Example 1 with SecureCookie
use of org.webpieces.router.impl.ctx.SecureCookie in project webpieces by deanhiller.
the class CookieTranslator method cookieToScope.
private CookieScope cookieToScope(RouterRequest req, CookieScopeImpl data) throws UnsupportedEncodingException {
RouterCookie routerCookie = req.cookies.get(data.getName());
if (routerCookie == null) {
data.setExisted(false);
return data;
}
data.setExisted(true);
Map<String, String> dataMap = new HashMap<>();
String value = routerCookie.value;
int colonIndex = value.indexOf(":");
String version = value.substring(0, colonIndex);
String keyValuePairs = value.substring(colonIndex + 1);
if (data instanceof SecureCookie) {
String[] pair = version.split("-");
version = pair[0];
String expectedHash = pair[1];
String hash = security.sign(config.getSecretKey(), keyValuePairs);
if (!hash.equals(expectedHash))
throw new BadCookieException("hashes don't match...This occurs if secret key" + " was switched, or loaded different webapp on same port or someone" + " created an invalid cookie and sent to your webserver", data.getName());
}
if (!VERSION.equals(version))
throw new BadCookieException("versions don't match...This occurs if secret key" + " was switched, or loaded different webapp on same port or someone" + " created an invalid cookie and sent to your webserver", data.getName());
String[] pieces = keyValuePairs.split("&");
for (String piece : pieces) {
String[] split = piece.split("=");
if (split.length == 2) {
String key = URLDecoder.decode(split[0], config.getUrlEncoding().name());
String val = URLDecoder.decode(split[1], config.getUrlEncoding().name());
dataMap.put(key, val);
} else {
String key = URLDecoder.decode(split[0], config.getUrlEncoding().name());
dataMap.put(key, "");
}
}
data.setMapData(dataMap);
return data;
}
Also used :
BadCookieException(org.webpieces.router.api.exceptions.BadCookieException)
HashMap(java.util.HashMap)
RouterCookie(org.webpieces.ctx.api.RouterCookie)
SecureCookie(org.webpieces.router.impl.ctx.SecureCookie)
Example 2 with SecureCookie
use of org.webpieces.router.impl.ctx.SecureCookie in project webpieces by deanhiller.
the class CookieTranslator method scopeToCookie.
private RouterCookie scopeToCookie(CookieScopeImpl scopeData) throws UnsupportedEncodingException {
Map<String, String> mapData = scopeData.getMapData();
RouterCookie cookie = createBase(scopeData.getName(), null);
StringBuilder data = translateValuesToCookieFormat(mapData);
String value = data.toString();
if (scopeData instanceof SecureCookie) {
SecretKeyInfo key = config.getSecretKey();
String sign = security.sign(key, value);
cookie.value = VERSION + "-" + sign + ":" + value;
} else {
cookie.value = VERSION + ":" + value;
}
if (cookie.value.length() > 4050)
throw new CookieTooLargeException("Your webserver has put too many things into the session cookie and" + " browser will end up ignoring the cookie so we exception here to let you " + "know. Length of JUST the value(not whole cookie)=" + cookie.value.length() + "\ncookie value=" + cookie.value);
return cookie;
}
Also used :
CookieTooLargeException(org.webpieces.router.api.exceptions.CookieTooLargeException)
RouterCookie(org.webpieces.ctx.api.RouterCookie)
SecretKeyInfo(org.webpieces.util.security.SecretKeyInfo)
SecureCookie(org.webpieces.router.impl.ctx.SecureCookie)
Aggregations
RouterCookie (org.webpieces.ctx.api.RouterCookie)2
SecureCookie (org.webpieces.router.impl.ctx.SecureCookie)2
HashMap (java.util.HashMap)1
BadCookieException (org.webpieces.router.api.exceptions.BadCookieException)1
CookieTooLargeException (org.webpieces.router.api.exceptions.CookieTooLargeException)1
SecretKeyInfo (org.webpieces.util.security.SecretKeyInfo)1
