/** * Decrypt and verify the provided security token. */ public SecurityToken createToken(Map<String, String> tokenParameters) throws SecurityTokenException { String token = tokenParameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME); if (StringUtils.isBlank(token)) { // No token is present, assume anonymous access return new AnonymousSecurityToken(); } String[] fields = StringUtils.split(token, ':'); if (fields.length != 2) { throw new SecurityTokenException("Invalid security token " + token); } String container = fields[0]; BlobCrypter crypter = crypters.get(container); if (crypter == null) { throw new SecurityTokenException("Unknown container " + token); } String domain = domains.get(container); String activeUrl = tokenParameters.get(SecurityTokenCodec.ACTIVE_URL_NAME); String crypted = fields[1]; try { return BlobCrypterSecurityToken.decrypt(crypter, container, domain, crypted, activeUrl); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } }
/** * Decrypt and verify the provided security token. */ public SecurityToken createToken(Map<String, String> tokenParameters) throws SecurityTokenException { String token = tokenParameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME); if (StringUtils.isBlank(token)) { // No token is present, assume anonymous access return new AnonymousSecurityToken(); } String[] fields = StringUtils.split(token, ':'); if (fields.length != 2) { throw new SecurityTokenException("Invalid security token " + token); } String container = fields[0]; BlobCrypter crypter = crypters.get(container); if (crypter == null) { throw new SecurityTokenException("Unknown container " + token); } String domain = domains.get(container); String activeUrl = tokenParameters.get(SecurityTokenCodec.ACTIVE_URL_NAME); String crypted = fields[1]; try { return BlobCrypterSecurityToken.decrypt(crypter, container, domain, crypted, activeUrl); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } }
@Test(expected=BlobExpiredException.class) public void testExpired() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, CONTAINER, DOMAIN); String token = t.encrypt(); // one hour plus clock skew timeSource.incrementSeconds(3600 + 181); String[] fields = StringUtils.split(token, ':'); // expect an exception BlobCrypterSecurityToken.decrypt(crypter, CONTAINER, DOMAIN, fields[1], "active"); } }
@Test(expected=BlobExpiredException.class) public void testExpired() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, CONTAINER, DOMAIN); String token = t.encrypt(); // one hour plus clock skew timeSource.incrementSeconds(3600 + 181); String[] fields = StringUtils.split(token, ':'); // expect an exception BlobCrypterSecurityToken.decrypt(crypter, CONTAINER, DOMAIN, fields[1], "active"); } }
@Test(expected=UnsupportedOperationException.class) public void testNullValues() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, CONTAINER, DOMAIN); String token = t.encrypt(); assertTrue("should start with container: " + token, token.startsWith("container:")); String[] fields = StringUtils.split(token, ':'); BlobCrypterSecurityToken t2 = BlobCrypterSecurityToken.decrypt(crypter, CONTAINER, DOMAIN, fields[1], null); assertNull(t2.getAppId(), t2.getAppId()); assertNull(t2.getAppUrl(), t2.getAppUrl()); assertEquals(DOMAIN, t2.getDomain()); assertEquals(0, t2.getModuleId()); assertNull(t2.getOwnerId(), t2.getOwnerId()); assertNull(t2.getViewerId(), t2.getViewerId()); assertNull(t2.getTrustedJson(), t2.getTrustedJson()); assertNull(t2.getUpdatedToken(), t2.getUpdatedToken()); assertEquals(CONTAINER, t2.getContainer()); // expect an exception t2.getActiveUrl(); }
@Test(expected=UnsupportedOperationException.class) public void testNullValues() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, CONTAINER, DOMAIN); String token = t.encrypt(); assertTrue("should start with container: " + token, token.startsWith("container:")); String[] fields = StringUtils.split(token, ':'); BlobCrypterSecurityToken t2 = BlobCrypterSecurityToken.decrypt(crypter, CONTAINER, DOMAIN, fields[1], null); assertNull(t2.getAppId(), t2.getAppId()); assertNull(t2.getAppUrl(), t2.getAppUrl()); assertEquals(DOMAIN, t2.getDomain()); assertEquals(0, t2.getModuleId()); assertNull(t2.getOwnerId(), t2.getOwnerId()); assertNull(t2.getViewerId(), t2.getViewerId()); assertNull(t2.getTrustedJson(), t2.getTrustedJson()); assertNull(t2.getUpdatedToken(), t2.getUpdatedToken()); assertEquals(CONTAINER, t2.getContainer()); // expect an exception t2.getActiveUrl(); }
@Test public void testRealValues() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, CONTAINER, DOMAIN); t.setAppUrl("http://www.example.com/gadget.xml"); t.setModuleId(12345L); t.setOwnerId("owner"); t.setViewerId("viewer"); t.setTrustedJson("trusted"); String token = t.encrypt(); assertTrue("should start with container: " + token, token.startsWith("container:")); String[] fields = StringUtils.split(token, ':'); BlobCrypterSecurityToken t2 = BlobCrypterSecurityToken.decrypt(crypter, CONTAINER, DOMAIN, fields[1], "active"); assertEquals("http://www.example.com/gadget.xml", t2.getAppId()); assertEquals("http://www.example.com/gadget.xml", t2.getAppUrl()); assertEquals(DOMAIN, t2.getDomain()); assertEquals(12345L, t2.getModuleId()); assertEquals("owner", t2.getOwnerId()); assertEquals("viewer", t2.getViewerId()); assertEquals("trusted", t2.getTrustedJson()); assertEquals(CONTAINER, t2.getContainer()); assertEquals("active", t2.getActiveUrl()); }
@Test public void testRealValues() throws Exception { BlobCrypterSecurityToken t = new BlobCrypterSecurityToken(crypter, CONTAINER, DOMAIN); t.setAppUrl("http://www.example.com/gadget.xml"); t.setModuleId(12345L); t.setOwnerId("owner"); t.setViewerId("viewer"); t.setTrustedJson("trusted"); String token = t.encrypt(); assertTrue("should start with container: " + token, token.startsWith("container:")); String[] fields = StringUtils.split(token, ':'); BlobCrypterSecurityToken t2 = BlobCrypterSecurityToken.decrypt(crypter, CONTAINER, DOMAIN, fields[1], "active"); assertEquals("http://www.example.com/gadget.xml", t2.getAppId()); assertEquals("http://www.example.com/gadget.xml", t2.getAppUrl()); assertEquals(DOMAIN, t2.getDomain()); assertEquals(12345L, t2.getModuleId()); assertEquals("owner", t2.getOwnerId()); assertEquals("viewer", t2.getViewerId()); assertEquals("trusted", t2.getTrustedJson()); assertEquals(CONTAINER, t2.getContainer()); assertEquals("active", t2.getActiveUrl()); }