Add ValidationClient

Author: jingming

src/main/java/com/twilio/http/ValidationClient.java

@@ -0,0 +1,84 @@
+package com.twilio.http;
+
+
+import com.google.common.collect.Lists;
+import com.twilio.Twilio;
+import com.twilio.exception.ApiException;
+import org.apache.http.Header;
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpResponse;
+import org.apache.http.HttpVersion;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.client.methods.RequestBuilder;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.message.BasicHeader;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+public class ValidationClient extends HttpClient {
+
+    private static final int CONNECTION_TIMEOUT = 10000;
+    private static final int SOCKET_TIMEOUT = 30500;
+
+    private final org.apache.http.client.HttpClient client;
+
+    public ValidationClient(String credentialSid, String publicKey) {
+        RequestConfig config = RequestConfig.custom()
+            .setConnectTimeout(CONNECTION_TIMEOUT)
+            .setSocketTimeout(SOCKET_TIMEOUT)
+            .build();
+
+        Collection<Header> headers = Lists.<Header>newArrayList(
+            new BasicHeader("X-Twilio-Client", "java-" + Twilio.VERSION),
+            new BasicHeader(HttpHeaders.USER_AGENT, "twilio-java/" + Twilio.VERSION + " (" + Twilio.JAVA_VERSION + ")"),
+            new BasicHeader(HttpHeaders.ACCEPT, "application/json"),
+            new BasicHeader(HttpHeaders.ACCEPT_ENCODING, "utf-8")
+        );
+
+        client = HttpClientBuilder.create()
+            .setConnectionManager(new PoolingHttpClientConnectionManager())
+            .setDefaultRequestConfig(config)
+            .setDefaultHeaders(headers)
+            .setMaxConnPerRoute(10)
+            .addInterceptorLast(new ValidationInterceptor(credentialSid, publicKey))
+            .build();
+    }
+
+    @Override
+    public Response makeRequest(Request request) {
+        RequestBuilder builder = RequestBuilder.create(request.getMethod().toString())
+            .setUri(request.constructURL().toString())
+            .setVersion(HttpVersion.HTTP_1_1)
+            .setCharset(StandardCharsets.UTF_8);
+
+        if (request.requiresAuthentication()) {
+            builder.addHeader(HttpHeaders.AUTHORIZATION, request.getAuthString());
+        }
+
+        HttpMethod method = request.getMethod();
+        if (method == HttpMethod.POST) {
+            builder.addHeader(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded");
+
+            for (Map.Entry<String, List<String>> entry : request.getPostParams().entrySet()) {
+                for (String value : entry.getValue()) {
+                    builder.addParameter(entry.getKey(), value);
+                }
+            }
+        }
+
+        try {
+            HttpResponse response = client.execute(builder.build());
+            return new Response(
+                response.getEntity() == null ? null : response.getEntity().getContent(),
+                response.getStatusLine().getStatusCode()
+            );
+        } catch (IOException e) {
+            throw new ApiException(e.getMessage());
+        }
+    }
+}

src/main/java/com/twilio/http/ValidationInterceptor.java

@@ -0,0 +1,31 @@
+package com.twilio.http;
+
+import com.google.common.collect.Lists;
+import com.twilio.jwt.Jwt;
+import com.twilio.jwt.validation.ValidationToken;
+import org.apache.http.HttpException;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpRequestInterceptor;
+import org.apache.http.protocol.HttpContext;
+
+import java.io.IOException;
+import java.util.List;
+
+public class ValidationInterceptor implements HttpRequestInterceptor {
+
+    private static final List<String> HEADERS = Lists.newArrayList("authorization", "host");
+
+    private final String credentialSid;
+    private final String privateKey;
+
+    public ValidationInterceptor(String credentialSid, String privateKey) {
+        this.credentialSid = credentialSid;
+        this.privateKey = privateKey;
+    }
+
+    @Override
+    public void process(HttpRequest request, HttpContext context) throws HttpException, IOException {
+        Jwt jwt = ValidationToken.fromHttpRequest(credentialSid, privateKey, request, HEADERS);
+        request.addHeader("Twilio-Client-Validation", jwt.toJwt());
+    }
+}

src/main/java/com/twilio/jwt/validation/ValidationToken.java

@@ -0,0 +1,215 @@
+package com.twilio.jwt.validation;
+
+import com.google.common.base.Charsets;
+import com.google.common.base.Function;
+import com.google.common.base.Joiner;
+import com.google.common.hash.HashFunction;
+import com.google.common.hash.Hashing;
+import com.google.common.io.CharStreams;
+import com.twilio.http.HttpMethod;
+import com.twilio.jwt.Jwt;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.apache.http.Header;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpEntityEnclosingRequest;
+import org.apache.http.HttpRequest;
+import org.apache.http.message.BasicHeader;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+
+public class ValidationToken extends Jwt {
+
+    private static final HashFunction HASH_FUNCTION = Hashing.sha256();
+    private static final String NEW_LINE = "\n";
+
+    private final String method;
+    private final String uri;
+    private final String queryString;
+    private final Header[] headers;
+    private final List<String> signedHeaders;
+    private final String requestBody;
+
+    private ValidationToken(Builder b) {
+        super(
+            SignatureAlgorithm.HS256,
+            b.privateKey,
+            b.credentialSid,
+            new Date(new Date().getTime() + b.ttl * 1000)
+        );
+        this.method = b.method;
+        this.uri = b.uri;
+        this.queryString = b.queryString;
+        this.headers = b.headers;
+        this.signedHeaders = b.signedHeaders;
+        this.requestBody = b.requestBody;
+    }
+
+    @Override
+    public Map<String, Object> getHeaders() {
+        return Collections.emptyMap();
+    }
+
+    @Override
+    public Map<String, Object> getClaims() {
+        Map<String, Object> payload = new HashMap<>();
+
+        // Sort the signed headers
+        Collections.sort(signedHeaders);
+        String includedHeaders = Joiner.on(";").join(signedHeaders);
+        payload.put("hrh", includedHeaders);
+
+        // Add the method and uri
+        StringBuilder signature = new StringBuilder();
+        signature.append(method).append(NEW_LINE);
+        signature.append(uri).append(NEW_LINE);
+
+        // Get the query args, sort and rejoin
+        String[] queryArgs = queryString.split("&");
+        Arrays.sort(queryArgs);
+        String sortedQueryString = Joiner.on("&").join(queryArgs);
+        signature.append(sortedQueryString).append(NEW_LINE);
+
+        // Normalize all the headers
+        Header[] lowercaseHeaders = LOWERCASE_KEYS.apply(headers);
+        Arrays.sort(lowercaseHeaders, new Comparator<Header>() {
+            @Override
+            public int compare(Header o1, Header o2) {
+                return o1.getName().compareTo(o2.getName());
+            }
+        });
+
+        // Add the headers that we care about
+        for (Header header: lowercaseHeaders) {
+            if (signedHeaders.contains(header.getName().toLowerCase())) {
+                signature.append(header.getName().toLowerCase().trim())
+                    .append(":")
+                    .append(header.getValue().trim())
+                    .append(NEW_LINE);
+            }
+        }
+        signature.append(NEW_LINE);
+
+        // Mark the headers that we care about
+        signature.append(includedHeaders).append(NEW_LINE);
+
+        // Hash and hex the request payload
+        String hashedPayload = HASH_FUNCTION.hashString(requestBody, Charsets.UTF_8).toString();
+        signature.append(hashedPayload).append(NEW_LINE);
+
+        // Hash and hex the canonical request
+        String hashedSignature = HASH_FUNCTION.hashString(signature.toString(), Charsets.UTF_8).toString();
+        payload.put("rqh", hashedSignature);
+
+        return payload;
+    }
+
+    public static ValidationToken fromHttpRequest(
+        String credentialSid,
+        String privateKey,
+        HttpRequest request,
+        List<String> signedHeaders
+    ) throws IOException {
+        Builder builder = new Builder(credentialSid, privateKey);
+
+        String method = request.getRequestLine().getMethod();
+        builder.method(method);
+
+        String uri = request.getRequestLine().getUri();
+        if (uri.contains("?")) {
+            String[] uriParts = uri.split("\\?");
+            builder.uri(uriParts[0]);
+            builder.queryString(uriParts[1]);
+        } else {
+            builder.uri(uri);
+        }
+
+        builder.headers(request.getAllHeaders());
+        builder.signedHeaders(signedHeaders);
+
+        if (HttpMethod.POST.toString().equals(method.toUpperCase())) {
+            HttpEntity entity = ((HttpEntityEnclosingRequest)request).getEntity();
+            builder.requestBody(CharStreams.toString(new InputStreamReader(entity.getContent(), Charsets.UTF_8)));
+        }
+
+        return builder.build();
+    }
+
+    private static Function<Header[], Header[]> LOWERCASE_KEYS = new Function<Header[], Header[]>() {
+        @Override
+        public Header[] apply(Header[] headers) {
+            Header[] lowercaseHeaders = new Header[headers.length];
+            for (int i = 0; i < headers.length; i++) {
+                lowercaseHeaders[i] = new BasicHeader(headers[i].getName().toLowerCase(), headers[i].getValue());
+            }
+
+            return lowercaseHeaders;
+        }
+    };
+
+    public static class Builder {
+
+        private String credentialSid;
+        private String privateKey;
+        private String method;
+        private String uri;
+        private String queryString = "";
+        private Header[] headers;
+        private List<String> signedHeaders = Collections.emptyList();
+        private String requestBody = "";
+        private int ttl = 3600;
+
+        public Builder(String credentialSid, String privateKey) {
+            this.credentialSid = credentialSid;
+            this.privateKey = privateKey;
+        }
+
+        public Builder method(String method) {
+            this.method = method;
+            return this;
+        }
+
+        public Builder uri(String uri) {
+            this.uri = uri;
+            return this;
+        }
+
+        public Builder queryString(String queryString) {
+            this.queryString = queryString;
+            return this;
+        }
+
+        public Builder headers(Header[] headers) {
+            this.headers = headers;
+            return this;
+        }
+
+        public Builder signedHeaders(List<String> signedHeaders) {
+            this.signedHeaders = signedHeaders;
+            return this;
+        }
+
+        public Builder requestBody(String requestBody) {
+            this.requestBody = requestBody;
+            return this;
+        }
+
+        public Builder ttl(int ttl) {
+            this.ttl = ttl;
+            return this;
+        }
+
+        public ValidationToken build() {
+            return new ValidationToken(this);
+        }
+    }
+
+}