fix http signature auth

OpenAPITools · wing328 · Apr 27, 2020 · Apr 24, 2020 · Apr 25, 2020 · Apr 25, 2020
commit be01e1475bcb38dee12e44cb12d589f4f7028838
diff --git a/...enapi-generator/src/main/resources/Java/libraries/jersey2-experimental/ApiClient.mustache b/...enapi-generator/src/main/resources/Java/libraries/jersey2-experimental/ApiClient.mustache
@@ -23,6 +23,7 @@ import org.glassfish.jersey.media.multipart.MultiPartFeature;
 import java.io.IOException;
 import java.io.InputStream;
 
+import java.net.URI;
 {{^supportJava6}}
 import java.nio.file.Files;
 import java.nio.file.StandardCopyOption;
@@ -170,7 +171,7 @@ public class ApiClient {
     authentications.put("{{name}}", new HttpBearerAuth("{{scheme}}"));
     {{/isBasicBearer}}
     {{#isHttpSignature}}
-    authentications.put("{{name}}", new HttpSignatureAuth("{{name}}"));
+    authentications.put("{{name}}", new HttpSignatureAuth("{{name}}", null, null));
     {{/isHttpSignature}}
     {{/isBasic}}
     {{#isApiKey}}
@@ -950,11 +951,13 @@ public class ApiClient {
 
     Entity<?> entity = serialize(body, formParams, contentType);
 
+    // put all headers in one place
     Map<String, String> allHeaderParams = new HashMap<>();
     allHeaderParams.putAll(defaultHeaderMap);
     allHeaderParams.putAll(headerParams);
-
-    updateParamsForAuth(authNames, queryParams, allHeaderParams, cookieParams, method, target.getUri().toString());
+
+    // update different parameters (e.g. headers) for authentication
+    updateParamsForAuth(authNames, queryParams, allHeaderParams, cookieParams, entity.toString(), method, target.getUri());
 
     Response response = null;
 
@@ -1085,11 +1088,13 @@ public class ApiClient {
    * @param method HTTP method (e.g. POST)
    * @param uri HTTP URI
    */
-  protected void updateParamsForAuth(String[] authNames, List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String method, String uri) throws ApiException {
+  protected void updateParamsForAuth(String[] authNames, List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String payload, String method, URI uri) throws ApiException {
     for (String authName : authNames) {
       Authentication auth = authentications.get(authName);
-      if (auth == null) throw new RuntimeException("Authentication undefined: " + authName);
-      auth.applyToParams(queryParams, headerParams, cookieParams, method, uri);
+      if (auth == null) {
+        throw new RuntimeException("Authentication undefined: " + authName);
+      }
+      auth.applyToParams(queryParams, headerParams, cookieParams, payload, method, uri);
     }
   }
 }
diff --git a/...generator/src/main/resources/Java/libraries/jersey2-experimental/auth/ApiKeyAuth.mustache b/...generator/src/main/resources/Java/libraries/jersey2-experimental/auth/ApiKeyAuth.mustache
@@ -5,6 +5,7 @@ package {{invokerPackage}}.auth;
 import {{invokerPackage}}.Pair;
 import {{invokerPackage}}.ApiException;
 
+import java.net.URI;
 import java.util.Map;
 import java.util.List;
 
@@ -46,7 +47,7 @@ public class ApiKeyAuth implements Authentication {
   }
 
   @Override
-  public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String method, String uri) throws ApiException {
+  public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String payload, String method, URI uri) throws ApiException {
     if (apiKey == null) {
       return;
     }

diff --git a/...rator/src/main/resources/Java/libraries/jersey2-experimental/auth/Authentication.mustache b/...rator/src/main/resources/Java/libraries/jersey2-experimental/auth/Authentication.mustache
@@ -5,6 +5,7 @@ package {{invokerPackage}}.auth;
 import {{invokerPackage}}.Pair;
 import {{invokerPackage}}.ApiException;
 
+import java.net.URI;
 import java.util.Map;
 import java.util.List;
 
@@ -16,6 +17,6 @@ public interface Authentication {
      * @param headerParams Map of header parameters
      * @param cookieParams Map of cookie parameters
      */
-    void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String method, String uri) throws ApiException;
+    void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String payload, String method, URI uri) throws ApiException;
 
 }
diff --git a/...erator/src/main/resources/Java/libraries/jersey2-experimental/auth/HttpBasicAuth.mustache b/...erator/src/main/resources/Java/libraries/jersey2-experimental/auth/HttpBasicAuth.mustache
@@ -13,6 +13,7 @@ import java.util.Base64;
 import java.nio.charset.StandardCharsets;
 {{/java8}}
 
+import java.net.URI;
 import java.util.Map;
 import java.util.List;
 
@@ -42,7 +43,7 @@ public class HttpBasicAuth implements Authentication {
   }
 
   @Override
-  public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String method, String uri) throws ApiException {
+  public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String payload, String method, URI uri) throws ApiException {
     if (username == null && password == null) {
       return;
     }

diff --git a/...rator/src/main/resources/Java/libraries/jersey2-experimental/auth/HttpBearerAuth.mustache b/...rator/src/main/resources/Java/libraries/jersey2-experimental/auth/HttpBearerAuth.mustache
@@ -5,6 +5,7 @@ package {{invokerPackage}}.auth;
 import {{invokerPackage}}.Pair;
 import {{invokerPackage}}.ApiException;
 
+import java.net.URI;
 import java.util.Map;
 import java.util.List;
 
@@ -36,7 +37,7 @@ public class HttpBearerAuth implements Authentication {
   }
 
   @Override
-  public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String method, String uri) throws ApiException {
+  public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String payload, String method, URI uri) throws ApiException {
     if(bearerToken == null) {
       return;
     }

diff --git a/...or/src/main/resources/Java/libraries/jersey2-experimental/auth/HttpSignatureAuth.mustache b/...or/src/main/resources/Java/libraries/jersey2-experimental/auth/HttpSignatureAuth.mustache
@@ -6,59 +6,94 @@ import {{invokerPackage}}.Pair;
 import {{invokerPackage}}.ApiException;
 
 import java.io.ByteArrayInputStream;
-import java.security.PrivateKey;
-import java.security.PublicKey;
+import java.net.URI;
+import java.security.MessageDigest;
+import java.security.Key;
+import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.ArrayList;
 import java.util.List;
 
 import org.tomitribe.auth.signatures.*;
 
 public class HttpSignatureAuth implements Authentication {
 
-  private PrivateKey privateKey;
-
   private Signer signer;
 
+  private String name;
+
   private Algorithm algorithm;
 
-  private String name;
+  private List<String> headers;
 
-  public HttpSignatureAuth(String name) {
+  public HttpSignatureAuth(String name, Algorithm algorithm, List<String> headers) {
     this.name = name;
+    this.algorithm = algorithm;
+    this.headers = headers;
   }
 
-  public void setup(PrivateKey privateKey, Algorithm algorithm, String... sign) throws ApiException {
-    if (algorithm == null) {
-      this.algorithm = Algorithm.RSA_SHA512; // default using RSA-SHA512
-    } else {
-      this.algorithm = algorithm;
-    }
+  public String getName() {
+    return name;
+  }
 
-    if (privateKey == null) {
-      throw new ApiException("privateKey (java.security.PrivateKey) cannot be null");
-    } else {
-      this.privateKey = privateKey;
-    }
+  public void setName(String name) {
+    this.name = name;
+  }
+
+  public Algorithm getAlgorithm() {
+    return algorithm;
+  }
+
+  public void setAlgorithm(Algorithm algorithm) {
+    this.algorithm = algorithm;
+  }
+
+  public List<String> getHeaders() {
+    return headers;
+  }
 
-    signer = new Signer(this.privateKey, new Signature(this.name, this.algorithm, null, sign));
+  public void setHeaders(List<String> headers) {
+    this.headers = headers;
   }
 
   public Signer getSigner() {
     return signer;
   }
 
+  public void setSigner(Signer signer) {
+    this.signer = signer;
+  }
+
+  public void setup(Key key) throws ApiException {
+    if (key == null) {
+      throw new ApiException("key (java.security.Key) cannot be null");
+    }
+
+    signer = new Signer(key, new Signature(name, algorithm, null, headers));
+  }
+
   @Override
-  public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String method, String uri) throws ApiException {
+  public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String payload, String method, URI uri) throws ApiException {
+
+    System.out.println(queryParams);
+    System.out.println(headerParams);
+    System.out.println(method);
+    System.out.println(uri);
+    System.out.println(payload);
+
     if (signer == null) {
       throw new ApiException("Signer cannot be null. Please run the method `setup` to set it up correctly");
     }
 
     try {
-      headerParams.put("Authorization", signer.sign(method, uri, headerParams).toString());
+      headerParams.put("Authorization", signer.sign(method, uri.getPath(), headerParams).toString());
+      if (payload != null) {
+        final byte[] digest = MessageDigest.getInstance("SHA-256").digest(payload.getBytes());
+        headerParams.put("digest", "SHA-256=" + new String(Base64.getEncoder().encode(digest)));
+      }
     } catch (Exception ex) {
       throw new ApiException("Failed to create signature in the HTTP request header: " + ex.toString());
     }
   }
 }
-
diff --git a/...napi-generator/src/main/resources/Java/libraries/jersey2-experimental/auth/OAuth.mustache b/...napi-generator/src/main/resources/Java/libraries/jersey2-experimental/auth/OAuth.mustache
@@ -5,6 +5,7 @@ package {{invokerPackage}}.auth;
 import {{invokerPackage}}.Pair;
 import {{invokerPackage}}.ApiException;
 
+import java.net.URI;
 import java.util.Map;
 import java.util.List;
 
@@ -21,7 +22,7 @@ public class OAuth implements Authentication {
   }
 
   @Override
-  public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String method, String uri) throws ApiException {
+  public void applyToParams(List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String payload, String method, URI uri) throws ApiException {
     if (accessToken != null) {
       headerParams.put("Authorization", "Bearer " + accessToken);
     }

diff --git a/...les/openapi-generator/src/main/resources/Java/libraries/jersey2-experimental/pom.mustache b/...les/openapi-generator/src/main/resources/Java/libraries/jersey2-experimental/pom.mustache
@@ -63,7 +63,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.12</version>
+                <version>2.22.2</version>
                 <configuration>
                     <systemProperties>
                         <property>
@@ -73,6 +73,7 @@
                     </systemProperties>
                     <argLine>-Xms512m -Xmx1500m</argLine>
                     <parallel>methods</parallel>
+                    <useUnlimitedThreads>true</useUnlimitedThreads>
                     <forkMode>pertest</forkMode>
                 </configuration>
             </plugin>
@@ -383,6 +384,6 @@
         <threetenbp-version>2.9.10</threetenbp-version>
         {{/threetenbp}}
         <junit-version>4.13</junit-version>
-        <http-signature-version>1.0</http-signature-version>
+        <http-signature-version>1.3</http-signature-version>
     </properties>
 </project>
diff --git a/...api-generator/src/test/resources/3_0/petstore-with-fake-endpoints-models-for-testing.yaml b/...api-generator/src/test/resources/3_0/petstore-with-fake-endpoints-models-for-testing.yaml
@@ -1111,7 +1111,7 @@ paths:
           schema:
             type: string
       security:
-        - http_signature_test
+        - http_signature_test: []
       requestBody:
         $ref: '#/components/requestBodies/Pet'
       responses:

diff --git a/samples/client/petstore/java/jersey2-experimental/api/openapi.yaml b/samples/client/petstore/java/jersey2-experimental/api/openapi.yaml
@@ -1252,7 +1252,8 @@ paths:
       responses:
         "200":
           description: The instance started successfully
-      security: []
+      security:
+      - http_signature_test: []
       summary: test http signature authentication
       tags:
       - fake

diff --git a/samples/client/petstore/java/jersey2-experimental/docs/FakeApi.md b/samples/client/petstore/java/jersey2-experimental/docs/FakeApi.md
@@ -94,13 +94,15 @@ test http signature authentication
 import org.openapitools.client.ApiClient;
 import org.openapitools.client.ApiException;
 import org.openapitools.client.Configuration;
+import org.openapitools.client.auth.*;
 import org.openapitools.client.models.*;
 import org.openapitools.client.api.FakeApi;
 
 public class Example {
     public static void main(String[] args) {
         ApiClient defaultClient = Configuration.getDefaultApiClient();
         defaultClient.setBasePath("http://petstore.swagger.io:80/v2");
+
 
         FakeApi apiInstance = new FakeApi(defaultClient);
         Pet pet = new Pet(); // Pet | Pet object that needs to be added to the store
@@ -134,7 +136,7 @@ null (empty response body)
 
 ### Authorization
 
-No authorization required
+[http_signature_test](../README.md#http_signature_test)
 
 ### HTTP request headers
 

diff --git a/samples/client/petstore/java/jersey2-experimental/pom.xml b/samples/client/petstore/java/jersey2-experimental/pom.xml
@@ -56,7 +56,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.12</version>
+                <version>2.22.2</version>
                 <configuration>
                     <systemProperties>
                         <property>
@@ -66,6 +66,7 @@
                     </systemProperties>
                     <argLine>-Xms512m -Xmx1500m</argLine>
                     <parallel>methods</parallel>
+                    <useUnlimitedThreads>true</useUnlimitedThreads>
                     <forkMode>pertest</forkMode>
                 </configuration>
             </plugin>
@@ -306,6 +307,6 @@
         <jackson-databind-nullable-version>0.2.1</jackson-databind-nullable-version>
         <threetenbp-version>2.9.10</threetenbp-version>
         <junit-version>4.13</junit-version>
-        <http-signature-version>1.0</http-signature-version>
+        <http-signature-version>1.3</http-signature-version>
     </properties>
 </project>
diff --git a/...t/petstore/java/jersey2-experimental/src/main/java/org/openapitools/client/ApiClient.java b/...t/petstore/java/jersey2-experimental/src/main/java/org/openapitools/client/ApiClient.java
@@ -23,6 +23,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 
+import java.net.URI;
 import java.nio.file.Files;
 import java.nio.file.StandardCopyOption;
 import org.glassfish.jersey.logging.LoggingFeature;
@@ -166,7 +167,7 @@ public ApiClient() {
     authentications.put("api_key_query", new ApiKeyAuth("query", "api_key_query"));
     authentications.put("bearer_test", new HttpBearerAuth("bearer"));
     authentications.put("http_basic_test", new HttpBasicAuth());
-    authentications.put("http_signature_test", new HttpSignatureAuth("http_signature_test"));
+    authentications.put("http_signature_test", new HttpSignatureAuth("http_signature_test", null, null));
     authentications.put("petstore_auth", new OAuth());
     // Prevent the authentications from being modified.
     authentications = Collections.unmodifiableMap(authentications);
@@ -929,11 +930,13 @@ public <T> ApiResponse<T> invokeAPI(String operation, String path, String method
 
     Entity<?> entity = serialize(body, formParams, contentType);
 
+    // put all headers in one place
     Map<String, String> allHeaderParams = new HashMap<>();
     allHeaderParams.putAll(defaultHeaderMap);
     allHeaderParams.putAll(headerParams);
-
-    updateParamsForAuth(authNames, queryParams, allHeaderParams, cookieParams, method, target.getUri().toString());
+
+    // update different parameters (e.g. headers) for authentication
+    updateParamsForAuth(authNames, queryParams, allHeaderParams, cookieParams, entity.toString(), method, target.getUri());
 
     Response response = null;
 
@@ -1059,11 +1062,13 @@ protected Map<String, List<String>> buildResponseHeaders(Response response) {
    * @param method HTTP method (e.g. POST)
    * @param uri HTTP URI
    */
-  protected void updateParamsForAuth(String[] authNames, List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String method, String uri) throws ApiException {
+  protected void updateParamsForAuth(String[] authNames, List<Pair> queryParams, Map<String, String> headerParams, Map<String, String> cookieParams, String payload, String method, URI uri) throws ApiException {
     for (String authName : authNames) {
       Authentication auth = authentications.get(authName);
-      if (auth == null) throw new RuntimeException("Authentication undefined: " + authName);
-      auth.applyToParams(queryParams, headerParams, cookieParams, method, uri);
+      if (auth == null) {
+        throw new RuntimeException("Authentication undefined: " + authName);
+      }
+      auth.applyToParams(queryParams, headerParams, cookieParams, payload, method, uri);
     }
   }
 }