-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Updates token permissions of CI workflows - Updates CodeQL action version - Swaps to official OpenJDK image and pins down version - Adds Sign/Verify support Resolves #18 {minor}
- Loading branch information
Showing
31 changed files
with
866 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
...vault-app/src/main/java/com/github/nagyesta/lowkeyvault/model/v7_2/key/KeySignResult.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
package com.github.nagyesta.lowkeyvault.model.v7_2.key; | ||
|
||
import com.fasterxml.jackson.annotation.JsonInclude; | ||
import com.fasterxml.jackson.annotation.JsonProperty; | ||
import com.github.nagyesta.lowkeyvault.service.key.id.VersionedKeyEntityId; | ||
import lombok.Data; | ||
import org.springframework.util.Assert; | ||
|
||
import java.net.URI; | ||
import java.util.Base64; | ||
|
||
@Data | ||
@JsonInclude(JsonInclude.Include.NON_NULL) | ||
public class KeySignResult { | ||
|
||
private static final Base64.Encoder ENCODER = Base64.getUrlEncoder().withoutPadding(); | ||
|
||
@JsonProperty("kid") | ||
private URI id; | ||
@JsonProperty("value") | ||
private String value; | ||
|
||
public static KeySignResult forBytes(@org.springframework.lang.NonNull final VersionedKeyEntityId keyEntityId, | ||
@org.springframework.lang.NonNull final byte[] value) { | ||
Assert.notNull(value, "Value must not be null."); | ||
return forString(keyEntityId, ENCODER.encodeToString(value)); | ||
} | ||
|
||
private static KeySignResult forString(final VersionedKeyEntityId keyEntityId, final String value) { | ||
final KeySignResult result = new KeySignResult(); | ||
result.setId(keyEntityId.asUri()); | ||
result.setValue(value); | ||
return result; | ||
} | ||
|
||
} |
18 changes: 18 additions & 0 deletions
18
...ult-app/src/main/java/com/github/nagyesta/lowkeyvault/model/v7_2/key/KeyVerifyResult.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
package com.github.nagyesta.lowkeyvault.model.v7_2.key; | ||
|
||
import com.fasterxml.jackson.annotation.JsonInclude; | ||
import com.fasterxml.jackson.annotation.JsonProperty; | ||
import lombok.AllArgsConstructor; | ||
import lombok.Data; | ||
import lombok.NoArgsConstructor; | ||
|
||
@Data | ||
@NoArgsConstructor | ||
@AllArgsConstructor | ||
@JsonInclude(JsonInclude.Include.NON_NULL) | ||
public class KeyVerifyResult { | ||
|
||
@JsonProperty("value") | ||
private boolean value; | ||
|
||
} |
79 changes: 79 additions & 0 deletions
79
...ain/java/com/github/nagyesta/lowkeyvault/model/v7_2/key/constants/SignatureAlgorithm.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
package com.github.nagyesta.lowkeyvault.model.v7_2.key.constants; | ||
|
||
import com.fasterxml.jackson.annotation.JsonCreator; | ||
import com.fasterxml.jackson.annotation.JsonIgnore; | ||
import com.fasterxml.jackson.annotation.JsonValue; | ||
|
||
import java.util.Arrays; | ||
|
||
@SuppressWarnings("checkstyle:JavadocVariable") | ||
public enum SignatureAlgorithm { | ||
|
||
ES256("ES256", "NONEwithECDSA", KeyType.EC) { | ||
@Override | ||
public boolean isCompatibleWithCurve(final KeyCurveName keyCurveName) { | ||
return KeyCurveName.P_256 == keyCurveName; | ||
} | ||
}, | ||
ES256K("ES256K", "NONEwithECDSA", KeyType.EC) { | ||
@Override | ||
public boolean isCompatibleWithCurve(final KeyCurveName keyCurveName) { | ||
return KeyCurveName.P_256K == keyCurveName; | ||
} | ||
}, | ||
ES384("ES384", "NONEwithECDSA", KeyType.EC) { | ||
@Override | ||
public boolean isCompatibleWithCurve(final KeyCurveName keyCurveName) { | ||
return KeyCurveName.P_384 == keyCurveName; | ||
} | ||
}, | ||
ES512("ES512", "NONEwithECDSA", KeyType.EC) { | ||
@Override | ||
public boolean isCompatibleWithCurve(final KeyCurveName keyCurveName) { | ||
return KeyCurveName.P_521 == keyCurveName; | ||
} | ||
}, | ||
PS256("PS256", "SHA256withRSAandMGF1", KeyType.RSA), | ||
PS384("PS384", "SHA384withRSAandMGF1", KeyType.RSA), | ||
PS512("PS512", "SHA512withRSAandMGF1", KeyType.RSA), | ||
RS256("RS256", "SHA256withRSA", KeyType.RSA), | ||
RS384("RS384", "SHA384withRSA", KeyType.RSA), | ||
RS512("RS512", "SHA512withRSA", KeyType.RSA); | ||
|
||
private final String value; | ||
private final String alg; | ||
private final KeyType compatibleType; | ||
|
||
SignatureAlgorithm(final String value, | ||
final String alg, final KeyType compatibleType) { | ||
this.value = value; | ||
this.alg = alg; | ||
this.compatibleType = compatibleType; | ||
} | ||
|
||
@JsonCreator | ||
public static SignatureAlgorithm forValue(final String name) { | ||
return Arrays.stream(values()).filter(algorithm -> algorithm.getValue().equals(name)).findFirst().orElse(null); | ||
} | ||
|
||
@JsonValue | ||
public String getValue() { | ||
return value; | ||
} | ||
|
||
@JsonIgnore | ||
public String getAlg() { | ||
return alg; | ||
} | ||
|
||
@JsonIgnore | ||
public boolean isCompatible(final KeyType type) { | ||
return compatibleType == type; | ||
} | ||
|
||
@JsonIgnore | ||
public boolean isCompatibleWithCurve(final KeyCurveName keyCurveName) { | ||
return false; | ||
} | ||
|
||
} |
35 changes: 35 additions & 0 deletions
35
...c/main/java/com/github/nagyesta/lowkeyvault/model/v7_2/key/request/KeySignParameters.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
package com.github.nagyesta.lowkeyvault.model.v7_2.key.request; | ||
|
||
import com.fasterxml.jackson.annotation.JsonIgnore; | ||
import com.fasterxml.jackson.annotation.JsonInclude; | ||
import com.fasterxml.jackson.annotation.JsonProperty; | ||
import com.github.nagyesta.lowkeyvault.model.v7_2.key.constants.SignatureAlgorithm; | ||
import lombok.Data; | ||
|
||
import javax.validation.constraints.NotBlank; | ||
import javax.validation.constraints.NotNull; | ||
import java.util.Base64; | ||
import java.util.Optional; | ||
|
||
@Data | ||
@JsonInclude(JsonInclude.Include.NON_NULL) | ||
public class KeySignParameters { | ||
|
||
private static final Base64.Decoder DECODER = Base64.getUrlDecoder(); | ||
|
||
@NotNull | ||
@JsonProperty("alg") | ||
private SignatureAlgorithm algorithm; | ||
|
||
@NotNull | ||
@NotBlank | ||
@JsonProperty("value") | ||
private String value; | ||
|
||
@JsonIgnore | ||
public byte[] getValueAsBase64DecodedBytes() { | ||
return Optional.ofNullable(value) | ||
.map(DECODER::decode) | ||
.orElse(null); | ||
} | ||
} |
49 changes: 49 additions & 0 deletions
49
...main/java/com/github/nagyesta/lowkeyvault/model/v7_2/key/request/KeyVerifyParameters.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
package com.github.nagyesta.lowkeyvault.model.v7_2.key.request; | ||
|
||
import com.fasterxml.jackson.annotation.JsonIgnore; | ||
import com.fasterxml.jackson.annotation.JsonInclude; | ||
import com.fasterxml.jackson.annotation.JsonProperty; | ||
import com.github.nagyesta.lowkeyvault.model.v7_2.key.constants.SignatureAlgorithm; | ||
import lombok.Data; | ||
|
||
import javax.validation.constraints.NotBlank; | ||
import javax.validation.constraints.NotNull; | ||
import java.util.Base64; | ||
import java.util.Optional; | ||
|
||
@Data | ||
@JsonInclude(JsonInclude.Include.NON_NULL) | ||
public class KeyVerifyParameters { | ||
|
||
private static final Base64.Decoder DECODER = Base64.getUrlDecoder(); | ||
|
||
@NotNull | ||
@JsonProperty("alg") | ||
private SignatureAlgorithm algorithm; | ||
|
||
@NotNull | ||
@NotBlank | ||
@JsonProperty("value") | ||
private String value; | ||
|
||
@NotNull | ||
@NotBlank | ||
@JsonProperty("digest") | ||
private String digest; | ||
|
||
@JsonIgnore | ||
public byte[] getValueAsBase64DecodedBytes() { | ||
return decodeOptionalStringAsBase64Bytes(value); | ||
} | ||
|
||
@JsonIgnore | ||
public byte[] getDigestAsBase64DecodedBytes() { | ||
return decodeOptionalStringAsBase64Bytes(digest); | ||
} | ||
|
||
private byte[] decodeOptionalStringAsBase64Bytes(final String digest) { | ||
return Optional.ofNullable(digest) | ||
.map(DECODER::decode) | ||
.orElse(null); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.