cleaning structure

old code/tray/assets/signing/sign-message.java

@@ -0,0 +1,143 @@
+// package foo.bar;
+
+/*
+ * Java signing example
+ * Echoes the signed message and exits
+ */
+
+// #########################################################
+// #             WARNING   WARNING   WARNING               #
+// #########################################################
+// #                                                       #
+// # This file is intended for demonstration purposes      #
+// # only.                                                 #
+// #                                                       #
+// # It is the SOLE responsibility of YOU, the programmer  #
+// # to prevent against unauthorized access to any signing #
+// # functions.                                            #
+// #                                                       #
+// # Organizations that do not protect against un-         #
+// # authorized signing will be black-listed to prevent    #
+// # software piracy.                                      #
+// #                                                       #
+// # -QZ Industries, LLC                                   #
+// #                                                       #
+// #########################################################
+
+import java.io.*;
+import java.security.*;
+import java.security.spec.*;
+import java.util.Base64;
+import java.util.logging.*;
+
+/**
+ * Utility for creating an RSA SHA1 signature based on a supplied PEM formatted private key
+ */
+public class MessageSigner {
+    private static Logger logger = Logger.getLogger(MessageSigner.class.getName());
+    private Signature sig;
+
+    /**
+     * Standard Java usage example, safe to remove
+     */
+    public static void main(String args[]) throws Exception {
+        if (args.length < 2) {
+            logger.severe("Usage:\nMessageSigner.class [path to private key] [data to sign]\n");
+            System.exit(1);
+        }
+        byte[] key = MessageSigner.readFile(args[0]);
+        String toSign = args[1];
+        MessageSigner ms = new MessageSigner(key);
+        String signature = ms.sign(toSign);
+
+        logger.log(Level.INFO, "Request: {0}", toSign);
+        logger.log(Level.INFO, "Response: {0}", signature);
+    }
+
+    /**
+     * Servlet usage example, safe to remove
+     *
+    protected void doProcessRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        // Get request from URL
+        String data = request.getParameter("request");
+
+        String signature = new MessageSigner("private-key.pem").sign(data);
+
+        // Send signed message back
+        response.setContentType("text/plain");
+        PrintWriter out = response.getWriter();
+        out.write(signature);
+        out.flush();
+        out.close();
+    }
+
+    /**
+     * Constructs an RSA SHA1 signature object for signing
+     * @param keyData
+     * @throws Exception
+     */
+    public MessageSigner(byte[] keyData) throws Exception {
+        // Warning: PKCS#8 required.  If PKCS#1 (RSA) key is provided convert using:
+        // $ openssl pkcs8 -topk8 -inform PEM -outform PEM -in private-key.pem -out private-key-pkcs8.pem -nocrypt
+        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(parseKeyData(keyData));
+        KeyFactory kf = KeyFactory.getInstance("RSA");
+        PrivateKey key = kf.generatePrivate(keySpec);
+        sig = Signature.getInstance("SHA512withRSA"); // Use "SHA1withRSA" for QZ Tray 2.0 and older
+        sig.initSign(key);
+    }
+
+    /**
+     * Signs the specified data with the provided private key, returning the
+     * RSA SHA1 signature
+     * @param data Message to sign
+     * @return Base64 encoded signature
+     * @throws Exception
+     */
+    public String sign(String data) throws Exception {
+        sig.update(data.getBytes());
+        return Base64.getEncoder().encodeToString(sig.sign());
+    }
+
+    /**
+     * Reads the raw byte[] data from a file resource
+     * @param path File path to read
+     * @return the raw byte data from file
+     * @throws IOException
+     */
+    public static byte[] readFile(String path) throws IOException {
+        InputStream is = MessageSigner.class.getResourceAsStream(path);
+        if (is == null) {
+            throw new IOException(String.format("Can't open resource \"%s\"",  path));
+        }
+        DataInputStream dis = new DataInputStream(is);
+        byte[] data = new byte[dis.available()];
+        dis.readFully(data);
+        dis.close();
+        return data;
+    }
+
+    /**
+     * Parses a base64 encoded private key by stripping the header and footer lines
+     * @param keyData PEM file contents
+     * @return Raw key byes
+     * @throws IOException
+     */
+    private static byte[] parseKeyData(byte[] keyData) throws IOException {
+        StringBuilder sb = new StringBuilder();
+        String[] lines = new String(keyData).split("[\r?\n]+");
+        String[] skips = new String[]{"-----BEGIN", "-----END", ": "};
+        for (String line : lines) {
+            boolean skipLine = false;
+            for (String skip : skips) {
+                if (line.contains(skip)) {
+                    skipLine = true;
+                }
+            }
+            if (!skipLine) {
+                sb.append(line.trim());
+            }
+        }
+        return Base64.getDecoder().decode(sb.toString());
+    }
+
+}