• Home
• com.erigir
• wrench-ape
• 2.1.5+137
• source code
• TokenService.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.erigir.wrench.ape.service.TokenService Maven / Gradle / Ivy

package com.erigir.wrench.ape.service;

import com.erigir.wrench.CrockfordBase32;
import com.erigir.wrench.QuietObjectMapper;
import com.erigir.wrench.ZipUtils;
import com.erigir.wrench.ape.exception.InvalidTokenException;
import com.erigir.wrench.ape.model.CustomerToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;

/**
 * As of version 1.2.0, you may specify more than one key for the token service - it accepts a list
 * If you do so, any new tokens are encrypted with the first key, but the other keys are checked for
 * decrypting tokens.  This is to simplify the process of key rotation - just add a new key to the start
 * of the list and restart the server.  After the expiration time has passed any old keys can
 * be removed from the list as they will be invalid anyway.
 * Created by cweiss on 7/18/15.
 */
public class TokenService {
  private static final Logger LOG = LoggerFactory.getLogger(TokenService.class);
  private static final String CIPHER = "AES/ECB/PKCS5Padding";
  private List encryptionKeys;
  private QuietObjectMapper objectMapper;
  private CrockfordBase32 base32 = new CrockfordBase32();

  public String createToken(String keyValue, Long expires, Map otherData) {
    LOG.debug("Creating token {} / {} / {}", keyValue, expires, otherData);
    Objects.requireNonNull(keyValue);
    Objects.requireNonNull(expires);

    // We always encrypt with the first key
    String encryptionKey = encryptionKeys.get(0);
    CustomerToken token = new CustomerToken(keyValue, expires, otherData);
    String raw = objectMapper.writeValueAsString(token);
    byte[] compressed = ZipUtils.zipData(raw.getBytes());

    try {
      byte[] encrypted = cipher(Cipher.ENCRYPT_MODE, encryptionKey).doFinal(compressed);
      String rval = base32.encodeToString(encrypted);
      return rval;
    } catch (Exception e) {
      throw new IllegalStateException("Shouldnt happen, error on encode: (key size was " + encryptionKey.length() + " and msg size was " + raw.length() + ") " + e, e);
    }
  }

  public void validateToken(CustomerToken token)
      throws InvalidTokenException {
    if (token == null) {
      throw new InvalidTokenException("Supplied string was not a valid token");
    }
    if (token.getExpires() == null || System.currentTimeMillis() > token.getExpires()) {
      throw new InvalidTokenException("Token expired at " + token.getExpires() + " and it is " + System.currentTimeMillis());
    }
  }

  private Cipher cipher(int mode, String key) {
    try {
      SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), CIPHER.substring(0, 3));
      Cipher nCipher = Cipher.getInstance(CIPHER);
      //IvParameterSpec iv = new IvParameterSpec("0000000000000000".getBytes());
      nCipher.init(mode, keySpec);//,iv);
      return nCipher;
    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
      // Like these would be handled at runtime... right?
      throw new RuntimeException("Error creating cipher", e);
    }
  }

  public CustomerToken extractAndValidateToken(String tokenString)
      throws InvalidTokenException {
    CustomerToken token = extractToken(tokenString);
    validateToken(token);
    return token;
  }

  public CustomerToken extractToken(String tokenString) {
    CustomerToken rval = null;
    for (int i = 0; i < encryptionKeys.size() && rval == null; i++) {
      rval = innerExtractToken(tokenString, encryptionKeys.get(i));
    }
    return rval;
  }

  private CustomerToken innerExtractToken(String tokenString, String key) {
    try {
      byte[] zippedData;
      byte[] encryptedText = base32.decode(tokenString.getBytes());
      zippedData = cipher(Cipher.DECRYPT_MODE, key).doFinal(encryptedText);
      byte[] unzippedData = ZipUtils.unzipData(zippedData);
      CustomerToken output = objectMapper.readValue(unzippedData, CustomerToken.class);
      return output;
    } catch (Exception e) {
      LOG.trace("Unable to decrypt token with this key");
      return null;
    }
  }

  public void setEncryptionKeys(List encryptionKeys) {
    this.encryptionKeys = encryptionKeys;
  }

  /**
   * Here for backwards compatibility with previous versions
   *
   * @param encryptionKey A single key that tokenservice will decrypt with
   */
  public void setEncryptionKey(String encryptionKey) {
    this.encryptionKeys = (encryptionKey == null) ? null : Collections.singletonList(encryptionKey);
  }

  public void setObjectMapper(QuietObjectMapper objectMapper) {
    this.objectMapper = objectMapper;
  }

}