1 package com.atlassian.security.auth.trustedapps;
2
3 import com.atlassian.security.auth.trustedapps.TrustedApplicationUtils.Header.Response;
4 import com.atlassian.security.auth.trustedapps.request.TrustedRequest;
5
6 /**
7 * Utility class for trusted applications
8 */
9 public class TrustedApplicationUtils
10 {
11 /**
12 * Used in Request/Response Header values for validating the capabilites of the client/server.
13 *
14 * @since 0.35
15 */
16 public static final class Constant
17 {
18 /**
19 * The protocol version. The first version of this protocol did not contain this header and so was verion#0.
20 */
21 public static final Integer VERSION = new Integer(1);
22
23 /**
24 * Magic number used to validate successful decryption.
25 */
26 public static final String MAGIC = String.valueOf(0xBADC0FEE);
27
28 /**
29 * Default charset used for encoding/decoding Strings.
30 */
31 public static final String CHARSET_NAME = "utf-8";
32
33 private Constant()
34 {
35 }
36 }
37
38 /**
39 * Request/Response header parameters
40 *
41 * @since 0.35
42 */
43 public static final class Header
44 {
45 private static final String PREFIX = "X-Seraph-Trusted-App-";
46
47 public static final class Request
48 {
49 /**
50 * Header name for trusted application ID
51 */
52 public static final String ID = PREFIX + "ID";
53
54 /**
55 * Header name for the secret key, used to encrypt the certificate.
56 */
57 public static final String SECRET_KEY = PREFIX + "Key";
58
59 /**
60 * Header name for trusted application certificate
61 */
62 public static final String CERTIFICATE = PREFIX + "Cert";
63
64 /**
65 * Header name for trusted application protocol version
66 */
67 public static final String VERSION = PREFIX + "Version";
68
69 /**
70 * Header name for magic number for decryption validation
71 */
72 public static final String MAGIC = PREFIX + "Magic";
73
74 private Request()
75 {
76 }
77 }
78
79 public static final class Response
80 {
81 /**
82 * Header that will contain trusted application error message if it fails
83 */
84 public static final String ERROR = PREFIX + "Error";
85
86 /**
87 * Header used to indicate the status of a response to a trusted app request
88 */
89 public static final String STATUS = PREFIX + "Status";
90
91 private Response()
92 {
93 }
94 }
95
96 private Header()
97 {
98 }
99 }
100
101 /**
102 * Add request parameters to the trusted request. Values are extracted from the given certificate.
103 *
104 * @param certificate
105 * the encrypted certificate to retrieve values from
106 * @param request
107 * the request to populate
108 */
109 public static void addRequestParameters(final EncryptedCertificate certificate, final TrustedRequest request)
110 {
111 request.addRequestParameter(Header.Request.ID, certificate.getID());
112 request.addRequestParameter(Header.Request.CERTIFICATE, certificate.getCertificate());
113 request.addRequestParameter(Header.Request.SECRET_KEY, certificate.getSecretKey());
114 request.addRequestParameter(Header.Request.VERSION, Constant.VERSION.toString());
115 request.addRequestParameter(Header.Request.MAGIC, certificate.getMagicNumber());
116 }
117
118 /**
119 * Get a {@link TransportErrorMessage} from the {@link Response#ERROR} header. This contains an error code that can
120 * be used for i18n purposes as well the parameters. You can also get a default formatted error message.
121 *
122 * @param errorMessage the String containing the error message. Must
123 * @return
124 */
125 public static TransportErrorMessage parseError(String errorMessage)
126 {
127 return TransportErrorMessage.PARSER.parse(errorMessage);
128 }
129
130 public static void validateMagicNumber(String msg, String appId, Integer protocolVersion, String magicNumber) throws InvalidCertificateException
131 {
132 // if empty don't worry
133 if ((protocolVersion != null) && !TrustedApplicationUtils.Constant.MAGIC.equals(magicNumber))
134 {
135 throw new InvalidCertificateException(new TransportErrorMessage.BadMagicNumber(msg, appId));
136 }
137 }
138 }