/** * Attempts to validate signature of given type * * @param buf the buffer to validate * @param headerSignature the header signature to compare to * @param type the type of key (vdc or internal api) * @return */ private boolean trySignature(String buf, String headerSignature, SignatureKeyType type) { String signature = _keyGenerator.sign(buf.toString(), type); _log.debug("signature: " + (signature != null ? signature : "null")); _log.debug("headerSignature: " + (headerSignature != null ? headerSignature : "null")); if (StringUtils.isNotBlank(headerSignature) && StringUtils.isNotBlank(signature) && headerSignature.equals(signature)) { return true; } return false; }
/** * Verifies signature on the request using the specified signature key type * * @param type specifies the type of key to use for verification (vdc or internal api) * @param req * @return true if the signature is good, false otherwise */ protected boolean verifySignature(HttpServletRequest req, SignatureKeyType type) { // To Do - add more fields to signature StringBuilder buf = new StringBuilder(req.getRequestURL().toString()); if (req.getQueryString() != null) { buf.append("?" + req.getQueryString()); } String timestamp = req.getHeader(INTERNODE_TIMESTAMP); if (timestamp != null && !timestamp.isEmpty()) { buf.append(req.getHeader(INTERNODE_TIMESTAMP)); } else { return false; } _log.debug("buf: " + buf.toString()); String headerSignature = req.getHeader(INTERNODE_HMAC); if (!trySignature(buf.toString(), headerSignature, type)) { _log.info( "Failed with signature key type {}. Reloading cached keys and trying again", type.toString()); _keyGenerator.loadKeys(); return trySignature(buf.toString(), headerSignature, type); } return true; }