From 09ddf2abc184cae659079f7f4966b53dd3279913 Mon Sep 17 00:00:00 2001 From: Ghufran Zahidi <18732053+Ghufz@users.noreply.github.com> Date: Fri, 22 Dec 2023 17:11:39 +0530 Subject: [PATCH 1/3] Fixed the HttpSigning issue for ECDSA key supplied as string. --- .../csharp/HttpSigningConfiguration.mustache | 22 ++++++++++++++----- .../Client/HttpSigningConfiguration.cs | 16 ++++++++++---- .../Client/HttpSigningConfiguration.cs | 16 ++++++++++---- .../Client/HttpSigningConfiguration.cs | 16 ++++++++++---- .../Client/HttpSigningConfiguration.cs | 16 ++++++++++---- .../Client/HttpSigningConfiguration.cs | 22 ++++++++++++++----- .../Client/HttpSigningConfiguration.cs | 16 ++++++++++---- .../Client/HttpSigningConfiguration.cs | 16 ++++++++++---- .../Client/HttpSigningConfiguration.cs | 22 ++++++++++++++----- 9 files changed, 120 insertions(+), 42 deletions(-) diff --git a/modules/openapi-generator/src/main/resources/csharp/HttpSigningConfiguration.mustache b/modules/openapi-generator/src/main/resources/csharp/HttpSigningConfiguration.mustache index 4bc8b396e095..33791a908579 100644 --- a/modules/openapi-generator/src/main/resources/csharp/HttpSigningConfiguration.mustache +++ b/modules/openapi-generator/src/main/resources/csharp/HttpSigningConfiguration.mustache @@ -102,14 +102,13 @@ namespace {{packageName}}.Client const string HEADER_AUTHORIZATION = "Authorization"; //Read the api key from the file - if(string.IsNullOrEmpty(this.KeyString)) + if(File.Exists(KeyFilePath)) { this.KeyString = ReadApiKeyFromFile(KeyFilePath); } - - if(string.IsNullOrEmpty(KeyString)) + else if(string.IsNullOrEmpty(KeyString)) { - throw new Exception("No API key has been provided."); + throw new Exception("No API key has been provided. Supply it using either KeyFilePath or KeyString"); } //Hash table to store singed headers @@ -317,6 +316,10 @@ namespace {{packageName}}.Client private string GetRSASignature(byte[] stringToSign) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } RSA rsa = GetRSAProviderFromPemFile(KeyString, KeyPassPhrase); if (SigningAlgorithm == "RSASSA-PSS") { @@ -342,8 +345,10 @@ namespace {{packageName}}.Client private string GetECDSASignature(byte[] dataToSign) { {{#net60OrLater}} - if (!File.Exists(KeyFilePath)) - throw new Exception("key file path does not exist."); + if (!File.Exists(KeyFilePath) && string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } var keyStr = KeyString; const string ecKeyHeader = "-----BEGIN EC PRIVATE KEY-----"; @@ -443,6 +448,11 @@ namespace {{packageName}}.Client private RSACryptoServiceProvider GetRSAProviderFromPemFile(string keyString, SecureString keyPassPhrase = null) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } + const string pempubheader = "-----BEGIN PUBLIC KEY-----"; const string pempubfooter = "-----END PUBLIC KEY-----"; bool isPrivateKeyFile = true; diff --git a/samples/client/petstore/csharp/OpenAPIClient-ConditionalSerialization/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/OpenAPIClient-ConditionalSerialization/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 7c8668488ee2..256f338e1817 100644 --- a/samples/client/petstore/csharp/OpenAPIClient-ConditionalSerialization/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/OpenAPIClient-ConditionalSerialization/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -110,14 +110,13 @@ internal Dictionary GetHttpSignedHeader(string basePath,string m const string HEADER_AUTHORIZATION = "Authorization"; //Read the api key from the file - if(string.IsNullOrEmpty(this.KeyString)) + if(File.Exists(KeyFilePath)) { this.KeyString = ReadApiKeyFromFile(KeyFilePath); } - - if(string.IsNullOrEmpty(KeyString)) + else if(string.IsNullOrEmpty(KeyString)) { - throw new Exception("No API key has been provided."); + throw new Exception("No API key has been provided. Supply it using either KeyFilePath or KeyString"); } //Hash table to store singed headers @@ -325,6 +324,10 @@ private int GetUnixTime(DateTime date2) private string GetRSASignature(byte[] stringToSign) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } RSA rsa = GetRSAProviderFromPemFile(KeyString, KeyPassPhrase); if (SigningAlgorithm == "RSASSA-PSS") { @@ -412,6 +415,11 @@ private byte[] ConvertToECDSAANS1Format(byte[] signedBytes) private RSACryptoServiceProvider GetRSAProviderFromPemFile(string keyString, SecureString keyPassPhrase = null) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } + const string pempubheader = "-----BEGIN PUBLIC KEY-----"; const string pempubfooter = "-----END PUBLIC KEY-----"; bool isPrivateKeyFile = true; diff --git a/samples/client/petstore/csharp/OpenAPIClient-httpclient/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/OpenAPIClient-httpclient/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 7c8668488ee2..256f338e1817 100644 --- a/samples/client/petstore/csharp/OpenAPIClient-httpclient/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/OpenAPIClient-httpclient/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -110,14 +110,13 @@ internal Dictionary GetHttpSignedHeader(string basePath,string m const string HEADER_AUTHORIZATION = "Authorization"; //Read the api key from the file - if(string.IsNullOrEmpty(this.KeyString)) + if(File.Exists(KeyFilePath)) { this.KeyString = ReadApiKeyFromFile(KeyFilePath); } - - if(string.IsNullOrEmpty(KeyString)) + else if(string.IsNullOrEmpty(KeyString)) { - throw new Exception("No API key has been provided."); + throw new Exception("No API key has been provided. Supply it using either KeyFilePath or KeyString"); } //Hash table to store singed headers @@ -325,6 +324,10 @@ private int GetUnixTime(DateTime date2) private string GetRSASignature(byte[] stringToSign) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } RSA rsa = GetRSAProviderFromPemFile(KeyString, KeyPassPhrase); if (SigningAlgorithm == "RSASSA-PSS") { @@ -412,6 +415,11 @@ private byte[] ConvertToECDSAANS1Format(byte[] signedBytes) private RSACryptoServiceProvider GetRSAProviderFromPemFile(string keyString, SecureString keyPassPhrase = null) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } + const string pempubheader = "-----BEGIN PUBLIC KEY-----"; const string pempubfooter = "-----END PUBLIC KEY-----"; bool isPrivateKeyFile = true; diff --git a/samples/client/petstore/csharp/OpenAPIClient-net47/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/OpenAPIClient-net47/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 7c8668488ee2..256f338e1817 100644 --- a/samples/client/petstore/csharp/OpenAPIClient-net47/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/OpenAPIClient-net47/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -110,14 +110,13 @@ internal Dictionary GetHttpSignedHeader(string basePath,string m const string HEADER_AUTHORIZATION = "Authorization"; //Read the api key from the file - if(string.IsNullOrEmpty(this.KeyString)) + if(File.Exists(KeyFilePath)) { this.KeyString = ReadApiKeyFromFile(KeyFilePath); } - - if(string.IsNullOrEmpty(KeyString)) + else if(string.IsNullOrEmpty(KeyString)) { - throw new Exception("No API key has been provided."); + throw new Exception("No API key has been provided. Supply it using either KeyFilePath or KeyString"); } //Hash table to store singed headers @@ -325,6 +324,10 @@ private int GetUnixTime(DateTime date2) private string GetRSASignature(byte[] stringToSign) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } RSA rsa = GetRSAProviderFromPemFile(KeyString, KeyPassPhrase); if (SigningAlgorithm == "RSASSA-PSS") { @@ -412,6 +415,11 @@ private byte[] ConvertToECDSAANS1Format(byte[] signedBytes) private RSACryptoServiceProvider GetRSAProviderFromPemFile(string keyString, SecureString keyPassPhrase = null) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } + const string pempubheader = "-----BEGIN PUBLIC KEY-----"; const string pempubfooter = "-----END PUBLIC KEY-----"; bool isPrivateKeyFile = true; diff --git a/samples/client/petstore/csharp/OpenAPIClient-net48/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/OpenAPIClient-net48/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 7c8668488ee2..256f338e1817 100644 --- a/samples/client/petstore/csharp/OpenAPIClient-net48/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/OpenAPIClient-net48/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -110,14 +110,13 @@ internal Dictionary GetHttpSignedHeader(string basePath,string m const string HEADER_AUTHORIZATION = "Authorization"; //Read the api key from the file - if(string.IsNullOrEmpty(this.KeyString)) + if(File.Exists(KeyFilePath)) { this.KeyString = ReadApiKeyFromFile(KeyFilePath); } - - if(string.IsNullOrEmpty(KeyString)) + else if(string.IsNullOrEmpty(KeyString)) { - throw new Exception("No API key has been provided."); + throw new Exception("No API key has been provided. Supply it using either KeyFilePath or KeyString"); } //Hash table to store singed headers @@ -325,6 +324,10 @@ private int GetUnixTime(DateTime date2) private string GetRSASignature(byte[] stringToSign) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } RSA rsa = GetRSAProviderFromPemFile(KeyString, KeyPassPhrase); if (SigningAlgorithm == "RSASSA-PSS") { @@ -412,6 +415,11 @@ private byte[] ConvertToECDSAANS1Format(byte[] signedBytes) private RSACryptoServiceProvider GetRSAProviderFromPemFile(string keyString, SecureString keyPassPhrase = null) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } + const string pempubheader = "-----BEGIN PUBLIC KEY-----"; const string pempubfooter = "-----END PUBLIC KEY-----"; bool isPrivateKeyFile = true; diff --git a/samples/client/petstore/csharp/OpenAPIClient-net5.0/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/OpenAPIClient-net5.0/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index d98d2815297d..0685800345a1 100644 --- a/samples/client/petstore/csharp/OpenAPIClient-net5.0/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/OpenAPIClient-net5.0/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -110,14 +110,13 @@ internal Dictionary GetHttpSignedHeader(string basePath,string m const string HEADER_AUTHORIZATION = "Authorization"; //Read the api key from the file - if(string.IsNullOrEmpty(this.KeyString)) + if(File.Exists(KeyFilePath)) { this.KeyString = ReadApiKeyFromFile(KeyFilePath); } - - if(string.IsNullOrEmpty(KeyString)) + else if(string.IsNullOrEmpty(KeyString)) { - throw new Exception("No API key has been provided."); + throw new Exception("No API key has been provided. Supply it using either KeyFilePath or KeyString"); } //Hash table to store singed headers @@ -325,6 +324,10 @@ private int GetUnixTime(DateTime date2) private string GetRSASignature(byte[] stringToSign) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } RSA rsa = GetRSAProviderFromPemFile(KeyString, KeyPassPhrase); if (SigningAlgorithm == "RSASSA-PSS") { @@ -349,8 +352,10 @@ private string GetRSASignature(byte[] stringToSign) /// ECDSA signature private string GetECDSASignature(byte[] dataToSign) { - if (!File.Exists(KeyFilePath)) - throw new Exception("key file path does not exist."); + if (!File.Exists(KeyFilePath) && string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } var keyStr = KeyString; const string ecKeyHeader = "-----BEGIN EC PRIVATE KEY-----"; @@ -446,6 +451,11 @@ private byte[] ConvertToECDSAANS1Format(byte[] signedBytes) private RSACryptoServiceProvider GetRSAProviderFromPemFile(string keyString, SecureString keyPassPhrase = null) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } + const string pempubheader = "-----BEGIN PUBLIC KEY-----"; const string pempubfooter = "-----END PUBLIC KEY-----"; bool isPrivateKeyFile = true; diff --git a/samples/client/petstore/csharp/OpenAPIClient-unityWebRequest/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/OpenAPIClient-unityWebRequest/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 7c8668488ee2..256f338e1817 100644 --- a/samples/client/petstore/csharp/OpenAPIClient-unityWebRequest/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/OpenAPIClient-unityWebRequest/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -110,14 +110,13 @@ internal Dictionary GetHttpSignedHeader(string basePath,string m const string HEADER_AUTHORIZATION = "Authorization"; //Read the api key from the file - if(string.IsNullOrEmpty(this.KeyString)) + if(File.Exists(KeyFilePath)) { this.KeyString = ReadApiKeyFromFile(KeyFilePath); } - - if(string.IsNullOrEmpty(KeyString)) + else if(string.IsNullOrEmpty(KeyString)) { - throw new Exception("No API key has been provided."); + throw new Exception("No API key has been provided. Supply it using either KeyFilePath or KeyString"); } //Hash table to store singed headers @@ -325,6 +324,10 @@ private int GetUnixTime(DateTime date2) private string GetRSASignature(byte[] stringToSign) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } RSA rsa = GetRSAProviderFromPemFile(KeyString, KeyPassPhrase); if (SigningAlgorithm == "RSASSA-PSS") { @@ -412,6 +415,11 @@ private byte[] ConvertToECDSAANS1Format(byte[] signedBytes) private RSACryptoServiceProvider GetRSAProviderFromPemFile(string keyString, SecureString keyPassPhrase = null) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } + const string pempubheader = "-----BEGIN PUBLIC KEY-----"; const string pempubfooter = "-----END PUBLIC KEY-----"; bool isPrivateKeyFile = true; diff --git a/samples/client/petstore/csharp/OpenAPIClient/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/OpenAPIClient/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 7c8668488ee2..256f338e1817 100644 --- a/samples/client/petstore/csharp/OpenAPIClient/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/OpenAPIClient/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -110,14 +110,13 @@ internal Dictionary GetHttpSignedHeader(string basePath,string m const string HEADER_AUTHORIZATION = "Authorization"; //Read the api key from the file - if(string.IsNullOrEmpty(this.KeyString)) + if(File.Exists(KeyFilePath)) { this.KeyString = ReadApiKeyFromFile(KeyFilePath); } - - if(string.IsNullOrEmpty(KeyString)) + else if(string.IsNullOrEmpty(KeyString)) { - throw new Exception("No API key has been provided."); + throw new Exception("No API key has been provided. Supply it using either KeyFilePath or KeyString"); } //Hash table to store singed headers @@ -325,6 +324,10 @@ private int GetUnixTime(DateTime date2) private string GetRSASignature(byte[] stringToSign) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } RSA rsa = GetRSAProviderFromPemFile(KeyString, KeyPassPhrase); if (SigningAlgorithm == "RSASSA-PSS") { @@ -412,6 +415,11 @@ private byte[] ConvertToECDSAANS1Format(byte[] signedBytes) private RSACryptoServiceProvider GetRSAProviderFromPemFile(string keyString, SecureString keyPassPhrase = null) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } + const string pempubheader = "-----BEGIN PUBLIC KEY-----"; const string pempubfooter = "-----END PUBLIC KEY-----"; bool isPrivateKeyFile = true; diff --git a/samples/client/petstore/csharp/OpenAPIClientCore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/OpenAPIClientCore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index d98d2815297d..0685800345a1 100644 --- a/samples/client/petstore/csharp/OpenAPIClientCore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/OpenAPIClientCore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -110,14 +110,13 @@ internal Dictionary GetHttpSignedHeader(string basePath,string m const string HEADER_AUTHORIZATION = "Authorization"; //Read the api key from the file - if(string.IsNullOrEmpty(this.KeyString)) + if(File.Exists(KeyFilePath)) { this.KeyString = ReadApiKeyFromFile(KeyFilePath); } - - if(string.IsNullOrEmpty(KeyString)) + else if(string.IsNullOrEmpty(KeyString)) { - throw new Exception("No API key has been provided."); + throw new Exception("No API key has been provided. Supply it using either KeyFilePath or KeyString"); } //Hash table to store singed headers @@ -325,6 +324,10 @@ private int GetUnixTime(DateTime date2) private string GetRSASignature(byte[] stringToSign) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } RSA rsa = GetRSAProviderFromPemFile(KeyString, KeyPassPhrase); if (SigningAlgorithm == "RSASSA-PSS") { @@ -349,8 +352,10 @@ private string GetRSASignature(byte[] stringToSign) /// ECDSA signature private string GetECDSASignature(byte[] dataToSign) { - if (!File.Exists(KeyFilePath)) - throw new Exception("key file path does not exist."); + if (!File.Exists(KeyFilePath) && string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } var keyStr = KeyString; const string ecKeyHeader = "-----BEGIN EC PRIVATE KEY-----"; @@ -446,6 +451,11 @@ private byte[] ConvertToECDSAANS1Format(byte[] signedBytes) private RSACryptoServiceProvider GetRSAProviderFromPemFile(string keyString, SecureString keyPassPhrase = null) { + if (string.IsNullOrEmpty(KeyString)) + { + throw new Exception("No API key has been provided."); + } + const string pempubheader = "-----BEGIN PUBLIC KEY-----"; const string pempubfooter = "-----END PUBLIC KEY-----"; bool isPrivateKeyFile = true; From 1983e932d5aee7ef6632078923de9a33e2a2b2ba Mon Sep 17 00:00:00 2001 From: Ghufran Zahidi <18732053+Ghufz@users.noreply.github.com> Date: Wed, 24 Apr 2024 16:26:56 +0530 Subject: [PATCH 2/3] made the HttpSigning method public to get the signed header. --- .../csharp/HttpSigningConfiguration.mustache | 2 +- .../Client/HttpSigningConfiguration.cs | 2 +- .../Client/HttpSigningConfiguration.cs | 2 +- .../Client/HttpSigningConfiguration.cs | 2 +- .../Client/HttpSigningConfiguration.cs | 2 +- .../Client/HttpSigningConfiguration.cs | 2 +- .../Client/HttpSigningConfiguration.cs | 40 +------------------ .../Client/HttpSigningConfiguration.cs | 2 +- .../Client/HttpSigningConfiguration.cs | 40 +------------------ 9 files changed, 11 insertions(+), 83 deletions(-) diff --git a/modules/openapi-generator/src/main/resources/csharp/HttpSigningConfiguration.mustache b/modules/openapi-generator/src/main/resources/csharp/HttpSigningConfiguration.mustache index 33791a908579..9566e1f1aed5 100644 --- a/modules/openapi-generator/src/main/resources/csharp/HttpSigningConfiguration.mustache +++ b/modules/openapi-generator/src/main/resources/csharp/HttpSigningConfiguration.mustache @@ -82,7 +82,7 @@ namespace {{packageName}}.Client /// Path /// Request options /// Http signed headers - internal Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) + public Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) { const string HEADER_REQUEST_TARGET = "(request-target)"; //The time when the HTTP signature expires. The API server should reject HTTP requests diff --git a/samples/client/petstore/csharp/httpclient/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/httpclient/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 256f338e1817..26a72daaf38f 100644 --- a/samples/client/petstore/csharp/httpclient/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/httpclient/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -90,7 +90,7 @@ private enum PrivateKeyType /// Path /// Request options /// Http signed headers - internal Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) + public Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) { const string HEADER_REQUEST_TARGET = "(request-target)"; //The time when the HTTP signature expires. The API server should reject HTTP requests diff --git a/samples/client/petstore/csharp/restsharp/net4.7/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/restsharp/net4.7/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 256f338e1817..26a72daaf38f 100644 --- a/samples/client/petstore/csharp/restsharp/net4.7/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/restsharp/net4.7/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -90,7 +90,7 @@ private enum PrivateKeyType /// Path /// Request options /// Http signed headers - internal Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) + public Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) { const string HEADER_REQUEST_TARGET = "(request-target)"; //The time when the HTTP signature expires. The API server should reject HTTP requests diff --git a/samples/client/petstore/csharp/restsharp/net4.8/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/restsharp/net4.8/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 256f338e1817..26a72daaf38f 100644 --- a/samples/client/petstore/csharp/restsharp/net4.8/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/restsharp/net4.8/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -90,7 +90,7 @@ private enum PrivateKeyType /// Path /// Request options /// Http signed headers - internal Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) + public Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) { const string HEADER_REQUEST_TARGET = "(request-target)"; //The time when the HTTP signature expires. The API server should reject HTTP requests diff --git a/samples/client/petstore/csharp/restsharp/net7/EnumMappings/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/restsharp/net7/EnumMappings/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 0685800345a1..51fbdfa548b8 100644 --- a/samples/client/petstore/csharp/restsharp/net7/EnumMappings/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/restsharp/net7/EnumMappings/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -90,7 +90,7 @@ private enum PrivateKeyType /// Path /// Request options /// Http signed headers - internal Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) + public Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) { const string HEADER_REQUEST_TARGET = "(request-target)"; //The time when the HTTP signature expires. The API server should reject HTTP requests diff --git a/samples/client/petstore/csharp/restsharp/net7/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/restsharp/net7/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 0685800345a1..51fbdfa548b8 100644 --- a/samples/client/petstore/csharp/restsharp/net7/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/restsharp/net7/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -90,7 +90,7 @@ private enum PrivateKeyType /// Path /// Request options /// Http signed headers - internal Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) + public Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) { const string HEADER_REQUEST_TARGET = "(request-target)"; //The time when the HTTP signature expires. The API server should reject HTTP requests diff --git a/samples/client/petstore/csharp/restsharp/standard2.0/ConditionalSerialization/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/restsharp/standard2.0/ConditionalSerialization/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 7f18b0ca1db9..26a72daaf38f 100644 --- a/samples/client/petstore/csharp/restsharp/standard2.0/ConditionalSerialization/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/restsharp/standard2.0/ConditionalSerialization/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -90,7 +90,7 @@ private enum PrivateKeyType /// Path /// Request options /// Http signed headers - internal Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) + public Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) { const string HEADER_REQUEST_TARGET = "(request-target)"; //The time when the HTTP signature expires. The API server should reject HTTP requests @@ -352,43 +352,7 @@ private string GetRSASignature(byte[] stringToSign) /// ECDSA signature private string GetECDSASignature(byte[] dataToSign) { - if (!File.Exists(KeyFilePath) && string.IsNullOrEmpty(KeyString)) - { - throw new Exception("No API key has been provided."); - } - - var keyStr = KeyString; - const string ecKeyHeader = "-----BEGIN EC PRIVATE KEY-----"; - const string ecKeyFooter = "-----END EC PRIVATE KEY-----"; - var ecKeyBase64String = keyStr.Replace(ecKeyHeader, "").Replace(ecKeyFooter, "").Trim(); - var keyBytes = System.Convert.FromBase64String(ecKeyBase64String); - var ecdsa = ECDsa.Create(); - - var byteCount = 0; - if (KeyPassPhrase != null) - { - IntPtr unmanagedString = IntPtr.Zero; - try - { - // convert secure string to byte array - unmanagedString = Marshal.SecureStringToGlobalAllocUnicode(KeyPassPhrase); - ecdsa.ImportEncryptedPkcs8PrivateKey(Encoding.UTF8.GetBytes(Marshal.PtrToStringUni(unmanagedString)), keyBytes, out byteCount); - } - finally - { - if (unmanagedString != IntPtr.Zero) - { - Marshal.ZeroFreeBSTR(unmanagedString); - } - } - } - else - ecdsa.ImportPkcs8PrivateKey(keyBytes, out byteCount); - - var derBytes = ecdsa.SignHash(dataToSign, DSASignatureFormat.Rfc3279DerSequence); - var signedString = System.Convert.ToBase64String(derBytes); - - return signedString; + throw new Exception("ECDSA signing is supported only on NETCOREAPP3_0 and above"); } /// diff --git a/samples/client/petstore/csharp/restsharp/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/restsharp/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 256f338e1817..26a72daaf38f 100644 --- a/samples/client/petstore/csharp/restsharp/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/restsharp/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -90,7 +90,7 @@ private enum PrivateKeyType /// Path /// Request options /// Http signed headers - internal Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) + public Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) { const string HEADER_REQUEST_TARGET = "(request-target)"; //The time when the HTTP signature expires. The API server should reject HTTP requests diff --git a/samples/client/petstore/csharp/unityWebRequest/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs b/samples/client/petstore/csharp/unityWebRequest/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs index 7f18b0ca1db9..26a72daaf38f 100644 --- a/samples/client/petstore/csharp/unityWebRequest/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs +++ b/samples/client/petstore/csharp/unityWebRequest/standard2.0/Petstore/src/Org.OpenAPITools/Client/HttpSigningConfiguration.cs @@ -90,7 +90,7 @@ private enum PrivateKeyType /// Path /// Request options /// Http signed headers - internal Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) + public Dictionary GetHttpSignedHeader(string basePath,string method, string path, RequestOptions requestOptions) { const string HEADER_REQUEST_TARGET = "(request-target)"; //The time when the HTTP signature expires. The API server should reject HTTP requests @@ -352,43 +352,7 @@ private string GetRSASignature(byte[] stringToSign) /// ECDSA signature private string GetECDSASignature(byte[] dataToSign) { - if (!File.Exists(KeyFilePath) && string.IsNullOrEmpty(KeyString)) - { - throw new Exception("No API key has been provided."); - } - - var keyStr = KeyString; - const string ecKeyHeader = "-----BEGIN EC PRIVATE KEY-----"; - const string ecKeyFooter = "-----END EC PRIVATE KEY-----"; - var ecKeyBase64String = keyStr.Replace(ecKeyHeader, "").Replace(ecKeyFooter, "").Trim(); - var keyBytes = System.Convert.FromBase64String(ecKeyBase64String); - var ecdsa = ECDsa.Create(); - - var byteCount = 0; - if (KeyPassPhrase != null) - { - IntPtr unmanagedString = IntPtr.Zero; - try - { - // convert secure string to byte array - unmanagedString = Marshal.SecureStringToGlobalAllocUnicode(KeyPassPhrase); - ecdsa.ImportEncryptedPkcs8PrivateKey(Encoding.UTF8.GetBytes(Marshal.PtrToStringUni(unmanagedString)), keyBytes, out byteCount); - } - finally - { - if (unmanagedString != IntPtr.Zero) - { - Marshal.ZeroFreeBSTR(unmanagedString); - } - } - } - else - ecdsa.ImportPkcs8PrivateKey(keyBytes, out byteCount); - - var derBytes = ecdsa.SignHash(dataToSign, DSASignatureFormat.Rfc3279DerSequence); - var signedString = System.Convert.ToBase64String(derBytes); - - return signedString; + throw new Exception("ECDSA signing is supported only on NETCOREAPP3_0 and above"); } /// From 14c3fad7d33df7c07b33cf242efbfc27a6fcc33e Mon Sep 17 00:00:00 2001 From: Ghufran Zahidi <18732053+Ghufz@users.noreply.github.com> Date: Thu, 25 Apr 2024 12:01:04 +0530 Subject: [PATCH 3/3] removed python related changes --- .../python-pydantic-v1/signing.mustache | 92 ++++++++----------- 1 file changed, 37 insertions(+), 55 deletions(-) diff --git a/modules/openapi-generator/src/main/resources/python-pydantic-v1/signing.mustache b/modules/openapi-generator/src/main/resources/python-pydantic-v1/signing.mustache index ed7bba36e725..bb2850fdcc09 100644 --- a/modules/openapi-generator/src/main/resources/python-pydantic-v1/signing.mustache +++ b/modules/openapi-generator/src/main/resources/python-pydantic-v1/signing.mustache @@ -76,7 +76,6 @@ class HttpSigningConfiguration: a private key. The private key is used to sign HTTP requests. :param private_key_passphrase: A string value specifying the passphrase to decrypt the private key. - :param private_key_string: Specify the API key as string. :param signed_headers: A list of strings. Each value is the name of a HTTP header that must be included in the HTTP signature calculation. The two special signature headers '(request-target)' and '(created)' SHOULD be @@ -108,8 +107,7 @@ class HttpSigningConfiguration: :param signature_max_validity: The signature max validity, expressed as a datetime.timedelta value. It must be a positive value. """ - def __init__(self, key_id, signing_scheme, private_key_path=None, - private_key_string =None + def __init__(self, key_id, signing_scheme, private_key_path, private_key_passphrase=None, signed_headers=None, signing_algorithm=None, @@ -119,16 +117,8 @@ class HttpSigningConfiguration: if signing_scheme not in {SCHEME_HS2019, SCHEME_RSA_SHA256, SCHEME_RSA_SHA512}: raise Exception("Unsupported security scheme: {0}".format(signing_scheme)) self.signing_scheme = signing_scheme - - is_private_key_path_exists = False - if private_key_path is not None and os.path.exists(private_key_path): - is_private_key_path_exists =True - if not is_private_key_path_exists and private_key_string is None: - raise Exception("Private key file orprivate key string not provided.") - - self.private_key_path = private_key_path - self.private_key_string = private_key_string - + if not os.path.exists(private_key_path): + raise Exception("Private key file does not exist") self.private_key_path = private_key_path self.private_key_passphrase = private_key_passphrase self.signing_algorithm = signing_algorithm @@ -220,52 +210,44 @@ class HttpSigningConfiguration: The private key is used to sign HTTP requests as defined in https://datatracker.ietf.org/doc/draft-cavage-http-signatures/. """ - pem_data = "" - if self.private_key_string is not None: - pem_data = self.private_key_string - elif os.path.exists(self.private_key_path): - with open(self.private_key_path,'r')as f: - pem_data = f.read() - else: - raise Exception("API Key either in file or as string is not provided.") - if self.private_key is not None: return - - # Verify PEM Pre-Encapsulation Boundary - r = re.compile(r"\s*-----BEGIN (.*)-----\s+") - m = r.match(pem_data) - if not m: - raise ValueError("Not a valid PEM pre boundary") - pem_header = m.group(1) - if pem_header == 'RSA PRIVATE KEY': - self.private_key = RSA.importKey(pem_data, self.private_key_passphrase) - elif pem_header == 'EC PRIVATE KEY': - self.private_key = ECC.import_key(pem_data, self.private_key_passphrase) - elif pem_header in {'PRIVATE KEY', 'ENCRYPTED PRIVATE KEY'}: - # Key is in PKCS8 format, which is capable of holding many different - # types of private keys, not just EC keys. - (key_binary, pem_header, is_encrypted) = \ - PEM.decode(pem_data, self.private_key_passphrase) - (oid, privkey, params) = \ - PKCS8.unwrap(key_binary, passphrase=self.private_key_passphrase) - if oid == '1.2.840.10045.2.1': + with open(self.private_key_path, 'r') as f: + pem_data = f.read() + # Verify PEM Pre-Encapsulation Boundary + r = re.compile(r"\s*-----BEGIN (.*)-----\s+") + m = r.match(pem_data) + if not m: + raise ValueError("Not a valid PEM pre boundary") + pem_header = m.group(1) + if pem_header == 'RSA PRIVATE KEY': + self.private_key = RSA.importKey(pem_data, self.private_key_passphrase) + elif pem_header == 'EC PRIVATE KEY': self.private_key = ECC.import_key(pem_data, self.private_key_passphrase) + elif pem_header in {'PRIVATE KEY', 'ENCRYPTED PRIVATE KEY'}: + # Key is in PKCS8 format, which is capable of holding many different + # types of private keys, not just EC keys. + (key_binary, pem_header, is_encrypted) = \ + PEM.decode(pem_data, self.private_key_passphrase) + (oid, privkey, params) = \ + PKCS8.unwrap(key_binary, passphrase=self.private_key_passphrase) + if oid == '1.2.840.10045.2.1': + self.private_key = ECC.import_key(pem_data, self.private_key_passphrase) + else: + raise Exception("Unsupported key: {0}. OID: {1}".format(pem_header, oid)) else: - raise Exception("Unsupported key: {0}. OID: {1}".format(pem_header, oid)) - else: - raise Exception("Unsupported key: {0}".format(pem_header)) - # Validate the specified signature algorithm is compatible with the private key. - if self.signing_algorithm is not None: - supported_algs = None - if isinstance(self.private_key, RSA.RsaKey): - supported_algs = {ALGORITHM_RSASSA_PSS, ALGORITHM_RSASSA_PKCS1v15} - elif isinstance(self.private_key, ECC.EccKey): - supported_algs = ALGORITHM_ECDSA_KEY_SIGNING_ALGORITHMS - if supported_algs is not None and self.signing_algorithm not in supported_algs: - raise Exception( - "Signing algorithm {0} is not compatible with private key".format( - self.signing_algorithm)) + raise Exception("Unsupported key: {0}".format(pem_header)) + # Validate the specified signature algorithm is compatible with the private key. + if self.signing_algorithm is not None: + supported_algs = None + if isinstance(self.private_key, RSA.RsaKey): + supported_algs = {ALGORITHM_RSASSA_PSS, ALGORITHM_RSASSA_PKCS1v15} + elif isinstance(self.private_key, ECC.EccKey): + supported_algs = ALGORITHM_ECDSA_KEY_SIGNING_ALGORITHMS + if supported_algs is not None and self.signing_algorithm not in supported_algs: + raise Exception( + "Signing algorithm {0} is not compatible with private key".format( + self.signing_algorithm)) def _get_signed_header_info(self, resource_path, method, headers, body, query_params): """Build the HTTP headers (name, value) that need to be included in