You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@abdera.apache.org by jm...@apache.org on 2007/08/04 22:33:15 UTC
svn commit: r562761 - in
/incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util:
Constants.java DHContext.java servlet/DHEncryptedRequestFilter.java
servlet/DHEncryptedResponseFilter.java
Author: jmsnell
Date: Sat Aug 4 13:33:14 2007
New Revision: 562761
URL: http://svn.apache.org/viewvc?view=rev&rev=562761
Log:
Use Accept-Encryption and Content-Encrypted headers instead of X-DH.
I'll update the AES filter to match later
Modified:
incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/Constants.java
incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/DHContext.java
incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/DHEncryptedRequestFilter.java
incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/DHEncryptedResponseFilter.java
Modified: incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/Constants.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/Constants.java?view=diff&rev=562761&r1=562760&r2=562761
==============================================================================
--- incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/Constants.java (original)
+++ incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/Constants.java Sat Aug 4 13:33:14 2007
@@ -21,6 +21,8 @@
public final class Constants {
+ public static final String CONTENT_ENCRYPTED = "Content-Encrypted";
+ public static final String ACCEPT_ENCRYPTION = "Accept-Encryption";
Constants() {}
public static final String DSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
Modified: incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/DHContext.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/DHContext.java?view=diff&rev=562761&r1=562760&r2=562761
==============================================================================
--- incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/DHContext.java (original)
+++ incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/DHContext.java Sat Aug 4 13:33:14 2007
@@ -90,6 +90,7 @@
public String getRequestString() {
StringBuffer buf = new StringBuffer();
+ buf.append("DH ");
buf.append("p=");
buf.append(p.toString());
buf.append(", ");
@@ -106,6 +107,7 @@
public String getResponseString() {
StringBuffer buf = new StringBuffer();
+ buf.append("DH ");
buf.append("k=");
buf.append(Base64.encode(keyPair.getPublic().getEncoded()));
return buf.toString();
@@ -133,7 +135,10 @@
throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException,
InvalidKeySpecException {
- String[] params = dh.split("\\s*,\\s*");
+ String[] segments = dh.split("\\s+",2);
+ if (!segments[0].equalsIgnoreCase("DH"))
+ throw new IllegalArgumentException();
+ String[] params = segments[1].split("\\s*,\\s*");
byte[] key = null;
for (String param : params) {
String name = param.substring(0,param.indexOf("="));
@@ -186,7 +191,10 @@
String dh)
throws NoSuchAlgorithmException,
InvalidKeySpecException {
- String[] tokens = dh.split("\\s*,\\s*");
+ String[] segments = dh.split("\\s+",2);
+ if (!segments[0].equalsIgnoreCase("DH"))
+ throw new IllegalArgumentException();
+ String[] tokens = segments[1].split("\\s*,\\s*");
byte[] key = null;
for (String token : tokens) {
String name = token.substring(0,token.indexOf("="));
Modified: incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/DHEncryptedRequestFilter.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/DHEncryptedRequestFilter.java?view=diff&rev=562761&r1=562760&r2=562761
==============================================================================
--- incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/DHEncryptedRequestFilter.java (original)
+++ incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/DHEncryptedRequestFilter.java Sat Aug 4 13:33:14 2007
@@ -26,6 +26,7 @@
import org.apache.abdera.security.Encryption;
import org.apache.abdera.security.EncryptionOptions;
+import org.apache.abdera.security.util.Constants;
import org.apache.abdera.security.util.DHContext;
/**
@@ -49,7 +50,7 @@
ServletRequest request,
ServletResponse response ) {
String method = ((HttpServletRequest)request).getMethod();
- // include a X-DH header in the response to GET, HEAD and OPTIONS requests
+ // include a Accept-Encryption header in the response to GET, HEAD and OPTIONS requests
// the header will specify all the information the client needs to construct
// it's own DH context and encrypt the request
if ("GET".equalsIgnoreCase(method) ||
@@ -57,7 +58,7 @@
"OPTIONS".equalsIgnoreCase(method)) {
DHContext context = new DHContext();
((HttpServletResponse)response).setHeader(
- DHEncryptedResponseFilter.DH,
+ Constants.ACCEPT_ENCRYPTION,
context.getRequestString());
((HttpServletRequest) request).getSession(true).setAttribute(
"dhcontext", context);
@@ -69,7 +70,7 @@
DHContext context =
(DHContext) ((HttpServletRequest)request).
getSession(true).getAttribute("dhcontext");
- String dh = ((HttpServletRequest)request).getHeader(DHEncryptedResponseFilter.DH);
+ String dh = ((HttpServletRequest)request).getHeader(Constants.CONTENT_ENCRYPTED);
if (context != null && dh != null && dh.length() > 0) {
try {
context.setPublicKey(dh);
Modified: incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/DHEncryptedResponseFilter.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/DHEncryptedResponseFilter.java?view=diff&rev=562761&r1=562760&r2=562761
==============================================================================
--- incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/DHEncryptedResponseFilter.java (original)
+++ incubator/abdera/java/trunk/security/src/main/java/org/apache/abdera/security/util/servlet/DHEncryptedResponseFilter.java Sat Aug 4 13:33:14 2007
@@ -24,13 +24,14 @@
import org.apache.abdera.security.Encryption;
import org.apache.abdera.security.EncryptionOptions;
+import org.apache.abdera.security.util.Constants;
import org.apache.abdera.security.util.DHContext;
/**
* A Servlet Filter that uses Diffie-Hellman Key Exchange to encrypt
- * Atom documents. The HTTP request must include a X-DH header in the form:
+ * Atom documents. The HTTP request must include an Accept-Encryption header in the form:
*
- * X-DH: p={dh_p}, g={dh_g}, l={dh_l}, k={base64_pubkey}
+ * Accept-Encryption: DH p={dh_p}, g={dh_g}, l={dh_l}, k={base64_pubkey}
*
* Example AbderaClient Code:
* <pre>
@@ -38,12 +39,12 @@
* Abdera abdera = new Abdera();
* CommonsClient client = new CommonsClient(abdera);
* RequestOptions options = client.getDefaultRequestOptions();
- * options.setHeader("X-DH", context.getRequestString());
+ * options.setHeader("Accept-Encryption", context.getRequestString());
*
* ClientResponse response = client.get("http://localhost:8080/TestWeb/test",options);
* Document<Element> doc = response.getDocument();
*
- * String dh_ret = response.getHeader("X-DH");
+ * String dh_ret = response.getHeader("Content-Encrypted");
* if (dh_ret != null) {
* context.setPublicKey(dh_ret);
* AbderaSecurity absec = new AbderaSecurity(abdera);
@@ -69,8 +70,6 @@
*/
public class DHEncryptedResponseFilter
extends BCEncryptedResponseFilter {
-
- public static final String DH = "X-DH";
protected boolean doEncryption(ServletRequest request, Object arg) {
return arg != null;
@@ -96,12 +95,12 @@
}
private void returnPublicKey(HttpServletResponse response, DHContext context) {
- response.setHeader(DH,context.getResponseString());
+ response.setHeader(Constants.CONTENT_ENCRYPTED,context.getResponseString());
}
private DHContext getDHContext(HttpServletRequest request) {
try {
- String dh_req = request.getHeader(DH);
+ String dh_req = request.getHeader(Constants.ACCEPT_ENCRYPTION);
if (dh_req == null || dh_req.length() == 0) return null;
return new DHContext(dh_req);
} catch (Exception e) {