twilio
diff --git a/‎src/main/java/com/twilio/example/ValidationExample.java‎
Lines changed: 67 additions & 0 deletions b/‎src/main/java/com/twilio/example/ValidationExample.java‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎src/main/java/com/twilio/http/ValidationClient.java‎
Lines changed: 85 additions & 0 deletions b/‎src/main/java/com/twilio/http/ValidationClient.java‎
Lines changed: 85 additions & 0 deletions
diff --git a/‎src/main/java/com/twilio/http/ValidationInterceptor.java‎
Lines changed: 36 additions & 0 deletions b/‎src/main/java/com/twilio/http/ValidationInterceptor.java‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎src/main/java/com/twilio/jwt/Jwt.java‎
Lines changed: 27 additions & 4 deletions b/‎src/main/java/com/twilio/jwt/Jwt.java‎
Lines changed: 27 additions & 4 deletions
@@ -0,0 +1,67 @@
+package com.twilio.example;
+
+
+import com.twilio.http.TwilioRestClient;
+import com.twilio.http.ValidationClient;
+import com.twilio.rest.accounts.v1.credential.PublicKey;
+import com.twilio.rest.api.v2010.account.Message;
+import com.twilio.rest.api.v2010.account.NewSigningKey;
+import com.twilio.twiml.TwiMLException;
+import com.twilio.type.PhoneNumber;
+import org.apache.commons.codec.binary.Base64;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+
+public class ValidationExample {
+
+    public static final String ACCOUNT_SID = System.getenv("TWILIO_ACCOUNT_SID");
+    public static final String AUTH_TOKEN = System.getenv("TWILIO_AUTH_TOKEN");
+
+    /**
+     * Example Twilio usage.
+     *
+     * @param args command line args
+     * @throws TwiMLException if unable to generate TwiML
+     */
+    public static void main(String[] args) throws Exception {
+
+        // Generate public/private key pair
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+        keyGen.initialize(2048);
+        KeyPair pair = keyGen.generateKeyPair();
+        java.security.PublicKey pk = pair.getPublic();
+
+        // Use the default rest client
+        TwilioRestClient client =
+            new TwilioRestClient.Builder(ACCOUNT_SID, AUTH_TOKEN)
+                .build();
+
+        // Create a public key and signing key using the default client
+        PublicKey key = PublicKey.creator(
+            Base64.encodeBase64String(pk.getEncoded())
+        ).setFriendlyName("Public Key").create(client);
+
+        NewSigningKey signingKey = NewSigningKey.creator().create(client);
+
+        // Switch to validation client as the default client
+        TwilioRestClient validationClient = new TwilioRestClient.Builder(signingKey.getSid(), signingKey.getSecret())
+            .accountSid(ACCOUNT_SID)
+            .httpClient(new ValidationClient(ACCOUNT_SID, key.getSid(), signingKey.getSid(), pair.getPrivate()))
+            .build();
+
+        // Make REST API requests
+        Iterable<Message> messages = Message.reader().read(validationClient);
+        for (Message m : messages) {
+            System.out.println(m.getBody());
+        }
+
+        Message m = Message.creator(
+            new PhoneNumber("+1XXXXXXXXXX"),
+            new PhoneNumber("+1XXXXXXXXXX"),
+            "Asymmetric Auth Test"
+        ).create(validationClient);
+        System.out.println(m.getSid());
+
+    }
+}
@@ -0,0 +1,85 @@
+package com.twilio.http;
+
+
+import com.google.common.collect.Lists;
+import com.twilio.Twilio;
+import com.twilio.exception.ApiException;
+import org.apache.http.Header;
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpResponse;
+import org.apache.http.HttpVersion;
+import org.apache.http.client.config.RequestConfig;
+import org.apache.http.client.methods.RequestBuilder;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.message.BasicHeader;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.security.PrivateKey;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+public class ValidationClient extends HttpClient {
+
+    private static final int CONNECTION_TIMEOUT = 10000;
+    private static final int SOCKET_TIMEOUT = 30500;
+
+    private final org.apache.http.client.HttpClient client;
+
+    public ValidationClient(String accountSid, String credentialSid, String signingKey, PrivateKey privateKey) {
+        RequestConfig config = RequestConfig.custom()
+            .setConnectTimeout(CONNECTION_TIMEOUT)
+            .setSocketTimeout(SOCKET_TIMEOUT)
+            .build();
+
+        Collection<Header> headers = Lists.<Header>newArrayList(
+            new BasicHeader("X-Twilio-Client", "java-" + Twilio.VERSION),
+            new BasicHeader(HttpHeaders.USER_AGENT, "twilio-java/" + Twilio.VERSION + " (" + Twilio.JAVA_VERSION + ")"),
+            new BasicHeader(HttpHeaders.ACCEPT, "application/json"),
+            new BasicHeader(HttpHeaders.ACCEPT_ENCODING, "utf-8")
+        );
+
+        client = HttpClientBuilder.create()
+            .setConnectionManager(new PoolingHttpClientConnectionManager())
+            .setDefaultRequestConfig(config)
+            .setDefaultHeaders(headers)
+            .setMaxConnPerRoute(10)
+            .addInterceptorLast(new ValidationInterceptor(accountSid, credentialSid, signingKey, privateKey))
+            .build();
+    }
+
+    @Override
+    public Response makeRequest(Request request) {
+        RequestBuilder builder = RequestBuilder.create(request.getMethod().toString())
+            .setUri(request.constructURL().toString())
+            .setVersion(HttpVersion.HTTP_1_1)
+            .setCharset(StandardCharsets.UTF_8);
+
+        if (request.requiresAuthentication()) {
+            builder.addHeader(HttpHeaders.AUTHORIZATION, request.getAuthString());
+        }
+
+        HttpMethod method = request.getMethod();
+        if (method == HttpMethod.POST) {
+            builder.addHeader(HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded");
+
+            for (Map.Entry<String, List<String>> entry : request.getPostParams().entrySet()) {
+                for (String value : entry.getValue()) {
+                    builder.addParameter(entry.getKey(), value);
+                }
+            }
+        }
+
+        try {
+            HttpResponse response = client.execute(builder.build());
+            return new Response(
+                response.getEntity() == null ? null : response.getEntity().getContent(),
+                response.getStatusLine().getStatusCode()
+            );
+        } catch (IOException e) {
+            throw new ApiException(e.getMessage());
+        }
+    }
+}
@@ -0,0 +1,36 @@
+package com.twilio.http;
+
+import com.google.common.collect.Lists;
+import com.twilio.jwt.Jwt;
+import com.twilio.jwt.validation.ValidationToken;
+import org.apache.http.HttpException;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpRequestInterceptor;
+import org.apache.http.protocol.HttpContext;
+
+import java.io.IOException;
+import java.security.PrivateKey;
+import java.util.List;
+
+public class ValidationInterceptor implements HttpRequestInterceptor {
+
+    private static final List<String> HEADERS = Lists.newArrayList("authorization", "host");
+
+    private final String accountSid;
+    private final String credentialSid;
+    private final String signingKeySid;
+    private final PrivateKey privateKey;
+
+    public ValidationInterceptor(String accountSid, String credentialSid, String signingKeySid, PrivateKey privateKey) {
+        this.accountSid = accountSid;
+        this.credentialSid = credentialSid;
+        this.signingKeySid = signingKeySid;
+        this.privateKey = privateKey;
+    }
+
+    @Override
+    public void process(HttpRequest request, HttpContext context) throws HttpException, IOException {
+        Jwt jwt = ValidationToken.fromHttpRequest(accountSid, credentialSid, signingKeySid, privateKey, request, HEADERS);
+        request.addHeader("Twilio-Client-Validation", jwt.toJwt());
+    }
+}
@@ -4,7 +4,8 @@
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 
-import java.nio.charset.StandardCharsets;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.Key;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@@ -15,7 +16,7 @@
 public abstract class Jwt {
 
     private final SignatureAlgorithm algorithm;
-    private final String secret;
+    private final Key secretKey;
     private final String issuer;
     private final Date expiration;
 
@@ -32,9 +33,31 @@ public Jwt(
         String secret,
         String issuer,
         Date expiration
+    ) {
+        this(
+            algorithm,
+            new SecretKeySpec(secret.getBytes(), algorithm.getJcaName()),
+            issuer,
+            expiration
+        );
+    }
+
+    /**
+     * Create a new JWT.
+     *
+     * @param algorithm algorithm to use
+     * @param secretKey secret key
+     * @param issuer JWT issuer
+     * @param expiration expiration Date
+     */
+    public Jwt(
+        SignatureAlgorithm algorithm,
+        Key secretKey,
+        String issuer,
+        Date expiration
     ) {
         this.algorithm = algorithm;
-        this.secret = secret;
+        this.secretKey = secretKey;
         this.issuer = issuer;
         this.expiration = expiration;
     }
@@ -51,7 +74,7 @@ public String toJwt() {
 
         JwtBuilder builder =
             Jwts.builder()
-                .signWith(this.algorithm, this.secret.getBytes(StandardCharsets.UTF_8))
+                .signWith(this.algorithm, this.secretKey)
                 .setHeaderParams(headers)
                 .setIssuer(this.issuer)
                 .setExpiration(expiration);