/** * Constructs an CSRF handler with a dynamically generated SecretKey. */ public CSRFHandler() { this(CryptoUtils.generateSecretKey()); }
/** * Calculates the MD5 hash of the string. * * @param text * @return md5 hash of the string */ public static String getHashMD5(String text) { byte[] bytes = text.getBytes(StandardCharsets.ISO_8859_1); return getHashMD5(bytes); }
/** * Calculates the SHA1 hash of the string. * * @param text * @return sha1 hash of the string */ public static String getHashSHA1(String text) { byte[] bytes = text.getBytes(StandardCharsets.ISO_8859_1); return getHashSHA1(bytes); }
public static String getHmacSHA1(String message, String secretKey) { return hmacDigest(message, secretKey, HMAC_SHA1); }
public static String hmacDigest(String message, String secretKey, String algorithm) { String digest = null; try { SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(StandardCharsets.UTF_8), algorithm); Mac mac = Mac.getInstance(algorithm); mac.init(key); byte[] bytes = mac.doFinal(message.getBytes(StandardCharsets.US_ASCII)); digest = toHex(bytes); } catch (InvalidKeyException e) { } catch (NoSuchAlgorithmException e) { } return digest; }
/** * Calculates the SHA256 hash of the string. * * @param text * @return sha256 hash of the string */ public static String getHashSHA256(String text) { byte[] bytes = text.getBytes(StandardCharsets.ISO_8859_1); return getHashSHA256(bytes); }
protected String checksumSessionData(SessionData sessionData) { String data = transcoder.encode(sessionData); return CryptoUtils.getHmacSHA1(data, hmacSHA1Key); }
public static String getHmacMD5(String message, String secretKey) { return hmacDigest(message, secretKey, HMAC_MD5); }
/** * Calculates the SHA256 hash of the byte array. * * @param bytes * @return sha256 hash of the byte array */ public static String getHashSHA256(byte[] bytes) { try { MessageDigest md = MessageDigest.getInstance("SHA-256"); md.update(bytes, 0, bytes.length); byte[] digest = md.digest(); return toHex(digest); } catch (NoSuchAlgorithmException t) { throw new RuntimeException(t); } }
public static String getHmacSHA256(String message, String secretKey) { return hmacDigest(message, secretKey, HMAC_SHA256); }
/** * Calculates the MD5 hash of the byte array. * * @param bytes * @return md5 hash of the byte array */ public static String getHashMD5(byte[] bytes) { try { MessageDigest md = MessageDigest.getInstance("MD5"); md.update(bytes, 0, bytes.length); byte[] digest = md.digest(); return toHex(digest); } catch (NoSuchAlgorithmException t) { throw new RuntimeException(t); } }
@Override protected String getResourceVersion(String resourcePath) { String artifactPath = resourcePath.substring(0, resourcePath.indexOf('/') + 1); if (pathAliases.containsKey(artifactPath)) { String artifactVersion = pathAliases.get(artifactPath); // Do not replace already fixed-version paths. // i.e. skip replacing first path segment of "/jquery/1.11.1/jquery.min.js" // BUT do replace first path segment of "jquery/jquery.min.js". if (!resourcePath.startsWith(artifactVersion)) { return CryptoUtils.getHashMD5(artifactVersion); } } return null; }
/** * Generates a random secret key. * * @return a random secret key. */ public static String generateSecretKey() { return hmacDigest(UUID.randomUUID().toString(), UUID.randomUUID().toString(), HMAC_SHA256); }
/** * Calculates the SHA1 hash of the byte array. * * @param bytes * @return sha1 hash of the byte array */ public static String getHashSHA1(byte[] bytes) { try { MessageDigest md = MessageDigest.getInstance("SHA-1"); md.update(bytes, 0, bytes.length); byte[] digest = md.digest(); return toHex(digest); } catch (NoSuchAlgorithmException t) { throw new RuntimeException(t); } }
String token = CryptoUtils.hmacDigest(sessionId, secretKey, algorithm); setSessionCsrfToken(context, token); log.debug("Generated '{}' for {} '{}'", TOKEN, context.getRequestMethod(), context.getRequestUri());