Skip to content
/ signed Public

Library for processing signed hmac and JWTs

License

Apache-2.0 license
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gameontext/signed

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
gradle/wrapper
gradle/wrapper
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 

Repository files navigation

Signed: A library for processing signed JWTs and HMACs in Game On

Release

For client/server consistency, we've created some common libraries to help with signing and verifying requests that use JWTs or HMACs

Using the library in your Java projects

We use jitpack to build this library, which means you can direct maven or gradle directly to our github releases to satisfy dependencies.

  1. include jitpack.io in your list of repositories:
  • In maven:
  <repositories>
    <repository>
      <id>jitpack.io</id>
      <url>https://jitpack.io</url>
    </repository>
  </repositories>
  • In gradle:
  repositories {
    maven { url "https://jitpack.io" }
  }
  1. Include version of the library in your dependencies:
  • In maven:
  <dependency>
    <groupId>org.gameontext</groupId>
    <artifactId>signed</artifactId>
    <version>v1.0.4</version>
  </dependency>
  • In gradle:
  dependencies {
      compile 'org.gameontext:signed:v1.0.4'
  }
  1. Use SignedRequest* utilities to handle request signing
  • SignedRequestFilter with JAX-RS 2.0 client:
  Client client = ClientBuilder.newClient().register(JsonProvider.class);

  SignedClientRequestFilter apikeyFilter = new SignedClientRequestFilter(userid, secret);
  client.register(apikeyFilter);
  • Room-side of WebSocket Handshake via ServerEndpointConfig.Configurator
      public void modifyHandshake(ServerEndpointConfig sec, HandshakeRequest request, HandshakeResponse response) {
          super.modifyHandshake(sec, request, response);

          if ( token == null || token.isEmpty() ) {
              Log.log(Level.FINEST, this, "No token set for room, skipping validation");
          } else {
              Log.log(Level.FINEST, this, "Validating WS handshake");
              SignedRequestHmac wsHmac = new SignedRequestHmac("", token, "", request.getRequestURI().getRawPath());

              try {
                  wsHmac.checkHeaders(new SignedRequestMap.MLS_StringMap(request.getHeaders()))
                          .verifyFullSignature()
                          .wsResignRequest(new SignedRequestMap.MLS_StringMap(response.getHeaders()));

                  Log.log(Level.INFO, this, "validated and resigned", wsHmac);
              } catch(Exception e) {
                  Log.log(Level.WARNING, this, "Failed to validate HMAC, unable to establish connection", e);

                  response.getHeaders().replace(HandshakeResponse.SEC_WEBSOCKET_ACCEPT, Collections.emptyList());
              }
          }
      }

About

Library for processing signed hmac and JWTs

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

2 forks
Report repository

Releases 5

org.gameontext.signed-v1.0.4 Latest
Oct 19, 2020
+ 4 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages