tritondatacenter / java-http-signature Goto Github PK

Library for performing RSA signed HTTP requests in Java

License: Mozilla Public License 2.0

Java 100.00%

http-signature java triton manta joyent

java-http-signature's Introduction

Java HTTP Signature Utilities

java-http-signature is a community maintained set of utilities for making HTTP Signature requests against the Joyent Public Cloud.

This project is a fork of the code that once existed as part of the Java Manta SDK. Currently, this project interacts directly with Bouncy Castle to create HTTP Signatures. In the future, we may use a project like httpsig-java or http-signatures-java to do the signing.

Installation

Requirements

Java 1.8 or higher.
Maven 3.3

Using Maven

Add the latest dependency to your Maven pom.xml.

For Apache HTTP Client AuthScheme support:

<dependency>
    <groupId>com.joyent.http-signature</groupId>
    <artifactId>apache-http-client-signature</artifactId>
    <version>LATEST</version>
</dependency>

For Google HTTP Client support:

<dependency>
    <groupId>com.joyent.http-signature</groupId>
    <artifactId>google-http-client-signature</artifactId>
    <version>LATEST</version>
</dependency>

For JAX-RS Client support:

<dependency>
    <groupId>com.joyent.http-signature</groupId>
    <artifactId>jaxrs-client-signature</artifactId>
    <version>LATEST</version>
</dependency>

From Source

If you prefer to build from source, you'll also need Maven, and then invoke:

# mvn package

Usage

Thread Safety Warning

The Java Cryptographic Extensions Signature class is not thread safe, but it is entirely likely that you will want to use multiple threads to generate HTTP signatures. You can solve this problem by using the included ThreadLocalSigner class. However, this class has the limitation of storing one Signer class per invoking thread. Be very careful that you properly shut down your threads and do not accidentally create a memory leak. To nuke all of the thread references, you can call the clearAll() method on ThreadLocalSigner.

The ThreadLocal approach is used by default in the jaxrs-client, the google-http-client and the apache-http-client modules.

Google HTTP Client Integration

You will need to create a HttpSigner object and then use that object as part of an Interceptor to sign the request object. For example:

public static HttpRequestFactory buildRequestFactory() {
    String keyPath = "/path/to/my/rsa/key";
    String login = "account_name";
    String fingerprint = "b2:b2:b2:b2:b2:b2:b2:b2:f7:f7:f7:f7:f7:f7:f7:f7";
    HttpSignerUtils.getKeyPair(new File(keyPath).toPath()); 
    HttpSigner signer = new HttpSigner(keyPair, login, fingerprint);
    
    HttpExecuteInterceptor signingInterceptor = new HttpExecuteInterceptor() {
        @Override
        public void intercept(final HttpRequest request) throws IOException {
            httpSigner.signRequest(request);
        }
    };
    
    HttpRequestInitializer initializer = new HttpRequestInitializer() {
        @Override
        public void initialize(final HttpRequest request) throws IOException {
            request.setInterceptor(signingInterceptor);
            request.setParser(new JsonObjectParser(JSON_FACTORY));
        }
    };
    
    HttpTransport transport = new NetHttpTransport();
    
    return transport.createRequestFactory(initializer);
}

JAX-RS Client Integration

To use the JAX-RS Client integration, instantiate a SignedRequestClientRequestFilter with the proper credentials, then register this instance with the JAX-RS Client. For example:

    String keyPath = "/path/to/my/rsa/key";
    String login = "account_name";
    String fingerprint = "b2:b2:b2:b2:b2:b2:b2:b2:f7:f7:f7:f7:f7:f7:f7:f7";
    final SignedRequestClientRequestFilter signedRequestClientRequestFilter = new SignedRequestClientRequestFilter(
        login,
        fingerprint,
        keyPath
    );

    Response response = ClientBuilder.newClient()
        .register(signedRequestClientRequestFilter)
        .target(endpointBaseUrl.toURI())
        .request(MediaType.APPLICATION_JSON_TYPE)
        .get();

Contributions

Contributions welcome! Please read the CONTRIBUTING.md document for details on getting started.

Releasing

Please refer to the release documentation.

Bugs

See https://github.com/joyent/java-http-signature/issues.

License

Java HTTP Signatures is licensed under the MPLv2. Please see the LICENSE.txt file for more details.

java-http-signature's People

Contributors

Stargazers

Watchers

Forkers

jstoiko kevin-wang-cy cburroughs tjcelaya dekobon srebrinb zedaw indianwhocodes jooyeonhan isabella232 bunnypirate

java-http-signature's Issues

Fix compiler warnings

Many error prone and Java compiler warnings are shown when warnings are enabled. This issue is to fix them and get us to 0 warnings.

Remove x-request-id header assignment from authentication methods

Adding request ids should be the responsibility of the underlying consumer of the library. This doesn't belong in the library. Once this is changed, we will need to do a version bump.

write changelog for 4.0.0 release

(This is easier for me to do conflict free after everything lands.)

support the "new" openssh private key format

This is another kind of special openssh format that starts with BEGIN OPENSSH PRIVATE KEY. This format is always used for Ed25519 keys (#31)

 * Add a new private key format that uses a bcrypt KDF to better
   protect keys at rest. This format is used unconditionally for
   Ed25519 keys, but may be requested when generating or saving
   existing keys of other types via the -o ssh-keygen(1) option.
   We intend to make the new format the default in the near future.
   Details of the new format are in the PROTOCOL.key file.
https://www.openssh.com/txt/release-6.5

NOTE: "bcrypt" kdf is actually bcrypt_pbkdf
http://www.tedunangst.com/flak/post/new-openssh-key-format-and-bcrypt-pbkdf
https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key

Support new SHA256 ssh-keygen signatures

In newer versions of the triton and manta CLI utilities, the fingerprint environment variables can be prefixed by a checksum name like: MD5:XXXXXXXXX.

Locale values are not hard coded to English

NssBridgeKeyConverter's reflection breaks key serialization

The reflective access in NssBridgeKeyConverter breaks interoperability with JcaMiscPEMGenerator when attempting to serialize a key which was loaded by the SunPKCS11-NSS provider.

I generated a sample key which looks like the following:

When serializing the private key from the loaded KeyPair (making sure that the keypair's private key was an instance of sun.security.pkcs11.P11Key$P11ECPrivateKey so we know it was actually loaded by the reflectively-modified provider), the key content becomes the following:

-----BEGIN EC PRIVATE KEY-----
MCUCAQEEIPZ0n2oweYq3u2/N2IQ6q/JhXV2Hv+2OwVp0LTBri/PW
-----END EC PRIVATE KEY-----

Notice the matching segments implying truncation: CAQEEIPZ0n2oweYq3u2/N2IQ6q/JhXV2Hv+2OwVp0LTBri/PW

Trying to load this key with OpenSSL's ssh-keygen -y -f ${PATH_TO_KEY} results in a password prompt even though the key does not actually have a password attached, so the key is effectively corrupted. Attempting to encrypt the key with a password will result in something like the following

but the password that was used to encrypt does not actually work with this key since it also seems to be corrupted.

Upgrade Dependencies

As time has marched forward, the SDK's direct dependencies and build dependencies have gotten older. This ticket is to bump all of them into a more current version.

jaxrs-client-signature integration tests fail to work in Java 9

When running the jaxrs integration tests in Maven with Java 9 (but not IntelliJ - that works), we see the following error:

[ERROR] Tests run: 4, Failures: 1, Errors: 0, Skipped: 3, Time elapsed: 3.02 s <<< FAILURE! - in TestSuite
[ERROR] arquillianBeforeSuite(com.joyent.http.signature.jaxrs.client.SignedRequestClientRequestFilterIT)  Time elapsed: 2.912 s  <<< FAILURE!
org.jboss.arquillian.container.spi.client.container.LifecycleException: Could not start GlassFish Embedded
	at org.jboss.arquillian.container.glassfish.embedded_3_1.GlassFishContainer.start(GlassFishContainer.java:161)
	at org.jboss.arquillian.container.impl.ContainerImpl.start(ContainerImpl.java:179)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController$8.perform(ContainerLifecycleController.java:137)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController$8.perform(ContainerLifecycleController.java:133)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController.forContainer(ContainerLifecycleController.java:208)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController.startContainer(ContainerLifecycleController.java:133)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90)
	at org.jboss.arquillian.container.impl.client.ContainerDeploymentContextHandler.createContainerContext(ContainerDeploymentContextHandler.java:54)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95)
	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133)
	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105)
	at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:62)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController$2.perform(ContainerLifecycleController.java:70)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController$2.perform(ContainerLifecycleController.java:64)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController.forEachSuiteContainer(ContainerLifecycleController.java:181)
	at org.jboss.arquillian.container.impl.client.container.ContainerLifecycleController.startSuiteContainers(ContainerLifecycleController.java:64)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90)
	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133)
	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105)
	at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:62)
	at org.jboss.arquillian.container.test.impl.client.ContainerEventController.execute(ContainerEventController.java:83)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90)
	at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:69)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86)
	at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95)
	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133)
	at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105)
	at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.beforeSuite(EventTestRunnerAdaptor.java:71)
	at org.jboss.arquillian.testng.Arquillian.arquillianBeforeSuite(Arquillian.java:65)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
	at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:124)
	at org.testng.internal.MethodInvocationHelper.invokeMethodConsideringTimeout(MethodInvocationHelper.java:59)
	at org.testng.internal.Invoker.invokeConfigurationMethod(Invoker.java:455)
	at org.testng.internal.Invoker.invokeConfigurations(Invoker.java:222)
	at org.testng.internal.Invoker.invokeConfigurations(Invoker.java:142)
	at org.testng.SuiteRunner.privateRun(SuiteRunner.java:401)
	at org.testng.SuiteRunner.run(SuiteRunner.java:364)
	at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
	at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:84)
	at org.testng.TestNG.runSuitesSequentially(TestNG.java:1208)
	at org.testng.TestNG.runSuitesLocally(TestNG.java:1137)
	at org.testng.TestNG.runSuites(TestNG.java:1049)
	at org.testng.TestNG.run(TestNG.java:1017)
	at org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:283)
	at org.apache.maven.surefire.testng.TestNGXmlTestSuite.execute(TestNGXmlTestSuite.java:75)
	at org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:120)
	at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:373)
	at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:334)
	at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:119)
	at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:407)
Caused by: java.lang.RuntimeException: org.glassfish.embeddable.GlassFishException: Server failed to start
	at com.sun.enterprise.v3.server.AppServerStartup.start(AppServerStartup.java:225)
	at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:81)
	at org.jboss.arquillian.container.glassfish.embedded_3_1.GlassFishContainer.start(GlassFishContainer.java:155)
	... 79 more
Caused by: org.glassfish.embeddable.GlassFishException: Server failed to start
	at com.sun.enterprise.v3.server.AppServerStartup.doStart(AppServerStartup.java:237)
	at com.sun.enterprise.v3.server.AppServerStartup.start(AppServerStartup.java:223)
	... 81 more

Signer uses SimpleDateFormat in a manner that is not thread safe

Example from a concurrency heavy test:

java.lang.ArrayIndexOutOfBoundsException: 962
        at sun.util.calendar.BaseCalendar.getCalendarDateFromFixedDate(BaseCalendar.java:453) ~[na:1.8.0_131]
        at java.util.GregorianCalendar.computeFields(GregorianCalendar.java:2397) ~[na:1.8.0_131]
        at java.util.GregorianCalendar.computeFields(GregorianCalendar.java:2312) ~[na:1.8.0_131]
        at java.util.Calendar.setTimeInMillis(Calendar.java:1804) ~[na:1.8.0_131]
        at java.util.Calendar.setTime(Calendar.java:1770) ~[na:1.8.0_131]
        at java.text.SimpleDateFormat.format(SimpleDateFormat.java:943) ~[na:1.8.0_131]
        at java.text.SimpleDateFormat.format(SimpleDateFormat.java:936) ~[na:1.8.0_131]
        at java.text.DateFormat.format(DateFormat.java:345) ~[na:1.8.0_131]
        at com.joyent.manta.http.signature.Signer.defaultSignDateAsString(Signer.java:420)

See https://bugs.openjdk.java.net/browse/JDK-6231579 --> from the docs "Date formats are not synchronized"

Gracefully drop to support non-native modpow operations when libgmp is not available

In some configurations, we get this error when making the first request against Manta:

java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: SHA256withNativeRSA, provider: native-rsa, class: com.joyent.manta.http.signature.crypto.NativeRSAWithSHA$SHA256)
com.joyent.manta.http.signature.CryptoException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: SHA256withNativeRSA, provider: native-rsa, class: com.joyent.manta.http.signature.crypto.NativeRSAWithSHA$SHA256)
	at com.joyent.manta.http.signature.Signer.<init>(Signer.java:117)
	at com.joyent.manta.http.signature.Signer$Builder.build(Signer.java:609)
	at com.joyent.manta.http.signature.ThreadLocalSigner.initialValue(ThreadLocalSigner.java:80)
	at com.joyent.manta.http.signature.ThreadLocalSigner.initialValue(ThreadLocalSigner.java:22)
	at java.lang.ThreadLocal.setInitialValue(ThreadLocal.java:180)
	at java.lang.ThreadLocal.get(ThreadLocal.java:170)
	at com.joyent.manta.http.signature.apache.httpclient.HttpSignatureAuthScheme.signRequestHeader(HttpSignatureAuthScheme.java:198)
	at com.joyent.manta.http.signature.apache.httpclient.HttpSignatureAuthScheme.authenticate(HttpSignatureAuthScheme.java:161)
	at com.joyent.manta.http.signature.apache.httpclient.HttpSignatureRequestInterceptor.process(HttpSignatureRequestInterceptor.java:66)
	at com.joyent.manta.org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:133)
	at com.joyent.manta.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:183)
	at com.joyent.manta.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
	at com.joyent.manta.org.apache.http.impl.execchain.ServiceUnavailableRetryExec.execute(ServiceUnavailableRetryExec.java:85)
	at com.joyent.manta.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
	at com.joyent.manta.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
	at com.joyent.manta.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at com.joyent.manta.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
	at com.joyent.manta.http.StandardHttpHelper.executeRequest(StandardHttpHelper.java:438)
	at com.joyent.manta.http.StandardHttpHelper.executeAndCloseRequest(StandardHttpHelper.java:424)
	at com.joyent.manta.http.StandardHttpHelper.executeAndCloseRequest(StandardHttpHelper.java:415)
	at com.joyent.manta.http.StandardHttpHelper.httpHead(StandardHttpHelper.java:101)
	at com.joyent.manta.client.MantaClient.head(MantaClient.java:656)
	at com.joyent.manta.cli.MantaCLI.connectTest(MantaCLI.java:188)
	at com.joyent.manta.cli.MantaCLI.main(MantaCLI.java:72)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: SHA256withNativeRSA, provider: native-rsa, class: com.joyent.manta.http.signature.crypto.NativeRSAWithSHA$SHA256)
	at java.security.Provider$Service.newInstance(Provider.java:1617)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
	at java.security.Signature.getInstance(Signature.java:405)
	at com.joyent.manta.http.signature.Signer.<init>(Signer.java:115)
	... 23 more
Caused by: java.lang.NoClassDefFoundError: com/squareup/jnagmp/GmpInteger
	at com.joyent.manta.http.signature.crypto.NativeRSABlindedEngine.<init>(NativeRSABlindedEngine.java:58)
	at com.joyent.manta.http.signature.crypto.NativeRSAWithSHA$SHA256.<init>(NativeRSAWithSHA.java:75)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at java.security.Provider$Service.newInstance(Provider.java:1595)
	... 27 more
Caused by: java.lang.ClassNotFoundException: com.squareup.jnagmp.GmpInteger
	at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	... 34 more

We should just output a warning and drop to using the default Java RSA implementation.

Apache HTTP Client helper library will loop infinitely when authentication fails

Support loading KeyPair using path and password

See TritonDataCenter/java-manta#294 for more context

Support selecting signing algorithim

Currently in the node.js Manta SDK, the signing algorithm of the ssh key fingerprint is specified before the fingerprint as such:

SHA256:/jZc62ogo+V3sMvtaejk1z593wIrfd8ruslxzoc4ebc
MD5:30:f1:55:f3:8b:fa:b8:3d:e9:c7:7a:23:43:cf:ae:46

However, in the previous versions of the node.js Manta SDK, the ssh key fingerprint was specfied only as a MD5 checksum in the following format:

30:f1:55:f3:8b:fa:b8:3d:e9:c7:7a:23:43:cf:ae:46

This issue involves changing the HTTP signatures library to do the following:

Support checksums that are not just MD5.
To detect the checksum used by parsing the checksum name from the fingerprint string.
To maintain support for existing checksums that do not contain a checksum name prefix.

Use of javax/xml/bind/DatatypeConverter is causing problems with Java 9

NPE when key file is empty

In case a user supplies a path to an existent-but-empty private key, they will get the following unhelpful error:

$ java -jar target/manta-archiver-1.0.0-SNAPSHOT.jar connect-test
Exception in thread "main" java.lang.NullPointerException
	at com.joyent.http.signature.KeyPairLoader.getKeyPair(KeyPairLoader.java:250)
	at com.joyent.http.signature.KeyPairLoader.getKeyPair(KeyPairLoader.java:209)
	at com.joyent.http.signature.KeyPairLoader.getKeyPair(KeyPairLoader.java:163)
	at com.joyent.http.signature.KeyPairLoader.getKeyPair(KeyPairLoader.java:123)
	at com.joyent.manta.config.KeyPairFactory.createKeyPair(KeyPairFactory.java:67)
	at com.joyent.manta.config.AuthAwareConfigContext.doLoad(AuthAwareConfigContext.java:104)
	at com.joyent.manta.config.AuthAwareConfigContext.reload(AuthAwareConfigContext.java:86)
	at com.joyent.manta.config.AuthAwareConfigContext.<init>(AuthAwareConfigContext.java:62)
	at com.joyent.manta.client.MantaClient.<init>(MantaClient.java:213)
	at com.joyent.manta.client.MantaClient.<init>(MantaClient.java:200)
	at com.joyent.manta.client.MantaClient.<init>(MantaClient.java:182)
	at com.joyent.manta.archiver.MantaClientSupplier.get(MantaClientSupplier.java:35)
	at com.joyent.manta.archiver.MantaArchiverCLI$ConnectTest.run(MantaArchiverCLI.java:234)
	at com.joyent.manta.archiver.MantaArchiverCLI.main(MantaArchiverCLI.java:124)

We should check if pemObject is not null before attempting to build the exception that indicates it wasn't the expected type.

support Ed25519 keys

As of this writing Triton does not have server side support for Ed25519 keys and on first glance BouncyCastle does not support them either. However, we would eventually support them.

We shouldn't restrict HTTP methods when signing URLs

Support ECDSA signing

Voice implementer support for HTTP Signatures in IETF HTTP WG

Hi, I'm @msporny, primary author of the HTTP Signatures specification at IETF for many years now. You've implemented some variation of that specification.

I need your help to move that specification towards a global standard at IETF. Hearing from implementers, such as you, is a big part of determining if the work toward a global standard should proceed. The IETF HTTP Working Group is determining whether the work should proceed right now. This is very good news, because the European Banking API community, W3C DID Working Group, W3C Credentials Community Group and other standards setting organizations depend on implementations standardizing on a way to do HTTP Signatures.

The deadline for noting your support is Jan 31st 2020 (in ~10 days).

Here's where you can make a difference...

Here is the IETF HTTP WG Call for Adoption:

https://lists.w3.org/Archives/Public/ietf-http-wg/2020JanMar/0002.html

To note your support of the specification:

Go here and click "subscribe to this list": https://lists.w3.org/Archives/Public/ietf-http-wg/
Verify your subscription by checking your email and clicking on the link that is mailed to you.
Go here and click "respond to this message": https://lists.w3.org/Archives/Public/ietf-http-wg/2020JanMar/0002.html
Write an email stating:
4.1 That you support the adoption of the draft.
4.2 Why you support the adoption of the draft.
4.3 How you plan to make use the specification, either directly, or indirectly (via someone else's software).
Set up an email filter to put all mail sent to [email protected] into its own folder. The mailing list averages ~350 emails/month. You can also leave the mailing list immediately after sending the email above if that amount of email traffic is unacceptable to you.

For an example of the type of email you could write, see this:

https://lists.w3.org/Archives/Public/ietf-http-wg/2020JanMar/0018.html

Thanks a ton for supporting the specification through your implementation. I hope you consider helping us take the specification across the goal line by voicing your support in the IETF HTTP Working Group!

Signature object is being used in a non-thread safe manner

support ssh-agent and/or ~/.ssh loading

Followup from #10. java-http-signature controls the fingerprint generation, and the user supplied fingerprint is only used (if at all) for sanity checking.

This opens up the possibility to -- given a fingerprint -- have the library find the right key in ~/.ssh or an agent. This is how the node ecosystem now works.

Review methods with unused parameters in Signer class

Signer#sign(String, KeyPair, byte[])

Implement a component for signing with JAX-RS clients.

JAX-RS specification provides an api for implementing filters and interceptors which can be used to manipulate requests and responses for JAX-RS resources and clients in a standard way. Implement a component which interoperates with JAX-RS clients to handle signing requests using java-http-signature.