Files
SCM-Manager/scm-webapp/src/main/java/sonia/scm/security/SecureKeyResolver.java

170 lines
4.5 KiB
Java
Raw Normal View History

/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.SigningKeyResolverAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.store.ConfigurationEntryStore;
import sonia.scm.store.ConfigurationEntryStoreFactory;
import static com.google.common.base.Preconditions.*;
//~--- JDK imports ------------------------------------------------------------
import java.security.SecureRandom;
2018-12-06 08:56:57 +01:00
import java.util.Random;
import javax.inject.Inject;
import javax.inject.Singleton;
/**
* Resolve secure keys which can be used for signing token and messages.
*
* @author Sebastian Sdorra
* @since 2.0.0
*/
@Singleton
public class SecureKeyResolver extends SigningKeyResolverAdapter
{
/** key length */
private static final int KEY_LENGTH = 64;
/** name of the configuration store */
@VisibleForTesting
static final String STORE_NAME = "keys";
/**
* the logger for SecureKeyResolver
*/
private static final Logger logger =
LoggerFactory.getLogger(SecureKeyResolver.class);
//~--- constructors ---------------------------------------------------------
/**
* Constructs a new SecureKeyResolver
*
*
* @param storeFactory store factory
*/
@Inject
@SuppressWarnings("unchecked")
2018-12-06 08:56:57 +01:00
public SecureKeyResolver(ConfigurationEntryStoreFactory storeFactory) {
this(storeFactory, new SecureRandom());
}
SecureKeyResolver(ConfigurationEntryStoreFactory storeFactory, Random random)
{
2018-12-03 16:30:19 +01:00
store = storeFactory
.withType(SecureKey.class)
.withName(STORE_NAME)
2018-12-03 16:30:19 +01:00
.build();
2018-12-06 08:56:57 +01:00
this.random = random;
}
//~--- methods --------------------------------------------------------------
/**
* {@inheritDoc}
*/
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims)
{
checkNotNull(claims, "claims is required");
String subject = claims.getSubject();
checkArgument(!Strings.isNullOrEmpty(subject), "subject is required");
SecureKey key = store.get(subject);
if (key == null) {
return getSecureKey(subject).getBytes();
}
return key.getBytes();
}
//~--- get methods ----------------------------------------------------------
/**
* Returns the secure key for the given subject, if there is no key for the
* subject a new key is generated.
*
* @param subject subject
*
* @return secure key
*/
public SecureKey getSecureKey(String subject)
{
SecureKey key = store.get(subject);
if (key == null)
{
logger.trace("create new key for subject");
key = createNewKey();
store.put(subject, key);
}
return key;
}
//~--- methods --------------------------------------------------------------
/**
* Creates a new secure key.
*
*
* @return new secure key
*/
private SecureKey createNewKey()
{
byte[] bytes = new byte[KEY_LENGTH];
random.nextBytes(bytes);
return new SecureKey(bytes, System.currentTimeMillis());
}
//~--- fields ---------------------------------------------------------------
/** secure randon */
2018-12-06 08:56:57 +01:00
private final Random random;
/** configuration entry store */
private final ConfigurationEntryStore<SecureKey> store;
}