HMACGenerateFunction.java
/*
* Copyright (c) 2021, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.synapse.util.xpath;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jaxen.Context;
import org.jaxen.Function;
import org.jaxen.FunctionCallException;
import org.jaxen.function.StringFunction;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Formatter;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/*
Xpath function to generate HMAC signature
*/
public class HMACGenerateFunction implements Function {
private static final Log log = LogFactory.getLog(HMACGenerateFunction.class);
private static final String DEFAULT_HMAC_SIGNATURE = "HmacSHA1";
private static Map<String, Mac> macInstancesMap = new ConcurrentHashMap<>();
@Override
public Object call(Context context, List args) throws FunctionCallException {
boolean debugOn = log.isDebugEnabled();
if (args == null) {
if (debugOn) {
log.debug("Missing arguments in the function call");
}
return SynapseXPathConstants.NULL_STRING;
}
int size = args.size();
if (size == 2) {
String payload = StringFunction.evaluate(args.get(0), context.getNavigator());
String secret = StringFunction.evaluate(args.get(1), context.getNavigator());
return generateSignature(payload, secret, DEFAULT_HMAC_SIGNATURE);
}
if (size == 3) {
String payload = StringFunction.evaluate(args.get(0), context.getNavigator());
String secret = StringFunction.evaluate(args.get(1), context.getNavigator());
String algorithm = StringFunction.evaluate(args.get(2), context.getNavigator());
return generateSignature(payload, secret, algorithm);
}
if (debugOn) {
log.debug("Missing arguments in the function call");
}
return SynapseXPathConstants.NULL_STRING;
}
/**
* Generate the HMAC signature against the secret for given algorithm
*
* @param payload The request body
* @param secret The secret
* @param algorithm The algorithm to generate signature
* @return The generated signature
* @throws FunctionCallException On error during HMAC signature generation
*/
private String generateSignature(String payload, String secret, String algorithm) throws FunctionCallException {
try {
Mac mac = getMacInstance(algorithm);
final SecretKeySpec signingKey = new SecretKeySpec(secret.getBytes(), algorithm);
mac.init(signingKey);
return toHexString(mac.doFinal(payload.getBytes()));
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
String msg = "Error while generating HMAC signature";
log.error(msg, e);
throw new FunctionCallException(msg, e);
}
}
private static String toHexString(byte[] bytes) {
Formatter formatter = new Formatter();
for (byte b : bytes) {
formatter.format("%02x", b);
}
return formatter.toString();
}
private Mac getMacInstance(String algorithm) throws NoSuchAlgorithmException {
Mac macInstance = macInstancesMap.get(algorithm);
if (macInstance == null) {
macInstance = Mac.getInstance(algorithm);
macInstancesMap.put(algorithm, macInstance);
}
return macInstance;
}
}