Webui login

.gitignore

@@ -20,3 +20,5 @@ bin/
 target/
 /build/
 /node-modules/
+*.iml
+.idea

Makefile

@@ -75,6 +75,14 @@ dist-docker-image : assembly/.compile-dependencies | .maven-init .group-eval
 .PHONY : dist-cli-deb
 dist-cli-deb : cli-$(cli/VERSION)-linux_386.deb
 
+.PHONY : dist-webui-zip
+dist-webui-zip : assembly/.compile-dependencies
+	# see webui README for instructions on how to make a signed package for distribution
+	cd webui && \
+	./activator -Dmvn.settings.localRepository="file:$(CURDIR)/$(MVN_WORKSPACE)" clean universal:packageBin | $(MVN_LOG)
+	mv webui/target/universal/*zip .
+
+
 .PHONY : dist-webui-deb
 dist-webui-deb : assembly/.compile-dependencies
 	# see webui README for instructions on how to make a signed package for distribution

assembly/pom.xml

@@ -83,7 +83,7 @@
       <dependency>
         <groupId>org.daisy.pipeline</groupId>
         <artifactId>framework-bom</artifactId>
-        <version>1.14.4</version>
+        <version>1.14.5-SNAPSHOT</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -2765,7 +2765,7 @@
     <repository>
       <id>restlet-repo</id>
       <name>Public online Restlet repository</name>
-      <url>http://maven.restlet.org</url>
+      <url>https://maven.restlet.talend.com</url>
       <releases>
         <enabled>true</enabled>
       </releases>

clientlib/java/clientlib-java-httpclient/src/main/java/org/daisy/pipeline/client/http/Pipeline2HttpClient.java

@@ -252,20 +252,8 @@ public static String url(String endpoint, String path, String username, String s
 
 			url += "authid="+username + "&time="+time + "&nonce="+nonce;
 
-			String hash = "";
 			try {
-				hash = calculateRFC2104HMAC(url, secret);
-				String hashEscaped = "";
-				char c;
-				for (int i = 0; i < hash.length(); i++) {
-					// Base64 encoding uses + which we have to encode in URL parameters.
-					// Hoping this for loop is more efficient than the equivalent replace("\\+","%2B") regex.
-					c = hash.charAt(i);
-					if (c == '+') hashEscaped += "%2B";
-					else hashEscaped += c;
-				} 
-				url += "&sign="+hashEscaped;
-
+				url += "&urlsign=" + calculateRFC2104HMAC(url, secret);
 			} catch (SignatureException e) {
 				throw new Pipeline2Exception("Could not sign request.");
 			}
@@ -302,7 +290,7 @@ private static String calculateRFC2104HMAC(String data, String secret) throws ja
             byte[] rawHmac = mac.doFinal(data.getBytes());
 
             // base64-encode the hmac
-            result = Base64.getEncoder().encode(rawHmac);
+            result = Base64.getUrlEncoder().withoutPadding().encode(rawHmac);
 
         } catch (Exception e) {
             throw new SignatureException("Failed to generate HMAC : " + e.getMessage());

framework/bom/pom.xml

@@ -12,7 +12,7 @@
 
   <groupId>org.daisy.pipeline</groupId>
   <artifactId>framework-bom</artifactId>
-  <version>1.14.4</version>
+  <version>1.14.5-SNAPSHOT</version>
   <packaging>pom</packaging>
 
   <name>DAISY Pipeline 2 :: Framework BoM</name>
@@ -105,7 +105,7 @@
       <dependency>
         <groupId>org.daisy.pipeline</groupId>
         <artifactId>webservice</artifactId>
-        <version>2.4.1</version>
+        <version>2.4.2-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>org.daisy.pipeline</groupId>

framework/common-utils/pom.xml

@@ -4,12 +4,12 @@
   <parent>
     <groupId>org.daisy.pipeline</groupId>
     <artifactId>framework-parent</artifactId>
-    <version>1.14.4</version>
+    <version>1.14.5-SNAPSHOT</version>
     <relativePath>../parent</relativePath>
   </parent>
 
   <artifactId>common-utils</artifactId>
-  <version>5.1.1</version>
+  <version>5.1.2-SNAPSHOT</version>
 
   <packaging>bundle</packaging>
   <name>DAISY Pipeline 2 :: Common Utilities</name>

framework/parent/pom.xml

@@ -12,7 +12,7 @@
 
   <groupId>org.daisy.pipeline</groupId>
   <artifactId>framework-parent</artifactId>
-  <version>1.14.4</version>
+  <version>1.14.5-SNAPSHOT</version>
   <packaging>pom</packaging>
 
   <name>DAISY Pipeline 2 :: Framework Parent POM</name>
@@ -110,7 +110,7 @@
       <dependency>
         <groupId>org.daisy.pipeline</groupId>
         <artifactId>framework-bom</artifactId>
-        <version>1.14.4</version>
+        <version>1.14.5-SNAPSHOT</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -123,7 +123,7 @@
       <dependency>
         <groupId>org.daisy.pipeline</groupId>
         <artifactId>clientlib-java-jaxb</artifactId>
-        <version>2.0.0</version>
+        <version>2.0.1-SNAPSHOT</version>
       </dependency>
       <dependency>
         <groupId>org.daisy.maven</groupId>
@@ -266,7 +266,7 @@
     <repository>
       <id>restlet-repo</id>
       <name>Public online Restlet repository</name>
-      <url>http://maven.restlet.org</url>
+      <url>https://maven.restlet.talend.com</url>
       <releases>
         <enabled>true</enabled>
       </releases>

framework/pom.xml

@@ -12,7 +12,7 @@
 
   <groupId>org.daisy.pipeline</groupId>
   <artifactId>framework-aggregator</artifactId>
-  <version>1.14.4</version>
+  <version>1.14.5-SNAPSHOT</version>
   <packaging>pom</packaging>
 
   <name>DAISY Pipeline 2 :: Framework Aggregator</name>

framework/utils/clientlib-java-jaxb/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.daisy.pipeline</groupId>
     <artifactId>framework-parent</artifactId>
-    <version>1.14.4-SNAPSHOT</version>
+    <version>1.14.5-SNAPSHOT</version>
     <relativePath>../../parent</relativePath>
   </parent>
   <groupId>org.daisy.pipeline</groupId>

framework/utils/clientlib-java-jaxb/src/main/java/org/daisy/pipeline/client/PipelineClient.java

@@ -4,6 +4,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.text.SimpleDateFormat;
+import java.util.Base64;
 import java.util.Date;
 import java.util.Random;
 
@@ -20,8 +21,6 @@
 
 import com.google.common.base.Strings;
 
-import org.apache.commons.codec.binary.Base64;
-
 import org.daisy.pipeline.webservice.jaxb.base.Alive;
 import org.daisy.pipeline.webservice.jaxb.clients.Client;
 import org.daisy.pipeline.webservice.jaxb.clients.Clients;
@@ -184,8 +183,7 @@ public Authenticator(String clientId, String secret) {
 
                 @Override
                 public void filter(ClientRequestContext ctxt) throws IOException {
-                        String timestamp=new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'")
-                        .format(new Date());
+                        String timestamp=new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date());
                         String nonce=new Integer(new Random().nextInt(1073741824)).toString();
                         nonce=Strings.padStart(nonce,30,'0');
 
@@ -199,19 +197,18 @@ public void filter(ClientRequestContext ctxt) throws IOException {
                                 Mac mac = Mac.getInstance("HmacSHA1");
                                 mac.init(key);
 
-
                                 byte[] bytes = mac.doFinal(builder.clone().build()
                                                 .toString().getBytes("UTF-8"));
 
-                                builder.queryParam("sign",Base64.encodeBase64String(bytes));
+                                builder.queryParam("sign", Base64.getUrlEncoder().withoutPadding().encodeToString(bytes));
                                 ctxt.setUri(builder.build());
                         } catch (Exception e) {
                                 logger.warn(e.getMessage());
                                 throw new RuntimeException(e);
                         }
 
 
-                        
+
 
                 }
 

framework/webservice/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>org.daisy.pipeline</groupId>
     <artifactId>framework-parent</artifactId>
-    <version>1.14.4-SNAPSHOT</version>
+    <version>1.14.5-SNAPSHOT</version>
     <relativePath>../parent</relativePath>
   </parent>
 

framework/webservice/src/main/java/org/daisy/pipeline/webservice/Authenticator.java

@@ -6,15 +6,14 @@
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+import java.util.Base64;
 import java.util.Date;
 import java.util.Random;
 import java.util.TimeZone;
 
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 
-import org.apache.commons.codec.binary.Base64;
-
 import org.daisy.pipeline.clients.Client;
 import org.daisy.pipeline.clients.RequestLog;
 import org.daisy.pipeline.clients.RequestLogEntry;
@@ -32,19 +31,18 @@ public Authenticator(RequestLog requestLog) {
 		this.requestLog = requestLog;
 	}
 
-	public boolean authenticate(Client client, String hash, String timestamp, String nonce, String URI, long maxRequestTime) {
+	public boolean authenticate(Client client, String hash, String urlhash, String timestamp, String nonce, String URI, long maxRequestTime) {
 		// rules for hashing: use the whole URL string, minus the hash part (&sign=<some value>)
 		// important!  put the sign param last so we can easily strip it out
-
 		int idx = URI.indexOf("&sign=", 0);
-
+		if(urlhash != null) {
+			idx = URI.indexOf("&urlsign=", 0);
+		}
 		if (idx > 1) {
 			String hashuri = URI.substring(0, idx);
 			String clientSecret = client.getSecret();
 			String serverHash = "";
 			try {
-				serverHash = calculateRFC2104HMAC(hashuri, clientSecret);
-
 				SimpleDateFormat UTC_FORMATTER = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
 				UTC_FORMATTER.setTimeZone(TimeZone.getTimeZone("UTC"));
 
@@ -57,6 +55,12 @@ public boolean authenticate(Client client, String hash, String timestamp, String
 					e.printStackTrace();
 					return false;
 				}
+
+				serverHash = calculateRFC2104HMAC(hashuri, clientSecret, false);
+				if(urlhash != null) {
+					serverHash = calculateRFC2104HMAC(hashuri, clientSecret, true);
+					hash = urlhash;
+				}
 				if(!hash.equals(serverHash)) {
 					logger.error("Hash values do not match");
 					return false;
@@ -98,8 +102,8 @@ public static URI createUriWithCredentials(String uri, Client client) {
 		String hash;
 		URI newUri =  null;
 		try {
-			hash = calculateRFC2104HMAC(uristring, client.getSecret());
-			String authUri = uristring + "&sign=" + hash;
+			hash = calculateRFC2104HMAC(uristring, client.getSecret(), true);
+			String authUri = uristring + "&urlsign=" + hash;
 			newUri = new URI(authUri);
 		} catch (SignatureException e) {
 			// TODO Auto-generated catch block
@@ -143,7 +147,7 @@ private boolean checkValidNonce(Client client, String nonce, String timestamp) {
 	* @throws
 	* java.security.SignatureException when signature generation fails
 	*/
-	private static String calculateRFC2104HMAC(String data, String secret) throws java.security.SignatureException {
+	private static String calculateRFC2104HMAC(String data, String secret, boolean urlEncoded) throws java.security.SignatureException {
 		String result;
 		try {
 			// get an hmac_sha1 key from the raw key bytes
@@ -157,10 +161,12 @@ private static String calculateRFC2104HMAC(String data, String secret) throws ja
 			byte[] rawHmac = mac.doFinal(data.getBytes());
 
 			// base64-encode the hmac
-			result = Base64.encodeBase64String(rawHmac);
-
-			} catch (Exception e) {
-				throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
+			result = Base64.getEncoder().encodeToString(rawHmac);
+			if (urlEncoded) {
+				result = Base64.getUrlEncoder().withoutPadding().encodeToString(rawHmac);
+			}
+		} catch (Exception e) {
+			throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
 		}
 		return result;
 	}

framework/webservice/src/main/java/org/daisy/pipeline/webservice/impl/AuthenticatedResource.java

@@ -40,9 +40,15 @@ private boolean authenticate() {
                 }
                 this.client=optionalClient.get();
                 RequestLog requestLog = webservice().getStorage().getRequestLog();
-                return new Authenticator(requestLog).authenticate(this.client, getQuery().getFirstValue("sign"),
-                                getQuery().getFirstValue("time"), getQuery().getFirstValue("nonce"), getReference().toString(),
-                                maxRequestTime);
+                return new Authenticator(requestLog).authenticate(
+                        this.client,
+                        getQuery().getFirstValue("sign"),
+                        getQuery().getFirstValue("urlsign"),
+                        getQuery().getFirstValue("time"),
+                        getQuery().getFirstValue("nonce"),
+                        getReference().toString(),
+                        maxRequestTime
+                );
         }
 
         public boolean isAuthenticated() {

libs/com.xmlcalabash/build.gradle

@@ -29,7 +29,7 @@ targetCompatibility = "1.7"
 repositories {
   // mavenLocal()
   mavenCentral()
-  maven { url "http://maven.restlet.org" }
+  maven { url "https://maven.restlet.talend.com" }
   maven { url "https://developer.marklogic.com/maven2" }
   maven { url "https://oss.sonatype.org/content/repositories/snapshots/" }
 }
@@ -440,7 +440,7 @@ def mavenPom = {
   repositories {
     repository {
       id 'restlet'
-      url 'https://maven.restlet.org'
+      url 'https://maven.restlet.talend.com'
     }
   }
 }

modules/parent/pom.xml

@@ -1024,7 +1024,7 @@
     <repository>
       <id>restlet-repo</id>
       <name>Public online Restlet repository</name>
-      <url>http://maven.restlet.org</url>
+      <url>https://maven.restlet.talend.com</url>
       <releases>
         <enabled>true</enabled>
       </releases>

settings.xml.in

@@ -40,7 +40,7 @@
 				</repository>
 				<repository>
 					<id>restlet-repo</id>  <!-- defined in framework-parent -->
-					<url>http://maven.restlet.org</url>
+					<url>https://maven.restlet.talend.com</url>
 					<releases>
 						<enabled>true</enabled>
 					</releases>

utils/build-utils/pax-exam-helper/pom.xml

@@ -338,7 +338,7 @@
     <repository>
       <id>restlet-repo</id>
       <name>Public online Restlet repository</name>
-      <url>http://maven.restlet.org</url>
+      <url>https://maven.restlet.talend.com</url>
       <releases>
         <enabled>true</enabled>
       </releases>

utils/xproc-maven-plugin/xproc-engine-calabash/pom.xml

@@ -85,7 +85,7 @@
     <repository>
       <id>restlet-repo</id>
       <name>Public online Restlet repository</name>
-      <url>http://maven.restlet.org</url>
+      <url>https://maven.restlet.talend.com</url>
       <releases>
         <enabled>true</enabled>
       </releases>