use of com.zimbra.cs.account.CsrfTokenKey in project zm-mailbox by Zimbra.
the class CsrfUtil method generateCsrfToken.
/**
* @param sessionId
* @param i
* @return
* @throws AuthTokenException
* @throws ServiceException
* @throws InvalidAlgorithmParameterException
*/
public static String generateCsrfToken(String accountId, long authTokenExpiration, int tokenSalt, AuthToken at) throws ServiceException {
try {
String crumb = at.getCrumb();
String tokenData = getExistingCsrfTokenForThisAuthToken(at, crumb);
if (tokenData == null) {
StringBuilder encodedBuff = new StringBuilder(64);
BlobMetaData.encodeMetaData(C_ID, accountId, encodedBuff);
BlobMetaData.encodeMetaData(C_EXP, Long.toString(authTokenExpiration), encodedBuff);
BlobMetaData.encodeMetaData(C_SALT_ID, tokenSalt, encodedBuff);
tokenData = new String(Hex.encodeHex(encodedBuff.toString().getBytes()));
}
CsrfTokenKey key = getCurrentKey();
String hmac = TokenUtil.getHmac(tokenData, key.getKey());
String encoded = key.getVersion() + "_" + hmac;
storeTokenData(tokenData, at, authTokenExpiration, crumb);
return encoded;
} catch (AuthTokenException e) {
throw ServiceException.FAILURE("Error generating Auth Token, " + e.getMessage(), e);
}
}
use of com.zimbra.cs.account.CsrfTokenKey in project zm-mailbox by Zimbra.
the class CsrfUtil method validateCsrfToken.
/**
* @param hmacFromToken
* @param crumb
* @param keyVersion
* @param validToken
* @param account
* @return
* @throws ServiceException
* @throws AuthTokenException
*/
private static boolean validateCsrfToken(String hmacFromToken, String crumb, String keyVersion, boolean validToken, Account account) throws ServiceException, AuthTokenException {
String csrfTokenData;
csrfTokenData = getTokenDataFromLdap(crumb, account);
if (csrfTokenData != null) {
CsrfTokenKey key = CsrfTokenKey.getVersion(keyVersion);
if (key == null) {
throw new AuthTokenException("unknown key version");
}
String computedHmac = TokenUtil.getHmac(csrfTokenData, key.getKey());
if (computedHmac.equals(hmacFromToken)) {
Map<?, ?> decodedData = getAttrs(csrfTokenData);
long expirationTime = Long.parseLong((String) decodedData.get(C_EXP));
long currentTime = System.currentTimeMillis();
if (currentTime < expirationTime) {
validToken = true;
}
}
}
return validToken;
}
use of com.zimbra.cs.account.CsrfTokenKey in project zm-mailbox by Zimbra.
the class CsrfUtil method generateCsrfTokenTest.
public static String generateCsrfTokenTest(String accountId, long authTokenExpiration, int tokenSalt, String sessionId) throws AuthTokenException {
StringBuilder encodedBuff = new StringBuilder(64);
BlobMetaData.encodeMetaData(C_ID, accountId, encodedBuff);
BlobMetaData.encodeMetaData(C_EXP, Long.toString(authTokenExpiration), encodedBuff);
BlobMetaData.encodeMetaData(C_SALT_ID, tokenSalt, encodedBuff);
String data = new String(Hex.encodeHex(encodedBuff.toString().getBytes()));
CsrfTokenKey key = getCurrentKey();
String hmac = TokenUtil.getHmac(data, key.getKey());
String encoded = key.getVersion() + "_" + hmac + "_" + data;
return encoded;
}
Aggregations