@Inject public DefaultSecurityTokenCodec(ContainerConfig config) { String tokenType = config.getString(ContainerConfig.DEFAULT_CONTAINER, SECURITY_TOKEN_TYPE); if ("insecure".equals(tokenType)) { codec = new BasicSecurityTokenCodec(config); } else if ("secure".equals(tokenType)) { codec = new BlobCrypterSecurityTokenCodec(config); } else { throw new RuntimeException("Unknown security token type specified in " + ContainerConfig.DEFAULT_CONTAINER + " container configuration. " + SECURITY_TOKEN_TYPE + ": " + tokenType); } }
public int getTokenTimeToLive(String container) { Integer tokenTTL = this.tokenTTLs.get(container); if (tokenTTL == null) { return getTokenTimeToLive(); } return tokenTTL; } }
public void containersChanged( ContainerConfig config, Collection<String> changed, Collection<String> removed) { Map<String, BlobCrypter> newCrypters = Maps.newHashMap(crypters); Map<String, String> newDomains = Maps.newHashMap(domains); Map<String, Integer> newTokenTTLs = Maps.newHashMap(tokenTTLs); try { loadContainers(config, changed, newCrypters, newDomains, newTokenTTLs); for (String container : removed) { newCrypters.remove(container); newDomains.remove(container); newTokenTTLs.remove(container); } } catch (IOException e) { // Someone specified securityTokenKeyFile, but we couldn't load the key. // Keep the old configuration. LOG.log(Level.WARNING, "There was an error loading an updated container configuration. " + "Keeping old configuration.", e); return; } crypters = newCrypters; domains = newDomains; tokenTTLs = newTokenTTLs; }
@Test public void testAnonymous() throws Exception { SecurityToken t = codec.createToken( ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, " ")); assertTrue(t.isAnonymous()); Map<String, String> empty = ImmutableMap.of(); t = codec.createToken(empty); assertTrue(t.isAnonymous()); }
@Test public void testExpired() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken token = new BlobCrypterSecurityToken("container", null, null, values); token.setTimeSource(timeSource); timeSource.incrementSeconds(-1 * (codec.getTokenTimeToLive("container") + 181)); // one hour plus clock skew String encrypted = codec.encodeToken(token); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
private void loadContainers(ContainerConfig config, Collection<String> containers, Map<String, BlobCrypter> crypters, Map<String, String> domains, Map<String, Integer> tokenTTLs) throws IOException { for (String container : containers) { String key = config.getString(container, SECURITY_TOKEN_KEY); if (key != null) { BlobCrypter crypter = loadCrypter(key); crypters.put(container, crypter); } String domain = config.getString(container, SIGNED_FETCH_DOMAIN); domains.put(container, domain); // Process tokenTTLs int tokenTTL = config.getInt(container, SECURITY_TOKEN_TTL_CONFIG); // 0 means the value was not defined or NaN. 0 shouldn't be a valid TTL anyway. if (tokenTTL > 0) { tokenTTLs.put(container, tokenTTL); } else { LOG.logp(Level.WARNING, CLASSNAME, "loadContainers", "Token TTL for container \"{0}\" was {1} and will be ignored.", new Object[] { container, tokenTTL }); } } }
@Inject public BlobCrypterSecurityTokenCodec(ContainerConfig config) { try { for (String container : config.getContainers()) { String keyFile = config.getString(container, SECURITY_TOKEN_KEY_FILE); if (keyFile != null) { BlobCrypter crypter = loadCrypterFromFile(new File(keyFile)); crypters.put(container, crypter); } String domain = config.getString(container, SIGNED_FETCH_DOMAIN); domains.put(container, domain); } } catch (IOException e) { // Someone specified securityTokenKeyFile, but we couldn't load the key. That merits killing // the server. throw new RuntimeException(e); } }
@Test public void testAnonymous() throws Exception { SecurityToken t = codec.createToken( ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, " ")); assertTrue(t.isAnonymous()); Map<String, String> empty = ImmutableMap.of(); t = codec.createToken(empty); assertTrue(t.isAnonymous()); }
@Test public void testExpired() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken token = new BlobCrypterSecurityToken("container", null, null, values); token.setTimeSource(timeSource); timeSource.incrementSeconds(-1 * (codec.getTokenTimeToLive("container") + 181)); // one hour plus clock skew String encrypted = codec.encodeToken(token); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
private void loadContainers(ContainerConfig config, Collection<String> containers, Map<String, BlobCrypter> crypters, Map<String, String> domains, Map<String, Integer> tokenTTLs) throws IOException { for (String container : containers) { String key = config.getString(container, SECURITY_TOKEN_KEY); if (key != null) { BlobCrypter crypter = loadCrypter(key); crypters.put(container, crypter); } String domain = config.getString(container, SIGNED_FETCH_DOMAIN); domains.put(container, domain); // Process tokenTTLs int tokenTTL = config.getInt(container, SECURITY_TOKEN_TTL_CONFIG); // 0 means the value was not defined or NaN. 0 shouldn't be a valid TTL anyway. if (tokenTTL > 0) { tokenTTLs.put(container, tokenTTL); } else { LOG.logp(Level.WARNING, CLASSNAME, "loadContainers", "Token TTL for container \"{0}\" was {1} and will be ignored.", new Object[] { container, tokenTTL }); } } }
@Inject public BlobCrypterSecurityTokenCodec(ContainerConfig config) { try { for (String container : config.getContainers()) { String keyFile = config.getString(container, SECURITY_TOKEN_KEY_FILE); if (keyFile != null) { BlobCrypter crypter = loadCrypterFromFile(new File(keyFile)); crypters.put(container, crypter); } String domain = config.getString(container, SIGNED_FETCH_DOMAIN); domains.put(container, domain); } } catch (IOException e) { // Someone specified securityTokenKeyFile, but we couldn't load the key. That merits killing // the server. throw new RuntimeException(e); } }
@Test public void testAnonymous() throws Exception { SecurityToken t = codec.createToken( ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, " ")); assertTrue(t.isAnonymous()); Map<String, String> empty = ImmutableMap.of(); t = codec.createToken(empty); assertTrue(t.isAnonymous()); }
@Test public void testExpired() throws Exception { Map<String, String> values = new HashMap<String, String>(); values.put(Keys.APP_URL.getKey(), "http://www.example.com/gadget.xml"); values.put(Keys.MODULE_ID.getKey(), Long.toString(12345L, 10)); values.put(Keys.OWNER.getKey(), "owner"); values.put(Keys.VIEWER.getKey(), "viewer"); values.put(Keys.TRUSTED_JSON.getKey(), "trusted"); BlobCrypterSecurityToken token = new BlobCrypterSecurityToken("container", null, null, values); token.setTimeSource(timeSource); timeSource.incrementSeconds(-1 * (codec.getTokenTimeToLive("container") + 181)); // one hour plus clock skew String encrypted = codec.encodeToken(token); try { codec.createToken(ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, encrypted)); fail("should have expired"); } catch (SecurityTokenException e) { assertTrue(e.getMessage(), e.getMessage().contains("Blob expired")); } }
@Inject public DefaultSecurityTokenCodec(ContainerConfig config) { String tokenType = config.getString(ContainerConfig.DEFAULT_CONTAINER, SECURITY_TOKEN_TYPE); if ("insecure".equals(tokenType)) { codec = new BasicSecurityTokenCodec(config); } else if ("secure".equals(tokenType)) { codec = new BlobCrypterSecurityTokenCodec(config); } else { throw new RuntimeException("Unknown security token type specified in " + ContainerConfig.DEFAULT_CONTAINER + " container configuration. " + SECURITY_TOKEN_TYPE + ": " + tokenType); } }
public int getTokenTimeToLive(String container) { Integer tokenTTL = this.tokenTTLs.get(container); if (tokenTTL == null) { return getTokenTimeToLive(); } return tokenTTL; } }
public void containersChanged( ContainerConfig config, Collection<String> changed, Collection<String> removed) { Map<String, BlobCrypter> newCrypters = Maps.newHashMap(crypters); Map<String, String> newDomains = Maps.newHashMap(domains); Map<String, Integer> newTokenTTLs = Maps.newHashMap(tokenTTLs); try { loadContainers(config, changed, newCrypters, newDomains, newTokenTTLs); for (String container : removed) { newCrypters.remove(container); newDomains.remove(container); newTokenTTLs.remove(container); } } catch (IOException e) { // Someone specified securityTokenKeyFile, but we couldn't load the key. // Keep the old configuration. LOG.log(Level.WARNING, "There was an error loading an updated container configuration. " + "Keeping old configuration.", e); return; } crypters = newCrypters; domains = newDomains; tokenTTLs = newTokenTTLs; }
private void loadContainers(ContainerConfig config, Collection<String> containers, Map<String, BlobCrypter> crypters, Map<String, String> domains, Map<String, Integer> tokenTTLs) throws IOException { for (String container : containers) { String key = config.getString(container, SECURITY_TOKEN_KEY); if (key != null) { BlobCrypter crypter = loadCrypter(key); crypters.put(container, crypter); } String domain = config.getString(container, SIGNED_FETCH_DOMAIN); domains.put(container, domain); // Process tokenTTLs int tokenTTL = config.getInt(container, SECURITY_TOKEN_TTL_CONFIG); // 0 means the value was not defined or NaN. 0 shouldn't be a valid TTL anyway. if (tokenTTL > 0) { tokenTTLs.put(container, tokenTTL); } else { LOG.logp(Level.WARNING, CLASSNAME, "loadContainers", "Token TTL for container \"{0}\" was {1} and will be ignored.", new Object[] { container, tokenTTL }); } } }
@Test public void testAnonymous() throws Exception { SecurityToken t = codec.createToken( ImmutableMap.of(SecurityTokenCodec.SECURITY_TOKEN_NAME, " ")); assertTrue(t.isAnonymous()); Map<String, String> empty = ImmutableMap.of(); t = codec.createToken(empty); assertTrue(t.isAnonymous()); }
@Inject public DefaultSecurityTokenCodec(ContainerConfig config) { String tokenType = config.getString(ContainerConfig.DEFAULT_CONTAINER, SECURITY_TOKEN_TYPE); if ("insecure".equals(tokenType)) { codec = new BasicSecurityTokenCodec(); } else if ("secure".equals(tokenType)) { codec = new BlobCrypterSecurityTokenCodec(config); } else { throw new RuntimeException("Unknown security token type specified in " + ContainerConfig.DEFAULT_CONTAINER + " container configuration. " + SECURITY_TOKEN_TYPE + ": " + tokenType); } }
public int getTokenTimeToLive(String container) { Integer tokenTTL = this.tokenTTLs.get(container); if (tokenTTL == null) { return getTokenTimeToLive(); } return tokenTTL; } }