Files
SCM-Manager/scm-webapp/src/main/java/sonia/scm/security/SecureKeyResolver.java
Florian Scholdei f1b34eb502 Changeover to MIT license (#1066)
* prepare license-maven-plugin for license migration
* added license mapping for tsx files and added some more excludes
* Changeover to MIT license
* Fix build problems
* Delete old remaining licenses
* Add more exclude path for license checker
* Rename included netbeans license, add exclude .m2/repository/
* Specify .m2 exclude because not only repository/, also wrapper/ must match
* Add .cache/ exclude for license check
* Modify formatting of license in java classes to comply with convention and IDE
* Add IntelliJ documentation for license configuration
* Update CHANGELOG.md
* Exclude tmp/workspace/ dir for license check
* Edit README.md

Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
2020-03-23 15:35:58 +01:00

170 lines
4.5 KiB
Java

/*
* MIT License
*
* Copyright (c) 2020-present Cloudogu GmbH and Contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
package sonia.scm.security;
//~--- non-JDK imports --------------------------------------------------------
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.SigningKeyResolverAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.store.ConfigurationEntryStore;
import sonia.scm.store.ConfigurationEntryStoreFactory;
import static com.google.common.base.Preconditions.*;
//~--- JDK imports ------------------------------------------------------------
import java.security.SecureRandom;
import java.util.Random;
import javax.inject.Inject;
import javax.inject.Singleton;
/**
* Resolve secure keys which can be used for signing token and messages.
*
* @author Sebastian Sdorra
* @since 2.0.0
*/
@Singleton
public class SecureKeyResolver extends SigningKeyResolverAdapter
{
/** key length */
private static final int KEY_LENGTH = 64;
/** name of the configuration store */
@VisibleForTesting
static final String STORE_NAME = "keys";
/**
* the logger for SecureKeyResolver
*/
private static final Logger logger =
LoggerFactory.getLogger(SecureKeyResolver.class);
//~--- constructors ---------------------------------------------------------
/**
* Constructs a new SecureKeyResolver
*
*
* @param storeFactory store factory
*/
@Inject
@SuppressWarnings("unchecked")
public SecureKeyResolver(ConfigurationEntryStoreFactory storeFactory) {
this(storeFactory, new SecureRandom());
}
SecureKeyResolver(ConfigurationEntryStoreFactory storeFactory, Random random)
{
store = storeFactory
.withType(SecureKey.class)
.withName(STORE_NAME)
.build();
this.random = random;
}
//~--- methods --------------------------------------------------------------
/**
* {@inheritDoc}
*/
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims)
{
checkNotNull(claims, "claims is required");
String subject = claims.getSubject();
checkArgument(!Strings.isNullOrEmpty(subject), "subject is required");
SecureKey key = store.get(subject);
if (key == null) {
return getSecureKey(subject).getBytes();
}
return key.getBytes();
}
//~--- get methods ----------------------------------------------------------
/**
* Returns the secure key for the given subject, if there is no key for the
* subject a new key is generated.
*
* @param subject subject
*
* @return secure key
*/
public SecureKey getSecureKey(String subject)
{
SecureKey key = store.get(subject);
if (key == null)
{
logger.trace("create new key for subject");
key = createNewKey();
store.put(subject, key);
}
return key;
}
//~--- methods --------------------------------------------------------------
/**
* Creates a new secure key.
*
*
* @return new secure key
*/
private SecureKey createNewKey()
{
byte[] bytes = new byte[KEY_LENGTH];
random.nextBytes(bytes);
return new SecureKey(bytes, System.currentTimeMillis());
}
//~--- fields ---------------------------------------------------------------
/** secure randon */
private final Random random;
/** configuration entry store */
private final ConfigurationEntryStore<SecureKey> store;
}