Content Comparison

package com.sunwave;


import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Base64;
import java.util.TimeZone;
import java.util.Date;

import org.apache.commons.codec.digest.DigestUtils;

public class DigestCreator {
    private String userId;
    private String clientId;
    private String clientSecret; // Realm Private Key "select client_secret from sw_external_application where client_id = ? and clinic_id = ?
    private String clinicId;

    private String transactionId; //"select id from sw_api_transaction where transaction_id = ? and clinic_id = ?"

    private String payload;


    private String createMd5Digest() throws NoSuchAlgorithmException, UnsupportedEncodingException {/*
 * Copyright 2023 Sunwave Health
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.sunwave;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Base64;
import java.util.TimeZone;

import org.apache.commons.codec.digest.DigestUtils;

public class DigestCreator {
    /**
     * userId is the email assigned to the user from sw_user_clinic.user_email.
     * If the combination of userId and clinic_id are not in sw_user_clinic
     * table the validation will fail.
     */
    private final String userId;
    /**
     * clientId is the realm assigned to the user from
     * sw_user_clinic.clinic_id. If the combination of userId and clinic_id
     * are not in sw_user_clinic table the validation will fail.
     */
    private final String clientId;
    /**
     * clinicId is the realm the user has permission to run rest calls against.
     */
    private final String clinicId;
    /**
     * clientSecret is the secret key that was generated by the user's id and
     * clinic id. This comes from the sw_external_application table and is
     * used to calculate the HMAC. The HMAC the DigesterCreator calculates and
     * SunwaveEMR's DigestValidator must match.
     */
    private final String clientSecret;
    /**
     * transactionId is a user chosen string that must be unique for the
     * whole clinic. This value is validated against the sw_api_transaction
     * table by transaction id and clinic id, the row is returned the
     * validation fails.
     */
    private final String transactionId;
    /**
     * payload is only used on POST and PUT HTTP requests and is used to
     * calculate MD5 digest hash.
     */
    private final String payload;

    /**
     * dateTime holds the current time in the following format
     * "Mon, 6 Feb 2023 16:35:45 +0000" as Base64 encoded string. This is
     * generated by getDateTimeBase64. ({@link #getDateTimeBase64()})
     */
    private final String dateTime;

    /**
     * PURPOSE: To calculate the MD5 digest of the payload and return the
     * lower case version of numeric digest as base 64 value.
     * @return Base64 value of the MD5 hash.
     * (@see <a href="https://en.wikipedia.org/wiki/MD5">MD5 Digest</a>)
     */
    private String createMd5Digest() {
        byte[] digest = DigestUtils.md5Hex(payload.getBytes()).getBytes();
        return Base64.getEncoder().encodeToString(digest);
    }

    /**
     * Purpose - To create the seed to be used with the user's private key to
     * generate the HMAC hash. In the case of GET HTTP requests the seed
     * comprises user id, client id, current time as Base64 string
     * {@link #dateTime}, clinic id and transaction id. In the case
     * of HTTP POST and PUT requests the MD5 digest of the payload is added
     * to the seed.
     * @return - Returns seed as clear text.
     */
    private String createSeed() {
        String seed;
        if (payload == null) {
            seed = userId + ":" + clientId + ":" + dateTime + ":"
                + clinicId + ":" + transactionId;
        } else {
            seed = userId + ":" + clientId + ":" + dateTime + ":"
                + clinicId + ":" + transactionId + ":" + createMd5Digest();
        }
        return seed;
    }

    /**
     * PURPOSE: To generate Base64 of the current timestamp. The format is
     * "Mon, 6 Feb 2023 16:42:14 +0000" Note it is using GMT
     * the local +0000 to generate the timestamp.
     * @return - Current time as Base64 string.
     */
    private String getDateTimeBase64() {
        SimpleDateFormat df =
            new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss Z");
        df.setTimeZone(TimeZone.getTimeZone("GMT"));
        java.sql.Timestamp now =
            new java.sql.Timestamp(new java.util.Date().getTime());
        String currentTime = df.format(now);
        byte[] encodedDate =
            Base64.getEncoder().encode(currentTime.getBytes());
        return new String(encodedDate, StandardCharsets.UTF_8);
    }

    /**
     * Purpose: Create the digest token that can be used in Authorization Head
     * key with value of Digest concatenated with token:
     * "Digest sunwave-admin1:vQl91X514m11dTHHGYQPQ ...". The token consists of
     * user id, client id, current date time, clinic id, transaction id
     * HMAC code in the case of HTTP Get Request. For HTTP PUT and POST the
     * token consists of  user id, client id, current date time, clinic id,
     * transaction id, MD5 digest of the payload and HMAC code.
     * (@see <a href="https://en.wikipedia.org/wiki/Digest_access_authentication">Digest Authentication</a>)
     * @return - digest token
     * @throws NoSuchAlgorithmException - Handles the message signature of
     * {@link #createHMAC(String)}
     * @throws InvalidKeyException - Handles the message signature of
     * {@link #createHMAC(String)}
     */
    private String createToken() throws NoSuchAlgorithmException,
        InvalidKeyException {
        if (payload == null) {
            return userId + ":" + clientId + ":" + dateTime + ":" + clinicId
                + ":" + transactionId + ":" + createHMAC(createSeed());
        } else {
            return userId + ":" + clientId + ":" + dateTime + ":" + clinicId
                + ":" + transactionId + ":" + createMd5Digest() + ":"
               return Base64.getEncoder().encodeToString(DigestUtils.md5Hex(payload.getBytes()).getBytes + createHMAC(createSeed());
        }
    }
private
String createSeed() throws NoSuchAlgorithmException, UnsupportedEncodingException/**
{     * Purpose: Create Base String64 seedencoded = null;
 HMAC hash-based message authentication
     * ifcode (payload@see <a == null) {href="https://en.wikipedia.org/wiki/HMAC">HMAC</a>).
     * Sunwave uses the SHA-512 Secure Hash Algorithm 2
seed = userId + ":" +* clientId(@see +<a href="https://en.wikipedia.org/wiki/SHA-2">SHAR-512</a>).
+ getDateTimeBase64() + ":" + clinicId +* ":"@param +seed transactionId;- The seed string to generate the HMAC on.
} else {   * @return - HMAC Code as BAse 64 encoded String.
seed = userId + ":" +* clientId@throws +NoSuchAlgorithmException ":"- +When getDateTimeBase64()Mac +class ":"does +not clinicIdsupport
+ ":" + transactionId + ":"* + createMd5Digest();
        }the give hashing algorithm. Note it support HmacSHA512 so no problem.
     * @throws InvalidKeyException return- seed;{@link #clientSecret} key can not }be
     private* Stringused getDateTimeBase64()by throwsthe UnsupportedEncodingExceptionSecretKeySpec {class.
     */
  SimpleDateFormat df =private newString SimpleDateFormatcreateHMAC("EEE,final dString MMMseed)
yyyy HH:mm:ss Z");      throws NoSuchAlgorithmException,  df.setTimeZone(TimeZone.getTimeZone("GMT"));InvalidKeyException {
        Datebyte[] dbyteKey = new Date(clientSecret.getBytes(StandardCharsets.UTF_8);
        java.sql.Timestamp now = new java.sql.Timestamp(new java.util.Date().getTime())final String hmacSha512 = "HmacSHA512";
        StringMac dateTimesha512Hmac = dfMac.formatgetInstance(nowhmacSha512);
        byte[]SecretKeySpec encodedDatekeySpec = new Base64.getEncoder().encode(dateTime.getBytes())SecretKeySpec(byteKey, hmacSha512);
        return new String(encodedDate, "UTF8"sha512Hmac.init(keySpec);
    }    byte[]  private String createTransactionId() {macData = sha512Hmac.
             return null;doFinal(seed.getBytes(StandardCharsets.UTF_8));
      }  return Base64.getUrlEncoder().encodeToString(macData);
  private String createToken()}
throws
UnsupportedEncodingException,
NoSuchAlgorithmException, InvalidKeyException {  /**
     * ifPurpose: (payloadCreate ==DigestCreator null)object populated with all the information
     * to returngenerate userIddigest + ":" + clientId + ":" + getDateTimeBase64() + ":" + clinicId + ":" + transactionId + ":" + createHMAC(createSeed());
   authentication token.
     * @param userId - {@link #userId}
     * @param clientId - {@link #clientId}
    else * @param clientSecret - {@link #clientSecret}
     * return@param userIdclinicId + ":" + clientId + ":" + getDateTimeBase64() + ":" + clinicId + ":" + transactionId + ":" + createMd5Digest() + ":" + createHMAC(createSeed());
    }

    private String createHMAC(String message) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException {- {@link #clinicId}
     * @param transactionId - {@link #transactionId}
     * @param payload - {@link #payload}
     */
    public DigestCreator(final String userId, final String clientId,
          byte[] byteKey = clientSecret.getBytes("UTF-8");         final String HMAC_SHA512 = "HmacSHA512"; final String clientSecret, final String clinicId,
  Mac sha512_HMAC = Mac.getInstance(HMAC_SHA512);         SecretKeySpec keySpec = new SecretKeySpec(byteKey, HMAC_SHA512);      final String  sha512_HMAC.init(keySpec);
  transactionId, final String payload) {
     byte[] mac_data = sha512_HMACthis.userId = userId;
        this.clientId  doFinal(message.getBytes("UTF-8"))= clientId;
        return Base64.getUrlEncoder().encodeToString(mac_data);
 this.clientSecret = clientSecret;
  }      this.clinicId public DigestCreator(String userId, String clientId, String clientSecret, String clinic_id, String transactionId, String payload) {= clinicId;
        this.transactionId = transactionId;
        this.userIdpayload = userIdpayload;
        this.clientIddateTime = clientIdgetDateTimeBase64();
    }

    this.clientSecret = clientSecret;/**
     * Purpose: Provides command line this.clinicIdinterface = clinic_id;
to generate digest
     * authentication this.transactionId = transactionId;token.
     * @param args - Command line parameters.
     */
  this.payload = payload;public static void main(final String[] }args) {
    public static void main( Stringif args[] ) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException((args.length < 5) || (args.length > 6)) {
        if ((args.length < 5) || (args.length > 6)) {    System.out.println("java -cp ./target/DigestCreator-1.0-SNAPSHOT.jar com.sunwave.DigestCreator [user_id] [clinic_id] [client_id] [client_secret] [transaction_id] <payload>");
             System.out.println("usage: java -cp ./target/DigestCreator-1.0-SNAPSHOT.jar orgcom.baudekinsunwave.DigestCreator user_id clinic_id client_id, client_secret, transaction_id, <pay load>sunwave-admin1 131 vQl91X514m11dTHHGYQPQkxJqNPxgbdJ C0iGincSREijXqeuB3P9sDdj1ZU6UwqVaUc6VLwhpcx2sBQmB85k8zWuIKSc6gkCAcnXm4JTk2YBFpH5fFDEPH0JyKg4SgchallGmNDc9fNkO1ojZxyKaZ5murQZFDvSW7iJl1CM5JESube8P0cdlqtiLoHb7BP4293S6FqG557TbIPS61ACp0lfAOu9fNXD6L2LD24j7QMRZpM8GE6GQOnY5nTaHGn42eBMjB8iMS9gx4P7iStJirC0vjq2miSC 0000002");
            System.exit(-1);
        }
        String payload = null;
        // We are doing post
        if (args.length == 6) {
            payload = args[5];
        }

        DigestCreator dc = new DigestCreator(args[0], args[2], args[3], args[1], args[4], payload);], args[3], args[1], args[4], payload);
        try {
            System.out.println("Token: " + dc.createToken());
        } catch (Exception e) {
            System.outerr.println("Token: " + dc.createToken())Unable to create authentication token.");
            e.printStackTrace(System.err);
        System.out.println("md5 digest: " + dcSystem.createMd5Digestexit(-2));
;
        }

        System.exit(0);
    }
}

}