public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
@Test public void testEquality() { String key = "key"; long created = new Date().getTime(); String extendedInformation = "extended"; DefaultToken t1 = new DefaultToken(key, created, extendedInformation); DefaultToken t2 = new DefaultToken(key, created, extendedInformation); assertThat(t2).isEqualTo(t1); }
Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure"); return new DefaultToken(key, creationTime, extendedInfo.toString());
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
@Test(expected = IllegalArgumentException.class) public void testRejectsNullExtendedInformation() { String key = "key"; long created = new Date().getTime(); new DefaultToken(key, created, null); }
@Test public void testEqualityWithDifferentExtendedInformation3() { String key = "key"; long created = new Date().getTime(); DefaultToken t1 = new DefaultToken(key, created, "length1"); DefaultToken t2 = new DefaultToken(key, created, "longerLength2"); assertThat(t1).isNotEqualTo(t2); } }
Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure"); return new DefaultToken(key, creationTime, extendedInfo.toString());
@Test(expected = IllegalArgumentException.class) public void testOperationWithMissingKey() { KeyBasedPersistenceTokenService service = getService(); Token token = new DefaultToken("", new Date().getTime(), ""); service.verifyToken(token.getKey()); }
@Test(expected = IllegalArgumentException.class) public void testOperationWithTamperedKey() { KeyBasedPersistenceTokenService service = getService(); Token goodToken = service.allocateToken(""); String fake = goodToken.getKey().toUpperCase(); Token token = new DefaultToken(fake, new Date().getTime(), ""); service.verifyToken(token.getKey()); } }
@Override public Token verifyToken(String key) { String fullInformation = new String(decryptBytes(key)); String[] informationParts = fullInformation.split(":"); Date createdAt = new Date(Long.parseLong(informationParts[0])); String extendedInformation = String .join(":", Arrays.copyOfRange(informationParts, 1, informationParts.length)); return new DefaultToken(key, createdAt.getTime(), extendedInformation); }
@Override public Token allocateToken(String extendedInformation) { Date createdAt = new Date(); String fullInformation = Long.toString(createdAt.getTime()) + ":" + extendedInformation; String key = cryptBytes(fullInformation.getBytes(StandardCharsets.UTF_8)); return new DefaultToken(key, createdAt.getTime(), extendedInformation); }
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure"); return new DefaultToken(key, creationTime, extendedInfo.toString());
public Token verifyToken(String key) { if (key == null || "".equals(key)) { return null; } String[] tokens = StringUtils.delimitedListToStringArray(Utf8.decode(Base64.decode(Utf8.encode(key))), ":"); Assert.isTrue(tokens.length >= 4, "Expected 4 or more tokens but found " + tokens.length); long creationTime; try { creationTime = Long.decode(tokens[0]).longValue(); } catch (NumberFormatException nfe) { throw new IllegalArgumentException("Expected number but found " + tokens[0]); } String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = tokens[1]; // Permit extendedInfo to itself contain ":" characters StringBuilder extendedInfo = new StringBuilder(); for (int i = 2; i < tokens.length-1; i++) { if (i > 2) { extendedInfo.append(":"); } extendedInfo.append(tokens[i]); } String sha1Hex = tokens[tokens.length-1]; // Verification String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInfo.toString(); String expectedSha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure"); return new DefaultToken(key, creationTime, extendedInfo.toString()); }