Search in sources :

Example 1 with TokenInfo

use of org.platformlayer.auth.services.TokenInfo in project platformlayer by platformlayer.

the class SharedSecretTokenService method decodeToken.

@Override
public TokenInfo decodeToken(String token) {
    if (token == null) {
        return null;
    }
    try {
        String base64 = unescapeBase64(token);
        byte[] buffer = Base64.decode(base64);
        ByteArrayInputStream bais = new ByteArrayInputStream(buffer);
        byte flags = (byte) bais.read();
        if (flags == -1) {
            return null;
        }
        String expiration = readNullTerminatedString(bais);
        String username = readNullTerminatedString(bais);
        byte[] tokenSecret = readLengthPrefixByteArray(bais);
        byte[] signature = new byte[CryptoUtils.HMAC_SHA1_BYTES];
        if (bais.read(signature) != CryptoUtils.HMAC_SHA1_BYTES) {
            return null;
        }
        SecretKeySpec secretKeySpec = userSecretKeySpec;
        byte[] actualSignature = CryptoUtils.hmacSha1(secretKeySpec, buffer, 0, buffer.length - CryptoUtils.HMAC_SHA1_BYTES);
        if (!SecureComparison.equal(actualSignature, signature)) {
            return null;
        }
        long roundedTime = Long.parseLong(expiration, 16);
        long time = (roundedTime * TIME_GRANULARITY) + TIME_OFFSET;
        return new TokenInfo(flags, username, new Date(time), tokenSecret);
    } catch (Exception e) {
        return null;
    }
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) SecretKeySpec(javax.crypto.spec.SecretKeySpec) TokenInfo(org.platformlayer.auth.services.TokenInfo) Date(java.util.Date) IOException(java.io.IOException) EOFException(java.io.EOFException)

Example 2 with TokenInfo

use of org.platformlayer.auth.services.TokenInfo in project platformlayer by platformlayer.

the class TokensResource method validateToken.

@GET
// @HEAD support is automatic from the @GET
@Path("{tokenId}")
public ValidateTokenResponse validateToken(@PathParam("tokenId") String checkToken, @QueryParam("project") String project) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
    if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
        throw404NotFound();
    }
    UserEntity userEntity = null;
    try {
        userEntity = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching user", e);
        throwInternalError();
    }
    ValidateTokenResponse response = new ValidateTokenResponse();
    response.access = new ValidateAccess();
    response.access.user = Mapping.mapToUserValidation(userEntity);
    response.access.token = new Token();
    response.access.token.expires = checkTokenInfo.expiration;
    response.access.token.id = checkToken;
    String checkProject = project;
    if (checkProject != null) {
        ProjectEntity projectEntity = null;
        try {
            projectEntity = userAuthenticator.findProject(checkProject);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (projectEntity == null) {
            throw404NotFound();
        }
        projectEntity.unlockWithUser(userEntity);
        if (!projectEntity.isSecretValid()) {
            throw404NotFound();
        }
        UserProjectEntity userProject = null;
        try {
            userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (userProject == null) {
            // Not a member of project
            throw404NotFound();
        }
        response.access.project = Mapping.mapToProject(projectEntity);
        response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
    }
    return response;
}
Also used : ValidateTokenResponse(org.platformlayer.auth.model.ValidateTokenResponse) ValidateAccess(org.platformlayer.auth.model.ValidateAccess) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) Token(org.platformlayer.auth.model.Token) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) TokenInfo(org.platformlayer.auth.services.TokenInfo) UserEntity(org.platformlayer.auth.UserEntity) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Aggregations

TokenInfo (org.platformlayer.auth.services.TokenInfo)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 EOFException (java.io.EOFException)1 IOException (java.io.IOException)1 Date (java.util.Date)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 AuthenticatorException (org.platformlayer.auth.AuthenticatorException)1 ProjectEntity (org.platformlayer.auth.ProjectEntity)1 UserEntity (org.platformlayer.auth.UserEntity)1 UserProjectEntity (org.platformlayer.auth.UserProjectEntity)1 Token (org.platformlayer.auth.model.Token)1 ValidateAccess (org.platformlayer.auth.model.ValidateAccess)1 ValidateTokenResponse (org.platformlayer.auth.model.ValidateTokenResponse)1