KJB용 HmacSHA256필터 추가, Custom Filter 추가가능하도록 수정.
This commit is contained in:
@@ -9,14 +9,11 @@ import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
import com.eactive.eai.adapter.AdapterGroupVO;
|
||||
import com.eactive.eai.adapter.AdapterManager;
|
||||
import com.eactive.eai.adapter.AdapterPropManager;
|
||||
import com.eactive.eai.adapter.AdapterVO;
|
||||
import com.eactive.eai.adapter.RequestDispatcher;
|
||||
import com.eactive.eai.adapter.http.client.HttpClientAdapterServiceKey;
|
||||
import com.eactive.eai.adapter.http.dynamic.filter.HttpAdapterFilter;
|
||||
import com.eactive.eai.adapter.http.dynamic.filter.HttpAdapterFilterFactory;
|
||||
import com.eactive.eai.adapter.http.dynamic.filter.HttpAdapterFilterFactoryKjb;
|
||||
import com.eactive.eai.adapter.http.dynamic.filter.HttpAdapterFilterType;
|
||||
import com.eactive.eai.data.entity.onl.adapter.AdapterProp;
|
||||
|
||||
public abstract class HttpAdapterServiceSupport implements HttpAdapterService, HttpAdapterServiceKey {
|
||||
protected long slowTranTime = 2000L;
|
||||
@@ -65,7 +62,7 @@ public abstract class HttpAdapterServiceSupport implements HttpAdapterService, H
|
||||
if (!"HTC".equals(group.getType())) {
|
||||
String allowIp = prop.getProperty(ALLOW_IP,"");
|
||||
if (StringUtils.isNotBlank(allowIp)) {
|
||||
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactory.createFilter(HttpAdapterFilterType.ADAPTERALLOWIPLISTFILTER.toString());
|
||||
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactoryKjb.createFilter(HttpAdapterFilterType.ADAPTERALLOWIPLISTFILTER.toString());
|
||||
if (adapterFilter != null) {
|
||||
message = adapterFilter.doPreFilter(adptGrpName, adptName, message, prop, request, response);
|
||||
}
|
||||
@@ -83,7 +80,7 @@ public abstract class HttpAdapterServiceSupport implements HttpAdapterService, H
|
||||
continue;
|
||||
}
|
||||
|
||||
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactory.createFilter(filterName.trim());
|
||||
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactoryKjb.createFilter(filterName.trim());
|
||||
if (adapterFilter != null) {
|
||||
message = adapterFilter.doPreFilter(adptGrpName, adptName, message, prop, request, response);
|
||||
} else {
|
||||
@@ -106,7 +103,7 @@ public abstract class HttpAdapterServiceSupport implements HttpAdapterService, H
|
||||
continue;
|
||||
}
|
||||
|
||||
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactory.createFilter(filterName.trim());
|
||||
HttpAdapterFilter adapterFilter = HttpAdapterFilterFactoryKjb.createFilter(filterName.trim());
|
||||
if (adapterFilter != null) {
|
||||
resultMessage = adapterFilter.doPostFilter(adptGrpName, adptName, resultMessage, prop, request,
|
||||
response);
|
||||
|
||||
+149
@@ -0,0 +1,149 @@
|
||||
package com.eactive.eai.adapter.http.dynamic.filter;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.Base64;
|
||||
import java.util.Properties;
|
||||
|
||||
import javax.crypto.Mac;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
//import org.apache.commons.net.util.Base64;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
|
||||
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceSupport;
|
||||
import com.eactive.eai.authserver.service.OAuth2Manager;
|
||||
import com.eactive.eai.authserver.vo.ClientVO;
|
||||
import com.eactive.eai.common.util.Logger;
|
||||
|
||||
public class HmacSha256VerifyFilterKjb implements HttpAdapterFilter {
|
||||
|
||||
static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
|
||||
|
||||
public HmacSha256VerifyFilterKjb() {
|
||||
super();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object doPreFilter(String adptGrpName, String adptName, Object message, Properties prop,
|
||||
HttpServletRequest request, HttpServletResponse response) throws Exception {
|
||||
|
||||
String inboundMethod = prop.getProperty(HttpAdapterServiceKey.INBOUND_METHOD);
|
||||
String inboundUri = prop.getProperty(HttpAdapterServiceKey.INBOUND_URI);
|
||||
String inboundBody = prop.getProperty(HttpAdapterServiceKey.INBOUND_REQUEST_MESSAGE);
|
||||
|
||||
try {
|
||||
String xObpPartnercode = request.getHeader("x-obp-partnercode");
|
||||
String xObpSignatureUrl = request.getHeader("x-obp-signature-url");
|
||||
String xObpSignatureBody = request.getHeader("x-obp-signature-body");
|
||||
if (StringUtils.isBlank(xObpPartnercode)
|
||||
|| StringUtils.isBlank(xObpSignatureUrl)
|
||||
|| StringUtils.isBlank(xObpSignatureBody)) {
|
||||
throw new JwtAuthException(
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Can not find mandatory Http Header");
|
||||
}
|
||||
|
||||
if (StringUtils.isNotBlank(prop.getProperty(HttpAdapterServiceKey.INBOUND_QUERY_STRING))) {
|
||||
inboundUri = inboundUri + "?" + prop.getProperty(HttpAdapterServiceKey.INBOUND_QUERY_STRING);
|
||||
inboundBody = "";
|
||||
}
|
||||
String chkUrl = inboundMethod + "&" + inboundUri;
|
||||
String chkBody = inboundBody;
|
||||
String clientSecret = assignClientSecret(prop, request);
|
||||
|
||||
String macUrl = calculateHMAC(chkUrl, clientSecret);
|
||||
String macBody = calculateHMAC(chkBody, clientSecret);
|
||||
|
||||
if (!StringUtils.equals(xObpSignatureUrl, macUrl)) {
|
||||
throw new JwtAuthException(
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Signature verifying failed : x-obp-signature-url");
|
||||
}
|
||||
|
||||
if (!StringUtils.equals(xObpSignatureBody, macBody)) {
|
||||
throw new JwtAuthException(
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Signature verifying failed : x-obp-signature-body");
|
||||
}
|
||||
|
||||
} catch (JwtAuthException e) {
|
||||
logger.debug(e.getMessage());
|
||||
throw e;
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage());
|
||||
throw new JwtAuthException(
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Signature verifying failed(unkown)");
|
||||
}
|
||||
|
||||
return message;
|
||||
}
|
||||
|
||||
public static String calculateHMAC(String data, String key)
|
||||
throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
|
||||
|
||||
Mac mac = Mac.getInstance("HmacSHA256");
|
||||
mac.init(new SecretKeySpec(key.getBytes(), "HmacSHA256"));
|
||||
return Base64.getEncoder().encodeToString(mac.doFinal(data.getBytes("UTF-8")));
|
||||
}
|
||||
|
||||
private String assignClientSecret(Properties prop, HttpServletRequest request) throws Exception {
|
||||
String clientId = assignClientId(prop, request);
|
||||
if (StringUtils.isBlank(clientId)) {
|
||||
throw new JwtAuthException(
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Can not find clientId info");
|
||||
}
|
||||
|
||||
ClientVO client = (ClientVO) OAuth2Manager.getInstance().getClientDeatilsStore().get(clientId);
|
||||
if (client == null) {
|
||||
throw new JwtAuthException(
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Can not find client info");
|
||||
}
|
||||
|
||||
return client.getClientSecret();
|
||||
}
|
||||
|
||||
private String assignClientId(Properties prop, HttpServletRequest request) {
|
||||
String clientId = null;
|
||||
try {
|
||||
// 이전 filter에서 셋팅한 clientId 확보
|
||||
clientId = prop.getProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID);
|
||||
|
||||
// 이전 filter에서 셋팅한 값이 없다면 header 정보에서 확보
|
||||
if (StringUtils.isBlank(clientId)) {
|
||||
clientId = request.getHeader(HttpAdapterServiceSupport.HEADER_NAME_CLIENT_ID);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage());
|
||||
}
|
||||
|
||||
return clientId;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object doPostFilter(String adptGrpName, String adptName, Object resultMessage, Properties prop,
|
||||
HttpServletRequest request, HttpServletResponse response) throws Exception {
|
||||
|
||||
String outboundBody = (String) resultMessage;
|
||||
|
||||
try {
|
||||
String clientSecret = assignClientSecret(prop, request);
|
||||
String macBody = calculateHMAC(outboundBody, clientSecret);
|
||||
|
||||
response.addHeader("x-obp-signature-body", macBody);
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage());
|
||||
}
|
||||
|
||||
return resultMessage;
|
||||
}
|
||||
|
||||
}
|
||||
+64
@@ -0,0 +1,64 @@
|
||||
package com.eactive.eai.adapter.http.dynamic.filter;
|
||||
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
import com.eactive.eai.common.util.Logger;
|
||||
|
||||
public class HttpAdapterFilterFactoryKjb extends HttpAdapterFilterFactory {
|
||||
static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
|
||||
static String basePackage = "com.eactive.eai.custom.adapter.http.dynamic.filter";
|
||||
static private ConcurrentHashMap<String, HttpAdapterFilter> h = new ConcurrentHashMap<String, HttpAdapterFilter>();
|
||||
|
||||
public HttpAdapterFilterFactoryKjb() {
|
||||
super();
|
||||
}
|
||||
|
||||
@SuppressWarnings("rawtypes")
|
||||
public static HttpAdapterFilter createFilter(String type) {
|
||||
if (h.containsKey(type)) {
|
||||
return (HttpAdapterFilter) h.get(type);
|
||||
}
|
||||
|
||||
HttpAdapterFilter filter = null;
|
||||
switch (HttpAdapterFilterType.getValue(type)) {
|
||||
case APIAUTHFILTER:
|
||||
filter = new ApiAuthFilter();
|
||||
break;
|
||||
case JWTAUTHFILTER:
|
||||
filter = new JwtAuthFilter();
|
||||
break;
|
||||
case IPWHITELISTFILTER:
|
||||
filter = new IpWhiteListFilter();
|
||||
break;
|
||||
case ADAPTERALLOWIPLISTFILTER:
|
||||
filter = new AdapterAllowIPListFilter();
|
||||
break;
|
||||
case HMAC_SHA256:
|
||||
filter = new HmacSha256VerifyFilterKjb();
|
||||
break;
|
||||
default:
|
||||
filter = classForName(type);
|
||||
if (filter == null) {
|
||||
filter = classForName(basePackage + "." + type);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if (filter != null) {
|
||||
h.put(type, filter);
|
||||
return filter;
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private static HttpAdapterFilter classForName(String type) {
|
||||
try {
|
||||
Class<?> cl = Class.forName(type);
|
||||
return (HttpAdapterFilter) cl.newInstance();
|
||||
} catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
|
||||
logger.error("Cannot create a HttpAdapterFilter. - {}", type);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -5,6 +5,7 @@ public enum HttpAdapterFilterType {
|
||||
JWTAUTHFILTER,
|
||||
IPWHITELISTFILTER,
|
||||
ADAPTERALLOWIPLISTFILTER,
|
||||
HMAC_SHA256,
|
||||
UNKNOWN;
|
||||
|
||||
public static HttpAdapterFilterType getValue(String type) {
|
||||
|
||||
Reference in New Issue
Block a user