common/securis.git

..	..	@@ -20,120 +20,119 @@
20	20	@Singleton
21	21	public class TokenHelper {
22	22
23		- private static final Logger LOG = LogManager.getLogger(TokenHelper.class);
	23	+ private static final Logger LOG = LogManager.getLogger(TokenHelper.class);
24	24
25		- /**
26		- * Period before token expires, set in hours.
27		- */
28		- private static int VALID_TOKEN_PERIOD = 24;
29		- public static final String TOKEN_HEADER_PÀRAM = "X-SECURIS-TOKEN";
	25	+ /**
	26	+ * Period before token expires, set in hours.
	27	+ */
	28	+ private static int VALID_TOKEN_PERIOD = 24;
	29	+ public static final String TOKEN_HEADER_PÀRAM = "X-SECURIS-TOKEN";
30	30
31		- @Inject
32		- public TokenHelper() {
33		- }
	31	+ @Inject
	32	+ public TokenHelper() {}
34	33
35		- private static byte[] seed = "S3Cur15S33dForT0k3nG3n3r@tion".getBytes();
	34	+ private static byte[] seed = "S3Cur15S33dForT0k3nG3n3r@tion".getBytes();
36	35
37		- /**
38		- * Generate a token encoded in Base64 for user passed as parameter and taking the current moment as token timestamp
39		- *
40		- * @param user
41		- * @return
42		- */
43		- public String generateToken(String user) {
44		- try {
45		- Date date = new Date();
46		- String secret = generateSecret(user, date);
47		- StringBuffer sb = new StringBuffer();
48		- sb.append(secret);
49		- sb.append(' ');
50		- sb.append(user);
51		- sb.append(' ');
52		- sb.append(Utils.toIsoFormat(date));
53		- return Base64.encodeBytes(sb.toString().getBytes("utf-8"));
54		- } catch (NoSuchAlgorithmException e) {
55		- LOG.error("Error generating SHA-256 hash", e);
56		- } catch (UnsupportedEncodingException e) {
57		- LOG.error("Error generating SHA-256 hash", e);
58		- }
59		- return null;
	36	+ /**
	37	+ * Generate a token encoded in Base64 for user passed as parameter and
	38	+ * taking the current moment as token timestamp
	39	+ *
	40	+ * @param user
	41	+ * @return
	42	+ */
	43	+ public String generateToken(String user) {
	44	+ try {
	45	+ Date date = new Date();
	46	+ String secret = generateSecret(user, date);
	47	+ StringBuffer sb = new StringBuffer();
	48	+ sb.append(secret);
	49	+ sb.append(' ');
	50	+ sb.append(user);
	51	+ sb.append(' ');
	52	+ sb.append(Utils.toIsoFormat(date));
	53	+ return Base64.encodeBytes(sb.toString().getBytes("utf-8"));
	54	+ } catch (NoSuchAlgorithmException e) {
	55	+ LOG.error("Error generating SHA-256 hash", e);
	56	+ } catch (UnsupportedEncodingException e) {
	57	+ LOG.error("Error generating SHA-256 hash", e);
	58	+ }
	59	+ return null;
60	60
61		- }
	61	+ }
62	62
63		- private String generateSecret(String user, Date date) throws UnsupportedEncodingException, NoSuchAlgorithmException {
64		- MessageDigest mDigest = MessageDigest.getInstance("SHA-256");
65		- mDigest.update(seed, 0, seed.length);
66		- byte[] userbytes = user.getBytes("utf-8");
67		- mDigest.update(userbytes, 0, userbytes.length);
68		- byte[] isodate = Utils.toIsoFormat(date).getBytes();
69		- mDigest.update(isodate, 0, isodate.length);
70		- BigInteger i = new BigInteger(1, mDigest.digest());
71		- String secret = String.format("%1$064x", i);
72		- return secret;
73		- }
	63	+ private String generateSecret(String user, Date date) throws UnsupportedEncodingException, NoSuchAlgorithmException {
	64	+ MessageDigest mDigest = MessageDigest.getInstance("SHA-256");
	65	+ mDigest.update(seed, 0, seed.length);
	66	+ byte[] userbytes = user.getBytes("utf-8");
	67	+ mDigest.update(userbytes, 0, userbytes.length);
	68	+ byte[] isodate = Utils.toIsoFormat(date).getBytes();
	69	+ mDigest.update(isodate, 0, isodate.length);
	70	+ BigInteger i = new BigInteger(1, mDigest.digest());
	71	+ String secret = String.format("%1$064x", i);
	72	+ return secret;
	73	+ }
74	74
75		- /**
76		- * Check if passed token is still valid, It use to check if token is expired the attribute VALID_TOKEN_PERIOD (in hours)
77		- *
78		- * @param token
79		- * @return
80		- */
81		- public boolean isTokenValid(String token) {
82		- try {
83		- String tokenDecoded = new String(Base64.decode(token));
84		- String[] parts = StringUtils.split(tokenDecoded, ' ');
85		- if (parts == null \|\| parts.length < 3)
86		- return false;
87		- String secret = parts[0];
88		- String user = parts[1];
89		- Date date = Utils.toDateFromIso(parts[2]);
90		- if (new Date().after(new Date(date.getTime() + VALID_TOKEN_PERIOD * 60 * 60 * 1000)))
91		- return false;
92		- String newSecret = generateSecret(user, date);
93		- return newSecret.equals(secret);
94		- } catch (IOException e) {
95		- LOG.error("Error decoding Base64 token", e);
96		- } catch (NoSuchAlgorithmException e) {
97		- LOG.error("Error generation secret to compare with", e);
98		- }
99		- return false;
100		- }
	75	+ /**
	76	+ * Check if passed token is still valid, It use to check if token is expired
	77	+ * the attribute VALID_TOKEN_PERIOD (in hours)
	78	+ *
	79	+ * @param token
	80	+ * @return
	81	+ */
	82	+ public boolean isTokenValid(String token) {
	83	+ try {
	84	+ String tokenDecoded = new String(Base64.decode(token));
	85	+ String[] parts = StringUtils.split(tokenDecoded, ' ');
	86	+ if (parts == null \|\| parts.length < 3) {
	87	+ return false;
	88	+ }
	89	+ String secret = parts[0];
	90	+ String user = parts[1];
	91	+ Date date = Utils.toDateFromIso(parts[2]);
	92	+ if (new Date().after(new Date(date.getTime() + VALID_TOKEN_PERIOD * 60 * 60 * 1000))) {
	93	+ return false;
	94	+ }
	95	+ String newSecret = generateSecret(user, date);
	96	+ return newSecret.equals(secret);
	97	+ } catch (IOException e) {
	98	+ LOG.error("Error decoding Base64 token", e);
	99	+ } catch (NoSuchAlgorithmException e) {
	100	+ LOG.error("Error generation secret to compare with", e);
	101	+ }
	102	+ return false;
	103	+ }
101	104
102		- public String extractUserFromToken(String token) {
103		- try {
104		- if (token == null)
105		- return null;
106		- String tokenDecoded = new String(Base64.decode(token));
107		- String[] parts = StringUtils.split(tokenDecoded, ' ');
108		- if (parts == null \|\| parts.length < 3)
109		- return null;
110		- String user = parts[1];
111		- return user;
112		- } catch (IOException e) {
113		- LOG.error("Error decoding Base64 token", e);
114		- }
115		- return null;
116		- }
	105	+ public String extractUserFromToken(String token) {
	106	+ try {
	107	+ if (token == null) {
	108	+ return null;
	109	+ }
	110	+ String tokenDecoded = new String(Base64.decode(token));
	111	+ String[] parts = StringUtils.split(tokenDecoded, ' ');
	112	+ if (parts == null \|\| parts.length < 3) {
	113	+ return null;
	114	+ }
	115	+ String user = parts[1];
	116	+ return user;
	117	+ } catch (IOException e) {
	118	+ LOG.error("Error decoding Base64 token", e);
	119	+ }
	120	+ return null;
	121	+ }
117	122
118		- public Date extractDateCreationFromToken(String token) {
119		- try {
120		- String tokenDecoded = new String(Base64.decode(token));
121		- String[] parts = StringUtils.split(tokenDecoded, ' ');
122		- if (parts == null \|\| parts.length < 3)
123		- return null;
124		- Date date = Utils.toDateFromIso(parts[2]);
125		- return date;
126		- } catch (IOException e) {
127		- LOG.error("Error decoding Base64 token", e);
128		- }
129		- return null;
130		- }
	123	+ public Date extractDateCreationFromToken(String token) {
	124	+ try {
	125	+ String tokenDecoded = new String(Base64.decode(token));
	126	+ String[] parts = StringUtils.split(tokenDecoded, ' ');
	127	+ if (parts == null \|\| parts.length < 3) {
	128	+ return null;
	129	+ }
	130	+ Date date = Utils.toDateFromIso(parts[2]);
	131	+ return date;
	132	+ } catch (IOException e) {
	133	+ LOG.error("Error decoding Base64 token", e);
	134	+ }
	135	+ return null;
	136	+ }
131	137
132		- public static void main(String[] args) throws IOException {
133		- TokenHelper th = new TokenHelper();
134		- String token = th.generateToken("pepe");
135		- System.out.println("Token: " + token);
136		- System.out.println("Token: " + new String(Base64.decode(token)));
137		- System.out.println("Valid Token: " + th.isTokenValid(token));
138		- }
139	138	}