public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
private KeyBasedPersistenceTokenService getService() { SecureRandomFactoryBean fb = new SecureRandomFactoryBean(); KeyBasedPersistenceTokenService service = new KeyBasedPersistenceTokenService(); service.setServerSecret("MY:SECRET$$$#"); service.setServerInteger(Integer.valueOf(454545)); try { SecureRandom rnd = (SecureRandom) fb.getObject(); service.setSecureRandom(rnd); service.afterPropertiesSet(); } catch (Exception e) { throw new RuntimeException(e); } return service; }
@Test public void testOperationWithEmptyRandomNumber() { KeyBasedPersistenceTokenService service = getService(); service.setPseudoRandomNumberBytes(0); Token token = service.allocateToken("Hello:world:::"); Token result = service.verifyToken(token.getKey()); assertThat(result).isEqualTo(token); }
String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = tokens[1];
String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = tokens[1];
@Bean public TokenService getTokenService() { KeyBasedPersistenceTokenService keyBasedPersistenceTokenService = new KeyBasedPersistenceTokenService(); keyBasedPersistenceTokenService.setServerSecret(serverSecret); keyBasedPersistenceTokenService.setServerInteger(serverInteger); keyBasedPersistenceTokenService.setPseudoRandomNumberBytes(16); keyBasedPersistenceTokenService.setSecureRandom(new SecureRandom()); return keyBasedPersistenceTokenService; }
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = tokens[1];
@Bean public TokenService getTokenService() { KeyBasedPersistenceTokenService keyBasedPersistenceTokenService = new KeyBasedPersistenceTokenService(); keyBasedPersistenceTokenService.setServerSecret(serverSecret); keyBasedPersistenceTokenService.setServerInteger(serverInteger); keyBasedPersistenceTokenService.setPseudoRandomNumberBytes(16); keyBasedPersistenceTokenService.setSecureRandom(new SecureRandom()); return keyBasedPersistenceTokenService; }
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
public Token verifyToken(String key) { if (key == null || "".equals(key)) { return null; } String[] tokens = StringUtils.delimitedListToStringArray(Utf8.decode(Base64.decode(Utf8.encode(key))), ":"); Assert.isTrue(tokens.length >= 4, "Expected 4 or more tokens but found " + tokens.length); long creationTime; try { creationTime = Long.decode(tokens[0]).longValue(); } catch (NumberFormatException nfe) { throw new IllegalArgumentException("Expected number but found " + tokens[0]); } String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = tokens[1]; // Permit extendedInfo to itself contain ":" characters StringBuilder extendedInfo = new StringBuilder(); for (int i = 2; i < tokens.length-1; i++) { if (i > 2) { extendedInfo.append(":"); } extendedInfo.append(tokens[i]); } String sha1Hex = tokens[tokens.length-1]; // Verification String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInfo.toString(); String expectedSha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure"); return new DefaultToken(key, creationTime, extendedInfo.toString()); }
@Bean @ConditionalOnMissingBean(TokenService.class) public KeyBasedPersistenceTokenService keyBasedPersistenceTokenService( SecureRandom secureRandom) { KeyBasedPersistenceTokenService keyBasedPersistenceTokenService = new KeyBasedPersistenceTokenService(); keyBasedPersistenceTokenService.setServerInteger(secureRandom.nextInt()); keyBasedPersistenceTokenService.setServerSecret(secureRandom.nextLong() + ""); keyBasedPersistenceTokenService.setSecureRandom(secureRandom); return keyBasedPersistenceTokenService; }
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }