Search in sources :

Example 1 with CsrfTokenKey

use of com.zimbra.cs.account.CsrfTokenKey in project zm-mailbox by Zimbra.

the class CsrfUtil method generateCsrfToken.

/**
     * @param sessionId
     * @param i
     * @return
     * @throws AuthTokenException
     * @throws ServiceException
     * @throws InvalidAlgorithmParameterException
     */
public static String generateCsrfToken(String accountId, long authTokenExpiration, int tokenSalt, AuthToken at) throws ServiceException {
    try {
        String crumb = at.getCrumb();
        String tokenData = getExistingCsrfTokenForThisAuthToken(at, crumb);
        if (tokenData == null) {
            StringBuilder encodedBuff = new StringBuilder(64);
            BlobMetaData.encodeMetaData(C_ID, accountId, encodedBuff);
            BlobMetaData.encodeMetaData(C_EXP, Long.toString(authTokenExpiration), encodedBuff);
            BlobMetaData.encodeMetaData(C_SALT_ID, tokenSalt, encodedBuff);
            tokenData = new String(Hex.encodeHex(encodedBuff.toString().getBytes()));
        }
        CsrfTokenKey key = getCurrentKey();
        String hmac = TokenUtil.getHmac(tokenData, key.getKey());
        String encoded = key.getVersion() + "_" + hmac;
        storeTokenData(tokenData, at, authTokenExpiration, crumb);
        return encoded;
    } catch (AuthTokenException e) {
        throw ServiceException.FAILURE("Error generating Auth Token, " + e.getMessage(), e);
    }
}
Also used : AuthTokenException(com.zimbra.cs.account.AuthTokenException) CsrfTokenKey(com.zimbra.cs.account.CsrfTokenKey)

Example 2 with CsrfTokenKey

use of com.zimbra.cs.account.CsrfTokenKey in project zm-mailbox by Zimbra.

the class CsrfUtil method validateCsrfToken.

/**
     * @param hmacFromToken
     * @param crumb
     * @param keyVersion
     * @param validToken
     * @param account
     * @return
     * @throws ServiceException
     * @throws AuthTokenException
     */
private static boolean validateCsrfToken(String hmacFromToken, String crumb, String keyVersion, boolean validToken, Account account) throws ServiceException, AuthTokenException {
    String csrfTokenData;
    csrfTokenData = getTokenDataFromLdap(crumb, account);
    if (csrfTokenData != null) {
        CsrfTokenKey key = CsrfTokenKey.getVersion(keyVersion);
        if (key == null) {
            throw new AuthTokenException("unknown key version");
        }
        String computedHmac = TokenUtil.getHmac(csrfTokenData, key.getKey());
        if (computedHmac.equals(hmacFromToken)) {
            Map<?, ?> decodedData = getAttrs(csrfTokenData);
            long expirationTime = Long.parseLong((String) decodedData.get(C_EXP));
            long currentTime = System.currentTimeMillis();
            if (currentTime < expirationTime) {
                validToken = true;
            }
        }
    }
    return validToken;
}
Also used : AuthTokenException(com.zimbra.cs.account.AuthTokenException) CsrfTokenKey(com.zimbra.cs.account.CsrfTokenKey)

Example 3 with CsrfTokenKey

use of com.zimbra.cs.account.CsrfTokenKey in project zm-mailbox by Zimbra.

the class CsrfUtil method generateCsrfTokenTest.

public static String generateCsrfTokenTest(String accountId, long authTokenExpiration, int tokenSalt, String sessionId) throws AuthTokenException {
    StringBuilder encodedBuff = new StringBuilder(64);
    BlobMetaData.encodeMetaData(C_ID, accountId, encodedBuff);
    BlobMetaData.encodeMetaData(C_EXP, Long.toString(authTokenExpiration), encodedBuff);
    BlobMetaData.encodeMetaData(C_SALT_ID, tokenSalt, encodedBuff);
    String data = new String(Hex.encodeHex(encodedBuff.toString().getBytes()));
    CsrfTokenKey key = getCurrentKey();
    String hmac = TokenUtil.getHmac(data, key.getKey());
    String encoded = key.getVersion() + "_" + hmac + "_" + data;
    return encoded;
}
Also used : CsrfTokenKey(com.zimbra.cs.account.CsrfTokenKey)

Aggregations

CsrfTokenKey (com.zimbra.cs.account.CsrfTokenKey)3 AuthTokenException (com.zimbra.cs.account.AuthTokenException)2