[KYUUBI #3930] [Fix] Add synchronized for session signing

### _Why are the changes needed?_ to close #3930 . 1.make SignUtils.signWithPrivateKey and synchronized 2.show exception with input string when base64 decoding failed ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [ ] Add screenshots for manual tests if appropriate - [ ] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request Closes #3932 from bowenliang123/3930-sync-usersign. Closes #3930 a589486 [liangbowen] 1.make SignUtils.signWithPrivateKey and synchronized, 2.show exception with input string when base64 decoding failed Authored-by: liangbowen <liangbowen@gf.com.cn> Signed-off-by: ulysses-you <ulyssesyou@apache.org>
apache · Dec 12, 2022 · 950fab9 · 950fab9
1 parent 8b8c7d0
commit 950fab9
Showing 1 changed file with 18 additions and 10 deletions.
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/SignUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/SignUtils.scala
@@ -46,7 +46,7 @@ object SignUtils {
   def signWithPrivateKey(
       plainText: String,
       privateKey: PrivateKey,
-      algorithm: String = "SHA256withECDSA"): String = {
+      algorithm: String = "SHA256withECDSA"): String = synchronized {
     val privateSignature = Signature.getInstance(algorithm)
     privateSignature.initSign(privateKey)
     privateSignature.update(plainText.getBytes(StandardCharsets.UTF_8))
@@ -57,14 +57,22 @@ object SignUtils {
   def verifySignWithECDSA(
       plainText: String,
       signatureBase64: String,
-      publicKeyBase64: String): Boolean = {
-    val publicKeyBytes = Base64.getDecoder.decode(publicKeyBase64)
-    val publicKey: PublicKey = KeyFactory.getInstance(KEYPAIR_ALGORITHM_EC)
-      .generatePublic(new X509EncodedKeySpec(publicKeyBytes)).asInstanceOf[ECPublicKey]
-    val signatureBytes = Base64.getDecoder.decode(signatureBase64)
-    val publicSignature = Signature.getInstance("SHA256withECDSA")
-    publicSignature.initVerify(publicKey)
-    publicSignature.update(plainText.getBytes(StandardCharsets.UTF_8))
-    publicSignature.verify(signatureBytes)
+      publicKeyBase64: String): Boolean = synchronized {
+    try {
+      val publicKeyBytes = Base64.getDecoder.decode(publicKeyBase64)
+      val publicKey: PublicKey = KeyFactory.getInstance(KEYPAIR_ALGORITHM_EC)
+        .generatePublic(new X509EncodedKeySpec(publicKeyBytes)).asInstanceOf[ECPublicKey]
+      val signatureBytes = Base64.getDecoder.decode(signatureBase64)
+      val publicSignature = Signature.getInstance("SHA256withECDSA")
+      publicSignature.initVerify(publicKey)
+      publicSignature.update(plainText.getBytes(StandardCharsets.UTF_8))
+      publicSignature.verify(signatureBytes)
+    } catch {
+      case e: Exception =>
+        throw new IllegalArgumentException(
+          s"signature verification failed: publicKeyBase64:$publicKeyBase64" +
+            s", signatureBase64:$signatureBase64, plainText:$plainText",
+          e)
+    }
   }
 }