private boolean verifySignature(
Principal principal,
byte[] dataToSign,
String signature,
ContainerRequestContext requestContext) {
try {
final byte[] signatureData = StringUtils.base64Decode(signature);
if (logger.isDebugEnabled()) {
logger.debug(
"Verifying REST request - principal: "
+ principal
+ " data: "
+ fingerprint(dataToSign)
+ " signature: "
+ fingerprint(signatureData));
}
SignatureVerificationKey key = findVerificationKey(principal);
if (key == null) {
return false;
}
try {
cryptoEngine.verifySignature(key, digestAlgorithm, dataToSign, signatureData);
return true;
} catch (InvalidKeyException e) {
logServerError(
"Invalid key found while verifying signature: " + e.getMessage(), e, requestContext);
throw new WebApplicationException(INTERNAL_SERVER_ERROR);
} catch (SignatureException e) {
return false;
}
} catch (BackendAccessException e) {
logServerError("Unexpected BackendAccessException: " + e.getMessage(), e, requestContext);
throw new WebApplicationException(INTERNAL_SERVER_ERROR);
}
}
private String signResponse(Principal principal, byte[] data)
throws InvalidKeyException, BackendAccessException {
SigningKey key = findSigningKey(principal);
if (key == null) {
logServerError("Unable to find key for response signing: " + principal.getName(), null, null);
throw new WebApplicationException(INTERNAL_SERVER_ERROR);
}
return StringUtils.base64Encode(cryptoEngine.sign(key, digestAlgorithm, data));
}
public RESTAuthenticationFilter(
CryptoEngine cryptoEngine,
Long contentMaxSize,
DigestAlgorithm digestAlgorithm,
long expiry,
ReplayAttackValidator replayAttackValidator) {
this.cryptoEngine = cryptoEngine;
this.contentMaxSize = contentMaxSize;
this.digestAlgorithm = digestAlgorithm;
this.expiry = expiry;
this.replayAttackValidator = replayAttackValidator;
logger.debug(
"REST Authentication filter using crypto engine: " + cryptoEngine.getClass().getName());
}