#333 feature - Added schema and JPA entities

Roberto Sánchez

2013-12-26 6d04b0ae0f4eeb9f0963b1595d0f2e7469fa5f3f

 securis/src/main/java/net/curisit/securis/utils/TokenHelper.java
..
..
@@ -22,6 +22,9 @@
22
22
 
23
23
 	private static final Logger log = LoggerFactory.getLogger(TokenHelper.class);
24
24
 
25
+	/**
26
+	 * Period before token expires, set in hours.
27
+	 */
25
28
 	private static int VALID_TOKEN_PERIOD = 24;
26
29
 
27
30
 	@Inject
..
..
@@ -30,6 +33,12 @@
30
33
 
31
34
 	private static byte[] seed = "S3Cur15S33dForT0k3nG3n3r@tion".getBytes();
32
35
 
36
+	/**
37
+	 * Generate a token encoded in Base64 for user passed as parameter and taking the current moment as token timestamp
38
+	 * 
39
+	 * @param user
40
+	 * @return
41
+	 */
33
42
 	public String generateToken(String user) {
34
43
 		try {
35
44
 			Date date = new Date();
..
..
@@ -50,7 +59,7 @@
50
59
 
51
60
 	}
52
61
 
53
-	public String generateSecret(String user, Date date) throws UnsupportedEncodingException, NoSuchAlgorithmException {
62
+	private String generateSecret(String user, Date date) throws UnsupportedEncodingException, NoSuchAlgorithmException {
54
63
 		MessageDigest mDigest = MessageDigest.getInstance("SHA-256");
55
64
 		mDigest.update(seed, 0, seed.length);
56
65
 		byte[] userbytes = user.getBytes("utf-8");
..
..
@@ -62,6 +71,12 @@
62
71
 		return secret;
63
72
 	}
64
73
 
74
+	/**
75
+	 * Check if passed token is still valid, It use to check if token is expired the attribute VALID_TOKEN_PERIOD (in hours)
76
+	 * 
77
+	 * @param token
78
+	 * @return
79
+	 */
65
80
 	public boolean validateToken(String token) {
66
81
 		try {
67
82
 			String tokenDecoded = new String(Base64.decode(token));
..
..
@@ -69,18 +84,30 @@
69
84
 			String secret = parts[0];
70
85
 			String user = parts[1];
71
86
 			Date date = Utils.toDateFromIso(parts[2]);
72
-			if (new Date(new Date().getTime() + 25 * 60 * 60 * 1000).after(new Date(date.getTime() + VALID_TOKEN_PERIOD * 60 * 60 * 1000)))
87
+			if (new Date().after(new Date(date.getTime() + VALID_TOKEN_PERIOD * 60 * 60 * 1000)))
73
88
 				return false;
74
89
 			String newSecret = generateSecret(user, date);
75
90
 			return newSecret.equals(secret);
76
91
 		} catch (IOException e) {
77
-			log.error("Error decoding Bse64 token", e);
92
+			log.error("Error decoding Base64 token", e);
78
93
 		} catch (NoSuchAlgorithmException e) {
79
94
 			log.error("Error generation secret to compare with", e);
80
95
 		}
81
96
 		return false;
82
97
 	}
83
98
 
99
+	public String extractUserFromToken(String token) {
100
+		try {
101
+			String tokenDecoded = new String(Base64.decode(token));
102
+			String[] parts = StringUtils.split(tokenDecoded, ' ');
103
+			String user = parts[1];
104
+			return user;
105
+		} catch (IOException e) {
106
+			log.error("Error decoding Base64 token", e);
107
+		}
108
+		return null;
109
+	}
110
+
84
111
 	public static void main(String[] args) throws IOException {
85
112
 		TokenHelper th = new TokenHelper();
86
113
 		String token = th.generateToken("pepe");