mirror of
https://github.com/google/nomulus.git
synced 2025-05-13 07:57:13 +02:00
mv com/google/domain/registry google/registry
This change renames directories in preparation for the great package rename. The repository is now in a broken state because the code itself hasn't been updated. However this should ensure that git correctly preserves history for each file.
This commit is contained in:
Justine Tunney
parent
a41677aea1
commit
5012893c1d
2396 changed files with 0 additions and 0 deletions
106
java/google/registry/security/XsrfTokenManager.java
Normal file
106
java/google/registry/security/XsrfTokenManager.java
Normal file
|
|
@ -0,0 +1,106 @@
|
|||
// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package com.google.domain.registry.security;
|
||||
|
||||
import static com.google.appengine.api.users.UserServiceFactory.getUserService;
|
||||
import static com.google.common.io.BaseEncoding.base64Url;
|
||||
import static com.google.domain.registry.model.server.ServerSecret.getServerSecret;
|
||||
import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
|
||||
import com.google.appengine.api.users.UserService;
|
||||
import com.google.common.base.Joiner;
|
||||
import com.google.common.base.Splitter;
|
||||
import com.google.common.hash.Hashing;
|
||||
import com.google.domain.registry.util.Clock;
|
||||
import com.google.domain.registry.util.FormattingLogger;
|
||||
import com.google.domain.registry.util.NonFinalForTesting;
|
||||
import com.google.domain.registry.util.SystemClock;
|
||||
|
||||
import org.joda.time.DateTime;
|
||||
import org.joda.time.Duration;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/** Helper class for generating and validate XSRF tokens. */
|
||||
public final class XsrfTokenManager {
|
||||
|
||||
/** HTTP header used for transmitting XSRF tokens. */
|
||||
public static final String X_CSRF_TOKEN = "X-CSRF-Token";
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
||||
@NonFinalForTesting
|
||||
private static Clock clock = new SystemClock();
|
||||
|
||||
private static String encodeToken(long creationTime, String scope, String userEmail) {
|
||||
String token = Joiner.on('\t').join(getServerSecret(), userEmail, scope, creationTime);
|
||||
return base64Url().encode(Hashing.sha256()
|
||||
.newHasher(token.length())
|
||||
.putString(token, UTF_8)
|
||||
.hash()
|
||||
.asBytes());
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate an xsrf token for a given scope using the logged in user or else no user.
|
||||
* <p>
|
||||
* If there is no user, the entire xsrf check becomes basically a no-op, but that's ok because any
|
||||
* callback that doesn't have a user shouldn't be able to access any per-user resources anyways.
|
||||
*/
|
||||
public static String generateToken(String scope) {
|
||||
return generateToken(scope, getLoggedInEmailOrEmpty());
|
||||
}
|
||||
|
||||
/** Generate an xsrf token for a given scope and user. */
|
||||
public static String generateToken(String scope, String email) {
|
||||
long now = clock.nowUtc().getMillis();
|
||||
return Joiner.on(':').join(encodeToken(now, scope, email), now);
|
||||
}
|
||||
|
||||
private static String getLoggedInEmailOrEmpty() {
|
||||
UserService userService = getUserService();
|
||||
return userService.isUserLoggedIn() ? userService.getCurrentUser().getEmail() : "";
|
||||
}
|
||||
|
||||
/** Validate an xsrf token, given the scope it was used for and an expiration duration. */
|
||||
public static boolean validateToken(String token, String scope, Duration validLifetime) {
|
||||
List<String> tokenParts = Splitter.on(':').splitToList(token);
|
||||
if (tokenParts.size() != 2) {
|
||||
logger.warningfmt("Malformed XSRF token: %s", token);
|
||||
return false;
|
||||
}
|
||||
String encodedPart = tokenParts.get(0);
|
||||
String timePart = tokenParts.get(1);
|
||||
long creationTime;
|
||||
try {
|
||||
creationTime = Long.parseLong(timePart);
|
||||
} catch (NumberFormatException e) {
|
||||
logger.warningfmt("Bad timestamp in XSRF token: %s", token);
|
||||
return false;
|
||||
}
|
||||
if (new DateTime(creationTime).plus(validLifetime).isBefore(clock.nowUtc())) {
|
||||
logger.infofmt("Expired timestamp in XSRF token: %s", token);
|
||||
return false;
|
||||
}
|
||||
String reconstructedToken = encodeToken(creationTime, scope, getLoggedInEmailOrEmpty());
|
||||
if (!reconstructedToken.equals(encodedPart)) {
|
||||
logger.warningfmt("Reconstructed XSRF mismatch: %s != %s", encodedPart, reconstructedToken);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
private XsrfTokenManager() {}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue