in library/src/main/java/org/apache/fineract/cn/anubis/repository/TenantAuthorizationDataRepository.java [120:155]
public synchronized Signature createSignatureSet(final String timestamp, final Signature identityManagerSignature) {
Assert.notNull(timestamp);
Assert.notNull(identityManagerSignature);
// getSignatureSet (below) queries the table, so make sure it's created first.
final Session session = cassandraSessionProvider.getTenantSession();
createTable(session);
// if there is already a signature set for the identity manager then return it rather than create a new one.
// Having multiple signature sets floating around for the same application, can cause problems because the
// application may sign it's tokens with one signature, only to have identity check those tokens with a different
// signature.
final Optional<ApplicationSignatureSet> signatureSet = getSignatureSet(timestamp);
if (signatureSet.isPresent() &&
signatureSet.map(x -> x.getIdentityManagerSignature().equals(identityManagerSignature)).orElse(false))
return signatureSet.get().getApplicationSignature();
//TODO: add validation to make sure this timestamp is more recent than any already stored.
logger.info("Creating application signature set for timestamp '" + timestamp +
"'. Identity manager signature is: " + identityManagerSignature);
final RsaKeyPairFactory.KeyPairHolder applicationSignature = RsaKeyPairFactory.createKeyPair();
createEntry(session,
timestamp,
identityManagerSignature.getPublicKeyMod(),
identityManagerSignature.getPublicKeyExp(),
applicationSignature.getPrivateKeyMod(),
applicationSignature.getPrivateKeyExp(),
applicationSignature.getPublicKeyMod(),
applicationSignature.getPublicKeyExp());
return new Signature(applicationSignature.getPublicKeyMod(), applicationSignature.getPublicKeyExp());
}