Merge pull request #7 from GovTechSG/development

Development

Author: Kelvin Wijaya

CHANGELOG.md

@@ -21,4 +21,8 @@
 ### V1.2.0-SNAPSHOT
 + Bug fixes for null value checking
 + Update basestring method to suppport use-case where value of queryparam or form value is empty
-+ Update nonce method to generate base64 encoded string value of 32 bytes characters
++ Update nonce method to generate base64 encoded string value of 32 bytes characters
+### V1.3.0-SNAPSHOT
++ Update test-suites framework to cover more use-case scenarios
++ Add Utility to read from PKI Key with PEM format
++ Update README documentation

README.md

@@ -65,7 +65,7 @@ mvn install
 <dependency>
     <groupId>com.api.util</groupId>
     <artifactId>ApiSecurity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
 </dependency>
 
 ```
@@ -133,20 +133,75 @@ repositories {
     mavenLocal()
 }
 dependencies {
-    compile group: 'com.api.util', name: 'ApiSecurity', version: '1.0-SNAPSHOT'
+    compile group: 'com.api.util', name: 'ApiSecurity', version: '1.3.0-SNAPSHOT'
 }
 	
 ```
 
 ### Development
 
-#### Constructing Signature BaseString 
+#### Preparing HTTP Signature Token 
+
+Append this signature token into the Authorization header of the HTTP request
+
+Params:
+* realm
+* authPrefix - Authorization Header scheme prefix , i.e 'Apex_l2_eg'
+* httpMethod
+* urlPath - Signing URL, remember to append <<tenant>>.e.api.gov.sg or <<tenant>>-pvt.i.api.gov.sg in <<URL>>
+* appId - App ID created in Gateway
+* secret - set to null for REST L2 SHA256WITHRSA
+* formList - to support parameter for form data if any
+* password
+* alias
+* fileName
+* nonce - set to null for random generated number
+* timestamp - set to null for current timestamp
+
+
+```java
+String realm = "<<your_client_host_url>>"
+String authPrefix = "<<authPrefix>>
+String httpMethod = "get"
+//Append the query param in the url or else add as ApiList 
+String signingUrl = "https://<<URL>>/api/v1/?param1=first&param2=123";
+String certFileName = "certificates/ssc.alpha.example.com.p12";
+String password = "<<passphrase>>";
+String alias = "alpha";
+String appId = "<<appId>>";
+String secret = null;
+//only needed for Content-Type: application/x-www-form-urlencoded, else null
+ApiList formList = null;
+String nonce = null;
+String timestamp = null;
+
+
+//optional for QueryParam - in-case not append the query parameters in the signingUrl
+//Sring signingUrl = "https://<<tenant>>-pvt.i.api.gov.sg/api/v1"
+ApiList queryParam = new ApiList();
+queryParam.add("query1","value1");
+
+//optional for formList
+ApiList formList = new ApiList();
+formList.add("param1", "data1");
+
+//If queryParam and formList are both available, combine the list before submitting
+formList.addAll(queryParam);
+
+try {
+    String signature = ApiSigning.getSignatureToken(authPrefix, authPrefix, httpMethod, signingUrl, appId, secret, formList, password, alias, certFileName, nonce, timestamp);
+} catch (ApiUtilException e) {
+    e.printStackTrace();
+}
+```
+
+#### Constructing Signature BaseString (for reference only)
 
 Method: 
 * getBaseString
 
 Params:
-* authPrefix - Authorization Header scheme prefix , i.e 'prefix_appId'
+* authPrefix - Authorization Header scheme prefix , i.e 'Apex_l2_eg'
 * signatureMethod
 * appId - App ID created in Gateway
 * urlPath
@@ -156,7 +211,7 @@ Params:
 * timestamp - set to null for current timestamp
 
 ```java
-String url = "https://<<URL>>/api/v1/?param1=first&ab-param2=123";
+String signingUrl = "https://<<URL>>/api/v1/?param1=first&param2=123";
 
 ApiList formList = new ApiList();
 formList.add("param1", "data1");
@@ -168,7 +223,7 @@ baseString = ApiSigning.getBaseString(
     "<<authPrefix>>",
     "HMACSHA256",
     "<<appId>>",
-    url,
+    signingUrl,
     "post",
     formList,
     "6584351262900708156",
@@ -183,7 +238,7 @@ System.out.println(baseString);
 
 ```
 
-#### Constructing HMAC256 L1 Header
+#### Constructing HMAC256 L1 Header (for reference only)
 
 Method:
 * getHMACSignature
@@ -207,7 +262,7 @@ try {
 
 ```
 
-#### Constructing RSA256 L2 Header
+#### Constructing RSA256 L2 Header (for reference only)
 
 Method:
 * getRSASignature
@@ -217,7 +272,7 @@ Params:
 * privateKey
 
 ```java
-String baseString = "GET&https://<<URL>/api/v1/&ap=裕廊坊 心邻坊&<<authPrefix>>_app_id=<<appId>>&<<authPrefix>>_nonce=7231415196459608363&<<authPrefix>>_signature_method=SHA256withRSA&<<authPrefix>>_timestamp=1502164219425&<<authPrefix>>_version=1.0&oq=c# nunit mac&q=c# nunit mac";
+String baseString = "GET&https://<<URL>/api/v1/&ap=裕廊坊 心邻坊&<<authPrefix>>_app_id=<<appId>>&<<authPrefix>>_nonce=7231415196459608363&<<authPrefix>>_signature_method=SHA256withRSA&<<authPrefix>>_timestamp=1502164219425&<<authPrefix>>_version=1.0&oq=123&q=abc";
 String alias = "alpha";
 String password = "<<passphrase>>";
 String keyStoreFileName = "certificates/ssc.alpha.example.com.p12";
@@ -240,43 +295,6 @@ try {
 
 ```
 
-#### Preparing HTTP Signature Token 
-
-Append this signature token into the Authorization header of the HTTP request
-
-Params:
-* realm
-* authPrefix - Authorization Header scheme prefix , i.e 'prefix_appId'
-* httpMethod
-* urlPath
-* appId - App ID created in Gateway
-* secret - set to null for REST L2 SHA256WITHRSA
-* formList
-* password
-* alias
-* fileName
-* nonce - set to null for random generated number
-* timestamp - set to null for current timestamp 
-
-
-```java
-String url = "https://<<URL>>/api/v1/?ap=裕廊坊%20心邻坊";
-String certFileName = "certificates/ssc.alpha.example.com.p12";
-String password = "<<passphrase>>";
-String alias = "alpha";
-String appId = "<<appId>>";
-String secret = null;
-ApiList formList = null;
-String nonce = null;
-String timestamp = null;
-
-try {
-    String signature = ApiSigning.getSignatureToken("http://api.test.io/l2", "<<authPrefix>>", "get", url, appId, null, null, password, alias, certFileName, nonce, timestamp);
-} catch (ApiUtilException e) {
-    e.printStackTrace();
-}
-```
-
 ## Contributing
 For more information about contributing PRs and issues, see [CONTRIBUTING.md](.github/CONTRIBUTING.md).
 

build.gradle

@@ -4,7 +4,7 @@ plugins {
     id 'com.github.kt3k.coveralls' version '2.6.3'
 }
 
-version '1.2.0-SNAPSHOT'
+version '1.3.0-SNAPSHOT'
 
 tasks.withType(JavaCompile) {
     options.encoding = "UTF-8"
@@ -15,8 +15,12 @@ repositories {
 }
 
 dependencies {
-    compile group: 'org.apache.commons', name: 'commons-collections4', version: '4.1'
+    //compile group: 'org.apache.commons', name: 'commons-collections4', version: '4.1'
+    compile group: 'commons-lang', name: 'commons-lang', version: '2.4'
     compile group: 'org.slf4j', name: 'slf4j-api', version: '1.7.25'
+    compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.9.7'
+    compile group: 'com.googlecode.json-simple', name: 'json-simple', version: '1.1.1'
+    compile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.60'
     testCompile group: 'org.slf4j', name: 'slf4j-log4j12', version: '1.7.25'
     testCompile group: 'junit', name: 'junit', version: '4.12'
 }

pom.xml

@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.api.util</groupId>
   <artifactId>ApiSecurity</artifactId>
-  <version>1.2.0-SNAPSHOT</version>
+  <version>1.3.0-SNAPSHOT</version>
   <build>
     <plugins>
       <plugin>
@@ -29,6 +29,22 @@
           </descriptorRefs>
         </configuration>
       </plugin>
+      <plugin>
+          <groupId>org.jsonschema2pojo</groupId>
+          <artifactId>jsonschema2pojo-maven-plugin</artifactId>
+          <version>0.5.1</version>
+          <configuration>
+              <sourceDirectory>src/main/resources/schema</sourceDirectory>
+              <targetPackage>com.api.util.ApiSecurity</targetPackage>
+          </configuration>
+          <executions>
+              <execution>
+                  <goals>
+                      <goal>generate</goal>
+                  </goals>
+              </execution>
+          </executions>
+      </plugin>
     </plugins>
   </build>
   <dependencies>
@@ -56,8 +72,33 @@
   		<artifactId>slf4j-log4j12</artifactId>
   		<version>1.7.25</version>
   	</dependency>
+  	<dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+            <version>2.4</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.9.7</version>
+        </dependency>
+        <dependency>
+		    <groupId>com.googlecode.json-simple</groupId>
+		    <artifactId>json-simple</artifactId>
+		    <version>1.1.1</version>
+		</dependency>
+		<dependency>
+		    <groupId>org.bouncycastle</groupId>
+		    <artifactId>bcpkix-jdk15on</artifactId>
+		    <version>1.60</version>
+		</dependency>	
   </dependencies>
   <properties>
   	<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
   </properties>
+  <scm>
+    <connection>scm:git:https://github.com/GovTechSG/test-suites-apex-api-security.git</connection>
+    <developerConnection>scm:git:https://kelvinwijaya@github.com/GovTechSG/test-suites-apex-api-security.git</developerConnection>
+    <url>https://github.com/GovTechSG</url>
+</scm>
 </project>

src/main/java/com/api/util/ApiSecurity/ApiList.java

@@ -1,7 +1,6 @@
 package com.api.util.ApiSecurity;
 import java.util.AbstractMap.SimpleEntry;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;
 import java.util.Map.Entry;
 import java.util.stream.Collectors;
@@ -13,7 +12,7 @@
 public class ApiList extends ArrayList<Entry<String,String>>{
 
 	private static final long serialVersionUID = 1L;
-
+	
 	public void add(String key, String value)
 	{
 		Entry<String, String> item = new SimpleEntry<String, String>(key, value);
@@ -43,7 +42,7 @@ public String toString(String delimiter, Boolean sort, Boolean quote, Boolean is
 						return l1.getKey().equals(l2.getKey()) ? l1.getValue().compareTo(l2.getValue())
 									: l1.getKey().compareTo(l2.getKey());
 					})
-					.map(e -> (null!= e.getValue() && e.getValue().equals("") && isBaseString) ? e.getKey() : String.format(format, e.getKey(), e.getValue())  )
+					.map(e -> (null== e.getValue() || (null!= e.getValue() && e.getValue().isEmpty()) && isBaseString) ? e.getKey() : String.format(format, e.getKey(), e.getValue())  )
 					.collect(Collectors.toList());
 		} else{
 			list = this.stream().map(e -> String.format(format, e.getKey(), e.getValue()))