org.apache.cxf.common.util.Base64Utility Java Examples

private boolean login(ContainerRequestContext requestContext) {
	String authorization = requestContext.getHeaderString("Authorization");
	String[] parts = authorization.split(" ");
	if (parts.length != 2 || !"Basic".equals(parts[0])) {
		return false;
	}

	String decodedValue = null;
	try {
		decodedValue = new String(Base64Utility.decode(parts[1]));
	} catch (Base64Exception ex) {
		return false;
	}
	String[] namePassword = decodedValue.split(":");

	try {
		request.login(namePassword[0], namePassword[1]);
	} catch (Exception e) {
		return false;
	}
	return true;
}
 

@Override
public void writeObject(Object object,
                        MessageWriter writer,
                        Context context) throws DatabindingException {
    boolean mtomEnabled = context.isMtomEnabled();
    if (mtomEnabled) {
        optimizedType.writeObject(object, writer, context);
        return;
    }

    byte[] data = (byte[])object;

    if (data != null && data.length > 0) {
        writer.writeValue(Base64Utility.encode(data));
    }
}
 

public static void convertToken(Message msg, Principal p) {
    if (p instanceof UsernameTokenPrincipal) {
        UsernameTokenPrincipal utp = (UsernameTokenPrincipal)p;
        String nonce = null;
        if (utp.getNonce() != null) {
            nonce = Base64Utility.encode(utp.getNonce());
        }
        msg.put(org.apache.cxf.common.security.SecurityToken.class,
                new UsernameToken(utp.getName(),
                                  utp.getPassword(),
                                  utp.getPasswordType(),
                                  utp.isPasswordDigest(),
                                  nonce,
                                  utp.getCreatedTime()));

    }
}
 

public static boolean compareTlsCertificates(TLSSessionInfo tlsInfo,
                                      List<String> base64EncodedCerts) {
    Certificate[] clientCerts = tlsInfo.getPeerCertificates();
    if (clientCerts.length == base64EncodedCerts.size()) {
        try {
            for (int i = 0; i < clientCerts.length; i++) {
                X509Certificate x509Cert = (X509Certificate)clientCerts[i];
                byte[] encodedKey = x509Cert.getEncoded();
                byte[] clientKey = Base64Utility.decode(base64EncodedCerts.get(i));
                if (!Arrays.equals(encodedKey, clientKey)) {
                    return false;
                }
            }
            return true;
        } catch (Exception ex) {
            // throw exception later
        }
    }
    return false;
}
 

@org.junit.Test
public void testIssueSAML2TokenPlain() throws Exception {
    WebClient client = webClient()
        .path("saml2.0")
        .accept(MediaType.TEXT_PLAIN);

    String encodedAssertion = client.get(String.class);
    assertNotNull(encodedAssertion);

    byte[] deflatedToken = Base64Utility.decode(encodedAssertion);
    InputStream inputStream = CompressionUtils.inflate(deflatedToken);
    Document doc =
        StaxUtils.read(new InputStreamReader(inputStream, StandardCharsets.UTF_8));

    // Process the token
    SamlAssertionWrapper assertion = validateSAMLToken(doc);
    assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
}
 

@Override
public void handleMessage(Message message) throws Fault {
    ExchangeMetrics m = message.getExchange().get(ExchangeMetrics.class);
    if (m != null) {
        Map<String, List<String>> h = CastUtils.cast((Map<?, ?>)message.get(Message.PROTOCOL_HEADERS));
        String auth = h.get("Authorization").toString();
        auth = auth.substring(auth.indexOf(' ') + 1);
        try {
            auth = new String(Base64Utility.decode(auth));
        } catch (Base64Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        auth = auth.substring(0, auth.indexOf(':'));
        Customer c = customers.get(auth);
        if (c == null) {
            throw new RuntimeException("Not authorized");
        }
        m.addContext(c.getMetricsContext(registry));
        message.getExchange().put(Customer.class, c);
    }
}
 

public String getAuthorization(AuthorizationPolicy authPolicy,
                               URI currentURI,
                               Message message) {
    if (!HttpAuthHeader.AUTH_TYPE_NEGOTIATE.equals(authPolicy.getAuthorizationType())) {
        return null;
    }
    try {
        String spn = getCompleteServicePrincipalName(currentURI);

        boolean useKerberosOid = MessageUtils.getContextualBoolean(message, PROPERTY_USE_KERBEROS_OID);
        Oid oid = new Oid(useKerberosOid ? KERBEROS_OID : SPNEGO_OID);

        byte[] token = getToken(authPolicy, spn, oid, message);
        return HttpAuthHeader.AUTH_TYPE_NEGOTIATE + " " + Base64Utility.encode(token);
    } catch (LoginException | GSSException e) {
        throw new RuntimeException(e.getMessage(), e);
    }
}
 

private HttpURLConnection createInputStream() throws IOException {
    HttpURLConnection huc = (HttpURLConnection)url.openConnection();

    String host = SystemPropertyAction.getPropertyOrNull("http.proxyHost");
    if (host != null) {
        //comment out unused port to pass pmd check
        /*String ports = SystemPropertyAction.getProperty("http.proxyPort");
        int port = 80;
        if (ports != null) {
            port = Integer.parseInt(ports);
        }*/

        String username = SystemPropertyAction.getPropertyOrNull("http.proxy.user");
        String password = SystemPropertyAction.getPropertyOrNull("http.proxy.password");

        if (username != null && password != null) {
            String encoded = Base64Utility.encode((username + ":" + password).getBytes());
            huc.setRequestProperty("Proxy-Authorization", "Basic " + encoded);
        }
    }
    huc.setConnectTimeout(30000);
    huc.setReadTimeout(60000);
    is = huc.getInputStream();
    return huc;
}
 

public static void main(String[] args) throws IOException {
    // 创建client对象
    WebClient client = WebClient.create(REST_URI);

    // Basic Auth身份认证
    String auth = "Basic " + Base64Utility.encode("kermit:kermit".getBytes());
    client.header("Authorization", auth);

    // 获取响应内容
    Response response = client.get();
    InputStream stream = (InputStream) response.getEntity();

    // 转换并输出响应结果
    StringWriter writer = new StringWriter();
    IOUtils.copy(stream, writer, "UTF-8");
    String respText = writer.toString();
    System.out.println(respText);
}
 

/**
 * Decode a requested number of bytes of data into a buffer.
 *
 * @return true if we were able to obtain more data, false otherwise.
 */
private boolean decodeStreamData() throws IOException {
    decodedIndex = 0;

    // fill up a data buffer with input data
    int readCharacters = fillEncodedBuffer();

    if (readCharacters > 0) {
        try {
            decodedChars = Base64Utility.decodeChunk(encodedChars, 0, readCharacters);
        } catch (Base64Exception e) {
            throw new IOException(e);
        }
        decodedCount = decodedChars.length;
        return true;
    }
    return false;
}
 

public static String calculateSignature(String data, String key) {
    logger.debug("Signing with algorithm {} the string: {} ", HMAC_SHA1_ALGORITHM, data);
    String result;
    try {
        // get an hmac_sha1 key from the raw key bytes
        SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), HMAC_SHA1_ALGORITHM);

        // get an hmac_sha1 Mac instance and initialize with the signing key
        Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
        mac.init(signingKey);

        // compute the hmac on input data bytes
        byte[] rawHmac = mac.doFinal(data.getBytes());

        // base64-encode the hmac
        result = Base64Utility.encode(rawHmac);
    } catch (Exception e) {
        throw new IllegalStateException("Failed to generate HMAC : " + e.getMessage());
    }
    return result;
}
 

protected <T>T getService(Class<T> clazz, String endpoint) {
        if(services.containsKey(clazz))
            return (T)services.get(clazz);

        if(restUrl == null)
            new IllegalStateException("GeoFence URL not set");

        synchronized(services) {
//            T proxy = JAXRSClientFactory.create(restUrl, clazz, username, password, null);
            
            T proxy = JAXRSClientFactory.create(restUrl+"/"+endpoint, clazz);
            String authorizationHeader = "Basic "  + Base64Utility.encode((username+":"+password).getBytes());
            WebClient.client(proxy).header("Authorization", authorizationHeader);

//        WebClient.client(proxy).accept("text/xml");
            services.put(clazz, proxy);
            return proxy;
        }
    }
 

/**
 * Get the public key that is used to verify the JWT from the user service. We assume the key is
 * an RSA key.
 *
 * @throws NoSuchAlgorithmException
 */
private PublicKey getPublicKey()
    throws Base64Exception, InvalidKeySpecException, NoSuchAlgorithmException {
  String url =
      "https://" + libertyHostname + ":" + libertySslPort + "/jwt/ibm/api/jwtUserBuilder/jwk";
  Response response = processRequest(url, "GET", null, null);
  assertEquals(
      "HTTP response code should have been " + Status.OK.getStatusCode() + ".",
      Status.OK.getStatusCode(),
      response.getStatus());

  // Liberty returns the keys in an array.  We'll grab the first one (there
  // should only be one).
  JsonObject jwkResponse = toJsonObj(response.readEntity(String.class));
  JsonArray jwkArray = jwkResponse.getJsonArray("keys");
  JsonObject jwk = jwkArray.getJsonObject(0);
  BigInteger modulus = new BigInteger(1, Base64Utility.decode(jwk.getString("n"), true));
  BigInteger publicExponent = new BigInteger(1, Base64Utility.decode(jwk.getString("e"), true));
  return KeyFactory.getInstance("RSA")
      .generatePublic(new RSAPublicKeySpec(modulus, publicExponent));
}
 

private int encodeBase64(InputStream input, OutputStream output, int bufferSize) throws IOException {
    int avail = input.available();
    if (avail > 262143) {
        //must be divisible by 3
        avail = 262143;
    }
    if (avail > bufferSize) {
        bufferSize = avail;
    }
    final byte[] buffer = new byte[bufferSize];
    int n = input.read(buffer);
    int total = 0;
    while (-1 != n) {
        if (n == 0) {
            throw new IOException("0 bytes read in violation of InputStream.read(byte[])");
        }
        //make sure n is divisible by 3
        int left = n % 3;
        n -= left;
        if (n > 0) {
            Base64Utility.encodeAndStream(buffer, 0, n, output);
            total += n;
        }
        if (left != 0) {
            for (int x = 0; x < left; ++x) {
                buffer[x] = buffer[n + x];
            }
            n = input.read(buffer, left, buffer.length - left);
            if (n == -1) {
                // we've hit the end, but still have stuff left, write it out
                Base64Utility.encodeAndStream(buffer, 0, left, output);
                total += left;
            }
        } else {
            n = input.read(buffer);
        }
    }
    return total;
}
 

private static String base64Decode(String srcString) {
    byte[] transformed = null;
    try {
        transformed = Base64Utility.decode(srcString);
        return new String(transformed, "ISO-8859-1");
    } catch (UnsupportedEncodingException | Base64Exception e) {
        return srcString;
    }
}
 

protected String encodeAuthnRequest(Element authnRequest) throws IOException {
    String requestMessage = DOM2Writer.nodeToString(authnRequest);

    byte[] deflatedBytes = null;
    // Not correct according to the spec but required by some IDPs.
    if (useDeflateEncoding) {
        DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
        deflatedBytes = encoder.deflateToken(requestMessage.getBytes(StandardCharsets.UTF_8));
    } else {
        deflatedBytes = requestMessage.getBytes(StandardCharsets.UTF_8);
    }

    return Base64Utility.encode(deflatedBytes);
}
 

protected String encodeAuthnRequest(Element authnRequest) throws IOException {
    String requestMessage = DOM2Writer.nodeToString(authnRequest);

    DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
    byte[] deflatedBytes = encoder.deflateToken(requestMessage.getBytes(StandardCharsets.UTF_8));

    return Base64Utility.encode(deflatedBytes);
}
 

@Test
public void testInflateDeflateBase64() throws Exception {
    DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
    byte[] deflated = inflater.deflateToken("valid_grant".getBytes());
    String base64String = Base64Utility.encode(deflated);
    byte[] base64decoded = Base64Utility.decode(base64String);
    InputStream is = inflater.inflateToken(base64decoded);
    assertNotNull(is);
    assertEquals("valid_grant", IOUtils.readStringFromStream(is));
}
 

protected String encodeToken(String assertion) throws Base64Exception {
    byte[] tokenBytes = assertion.getBytes(StandardCharsets.UTF_8);

    if (useDeflateEncoding) {
        tokenBytes = new DeflateEncoderDecoder().deflateToken(tokenBytes);
    }
    StringWriter writer = new StringWriter();
    Base64Utility.encode(tokenBytes, 0, tokenBytes.length, writer);
    return writer.toString();
}
 

public void validateJWT(String authHeader, PublicKey publicKey) {
  assertNotNull("Authorization header was not present in response", authHeader);
  assertTrue("Authorization header does not contain a bearer", authHeader.startsWith("Bearer "));

  StringTokenizer st = new StringTokenizer(authHeader.substring(7), ".");
  assertTrue("JWT does not contain three parts", st.countTokens() == 3);

  String jwtHeaderEnc = st.nextToken();
  String jwtClaimsEnc = st.nextToken();
  String jwtSigEnc = st.nextToken();

  try {
    // Decode the signature we got from the server
    byte[] jwtExpectedSig = Base64Utility.decode(jwtSigEnc, true);

    // Validate the signature.
    Signature sig = Signature.getInstance(JWT_ALGORITHM);
    sig.initVerify(publicKey);
    sig.update(new String(jwtHeaderEnc + "." + jwtClaimsEnc).getBytes());
    assertTrue("JWT expected and actual signatures don't match", sig.verify(jwtExpectedSig));
  } catch (Base64Exception be) {
    Assert.fail("Exception decoding JWT signature: " + be.toString());
  } catch (Throwable t) {
    System.out.println(t.toString());
    t.printStackTrace(System.out);
    Assert.fail("Exception validating JWT signature: " + t.toString());
  }
}
 

public static String[] getBasicAuthParts(String basicAuthData) {
    final String authDecoded;
    try {
        authDecoded = new String(Base64Utility.decode(basicAuthData));
    } catch (Exception ex) {
        throw ExceptionUtils.toNotAuthorizedException(ex, null);
    }
    String[] authInfo = authDecoded.split(":");
    if (authInfo.length == 2) {
        return authInfo;
    }
    throw ExceptionUtils.toNotAuthorizedException(null, null);
}
 

private byte[] getServiceTicket(String encodedServiceTicket) {
    try {
        return Base64Utility.decode(encodedServiceTicket);
    } catch (Base64Exception ex) {
        throw ExceptionUtils.toNotAuthorizedException(null, getFaultResponse());
    }
}
 

/**
 * Fill our buffer of input characters for decoding from the
 * stream.  This will attempt read a full buffer, but will
 * terminate on an EOF or read error.  This will filter out
 * non-Base64 encoding chars and will only return a valid
 * multiple of 4 number of bytes.
 *
 * @return The count of characters read.
 */
private int fillEncodedBuffer() throws IOException {
    int readCharacters = 0;

    while (true) {
        // get the next character from the stream
        int ch = in.read();
        // did we hit an EOF condition?
        if (ch == -1) {
            // now check to see if this is normal, or potentially an error
            // if we didn't get characters as a multiple of 4, we may need to complain about this.
            if ((readCharacters % 4) != 0) {
                throw new IOException("Base64 encoding error, data truncated: " + readCharacters + " "
                                      + new String(encodedChars, 0, readCharacters));
            }
            // return the count.
            return readCharacters;
        } else if (Base64Utility.isValidBase64(ch)) {
            // if this character is valid in a Base64 stream, copy it to the buffer.
            encodedChars[readCharacters++] = (char)ch;
            // if we've filled up the buffer, time to quit.
            if (readCharacters >= encodedChars.length) {
                return readCharacters;
            }
        }

        // we're filtering out whitespace and CRLF characters, so just ignore these
    }
}
 

public static Certificate decodeCertificate(String encodedCert) {
    try {
        byte[] decoded = Base64Utility.decode(encodedCert);
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));
    } catch (Exception ex) {
        throw new SecurityException(ex);
    }
}
 

protected String encodeResponse(Element response) throws IOException {
    String responseMessage = DOM2Writer.nodeToString(response);
    LOG.debug("Created Response: {}", responseMessage);

    if (supportDeflateEncoding) {
        DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
        byte[] deflatedBytes = encoder.deflateToken(responseMessage.getBytes(StandardCharsets.UTF_8));

        return Base64Utility.encode(deflatedBytes);
    }

    return Base64Utility.encode(responseMessage.getBytes());
}
 

protected RequestAbstractType extractRequest(RequestContext context, String samlRequest) throws Exception {
    byte[] deflatedToken = Base64Utility.decode(samlRequest);
    String httpMethod = WebUtils.getHttpServletRequest(context).getMethod();

    InputStream tokenStream = supportDeflateEncoding || "GET".equals(httpMethod)
         ? new DeflateEncoderDecoder().inflateToken(deflatedToken)
             : new ByteArrayInputStream(deflatedToken);

    Document responseDoc = StaxUtils.read(new InputStreamReader(tokenStream, StandardCharsets.UTF_8));
    if (LOG.isDebugEnabled()) {
        LOG.debug(DOM2Writer.nodeToString(responseDoc));
    }
    return (RequestAbstractType)OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
}
 

private String encodeToken(String assertion) throws Base64Exception {
    byte[] tokenBytes = assertion.getBytes(StandardCharsets.UTF_8);

    tokenBytes = new DeflateEncoderDecoder().deflateToken(tokenBytes);
    StringWriter writer = new StringWriter();
    Base64Utility.encode(tokenBytes, 0, tokenBytes.length, writer);
    return writer.toString();
}
 

private static String encodeAuthnRequest(XMLObject request) throws WSSecurityException {
    Document doc = DOMUtils.createDocument();
    doc.appendChild(doc.createElement("root"));
    String requestMessage = DOM2Writer.nodeToString(OpenSAMLUtil.toDom(request, doc));

    DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
    byte[] deflatedBytes = encoder.deflateToken(requestMessage.getBytes(UTF_8));

    return Base64Utility.encode(deflatedBytes);
}
 

private void verifyAttachment(List<Element> atts, String contentId, String value) {

        for (Element expElem : atts) {
            String child = expElem.getFirstChild().getNodeValue();
            String contentIdVal = expElem.getAttribute("contentId");
            if (contentId.equals(contentIdVal)
                && (Base64Utility.encode(value.getBytes()).equals(child)
                    || Base64Utility.encode((value + "\n").getBytes()).equals(child))) {
                return;
            }
        }

        fail("No encoded attachment with id " + contentId + " found");
    }
 

/**
 * This function extracts the user:pass token from
 * the Authorization:Basic header. It returns a two element
 * String array, the first being the userid, the second
 * being the password. It returns null, if it cannot parse.
 */
private String[] extractUserPass(String token) {
    try {
        byte[] userpass = Base64Utility.decode(token);
        String up = IOUtils.newStringFromBytes(userpass);
        String user = up.substring(0, up.indexOf(':'));
        String pass = up.substring(up.indexOf(':') + 1);
        return new String[] {user, pass};
    } catch (Exception e) {
        return null;
    }

}