Add HTTP signature authentication support to Java (jersey2-experimental) (#6058)

* add fmt-maven-plugin to jersey2 exp * update samples * add http signature auth template * minor fix * fix http beaer auth, update sample * fix http signature auth * fix http signature auth * header support * add query string to path * undo changes in default codegen * ignore fake test * add serialize to string method * add serialzie to string method * add get mapper * auto format java source code * remove plugin * update pom.xml * change back AbstractOpenApiSchema to T * skip mvn code formatter in bin script * undo changes to spec * update samples * add back HttpSignatureAuth.java
2025-12-09 02:16:11 +00:00 · 2020-04-28 00:09:30 +08:00
parent 3b0bd368a6
commit 588023686a
196 changed files with 9227 additions and 10030 deletions
--- a/samples/openapi3/client/petstore/python/docs/FakeApi.md
+++ b/samples/openapi3/client/petstore/python/docs/FakeApi.md
@@ -96,9 +96,73 @@ configuration = petstore_api.Configuration(
    host = "http://petstore.swagger.io:80/v2"
 )

+# The client must configure the authentication and authorization parameters
+# in accordance with the API server security policy.
+# Examples for each auth method are provided below, use the example that
+# satisfies your auth use case.
+
+# Configure HTTP message signature: http_signature_test
+# The HTTP Signature Header mechanism that can be used by a client to
+# authenticate the sender of a message and ensure that particular headers
+# have not been modified in transit.
+#
+# You can specify the signing key-id, private key path, signing scheme,
+# signing algorithm, list of signed headers and signature max validity.
+# The 'key_id' parameter is an opaque string that the API server can use
+# to lookup the client and validate the signature.
+# The 'private_key_path' parameter should be the path to a file that
+# contains a DER or base-64 encoded private key.
+# The 'private_key_passphrase' parameter is optional. Set the passphrase
+# if the private key is encrypted.
+# The 'signed_headers' parameter is used to specify the list of
+# HTTP headers included when generating the signature for the message.
+# You can specify HTTP headers that you want to protect with a cryptographic
+# signature. Note that proxies may add, modify or remove HTTP headers
+# for legitimate reasons, so you should only add headers that you know
+# will not be modified. For example, if you want to protect the HTTP request
+# body, you can specify the Digest header. In that case, the client calculates
+# the digest of the HTTP request body and includes the digest in the message
+# signature.
+# The 'signature_max_validity' parameter is optional. It is configured as a
+# duration to express when the signature ceases to be valid. The client calculates
+# the expiration date every time it generates the cryptographic signature
+# of an HTTP request. The API server may have its own security policy
+# that controls the maximum validity of the signature. The client max validity
+# must be lower than the server max validity.
+# The time on the client and server must be synchronized, otherwise the
+# server may reject the client signature.
+#
+# The client must use a combination of private key, signing scheme,
+# signing algorithm and hash algorithm that matches the security policy of
+# the API server.
+#
+# See petstore_api.signing for a list of all supported parameters.
+configuration = petstore_api.Configuration(
+    host = "http://petstore.swagger.io:80/v2",
+    signing_info = petstore_api.signing.HttpSigningConfiguration(
+        key_id = 'my-key-id',
+        private_key_path = 'private_key.pem',
+        private_key_passphrase = 'YOUR_PASSPHRASE',
+        signing_scheme = petstore_api.signing.SCHEME_HS2019,
+        signing_algorithm = petstore_api.signing.ALGORITHM_ECDSA_MODE_FIPS_186_3,
+        hash_algorithm = petstore_api.signing.SCHEME_RSA_SHA256,
+        signed_headers = [
+                            petstore_api.signing.HEADER_REQUEST_TARGET,
+                            petstore_api.signing.HEADER_CREATED,
+                            petstore_api.signing.HEADER_EXPIRES,
+                            petstore_api.signing.HEADER_HOST,
+                            petstore_api.signing.HEADER_DATE,
+                            petstore_api.signing.HEADER_DIGEST,
+                            'Content-Type',
+                            'Content-Length',
+                            'User-Agent'
+                         ],
+        signature_max_validity = datetime.timedelta(minutes=5)
+    )
+)

 # Enter a context with an instance of the API client
-with petstore_api.ApiClient() as api_client:
+with petstore_api.ApiClient(configuration) as api_client:
    # Create an instance of the API class
    api_instance = petstore_api.FakeApi(api_client)
    pet = petstore_api.Pet() # Pet | Pet object that needs to be added to the store
@@ -126,7 +190,7 @@ void (empty response body)

 ### Authorization

-No authorization required
+[http_signature_test](../README.md#http_signature_test)

 ### HTTP request headers