/** * Calculates the SHA digest and returns the value as a <code>byte[]</code>. * * @param data Data to digest * @return SHA digest */ public static byte[] sha(String data) { return sha(data.getBytes()); }
/** * Calculates the SHA digest and returns the value as a <code>byte[]</code>. * * @param data Data to digest * @return SHA digest */ public static byte[] sha(byte[] data) { return getSha512Digest().digest(data); }
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
@Test(expected = IllegalArgumentException.class) public void testOperationWithTamperedKey() { KeyBasedPersistenceTokenService service = getService(); Token goodToken = service.allocateToken(""); String fake = goodToken.getKey().toUpperCase(); Token token = new DefaultToken(fake, new Date().getTime(), ""); service.verifyToken(token.getKey()); } }
private KeyBasedPersistenceTokenService getService() { SecureRandomFactoryBean fb = new SecureRandomFactoryBean(); KeyBasedPersistenceTokenService service = new KeyBasedPersistenceTokenService(); service.setServerSecret("MY:SECRET$$$#"); service.setServerInteger(Integer.valueOf(454545)); try { SecureRandom rnd = (SecureRandom) fb.getObject(); service.setSecureRandom(rnd); service.afterPropertiesSet(); } catch (Exception e) { throw new RuntimeException(e); } return service; }
@Test(expected = IllegalArgumentException.class) public void testRejectsNullExtendedInformation() { String key = "key"; long created = new Date().getTime(); new DefaultToken(key, created, null); }
@Test public void testIsSingleton() { SecureRandomFactoryBean factory = new SecureRandomFactoryBean(); assertThat(factory.isSingleton()).isFalse(); }
@Test public void testObjectType() { SecureRandomFactoryBean factory = new SecureRandomFactoryBean(); assertThat(factory.getObjectType()).isEqualTo(SecureRandom.class); }
@Test(expected = IllegalArgumentException.class) public void testOperationWithMissingKey() { KeyBasedPersistenceTokenService service = getService(); Token token = new DefaultToken("", new Date().getTime(), ""); service.verifyToken(token.getKey()); }
public Token allocateToken(String extendedInformation) { Assert.notNull(extendedInformation, "Must provided non-null extendedInformation (but it can be empty)"); long creationTime = new Date().getTime(); String serverSecret = computeServerSecretApplicableAt(creationTime); String pseudoRandomNumber = generatePseudoRandomNumber(); String content = Long.toString(creationTime) + ":" + pseudoRandomNumber + ":" + extendedInformation; // Compute key String sha512Hex = Sha512DigestUtils.shaHex(content + ":" + serverSecret); String keyPayload = content + ":" + sha512Hex; String key = Utf8.decode(Base64.getEncoder().encode(Utf8.encode(keyPayload))); return new DefaultToken(key, creationTime, extendedInformation); }
/** * Calculates the SHA digest and returns the value as a <code>byte[]</code>. * * @param data Data to digest * @return SHA digest */ public static byte[] sha(String data) { return sha(data.getBytes()); }
/** * Calculates the SHA digest and returns the value as a <code>byte[]</code>. * * @param data Data to digest * @return SHA digest */ public static byte[] sha(byte[] data) { return getSha512Digest().digest(data); }
@Test public void testOperationWithSimpleExtendedInformation() { KeyBasedPersistenceTokenService service = getService(); Token token = service.allocateToken("Hello world"); Token result = service.verifyToken(token.getKey()); assertThat(result).isEqualTo(token); }
/** * Calculates the SHA digest and returns the value as a hex string. * * @param data Data to digest * @return SHA digest as a hex string */ public static String shaHex(byte[] data) { return new String(Hex.encode(sha(data))); }
@Test public void testOperationWithEmptyRandomNumber() { KeyBasedPersistenceTokenService service = getService(); service.setPseudoRandomNumberBytes(0); Token token = service.allocateToken("Hello:world:::"); Token result = service.verifyToken(token.getKey()); assertThat(result).isEqualTo(token); }
/** * Calculates the SHA digest and returns the value as a hex string. * * @param data Data to digest * @return SHA digest as a hex string */ public static String shaHex(String data) { return new String(Hex.encode(sha(data))); }
@Test public void testOperationWithNoExtendedInformation() { KeyBasedPersistenceTokenService service = getService(); Token token = service.allocateToken(""); Token result = service.verifyToken(token.getKey()); assertThat(result).isEqualTo(token); }
/** * Calculates the SHA digest and returns the value as a hex string. * * @param data Data to digest * @return SHA digest as a hex string */ public static String shaHex(byte[] data) { return new String(Hex.encode(sha(data))); }
@Test public void testOperationWithComplexExtendedInformation() { KeyBasedPersistenceTokenService service = getService(); Token token = service.allocateToken("Hello:world:::"); Token result = service.verifyToken(token.getKey()); assertThat(result).isEqualTo(token); }
/** * Calculates the SHA digest and returns the value as a hex string. * * @param data Data to digest * @return SHA digest as a hex string */ public static String shaHex(String data) { return new String(Hex.encode(sha(data))); }