1 /*
2 * Copyright (c) 2002-2022, City of Paris
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright notice
10 * and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright notice
13 * and the following disclaimer in the documentation and/or other materials
14 * provided with the distribution.
15 *
16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 *
32 * License 1.0
33 */
34 package fr.paris.lutece.plugins.dansmarue.modules.rest.service;
35
36 import javax.servlet.http.HttpServletRequest;
37
38 import org.apache.commons.lang.StringUtils;
39
40 import fr.paris.lutece.plugins.dansmarue.modules.rest.util.constants.SiraRestConstants;
41 import fr.paris.lutece.portal.service.util.AppPropertiesService;
42 import fr.paris.lutece.util.signrequest.security.Sha1HashService;
43
44 /**
45 * SiraRequestService.
46 */
47 public class SiraRequestService
48 {
49
50 /** The sha 1 hash service. */
51 private static Sha1HashService _sha1HashService;
52
53 /**
54 * setter.
55 *
56 * @param sha1HashService
57 * the service
58 */
59 public static void setSha1HashService( Sha1HashService sha1HashService )
60 {
61 _sha1HashService = sha1HashService;
62 }
63
64 /**
65 * Check if Request is authenticated.
66 *
67 * @param request
68 * the request
69 * @param strJSONStream
70 * the json stream
71 * @return true if request is authenticated
72 */
73 public boolean isRequestAuthenticated( HttpServletRequest request, String strJSONStream )
74 {
75 int nSignRequestActived = AppPropertiesService.getPropertyInt( SiraRestConstants.PROPERTY_ACTIVATION_SIGNREQUEST, 0 );
76
77 if ( nSignRequestActived == 1 )
78 {
79 String strHash1 = request.getHeader( SiraRestConstants.HEADER_X_APP_REQUEST_SIGNATURE );
80
81 // no signature
82 if ( StringUtils.isBlank( strHash1 ) )
83 {
84 return false;
85 }
86
87 String strHash2 = buildSignature( request, strJSONStream );
88
89 return strHash1.equals( strHash2 );
90 }
91 else
92 {
93 return true;
94 }
95 }
96
97 /**
98 * Create a signature.
99 *
100 * @param request
101 * The http request
102 * @param strJSONStream
103 * the json stream
104 * @return A signature as an Hexadecimal Hash
105 */
106 public String buildSignature( HttpServletRequest request, String strJSONStream )
107 {
108 StringBuilder sb = new StringBuilder( );
109 sb.append( AppPropertiesService.getProperty( SiraRestConstants.PROPERTY_PRIVATE_KEY_ANDROID_API ) );
110
111 if ( StringUtils.isNotBlank( strJSONStream ) )
112 {
113 sb.append( strJSONStream );
114 }
115
116 return _sha1HashService.getHash( sb.toString( ) );
117 }
118 }