Search in sources :

Example 1 with Expiration

use of com.zimbra.cs.ephemeral.EphemeralInput.Expiration in project zm-mailbox by Zimbra.

the class CsrfTokenConverter method convert.

@Override
public EphemeralInput convert(String attrName, Object ldapValue) {
    String ldapValueStr = (String) ldapValue;
    String[] parts = ldapValueStr.split(":");
    if (parts.length != 3) {
        ZimbraLog.ephemeral.warn("CSRF auth token %s cannot be parsed", ldapValueStr);
        return null;
    }
    String data = parts[0];
    String crumb = parts[1];
    Long expirationMillis;
    try {
        expirationMillis = Long.parseLong(parts[2]);
    } catch (NumberFormatException e) {
        ZimbraLog.ephemeral.warn("CSRF auth token %s does not have a valid expiration value", ldapValueStr);
        return null;
    }
    EphemeralKey key = new EphemeralKey(attrName, crumb);
    EphemeralInput input = new EphemeralInput(key, data);
    Expiration expiration = new AbsoluteExpiration(expirationMillis);
    input.setExpiration(expiration);
    return input;
}
Also used : EphemeralInput(com.zimbra.cs.ephemeral.EphemeralInput) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) Expiration(com.zimbra.cs.ephemeral.EphemeralInput.Expiration) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) EphemeralKey(com.zimbra.cs.ephemeral.EphemeralKey)

Example 2 with Expiration

use of com.zimbra.cs.ephemeral.EphemeralInput.Expiration in project zm-mailbox by Zimbra.

the class ZimbraAuthToken method register.

private void register() {
    if (!isZimbraUser() || isZMGAppBootstrap()) {
        return;
    }
    try {
        Account acct = Provisioning.getInstance().get(AccountBy.id, properties.getAccountId());
        if (Provisioning.getInstance().getLocalServer().getLowestSupportedAuthVersion() > 1) {
            try {
                // house keeping. If we are issuing a new token, clean up old ones.
                acct.cleanExpiredTokens();
            } catch (ServiceException e) {
                LOG.error("unable to de-register auth token", e);
            }
            Expiration expiration = new AbsoluteExpiration(properties.getExpires());
            acct.addAuthTokens(String.valueOf(properties.getTokenID()), properties.getServerVersion(), expiration);
        }
    } catch (ServiceException e) {
        LOG.error("unable to register auth token", e);
    }
}
Also used : ServiceException(com.zimbra.common.service.ServiceException) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) Expiration(com.zimbra.cs.ephemeral.EphemeralInput.Expiration) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration)

Example 3 with Expiration

use of com.zimbra.cs.ephemeral.EphemeralInput.Expiration in project zm-mailbox by Zimbra.

the class ZimbraJWToken method deRegister.

@Override
public void deRegister() throws AuthTokenException {
    if (!isExpired()) {
        try {
            Account acct = Provisioning.getInstance().getAccountById(properties.getAccountId());
            if (acct != null) {
                acct.cleanExpiredJWTokens();
                String jwtId = JWTUtil.getJTI(properties.getEncoded());
                if (jwtId != null) {
                    Expiration expiration = new AbsoluteExpiration(properties.getExpires());
                    acct.addInvalidJWTokens(jwtId, properties.getServerVersion(), expiration);
                    JWTCache.remove(jwtId);
                    ZimbraLog.account.debug("added jti: %s to invalid list", jwtId);
                    if (acct.getBooleanAttr(Provisioning.A_zimbraLogOutFromAllServers, false)) {
                        AuthTokenRegistry.addTokenToQueue(this);
                    }
                }
            }
        } catch (ServiceException e) {
            throw new AuthTokenException("unable to de-register auth token", e);
        }
    }
}
Also used : ServiceException(com.zimbra.common.service.ServiceException) AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) Expiration(com.zimbra.cs.ephemeral.EphemeralInput.Expiration) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration)

Example 4 with Expiration

use of com.zimbra.cs.ephemeral.EphemeralInput.Expiration in project zm-mailbox by Zimbra.

the class ZimbraAuthToken method registerWithEphemeralStore.

/*
     * Used when the auth token needs to be registered with a non-default
     * ephemeral backend
     */
public void registerWithEphemeralStore(EphemeralStore store) throws ServiceException {
    Account acct = Provisioning.getInstance().get(AccountBy.id, properties.getAccountId());
    Expiration expiration = new AbsoluteExpiration(properties.getExpires());
    EphemeralLocation location = new LdapEntryLocation(acct);
    EphemeralKey key = new EphemeralKey(Provisioning.A_zimbraAuthTokens, String.valueOf(properties.getTokenID()));
    EphemeralInput input = new EphemeralInput(key, properties.getServerVersion(), expiration);
    store.update(input, location);
}
Also used : LdapEntryLocation(com.zimbra.cs.ephemeral.LdapEntryLocation) EphemeralLocation(com.zimbra.cs.ephemeral.EphemeralLocation) EphemeralInput(com.zimbra.cs.ephemeral.EphemeralInput) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) Expiration(com.zimbra.cs.ephemeral.EphemeralInput.Expiration) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) EphemeralKey(com.zimbra.cs.ephemeral.EphemeralKey)

Example 5 with Expiration

use of com.zimbra.cs.ephemeral.EphemeralInput.Expiration in project zm-mailbox by Zimbra.

the class CsrfUtil method storeTokenData.

/**
 * @param tokenSalt
 * @param accountId
 * @param authTokenExpiration
 * @param crumb
 * @throws ServiceException
 */
private static void storeTokenData(String data, AuthToken authToken, long authTokenExpiration, String crumb) throws ServiceException {
    Account account = getAccount(authToken, Boolean.TRUE);
    if (account != null) {
        Expiration expiration = new AbsoluteExpiration(authTokenExpiration);
        boolean needToAdd = true;
        String curData = account.getCsrfTokenData(crumb);
        if (curData != null) {
            if (!data.equals(curData)) {
                account.removeCsrfTokenData(crumb, curData);
            } else {
                ZimbraLog.ephemeral.debug("CSRF token already stored in ephemeral storage");
                needToAdd = false;
            }
        }
        if (needToAdd) {
            account.addCsrfTokenData(crumb, data, expiration);
        }
    }
}
Also used : Account(com.zimbra.cs.account.Account) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration) Expiration(com.zimbra.cs.ephemeral.EphemeralInput.Expiration) AbsoluteExpiration(com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration)

Aggregations

AbsoluteExpiration (com.zimbra.cs.ephemeral.EphemeralInput.AbsoluteExpiration)6 Expiration (com.zimbra.cs.ephemeral.EphemeralInput.Expiration)6 EphemeralInput (com.zimbra.cs.ephemeral.EphemeralInput)3 EphemeralKey (com.zimbra.cs.ephemeral.EphemeralKey)3 ServiceException (com.zimbra.common.service.ServiceException)2 Account (com.zimbra.cs.account.Account)1 AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)1 EphemeralLocation (com.zimbra.cs.ephemeral.EphemeralLocation)1 LdapEntryLocation (com.zimbra.cs.ephemeral.LdapEntryLocation)1