feat: hs2019の署名に対応

This commit is contained in:
usbharu 2023-10-17 13:10:24 +09:00
parent dfa6a4946f
commit d023e46351
Signed by: usbharu
GPG Key ID: 6556747BF94EEBC8
9 changed files with 339 additions and 66 deletions

View File

@ -11,8 +11,8 @@ repositories {
} }
dependencies { dependencies {
testImplementation(kotlin("test"))
testImplementation("org.junit.jupiter:junit-jupiter:5.8.1") testImplementation("org.junit.jupiter:junit-jupiter:5.8.1")
testImplementation("org.mockito:mockito-inline:5.2.0")
} }
tasks.test { tasks.test {
@ -20,7 +20,7 @@ tasks.test {
} }
kotlin { kotlin {
jvmToolchain(8) jvmToolchain(11)
} }
application { application {

View File

@ -2,4 +2,4 @@ package dev.usbharu.httpsignature.common
import java.net.URL import java.net.URL
class HttpRequest(val url: URL, val headers: HttpHeaders, val method: HttpMethod) data class HttpRequest(val url: URL, val headers: HttpHeaders, val method: HttpMethod)

View File

@ -0,0 +1,33 @@
package dev.usbharu.httpsignature.sign
import dev.usbharu.httpsignature.common.HttpHeaders
import dev.usbharu.httpsignature.common.HttpMethod
import java.net.URL
abstract class AbstractHttpSignatureSigner : HttpSignatureSigner {
override fun buildSignString(
url: URL,
method: HttpMethod,
headers: HttpHeaders,
signHeaders: List<String>
): String {
val result = signHeaders.joinToString("\n") {
if (it.startsWith("(")) {
specialHeader(it, url, method)
} else {
generalHeader(it, headers.get(it)!!)
}
}
return result
}
protected open fun specialHeader(fieldName: String, url: URL, method: HttpMethod): String {
if (fieldName != "(request-target)") {
throw IllegalArgumentException(fieldName + "is unsupported type")
}
return "(request-target): ${method.value.lowercase()} ${url.path}"
}
// TODO: 複数ヘッダーの正規化をする
protected open fun generalHeader(fieldName: String, value: List<String>): String = "$fieldName: ${value.first()}"
}

View File

@ -0,0 +1,67 @@
package dev.usbharu.httpsignature.sign
import dev.usbharu.httpsignature.common.HttpMethod
import dev.usbharu.httpsignature.common.HttpRequest
import dev.usbharu.httpsignature.common.PrivateKey
import java.net.URL
import java.security.spec.MGF1ParameterSpec
import java.security.spec.PSSParameterSpec
import java.time.Instant
import java.util.*
class Hs2019HttpSignatureSigner(private val expires: Long,private val salt:Int = 64) :
AbstractHttpSignatureSigner() {
override fun sign(httpRequest: HttpRequest, privateKey: PrivateKey, signHeaders: List<String>): Signature {
val buildSignString = buildSignString(httpRequest.url, httpRequest.method, httpRequest.headers, signHeaders)
val signature = signRaw(buildSignString, privateKey, signHeaders)
val split = buildSignString.split("\n")
val created = if (signHeaders.contains("(created)")) {
",created=\"${split.first { it.startsWith("(created)") }.substringAfterLast(": ")}\""
} else {
""
}
val expires = if (signHeaders.contains("(expires)")) {
",expires=\"${split.first { it.startsWith("(expires)") }.substringAfterLast(": ")}\""
} else {
""
}
val signatureHeader =
"""keyId="${privateKey.keyId}",algorithm="hs2019"$created$expires,headers="${signHeaders.joinToString(" ")}",signature="$signature""""
val request = httpRequest.copy(headers = httpRequest.headers.plus("Signature", listOf(signatureHeader)))
return Signature(request, signature, signatureHeader)
}
override fun signRaw(signString: String, privateKey: PrivateKey, signHeaders: List<String>): String {
val signer = java.security.Signature.getInstance("RSASSA-PSS")
signer.setParameter(PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, salt, 1))
signer.initSign(privateKey.privateKey)
signer.update(signString.toByteArray())
val sign = signer.sign()
return Base64.getEncoder().encodeToString(sign)
}
@Throws(IllegalArgumentException::class)
override fun specialHeader(fieldName: String, url: URL, method: HttpMethod): String {
return when (fieldName) {
"(request-target)" -> {
"(request-target): ${method.value.lowercase()} ${url.path}"
}
"(created)" -> {
"(created): ${Instant.now().epochSecond}"
}
"(expires)" -> {
"(expires): ${Instant.now().plusSeconds(expires).epochSecond}"
}
else -> {
throw IllegalArgumentException("${fieldName}is unsupported type.")
}
}
}
}

View File

@ -1,55 +0,0 @@
package dev.usbharu.httpsignature.sign
import dev.usbharu.httpsignature.common.HttpHeaders
import dev.usbharu.httpsignature.common.HttpMethod
import dev.usbharu.httpsignature.common.HttpRequest
import dev.usbharu.httpsignature.common.PrivateKey
import java.net.URL
import java.util.*
class HttpSignatureSignerImpl : HttpSignatureSigner {
override fun sign(httpRequest: HttpRequest, privateKey: PrivateKey, signHeaders: List<String>): Signature {
val buildSignString = buildSignString(httpRequest.url, httpRequest.method, httpRequest.headers, signHeaders)
val signature = signRaw(buildSignString, privateKey, signHeaders)
val signatureHeader =
"""keyId="${privateKey.keyId}",algorithm="rsa-sha256",headers="${signHeaders.joinToString(" ")}",signature="$signature""""
return Signature(httpRequest, signature, signatureHeader)
}
override fun signRaw(signString: String, privateKey: PrivateKey, signHeaders: List<String>): String {
val signer = java.security.Signature.getInstance("SHA256withRSA")
signer.initSign(privateKey.privateKey)
signer.update(signString.toByteArray())
val sign = signer.sign()
return Base64.getEncoder().encodeToString(sign)
}
override fun buildSignString(
url: URL,
method: HttpMethod,
headers: HttpHeaders,
signHeaders: List<String>
): String {
val result = signHeaders.joinToString("\n") {
if (it.startsWith("(")) {
specialHeader(it, url, method)
} else {
generalHeader(it, headers.get(it)!!)
}
}
return result
}
private fun specialHeader(fieldName: String, url: URL, method: HttpMethod): String {
if (fieldName != "(request-target)") {
throw IllegalArgumentException(fieldName + "is unsupported type")
}
return "(request-target): ${method.value.lowercase()} ${url.path}"
}
// TODO: 複数ヘッダーの正規化をする
private fun generalHeader(fieldName: String, value: List<String>): String = "$fieldName: ${value.first()}"
}

View File

@ -0,0 +1,27 @@
package dev.usbharu.httpsignature.sign
import dev.usbharu.httpsignature.common.HttpRequest
import dev.usbharu.httpsignature.common.PrivateKey
import java.util.*
class RsaSha256HttpSignatureSigner : AbstractHttpSignatureSigner() {
override fun sign(httpRequest: HttpRequest, privateKey: PrivateKey, signHeaders: List<String>): Signature {
val buildSignString = buildSignString(httpRequest.url, httpRequest.method, httpRequest.headers, signHeaders)
val signature = signRaw(buildSignString, privateKey, signHeaders)
val signatureHeader =
"""keyId="${privateKey.keyId}",algorithm="rsa-sha256",headers="${signHeaders.joinToString(" ")}",signature="$signature""""
val request = httpRequest.copy(headers = httpRequest.headers.plus("Signature", listOf(signatureHeader)))
return Signature(request, signature, signatureHeader)
}
override fun signRaw(signString: String, privateKey: PrivateKey, signHeaders: List<String>): String {
val signer = java.security.Signature.getInstance("SHA256withRSA")
signer.initSign(privateKey.privateKey)
signer.update(signString.toByteArray())
val sign = signer.sign()
return Base64.getEncoder().encodeToString(sign)
}
}

View File

@ -0,0 +1,201 @@
package dev.usbharu.httpsignature.sign
import dev.usbharu.httpsignature.common.HttpHeaders
import dev.usbharu.httpsignature.common.HttpMethod
import dev.usbharu.httpsignature.common.HttpRequest
import dev.usbharu.httpsignature.common.PrivateKey
import org.junit.jupiter.api.Assertions.*
import org.junit.jupiter.api.Test
import org.mockito.MockSettings
import org.mockito.Mockito
import org.mockito.Mockito.*
import java.net.URL
import java.security.KeyFactory
import java.security.SignatureSpi
import java.security.interfaces.RSAPrivateKey
import java.security.interfaces.RSAPublicKey
import java.security.spec.PKCS8EncodedKeySpec
import java.security.spec.X509EncodedKeySpec
import java.time.Instant
import java.util.*
class Hs2019HttpSignatureSignerTest{
@Test
fun Hs2019で署名を作成できる() {
val privateKey = Base64.getDecoder().decode(
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDH+8IRQdB9vhej" +
"eNQqwxlIutt4Xxjg3eZ5XYm7KgR4jAT/q7+cfsz2/fVTNwDOBpG2H1YJZRLUsrVI" +
"3Pia8k7oFyemYKEUN6kaKioO5C9hB0TaiTGlxAKI7syitvedH1YtHqf4zvqgtI2y" +
"Lv0NAXja3nUoWZWgZg8ZUHWAGhtHd/BpLiyvlwXAydFHl/eN5u8uCZhQD0bKI5KJ" +
"qi8Vcs59Q13+ZNHFdgvNjeD+Hc2AdOmbB5HrW2wREgd1sygBcZ77sSLyleeel8+d" +
"VkDsq/l4MQV5/0PeOn+PI8pJkyQUpqnExqzku354XW9ZE6XjREgBb9M0AEdyBLk5" +
"+YbZwiqrAgMBAAECggEAIDgmKB7xDDvYFcpIbytHo47B/+ldBL2Q0vTdqn3hLTAX" +
"OL80URj3b25dsVknPrToPO4HhTP3jgp3Z+nR/oS+Gb5r8O5DMBKs9+jbJdMK9G2g" +
"tjoW+ZypcTj9VynLSFEy0nTMndVwTlFIkvCRwcqpl07yk9xQXas+ZixZrJiIKeyW" +
"rCmBDJAjUSknljHDnULxAXvk6K7Y5uqPCv9DQ1362ZopY56H0++9ZMaJwr5PYJMT" +
"QoKVeZCGLvfY29rUrhV0/CvC7cfxrPbSuQ7Tr/WrpxFpz9H/Dnc8uePoUEmMP2GM" +
"ozjXaJDQrzOVMOpn/2uGinmrcR5/8ETsYruGG96kAQKBgQDoS4PyiZ93zTv5Yvo/" +
"aWX5IvieMO/w3kRvsdq0IM27Gd+Ck+0C7WBUqljuU4ql10mp67MFkj7ZmECWCAKa" +
"OfE3NtXKqnRgixDhM4Q7nfolhkN08CxRrYP3dBh7HJMDtb2YzPDdwV+PSbL6AM8o" +
"oOvxjABJQk6CaGdmL8sQwnHwgQKBgQDcZCJbwDyLPJo04dXkhPBWoH5hGjbtsAv9" +
"whhjY9IWFN/0KvJfzfoTWtgCkpYT3wgMYBVp0aTextbg1euim7X+iVL6TRq4QaVk" +
"Jv6dRnNZPrY7MlnXxIXE81z6syVjChrJBWi81s14SDKtGOpvghLiKUR29wvGjfER" +
"jY/X1MxFKwKBgAUyOz9fqLuLUb4gYqysdOV/zMPtIFDpB+rftZ615SQ8Te2j1Xdt" +
"S+xY6yhZog5XpIQyi4yiWtmPOFKi1zwP879icKHZ8kR+l+ARwPF8dS4FtNiWzsb8" +
"9KjCZhHK79bzZ8xVOUYcn0CbS2+gOQIVp3F9yjvZSdxM7ZMxmn9Dej0BAoGBAJuf" +
"ZZeOLfJPz8AJvCSKLr+swrDEdwbtqfn8xYXhJacMBHwAm3dFFhH2stNWOP09HwzG" +
"CDjZnWbl1zOaOrJu61saEurF6Vk0mZoX4vChn6/kFX/FdSVkEuVYx04LlBnUN8e8" +
"txGpSBtoN8h88IXevoDOjRbIKZuB/Tjc0jagf8FTAoGAWW8uXsWS4c2nBGNdodqL" +
"xJHcNZVMenHPqdkm7rHEYdf1sdbM7r7Q+oj0cifhbZwaRG9HiRGUAgJerLGEqe+x" +
"vNeYuKRF3A5xBFUTw/t+XFhUZ1sSyvOordp0uNahQqkAx1UQFWUBCEkG2k/X81fY" +
"trEnKP2IjOJDzoXGvc4TG0w="
)
val pkcS8EncodedKeySpec = PKCS8EncodedKeySpec(privateKey)
val rsaPrivateKey = KeyFactory.getInstance("RSA").generatePrivate(pkcS8EncodedKeySpec) as RSAPrivateKey
val publicKey = Base64.getDecoder().decode(
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/vCEUHQfb4Xo3jUKsMZ" +
"SLrbeF8Y4N3meV2JuyoEeIwE/6u/nH7M9v31UzcAzgaRth9WCWUS1LK1SNz4mvJO" +
"6BcnpmChFDepGioqDuQvYQdE2okxpcQCiO7Morb3nR9WLR6n+M76oLSNsi79DQF4" +
"2t51KFmVoGYPGVB1gBobR3fwaS4sr5cFwMnRR5f3jebvLgmYUA9GyiOSiaovFXLO" +
"fUNd/mTRxXYLzY3g/h3NgHTpmweR61tsERIHdbMoAXGe+7Ei8pXnnpfPnVZA7Kv5" +
"eDEFef9D3jp/jyPKSZMkFKapxMas5Lt+eF1vWROl40RIAW/TNABHcgS5OfmG2cIq" +
"qwIDAQAB"
)
val x509EncodedKeySpec = X509EncodedKeySpec(publicKey)
val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey
val rsaSha256HttpSignatureSigner = Hs2019HttpSignatureSigner(10L,0)
val headers = HttpHeaders(
mapOf(
"X-Request-Id" to listOf("00000000-0000-0000-0000-000000000004"),
"Tpp-Redirect-Uri" to listOf("https://www.sometpp.com/redirect/"),
"Digest" to listOf("SHA-256=TGGHcPGLechhcNo4gndoKUvCBhWaQOPgtoVDIpxc6J4="),
"Psu-Id" to listOf("1337")
)
)
val httpRequest = HttpRequest(URL("https://example.com/"), headers, HttpMethod.GET)
val signature = rsaSha256HttpSignatureSigner.sign(
httpRequest, PrivateKey(rsaPrivateKey, "https://test-hideout.usbharu.dev/users/c#pubkey"),
listOf("x-request-id", "tpp-redirect-uri", "digest", "psu-id")
)
assertEquals(
"rvkWT/VgG5yVcr1D9bL3LB8Y2g6H92A3LoI8QomjbYOgJG5yLLz9dyE335pU7N2fXAbqBkEFssM77QGOx1Mp1XPUhgXO6SKu03B9ZtRdci1yBMovAd44sbDN3jt4sMSAO7nfeE1wvqJsf70bxXuc5bUat9ij8xNDA2G1W5xYV2uvSzdkeOlQd+LxfKfoLJEHwAeYMkKt2MPlDvVGJspkXh8OwIAFODXrY/k6BW1gaUTj+n9xoHrNQtFa3hTJGdDxF2Ntpn2W5Vt1Wg0hNK/fXK1pedCdyR6LgW9jyyeNamjsg36bbcyNYgS4b7L0vHXxvLaNXATojqmW43/UFF5BNA==",
signature.signature
)
}
@Test
fun 特殊ヘッダーcreatedを指定したときに作成日時が追加される() {
val ofEpochMilli = Instant.ofEpochSecond(1402170695)
val instantMockedStatic = mockStatic(Instant::class.java)
instantMockedStatic.`when`<Instant>(Instant::now).thenReturn(ofEpochMilli)
val hs2019HttpSignatureSigner = Hs2019HttpSignatureSigner(10)
val buildSignString = hs2019HttpSignatureSigner.buildSignString(
URL("https://example.com"), HttpMethod.GET, HttpHeaders(mapOf()),
listOf("(created)")
)
instantMockedStatic.close()
assertEquals("(created): ${ofEpochMilli.epochSecond}",buildSignString)
}
@Test
fun 特殊ヘッダーexpiresを指定したときに作成日時に指定時間を足したものが追加される() {
val ofEpochSecond = Instant.ofEpochSecond(1402170695)
val mock = spy(ofEpochSecond)
val mockStatic = mockStatic(Instant::class.java,Mockito.CALLS_REAL_METHODS)
mock.plusSeconds(10)
mockStatic.`when`<Instant>(Instant::now).thenReturn(mock)
mockStatic.use {
val hs2019HttpSignatureSigner = Hs2019HttpSignatureSigner(10)
val buildSignString = hs2019HttpSignatureSigner.buildSignString(
URL("https://example.com"), HttpMethod.GET, HttpHeaders(mapOf()),
listOf("(expires)")
)
assertEquals("(expires): ${ofEpochSecond.plusSeconds(10).epochSecond}",buildSignString)
}
}
@Test
fun 特殊ヘッダー付きのリクエストを署名できる() {
val ofEpochSecond = Instant.ofEpochSecond(1402170695)
val mockStatic = mockStatic(Instant::class.java, CALLS_REAL_METHODS)
mockStatic.`when`<Instant>(Instant::now).thenReturn(ofEpochSecond)
mockStatic.use {
val privateKey = Base64.getDecoder().decode(
"MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDH+8IRQdB9vhej" +
"eNQqwxlIutt4Xxjg3eZ5XYm7KgR4jAT/q7+cfsz2/fVTNwDOBpG2H1YJZRLUsrVI" +
"3Pia8k7oFyemYKEUN6kaKioO5C9hB0TaiTGlxAKI7syitvedH1YtHqf4zvqgtI2y" +
"Lv0NAXja3nUoWZWgZg8ZUHWAGhtHd/BpLiyvlwXAydFHl/eN5u8uCZhQD0bKI5KJ" +
"qi8Vcs59Q13+ZNHFdgvNjeD+Hc2AdOmbB5HrW2wREgd1sygBcZ77sSLyleeel8+d" +
"VkDsq/l4MQV5/0PeOn+PI8pJkyQUpqnExqzku354XW9ZE6XjREgBb9M0AEdyBLk5" +
"+YbZwiqrAgMBAAECggEAIDgmKB7xDDvYFcpIbytHo47B/+ldBL2Q0vTdqn3hLTAX" +
"OL80URj3b25dsVknPrToPO4HhTP3jgp3Z+nR/oS+Gb5r8O5DMBKs9+jbJdMK9G2g" +
"tjoW+ZypcTj9VynLSFEy0nTMndVwTlFIkvCRwcqpl07yk9xQXas+ZixZrJiIKeyW" +
"rCmBDJAjUSknljHDnULxAXvk6K7Y5uqPCv9DQ1362ZopY56H0++9ZMaJwr5PYJMT" +
"QoKVeZCGLvfY29rUrhV0/CvC7cfxrPbSuQ7Tr/WrpxFpz9H/Dnc8uePoUEmMP2GM" +
"ozjXaJDQrzOVMOpn/2uGinmrcR5/8ETsYruGG96kAQKBgQDoS4PyiZ93zTv5Yvo/" +
"aWX5IvieMO/w3kRvsdq0IM27Gd+Ck+0C7WBUqljuU4ql10mp67MFkj7ZmECWCAKa" +
"OfE3NtXKqnRgixDhM4Q7nfolhkN08CxRrYP3dBh7HJMDtb2YzPDdwV+PSbL6AM8o" +
"oOvxjABJQk6CaGdmL8sQwnHwgQKBgQDcZCJbwDyLPJo04dXkhPBWoH5hGjbtsAv9" +
"whhjY9IWFN/0KvJfzfoTWtgCkpYT3wgMYBVp0aTextbg1euim7X+iVL6TRq4QaVk" +
"Jv6dRnNZPrY7MlnXxIXE81z6syVjChrJBWi81s14SDKtGOpvghLiKUR29wvGjfER" +
"jY/X1MxFKwKBgAUyOz9fqLuLUb4gYqysdOV/zMPtIFDpB+rftZ615SQ8Te2j1Xdt" +
"S+xY6yhZog5XpIQyi4yiWtmPOFKi1zwP879icKHZ8kR+l+ARwPF8dS4FtNiWzsb8" +
"9KjCZhHK79bzZ8xVOUYcn0CbS2+gOQIVp3F9yjvZSdxM7ZMxmn9Dej0BAoGBAJuf" +
"ZZeOLfJPz8AJvCSKLr+swrDEdwbtqfn8xYXhJacMBHwAm3dFFhH2stNWOP09HwzG" +
"CDjZnWbl1zOaOrJu61saEurF6Vk0mZoX4vChn6/kFX/FdSVkEuVYx04LlBnUN8e8" +
"txGpSBtoN8h88IXevoDOjRbIKZuB/Tjc0jagf8FTAoGAWW8uXsWS4c2nBGNdodqL" +
"xJHcNZVMenHPqdkm7rHEYdf1sdbM7r7Q+oj0cifhbZwaRG9HiRGUAgJerLGEqe+x" +
"vNeYuKRF3A5xBFUTw/t+XFhUZ1sSyvOordp0uNahQqkAx1UQFWUBCEkG2k/X81fY" +
"trEnKP2IjOJDzoXGvc4TG0w="
)
val pkcS8EncodedKeySpec = PKCS8EncodedKeySpec(privateKey)
val rsaPrivateKey = KeyFactory.getInstance("RSA").generatePrivate(pkcS8EncodedKeySpec) as RSAPrivateKey
val publicKey = Base64.getDecoder().decode(
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/vCEUHQfb4Xo3jUKsMZ" +
"SLrbeF8Y4N3meV2JuyoEeIwE/6u/nH7M9v31UzcAzgaRth9WCWUS1LK1SNz4mvJO" +
"6BcnpmChFDepGioqDuQvYQdE2okxpcQCiO7Morb3nR9WLR6n+M76oLSNsi79DQF4" +
"2t51KFmVoGYPGVB1gBobR3fwaS4sr5cFwMnRR5f3jebvLgmYUA9GyiOSiaovFXLO" +
"fUNd/mTRxXYLzY3g/h3NgHTpmweR61tsERIHdbMoAXGe+7Ei8pXnnpfPnVZA7Kv5" +
"eDEFef9D3jp/jyPKSZMkFKapxMas5Lt+eF1vWROl40RIAW/TNABHcgS5OfmG2cIq" +
"qwIDAQAB"
)
val x509EncodedKeySpec = X509EncodedKeySpec(publicKey)
val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey
val rsaSha256HttpSignatureSigner = Hs2019HttpSignatureSigner(10L, 0)
val headers = HttpHeaders(
mapOf(
"Digest" to listOf("SHA-256=TGGHcPGLechhcNo4gndoKUvCBhWaQOPgtoVDIpxc6J4="),
)
)
val httpRequest = HttpRequest(URL("https://example.com/"), headers, HttpMethod.GET)
val signature = rsaSha256HttpSignatureSigner.sign(
httpRequest, PrivateKey(rsaPrivateKey, "https://test-hideout.usbharu.dev/users/c#pubkey"),
listOf("(request-target)", "(created)", "(expires)", "digest")
)
assertEquals(
"Tqise/VQjlrtI+JtXJgpWXkr5XkkW+sV2QM9GWJo2mKH3EWdVJe2nG9SyzG7BUejGqcJyluGFGTgdhzIpncEDozQDBa6A28n/d/BzuPAMPR2KU0LtGAprs6kir4MIMBA+22tnS3Jy/RQiie0C2EbNWidFDoRuKUBCu2NbfAtrWXpb0NJ7bHFDfW0klN80y7TFYSaZVtt8H9ge/IW+tF+q/6ey71djY9gR4ZyA2fDBW/XusBmtOc8OavRKO/VEXvEVSwTHHVyw4KAJ4z+7yP/ikU7id0/fmByr6oecNDZ7t986Ht4bLmpOPg2zefv8w69GwQK8lkoCi/8DkO8nG2JJg==",
signature.signature
)
assertEquals("keyId=\"https://test-hideout.usbharu.dev/users/c#pubkey\",algorithm=\"hs2019\",created=\"1402170695\",expires=\"1402170705\",headers=\"(request-target) (created) (expires) digest\",signature=\"Tqise/VQjlrtI+JtXJgpWXkr5XkkW+sV2QM9GWJo2mKH3EWdVJe2nG9SyzG7BUejGqcJyluGFGTgdhzIpncEDozQDBa6A28n/d/BzuPAMPR2KU0LtGAprs6kir4MIMBA+22tnS3Jy/RQiie0C2EbNWidFDoRuKUBCu2NbfAtrWXpb0NJ7bHFDfW0klN80y7TFYSaZVtt8H9ge/IW+tF+q/6ey71djY9gR4ZyA2fDBW/XusBmtOc8OavRKO/VEXvEVSwTHHVyw4KAJ4z+7yP/ikU7id0/fmByr6oecNDZ7t986Ht4bLmpOPg2zefv8w69GwQK8lkoCi/8DkO8nG2JJg==\"", signature.signatureHeader)
}
}
}

View File

@ -4,6 +4,7 @@ import dev.usbharu.httpsignature.common.HttpHeaders
import dev.usbharu.httpsignature.common.HttpMethod import dev.usbharu.httpsignature.common.HttpMethod
import dev.usbharu.httpsignature.common.HttpRequest import dev.usbharu.httpsignature.common.HttpRequest
import dev.usbharu.httpsignature.common.PrivateKey import dev.usbharu.httpsignature.common.PrivateKey
import org.junit.jupiter.api.Assertions.assertEquals
import org.junit.jupiter.api.Test import org.junit.jupiter.api.Test
import java.net.URL import java.net.URL
import java.security.KeyFactory import java.security.KeyFactory
@ -12,9 +13,8 @@ import java.security.interfaces.RSAPublicKey
import java.security.spec.PKCS8EncodedKeySpec import java.security.spec.PKCS8EncodedKeySpec
import java.security.spec.X509EncodedKeySpec import java.security.spec.X509EncodedKeySpec
import java.util.* import java.util.*
import kotlin.test.assertEquals
class HttpSignatureSignerImplTest { class RsaSha256HttpSignatureSignerTest {
@Test @Test
fun 署名を作成できる() { fun 署名を作成できる() {
val privateKey = Base64.getDecoder().decode( val privateKey = Base64.getDecoder().decode(
@ -62,7 +62,7 @@ class HttpSignatureSignerImplTest {
val x509EncodedKeySpec = X509EncodedKeySpec(publicKey) val x509EncodedKeySpec = X509EncodedKeySpec(publicKey)
val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey
val httpSignatureSignerImpl = HttpSignatureSignerImpl() val rsaSha256HttpSignatureSigner = RsaSha256HttpSignatureSigner()
val headers = HttpHeaders( val headers = HttpHeaders(
mapOf( mapOf(
"X-Request-Id" to listOf("00000000-0000-0000-0000-000000000004"), "X-Request-Id" to listOf("00000000-0000-0000-0000-000000000004"),
@ -72,7 +72,7 @@ class HttpSignatureSignerImplTest {
) )
) )
val httpRequest = HttpRequest(URL("https://example.com/"), headers, HttpMethod.GET) val httpRequest = HttpRequest(URL("https://example.com/"), headers, HttpMethod.GET)
val signature = httpSignatureSignerImpl.sign( val signature = rsaSha256HttpSignatureSigner.sign(
httpRequest, PrivateKey(rsaPrivateKey, "https://test-hideout.usbharu.dev/users/c#pubkey"), httpRequest, PrivateKey(rsaPrivateKey, "https://test-hideout.usbharu.dev/users/c#pubkey"),
listOf("x-request-id", "tpp-redirect-uri", "digest", "psu-id") listOf("x-request-id", "tpp-redirect-uri", "digest", "psu-id")
) )

View File

@ -1,7 +1,7 @@
package dev.usbharu.httpsignature.verify package dev.usbharu.httpsignature.verify
import dev.usbharu.httpsignature.common.* import dev.usbharu.httpsignature.common.*
import dev.usbharu.httpsignature.sign.HttpSignatureSignerImpl import dev.usbharu.httpsignature.sign.RsaSha256HttpSignatureSigner
import org.junit.jupiter.api.Assertions import org.junit.jupiter.api.Assertions
import org.junit.jupiter.api.Test import org.junit.jupiter.api.Test
import java.net.URL import java.net.URL
@ -60,7 +60,7 @@ class HttpSignatureVerifierImplTest {
val x509EncodedKeySpec = X509EncodedKeySpec(publicKey) val x509EncodedKeySpec = X509EncodedKeySpec(publicKey)
val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey val rsaPublicKey = KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec) as RSAPublicKey
val httpSignatureSignerImpl = HttpSignatureSignerImpl() val rsaSha256HttpSignatureSigner = RsaSha256HttpSignatureSigner()
val headers = HttpHeaders( val headers = HttpHeaders(
mapOf( mapOf(
"X-Request-Id" to listOf("00000000-0000-0000-0000-000000000004"), "X-Request-Id" to listOf("00000000-0000-0000-0000-000000000004"),
@ -71,13 +71,13 @@ class HttpSignatureVerifierImplTest {
) )
val url = URL("https://example.com/") val url = URL("https://example.com/")
val httpRequest = HttpRequest(url, headers, HttpMethod.GET) val httpRequest = HttpRequest(url, headers, HttpMethod.GET)
val signature = httpSignatureSignerImpl.sign( val signature = rsaSha256HttpSignatureSigner.sign(
httpRequest, PrivateKey(rsaPrivateKey, "https://test-hideout.usbharu.dev/users/c#pubkey"), httpRequest, PrivateKey(rsaPrivateKey, "https://test-hideout.usbharu.dev/users/c#pubkey"),
listOf("x-request-id", "tpp-redirect-uri", "digest", "psu-id") listOf("x-request-id", "tpp-redirect-uri", "digest", "psu-id")
) )
val httpSignatureVerifierImpl = val httpSignatureVerifierImpl =
HttpSignatureVerifierImpl(DefaultSignatureHeaderParser(), httpSignatureSignerImpl) HttpSignatureVerifierImpl(DefaultSignatureHeaderParser(), rsaSha256HttpSignatureSigner)
val verify = httpSignatureVerifierImpl.verify( val verify = httpSignatureVerifierImpl.verify(
HttpRequest(url, headers.plus("Signature", listOf(signature.signatureHeader)), HttpMethod.GET), HttpRequest(url, headers.plus("Signature", listOf(signature.signatureHeader)), HttpMethod.GET),
PublicKey(rsaPublicKey, "https://test-hideout.usbharu.dev/users/c#pubkey") PublicKey(rsaPublicKey, "https://test-hideout.usbharu.dev/users/c#pubkey")