public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
String expectedSha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure");
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
String expectedSha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure");
public String getAuthValue() { String av = authValue; if (av == null) { if (HashedDaoAuthToken.authDao == null) { throw new IllegalStateException( "An AuthDao needs to be injected for the HashedDaoAuthToken to function"); } final String authToken = authDao.getAuthToken(this.getName()); if (authToken != null) { av = Sha512DigestUtils.shaHex(authToken); this.authValue = av; } } return av; }
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
public String getAuthValue() { String av = authValue; if (av == null) { if (HashedDaoAuthToken.authDao == null) { throw new IllegalStateException( "An AuthDao needs to be injected for the HashedDaoAuthToken to function"); } final String authToken = authDao.getAuthToken(this.getName()); if (authToken != null) { av = Sha512DigestUtils.shaHex(authToken); this.authValue = av; } } return av; }
String expectedSha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure");
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
public Token verifyToken(String key) { if (key == null || "".equals(key)) { return null; } String[] tokens = StringUtils.delimitedListToStringArray(Utf8.decode(Base64.decode(Utf8.encode(key))), ":"); Assert.isTrue(tokens.length >= 4, "Expected 4 or more tokens but found " + tokens.length); long creationTime; try { creationTime = Long.decode(tokens[0]).longValue(); } catch (NumberFormatException nfe) { throw new IllegalArgumentException("Expected number but found " + tokens[0]); } String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = tokens[1]; // Permit extendedInfo to itself contain ":" characters StringBuilder extendedInfo = new StringBuilder(); for (int i = 2; i < tokens.length-1; i++) { if (i > 2) { extendedInfo.append(":"); } extendedInfo.append(tokens[i]); } String sha1Hex = tokens[tokens.length-1]; // Verification String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInfo.toString(); String expectedSha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); Assert.isTrue(expectedSha512Hex.equals(sha1Hex), "Key verification failure"); return new DefaultToken(key, creationTime, extendedInfo.toString()); }