Example 16 with Token
use of com.macasaet.fernet.Token in project fernet-java8 by l0s.
the class TokenHeaderUtilityTest method verifyGetXAuthorizationTokenIgnoresBearer.
@Test
public final void verifyGetXAuthorizationTokenIgnoresBearer() {
// given
final Key key = Key.generateKey(random);
final Token token = Token.generate(random, key, "hello");
final ContainerRequest request = mock(ContainerRequest.class);
given(request.getHeaderString("Authorization")).willReturn("Bearer " + token.serialise());
// when
final Token result = utility.getXAuthorizationToken(request);
// then
assertNull(result);
}
Also used :
Token(com.macasaet.fernet.Token)
ContainerRequest(org.glassfish.jersey.server.ContainerRequest)
Key(com.macasaet.fernet.Key)
Test(org.junit.Test)
Example 17 with Token
use of com.macasaet.fernet.Token in project fernet-java8 by l0s.
the class Server method register.
/**
* The client will call this to register a customer for another notification type if and only if the client has a
* non-expired token containing an encrypted copy of the customer's sensitive information. If the customer never
* provided this information or if the token is expired, the client will need to solicit the information again and
* invoke {@link #register(String, String, String, String)} instead.
*
* @param notificationType
* a subsequent notification type that the customer would like to receive
* @param secureEnvelope
* an encrypted packet containing the customer's sensitive information
* @return meta data to allow the client to register the customer for another notification type without having to
* solicit the sensitive information again.
* @throws JsonProcessingException
*/
public Response register(final String notificationType, final String secureEnvelope) throws JsonProcessingException {
// throws exception if it cannot be a token
final Token token = Token.fromString(secureEnvelope);
// throws exception if the token was forged
final Customer customer = token.validateAndDecrypt(key, validator);
// or is expired
register(notificationType, customer);
final byte[] tokenPayload = mapper.writeValueAsBytes(customer);
// extend the TTL by generating a new
final Token updatedToken = Token.generate(random, key, tokenPayload);
// token
final Response retval = new Response();
retval.secureEnvelope = updatedToken.serialise();
// update the expiration date
retval.expirationDateTime = genExpiration();
return retval;
}
Also used :
Token(com.macasaet.fernet.Token)
Aggregations
Token (com.macasaet.fernet.Token)17
Key (com.macasaet.fernet.Key)10
Test (org.junit.Test)9
Path (javax.ws.rs.Path)6
ContainerRequest (org.glassfish.jersey.server.ContainerRequest)6
NotAuthorizedException (javax.ws.rs.NotAuthorizedException)5
SecureRandom (java.security.SecureRandom)3
Consumes (javax.ws.rs.Consumes)3
POST (javax.ws.rs.POST)3
PUT (javax.ws.rs.PUT)3
JerseyTest (org.glassfish.jersey.test.JerseyTest)3
Session (com.macasaet.fernet.example.pb.Example.Session)2
Builder (com.macasaet.fernet.example.pb.Example.Session.Builder)2
FernetToken (com.macasaet.fernet.jaxrs.FernetToken)2
Produces (javax.ws.rs.Produces)2
Instant (java.time.Instant)1
IvParameterSpec (javax.crypto.spec.IvParameterSpec)1
BadRequestException (javax.ws.rs.BadRequestException)1
GET (javax.ws.rs.GET)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
