public String encodeToken(SecurityToken token) throws SecurityTokenException { if (! (token instanceof BlobCrypterSecurityToken)) { throw new SecurityTokenException("Can only encode BlogCrypterSecurityTokens"); } BlobCrypterSecurityToken t = (BlobCrypterSecurityToken)token; try { return t.encrypt(); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } } }
public String encodeToken(SecurityToken token) throws SecurityTokenException { if (! (token instanceof BlobCrypterSecurityToken)) { throw new SecurityTokenException("Can only encode BlogCrypterSecurityTokens"); } BlobCrypterSecurityToken t = (BlobCrypterSecurityToken)token; try { return t.encrypt(); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } } }
/** * Decrypt and verify the provided security token. */ public SecurityToken createToken(Map<String, String> tokenParameters) throws SecurityTokenException { String token = tokenParameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME); if (StringUtils.isBlank(token)) { // No token is present, assume anonymous access return new AnonymousSecurityToken(); } String[] fields = StringUtils.split(token, ':'); if (fields.length != 2) { throw new SecurityTokenException("Invalid security token " + token); } String container = fields[0]; BlobCrypter crypter = crypters.get(container); if (crypter == null) { throw new SecurityTokenException("Unknown container " + token); } String domain = domains.get(container); String activeUrl = tokenParameters.get(SecurityTokenCodec.ACTIVE_URL_NAME); String crypted = fields[1]; try { return BlobCrypterSecurityToken.decrypt(crypter, container, domain, crypted, activeUrl); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } }
/** * Decrypt and verify the provided security token. */ public SecurityToken createToken(Map<String, String> tokenParameters) throws SecurityTokenException { String token = tokenParameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME); if (StringUtils.isBlank(token)) { // No token is present, assume anonymous access return new AnonymousSecurityToken(); } String[] fields = StringUtils.split(token, ':'); if (fields.length != 2) { throw new SecurityTokenException("Invalid security token " + token); } String container = fields[0]; BlobCrypter crypter = crypters.get(container); if (crypter == null) { throw new SecurityTokenException("Unknown container " + token); } String domain = domains.get(container); String activeUrl = tokenParameters.get(SecurityTokenCodec.ACTIVE_URL_NAME); String crypted = fields[1]; try { return BlobCrypterSecurityToken.decrypt(crypter, container, domain, crypted, activeUrl); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } }
/** * Decrypt and verify the provided security token. */ public SecurityToken createToken(Map<String, String> tokenParameters) throws SecurityTokenException { String token = tokenParameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME); if (StringUtils.isBlank(token)) { // No token is present, assume anonymous access return new AnonymousSecurityToken(); } String[] fields = StringUtils.split(token, ':'); if (fields.length != 2) { throw new SecurityTokenException("Invalid security token " + token); } String container = fields[0]; BlobCrypter crypter = crypters.get(container); if (crypter == null) { throw new SecurityTokenException("Unknown container " + token); } String domain = domains.get(container); String activeUrl = tokenParameters.get(SecurityTokenCodec.ACTIVE_URL_NAME); String crypted = fields[1]; try { BlobCrypterSecurityToken st = new BlobCrypterSecurityToken(container, domain, activeUrl, crypter.unwrap(crypted)); return st.enforceNotExpired(); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } }
/** * Decrypt and verify the provided security token. */ public SecurityToken createToken(Map<String, String> tokenParameters) throws SecurityTokenException { String token = tokenParameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME); if (StringUtils.isBlank(token)) { // No token is present, assume anonymous access return new AnonymousSecurityToken(); } String[] fields = StringUtils.split(token, ':'); if (fields.length != 2) { throw new SecurityTokenException("Invalid security token " + token); } String container = fields[0]; BlobCrypter crypter = crypters.get(container); if (crypter == null) { throw new SecurityTokenException("Unknown container " + token); } String domain = domains.get(container); String activeUrl = tokenParameters.get(SecurityTokenCodec.ACTIVE_URL_NAME); String crypted = fields[1]; try { BlobCrypterSecurityToken st = new BlobCrypterSecurityToken(container, domain, activeUrl, crypter.unwrap(crypted)); return st.enforceNotExpired(); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } }
/** * Decrypt and verify the provided security token. */ public SecurityToken createToken(Map<String, String> tokenParameters) throws SecurityTokenException { String token = tokenParameters.get(SecurityTokenCodec.SECURITY_TOKEN_NAME); if (StringUtils.isBlank(token)) { // No token is present, assume anonymous access return new AnonymousSecurityToken(); } String[] fields = StringUtils.split(token, ':'); if (fields.length != 2) { throw new SecurityTokenException("Invalid security token " + token); } String container = fields[0]; BlobCrypter crypter = crypters.get(container); if (crypter == null) { throw new SecurityTokenException("Unknown container " + token); } String domain = domains.get(container); String activeUrl = tokenParameters.get(SecurityTokenCodec.ACTIVE_URL_NAME); String crypted = fields[1]; try { BlobCrypterSecurityToken st = new BlobCrypterSecurityToken(container, domain, activeUrl, crypter.unwrap(crypted)); return st.enforceNotExpired(); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } }
String[] tokens = StringUtils.split(token, ':'); if (tokens.length != TOKEN_COUNT) { throw new SecurityTokenException("Malformed security token"); null); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } catch (ArrayIndexOutOfBoundsException e) { throw new SecurityTokenException(e);
/** * Encrypt and sign the token. The returned value is *not* web safe, it should be URL * encoded before being used as a form parameter. */ public String encodeToken(SecurityToken token) throws SecurityTokenException { if (!token.getAuthenticationMode().equals( AuthenticationMode.SECURITY_TOKEN_URL_PARAMETER.name())) { throw new SecurityTokenException("Can only encode BlobCrypterSecurityTokens"); } // Test code sends in real AbstractTokens, they have modified time sources in them so // that we can test token expiration, production tokens are proxied via the SecurityToken interface. AbstractSecurityToken aToken = token instanceof AbstractSecurityToken ? (AbstractSecurityToken)token : BlobCrypterSecurityToken.fromToken(token); BlobCrypter crypter = crypters.get(aToken.getContainer()); if (crypter == null) { throw new SecurityTokenException("Unknown container " + aToken.getContainer()); } try { Integer tokenTTL = this.tokenTTLs.get(aToken.getContainer()); if (tokenTTL != null) { aToken.setExpires(tokenTTL); } else { aToken.setExpires(); } return aToken.getContainer() + ':' + crypter.wrap(aToken.toMap()); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } }
/** * Encrypt and sign the token. The returned value is *not* web safe, it should be URL * encoded before being used as a form parameter. */ public String encodeToken(SecurityToken token) throws SecurityTokenException { if (!token.getAuthenticationMode().equals( AuthenticationMode.SECURITY_TOKEN_URL_PARAMETER.name())) { throw new SecurityTokenException("Can only encode BlobCrypterSecurityTokens"); } // Test code sends in real AbstractTokens, they have modified time sources in them so // that we can test token expiration, production tokens are proxied via the SecurityToken interface. AbstractSecurityToken aToken = token instanceof AbstractSecurityToken ? (AbstractSecurityToken)token : BlobCrypterSecurityToken.fromToken(token); BlobCrypter crypter = crypters.get(aToken.getContainer()); if (crypter == null) { throw new SecurityTokenException("Unknown container " + aToken.getContainer()); } try { Integer tokenTTL = this.tokenTTLs.get(aToken.getContainer()); if (tokenTTL != null) { aToken.setExpires(tokenTTL); } else { aToken.setExpires(); } return aToken.getContainer() + ':' + crypter.wrap(aToken.toMap()); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } }
/** * Encrypt and sign the token. The returned value is *not* web safe, it should be URL * encoded before being used as a form parameter. */ public String encodeToken(SecurityToken token) throws SecurityTokenException { if (!token.getAuthenticationMode().equals( AuthenticationMode.SECURITY_TOKEN_URL_PARAMETER.name())) { throw new SecurityTokenException("Can only encode BlobCrypterSecurityTokens"); } // Test code sends in real AbstractTokens, they have modified time sources in them so // that we can test token expiration, production tokens are proxied via the SecurityToken interface. AbstractSecurityToken aToken = token instanceof AbstractSecurityToken ? (AbstractSecurityToken)token : BlobCrypterSecurityToken.fromToken(token); BlobCrypter crypter = crypters.get(aToken.getContainer()); if (crypter == null) { throw new SecurityTokenException("Unknown container " + aToken.getContainer()); } try { Integer tokenTTL = this.tokenTTLs.get(aToken.getContainer()); if (tokenTTL != null) { aToken.setExpires(tokenTTL); } else { aToken.setExpires(); } return aToken.getContainer() + ':' + crypter.wrap(aToken.toMap()); } catch (BlobCrypterException e) { throw new SecurityTokenException(e); } }
@Test public void testTokenOneGadgetFailure() throws Exception { SecurityTokenCodec codec = EasyMock.createMock(SecurityTokenCodec.class); EasyMock.expect(codec.encodeToken(EasyMock.isA(SecurityToken.class))).andThrow( new SecurityTokenException("blah")); replay(codec); registerGadgetsHandler(codec); JSONObject request = makeTokenRequest(GADGET1_URL); RpcHandler operation = registry.getRpcHandler(request); Object responseObj = operation.execute(emptyFormItems, authContext, converter).get(); JSONObject response = new JSONObject(converter.convertToString(responseObj)); JSONObject gadget = response.getJSONObject(GADGET1_URL); assertFalse(gadget.has("token")); assertEquals(GadgetsHandler.FAILURE_TOKEN, gadget.getJSONObject("error").getString("message")); assertEquals(500, gadget.getJSONObject("error").getInt("code")); }
@Test(expected = SecurityTokenException.class) public void testGetTokenException() throws Exception { GadgetsHandlerApi.TokenRequest request = createTokenRequest(FakeProcessor.SPEC_URL, CONTAINER, createAuthContext(OWNER, VIEWER), ImmutableList.of("*")); replay(); tokenCodec.exc = new SecurityTokenException("bad data"); gadgetHandler.getToken(request); }
@Test public void testTokenOneGadgetFailure() throws Exception { SecurityTokenCodec codec = EasyMock.createMock(SecurityTokenCodec.class); EasyMock.expect(codec.encodeToken(EasyMock.isA(SecurityToken.class))).andThrow( new SecurityTokenException("blah")); replay(codec); registerGadgetsHandler(codec); JSONObject request = makeTokenRequest(GADGET1_URL); RpcHandler operation = registry.getRpcHandler(request); Object responseObj = operation.execute(emptyFormItems, authContext, converter).get(); JSONObject response = new JSONObject(converter.convertToString(responseObj)); JSONObject gadget = response.getJSONObject(GADGET1_URL); assertFalse(gadget.has("token")); assertEquals(GadgetsHandler.FAILURE_TOKEN, gadget.getJSONObject("error").getString("message")); assertEquals(500, gadget.getJSONObject("error").getInt("code")); }
@Test(expected = SecurityTokenException.class) public void testGetTokenException() throws Exception { GadgetsHandlerApi.TokenRequest request = createTokenRequest(FakeProcessor.SPEC_URL, CONTAINER, createAuthContext(OWNER, VIEWER), ImmutableList.of("*")); replay(); tokenCodec.exc = new SecurityTokenException("bad data"); gadgetHandler.getToken(request); }
@Test(expected = SecurityTokenException.class) public void testGetTokenException() throws Exception { GadgetsHandlerApi.TokenRequest request = createTokenRequest( FakeProcessor.SPEC_URL, CONTAINER, createTokenData(OWNER, VIEWER), ImmutableList.of("*")); replay(); tokenCodec.exc = new SecurityTokenException("bad data"); GadgetsHandlerApi.TokenResponse response = gadgetHandler.getToken(request); }
@Test public void testTokenMultipleGadgetsWithSuccessAndFailure() throws Exception { SecurityTokenCodec codec = EasyMock.createMock(SecurityTokenCodec.class); EasyMock.expect(codec.encodeToken(EasyMock.isA(SecurityToken.class))).andReturn(TOKEN); EasyMock.expect(codec.encodeToken(EasyMock.isA(SecurityToken.class))).andThrow( new SecurityTokenException("blah")); replay(codec); registerGadgetsHandler(codec); JSONObject request = makeTokenRequest(GADGET1_URL, GADGET2_URL); RpcHandler operation = registry.getRpcHandler(request); Object responseObj = operation.execute(emptyFormItems, authContext, converter).get(); JSONObject response = new JSONObject(converter.convertToString(responseObj)); JSONObject gadget1 = response.getJSONObject(GADGET1_URL); assertEquals(TOKEN, gadget1.getString("token")); assertFalse(gadget1.has("error")); JSONObject gadget2 = response.getJSONObject(GADGET2_URL); assertFalse(gadget2.has("token")); assertEquals(GadgetsHandler.FAILURE_TOKEN, gadget2.getJSONObject("error").getString("message")); assertEquals(500, gadget2.getJSONObject("error").getInt("code")); }
@Test public void testTokenOneGadgetFailure() throws Exception { SecurityTokenCodec codec = EasyMock.createMock(SecurityTokenCodec.class); EasyMock.expect(codec.encodeToken(EasyMock.isA(SecurityToken.class))) .andThrow(new SecurityTokenException("blah")); replay(codec); registerGadgetsHandler(codec); JSONObject request = makeTokenRequest(GADGET1_URL); RpcHandler operation = registry.getRpcHandler(request); Object responseObj = operation.execute(emptyFormItems, token, converter).get(); JSONObject response = new JSONObject(converter.convertToString(responseObj)); JSONObject gadget = response.getJSONObject(GADGET1_URL); assertFalse(gadget.has("token")); assertEquals(GadgetsHandler.FAILURE_TOKEN, gadget.getString("error")); }
@Test public void testTokenMultipleGadgetsWithSuccessAndFailure() throws Exception { SecurityTokenCodec codec = EasyMock.createMock(SecurityTokenCodec.class); EasyMock.expect(codec.encodeToken(EasyMock.isA(SecurityToken.class))).andReturn(TOKEN); EasyMock.expect(codec.encodeToken(EasyMock.isA(SecurityToken.class))).andThrow( new SecurityTokenException("blah")); replay(codec); registerGadgetsHandler(codec); JSONObject request = makeTokenRequest(GADGET1_URL, GADGET2_URL); RpcHandler operation = registry.getRpcHandler(request); Object responseObj = operation.execute(emptyFormItems, authContext, converter).get(); JSONObject response = new JSONObject(converter.convertToString(responseObj)); JSONObject gadget1 = response.getJSONObject(GADGET1_URL); assertEquals(TOKEN, gadget1.getString("token")); assertFalse(gadget1.has("error")); JSONObject gadget2 = response.getJSONObject(GADGET2_URL); assertFalse(gadget2.has("token")); assertEquals(GadgetsHandler.FAILURE_TOKEN, gadget2.getJSONObject("error").getString("message")); assertEquals(500, gadget2.getJSONObject("error").getInt("code")); }
@Test public void testTokenMultipleGadgetsWithSuccessAndFailure() throws Exception { SecurityTokenCodec codec = EasyMock.createMock(SecurityTokenCodec.class); EasyMock.expect(codec.encodeToken(EasyMock.isA(SecurityToken.class))) .andReturn(TOKEN); EasyMock.expect(codec.encodeToken(EasyMock.isA(SecurityToken.class))) .andThrow(new SecurityTokenException("blah")); replay(codec); registerGadgetsHandler(codec); JSONObject request = makeTokenRequest(GADGET1_URL, GADGET2_URL); RpcHandler operation = registry.getRpcHandler(request); Object responseObj = operation.execute(emptyFormItems, token, converter).get(); JSONObject response = new JSONObject(converter.convertToString(responseObj)); JSONObject gadget1 = response.getJSONObject(GADGET1_URL); assertEquals(TOKEN, gadget1.getString("token")); assertFalse(gadget1.has("error")); JSONObject gadget2 = response.getJSONObject(GADGET2_URL); assertFalse(gadget2.has("token")); assertEquals(GadgetsHandler.FAILURE_TOKEN, gadget2.getString("error")); }