Search in sources :

Example 6 with AbsoluteExpiration

use of com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration in project zm-mailbox by Zimbra.

the class CsrfTokenConverter method convert.

@Override
public EphemeralInput convert(String attrName, Object ldapValue) {
    String ldapValueStr = (String) ldapValue;
    String[] parts = ldapValueStr.split(":");
    if (parts.length != 3) {
        ZimbraLog.ephemeral.warn("CSRF auth token %s cannot be parsed", ldapValueStr);
        return null;
    }
    String data = parts[0];
    String crumb = parts[1];
    Long expirationMillis;
    try {
        expirationMillis = Long.parseLong(parts[2]);
    } catch (NumberFormatException e) {
        ZimbraLog.ephemeral.warn("CSRF auth token %s does not have a valid expiration value", ldapValueStr);
        return null;
    }
    EphemeralKey key = new EphemeralKey(attrName, crumb);
    EphemeralInput input = new EphemeralInput(key, data);
    Expiration expiration = new AbsoluteExpiration(expirationMillis);
    input.setExpiration(expiration);
    return input;
}
Also used : EphemeralInput(com.zimbra.cs.ephemeral.EphemeralInput) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) Expiration(com.zimbra.cs.ephemeral.EphemeralInput.Expiration) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) EphemeralKey(com.zimbra.cs.ephemeral.EphemeralKey)

Example 7 with AbsoluteExpiration

use of com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration in project zm-mailbox by Zimbra.

the class LdapEphemeralStoreTest method testInvalidToken.

private void testInvalidToken(String attrName, String expected) throws Exception {
    EphemeralLocation target = new TestLocation();
    //sanity check: make sure a valid token works
    EphemeralKey key = new EphemeralKey(attrName, "dynamicPart");
    EphemeralInput input = new EphemeralInput(key, "validToken");
    input.setExpiration(new AbsoluteExpiration(1000));
    store.set(input, target);
    EphemeralResult result = store.get(key, target);
    assertEquals(result.getValue(), "validToken");
    helper.reset();
    //no expiration will result in an invalid auth/CSRF token
    key = new EphemeralKey(attrName, "dynamicPart");
    store.set(new EphemeralInput(key, "value"), target);
    helper.reset();
    result = store.get(key, target);
    //the invalid token is not returned
    assertTrue(result.isEmpty());
    //but is instead flagged for deletion
    verifyAttrMap(makeMap("-" + attrName, expected));
}
Also used : AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) TestLocation(com.zimbra.cs.ephemeral.EphemeralStoreTest.TestLocation)

Example 8 with AbsoluteExpiration

use of com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration in project zm-mailbox by Zimbra.

the class AttributeEncodersTest method testValueEncoders.

@Test
public void testValueEncoders() throws Exception {
    EphemeralLocation location = new TestLocation();
    EphemeralKey staticKey = new EphemeralKey("foo");
    EphemeralKey dynamicKey = new EphemeralKey("foo", "1");
    ValueEncoder dynamicExpirationEncoder = new DynamicExpirationValueEncoder();
    EphemeralInput staticInput = new EphemeralInput(staticKey, "bar");
    EphemeralInput dynamicInput = new EphemeralInput(dynamicKey, "bar");
    //static key, no expiration
    assertEquals("bar", dynamicExpirationEncoder.encodeValue(staticInput, location));
    //dynamic key, no expiration
    assertEquals("bar|1|", dynamicExpirationEncoder.encodeValue(dynamicInput, location));
    //set expirations
    staticInput.setExpiration(new AbsoluteExpiration(1000L));
    dynamicInput.setExpiration(new AbsoluteExpiration(1000L));
    //static key, expiration
    assertEquals("bar||1000", dynamicExpirationEncoder.encodeValue(staticInput, location));
    //dynamic key, expiration
    assertEquals("bar|1|1000", dynamicExpirationEncoder.encodeValue(dynamicInput, location));
    //test special handling of auth and CSRF token encoding for LDAP backwards compatibility
    ValueEncoder ldapValueEncoder = new LdapValueEncoder();
    EphemeralKey authKey = new EphemeralKey(Provisioning.A_zimbraAuthTokens, "tokenId");
    EphemeralInput authInput = new EphemeralInput(authKey, "serverVersion");
    authInput.setExpiration(new AbsoluteExpiration(1000L));
    assertEquals("tokenId|1000|serverVersion", ldapValueEncoder.encodeValue(authInput, location));
    EphemeralKey csrfKey = new EphemeralKey(Provisioning.A_zimbraCsrfTokenData, "crumb");
    EphemeralInput csrfInput = new EphemeralInput(csrfKey, "data");
    csrfInput.setExpiration(new AbsoluteExpiration(1000L));
    assertEquals("data:crumb:1000", ldapValueEncoder.encodeValue(csrfInput, location));
}
Also used : AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) TestLocation(com.zimbra.cs.ephemeral.EphemeralStoreTest.TestLocation) Test(org.junit.Test)

Example 9 with AbsoluteExpiration

use of com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration in project zm-mailbox by Zimbra.

the class AuthTokenConverter method convert.

@Override
public EphemeralInput convert(String attrName, Object ldapValue) {
    String ldapValueStr = (String) ldapValue;
    String[] parts = ldapValueStr.split("\\|");
    if (parts.length != 3) {
        ZimbraLog.ephemeral.warn("LDAP auth token %s cannot be parsed", ldapValueStr);
        return null;
    }
    String token = parts[0];
    Long expirationMillis;
    try {
        expirationMillis = Long.parseLong(parts[1]);
    } catch (NumberFormatException e) {
        ZimbraLog.ephemeral.warn("LDAP auth token %s does not have a valid expiration value", ldapValueStr);
        return null;
    }
    String serverVersion = parts[2];
    EphemeralKey key = new EphemeralKey(attrName, token);
    EphemeralInput input = new EphemeralInput(key, serverVersion);
    Expiration expiration = new AbsoluteExpiration(expirationMillis);
    input.setExpiration(expiration);
    return input;
}
Also used : EphemeralInput(com.zimbra.cs.ephemeral.EphemeralInput) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) Expiration(com.zimbra.cs.ephemeral.EphemeralInput.Expiration) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) EphemeralKey(com.zimbra.cs.ephemeral.EphemeralKey)

Example 10 with AbsoluteExpiration

use of com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration in project zm-mailbox by Zimbra.

the class CsrfUtil method storeTokenData.

/**
     *
     * @param tokenSalt
     * @param accountId
     * @param authTokenExpiration
     * @param crumb
     * @throws ServiceException
     */
private static void storeTokenData(String data, AuthToken authToken, long authTokenExpiration, String crumb) throws ServiceException {
    Account account = getAccount(authToken, Boolean.TRUE);
    if (account != null) {
        Expiration expiration = new AbsoluteExpiration(authTokenExpiration);
        boolean needToAdd = true;
        String curData = account.getCsrfTokenData(crumb);
        if (curData != null) {
            if (!data.equals(curData)) {
                account.removeCsrfTokenData(crumb, curData);
            } else {
                ZimbraLog.ephemeral.debug("CSRF token already stored in ephemeral storage");
                needToAdd = false;
            }
        }
        if (needToAdd) {
            account.addCsrfTokenData(crumb, data, expiration);
        }
    }
}
Also used : Account(com.zimbra.cs.account.Account) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) Expiration(com.zimbra.cs.ephemeral.EphemeralInput.Expiration) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration)

Aggregations

AbsoluteExpiration (com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration)10 Test (org.junit.Test)5 Expiration (com.zimbra.cs.ephemeral.EphemeralInput.Expiration)4 TestLocation (com.zimbra.cs.ephemeral.EphemeralStoreTest.TestLocation)3 EphemeralInput (com.zimbra.cs.ephemeral.EphemeralInput)2 RelativeExpiration (com.zimbra.cs.ephemeral.EphemeralInput.RelativeExpiration)2 EphemeralKey (com.zimbra.cs.ephemeral.EphemeralKey)2 ServiceException (com.zimbra.common.service.ServiceException)1 Account (com.zimbra.cs.account.Account)1