnnpfPnVZA7Kv5" +
|
||||
"eDEFef9D3jp/jyPKSZMkFKapxMas5Lt+eF1vWROl40RIAW/TNABHcgS5OfmG2cIq" +
|
||||
"qwIDAQAB"
|
||||
)
|
||||
|
||||
val x509EncodedKeySpec = X509EncodedKeySpec(publicKey)
|
||||
val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey
|
||||
|
||||
val rsaSha256HttpSignatureSigner = Hs2019HttpSignatureSigner(10L, 0)
|
||||
val headers = HttpHeaders(
|
||||
mapOf(
|
||||
"Digest" to listOf("SHA-256=TGGHcPGLechhcNo4gndoKUvCBhWaQOPgtoVDIpxc6J4="),
|
||||
)
|
||||
)
|
||||
val httpRequest = HttpRequest(URL("https://example.com/"), headers, HttpMethod.GET)
|
||||
val signature = rsaSha256HttpSignatureSigner.sign(
|
||||
httpRequest, PrivateKey(rsaPrivateKey, "https://test-hideout.usbharu.dev/users/c#pubkey"),
|
||||
listOf("(request-target)", "(created)", "(expires)", "digest")
|
||||
)
|
||||
|
||||
assertEquals(
|
||||
"Tqise/VQjlrtI+JtXJgpWXkr5XkkW+sV2QM9GWJo2mKH3EWdVJe2nG9SyzG7BUejGqcJyluGFGTgdhzIpncEDozQDBa6A28n/d/BzuPAMPR2KU0LtGAprs6kir4MIMBA+22tnS3Jy/RQiie0C2EbNWidFDoRuKUBCu2NbfAtrWXpb0NJ7bHFDfW0klN80y7TFYSaZVtt8H9ge/IW+tF+q/6ey71djY9gR4ZyA2fDBW/XusBmtOc8OavRKO/VEXvEVSwTHHVyw4KAJ4z+7yP/ikU7id0/fmByr6oecNDZ7t986Ht4bLmpOPg2zefv8w69GwQK8lkoCi/8DkO8nG2JJg==",
|
||||
signature.signature
|
||||
)
|
||||
assertEquals("keyId=\"https://test-hideout.usbharu.dev/users/c#pubkey\",algorithm=\"hs2019\",created=\"1402170695\",expires=\"1402170705\",headers=\"(request-target) (created) (expires) digest\",signature=\"Tqise/VQjlrtI+JtXJgpWXkr5XkkW+sV2QM9GWJo2mKH3EWdVJe2nG9SyzG7BUejGqcJyluGFGTgdhzIpncEDozQDBa6A28n/d/BzuPAMPR2KU0LtGAprs6kir4MIMBA+22tnS3Jy/RQiie0C2EbNWidFDoRuKUBCu2NbfAtrWXpb0NJ7bHFDfW0klN80y7TFYSaZVtt8H9ge/IW+tF+q/6ey71djY9gR4ZyA2fDBW/XusBmtOc8OavRKO/VEXvEVSwTHHVyw4KAJ4z+7yP/ikU7id0/fmByr6oecNDZ7t986Ht4bLmpOPg2zefv8w69GwQK8lkoCi/8DkO8nG2JJg==\"", signature.signatureHeader)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -4,6 +4,7 @@ import dev.usbharu.httpsignature.common.HttpHeaders
|
|||
import dev.usbharu.httpsignature.common.HttpMethod
|
||||
import dev.usbharu.httpsignature.common.HttpRequest
|
||||
import dev.usbharu.httpsignature.common.PrivateKey
|
||||
import org.junit.jupiter.api.Assertions.assertEquals
|
||||
import org.junit.jupiter.api.Test
|
||||
import java.net.URL
|
||||
import java.security.KeyFactory
|
||||
|
|
@ -12,9 +13,8 @@ import java.security.interfaces.RSAPublicKey
|
|||
import java.security.spec.PKCS8EncodedKeySpec
|
||||
import java.security.spec.X509EncodedKeySpec
|
||||
import java.util.*
|
||||
import kotlin.test.assertEquals
|
||||
|
||||
class HttpSignatureSignerImplTest {
|
||||
class RsaSha256HttpSignatureSignerTest {
|
||||
@Test
|
||||
fun 署名を作成できる() {
|
||||
val privateKey = Base64.getDecoder().decode(
|
||||
|
|
@ -62,7 +62,7 @@ class HttpSignatureSignerImplTest {
|
|||
val x509EncodedKeySpec = X509EncodedKeySpec(publicKey)
|
||||
val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey
|
||||
|
||||
val httpSignatureSignerImpl = HttpSignatureSignerImpl()
|
||||
val rsaSha256HttpSignatureSigner = RsaSha256HttpSignatureSigner()
|
||||
val headers = HttpHeaders(
|
||||
mapOf(
|
||||
"X-Request-Id" to listOf("00000000-0000-0000-0000-000000000004"),
|
||||
|
|
@ -72,7 +72,7 @@ class HttpSignatureSignerImplTest {
|
|||
)
|
||||
)
|
||||
val httpRequest = HttpRequest(URL("https://example.com/"), headers, HttpMethod.GET)
|
||||
val signature = httpSignatureSignerImpl.sign(
|
||||
val signature = rsaSha256HttpSignatureSigner.sign(
|
||||
httpRequest, PrivateKey(rsaPrivateKey, "https://test-hideout.usbharu.dev/users/c#pubkey"),
|
||||
listOf("x-request-id", "tpp-redirect-uri", "digest", "psu-id")
|
||||
)
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
package dev.usbharu.httpsignature.verify
|
||||
|
||||
import dev.usbharu.httpsignature.common.*
|
||||
import dev.usbharu.httpsignature.sign.HttpSignatureSignerImpl
|
||||
import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner
|
||||
import org.junit.jupiter.api.Assertions
|
||||
import org.junit.jupiter.api.Test
|
||||
import java.net.URL
|
||||
|
|
@ -60,7 +60,7 @@ class HttpSignatureVerifierImplTest {
|
|||
val x509EncodedKeySpec = X509EncodedKeySpec(publicKey)
|
||||
val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey
|
||||
|
||||
val httpSignatureSignerImpl = HttpSignatureSignerImpl()
|
||||
val rsaSha256HttpSignatureSigner = RsaSha256HttpSignatureSigner()
|
||||
val headers = HttpHeaders(
|
||||
mapOf(
|
||||
"X-Request-Id" to listOf("00000000-0000-0000-0000-000000000004"),
|
||||
|
|
@ -71,13 +71,13 @@ class HttpSignatureVerifierImplTest {
|
|||
)
|
||||
val url = URL("https://example.com/")
|
||||
val httpRequest = HttpRequest(url, headers, HttpMethod.GET)
|
||||
val signature = httpSignatureSignerImpl.sign(
|
||||
val signature = rsaSha256HttpSignatureSigner.sign(
|
||||
httpRequest, PrivateKey(rsaPrivateKey, "https://test-hideout.usbharu.dev/users/c#pubkey"),
|
||||
listOf("x-request-id", "tpp-redirect-uri", "digest", "psu-id")
|
||||
)
|
||||
|
||||
val httpSignatureVerifierImpl =
|
||||
HttpSignatureVerifierImpl(DefaultSignatureHeaderParser(), httpSignatureSignerImpl)
|
||||
HttpSignatureVerifierImpl(DefaultSignatureHeaderParser(), rsaSha256HttpSignatureSigner)
|
||||
val verify = httpSignatureVerifierImpl.verify(
|
||||
HttpRequest(url, headers.plus("Signature", listOf(signature.signatureHeader)), HttpMethod.GET),
|
||||
PublicKey(rsaPublicKey, "https://test-hideout.usbharu.dev/users/c#pubkey")
|
||||
|
|
|
|||
Loading…
Reference in New Issue