• Home
• com.nimbusds
• common
• 3.4
• source code
• AbstractAccessTokenValidator.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.nimbusds.common.oauth2.AbstractAccessTokenValidator Maven / Gradle / Ivy

package com.nimbusds.common.oauth2;


import com.nimbusds.jose.crypto.utils.ConstantTimeUtils;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import org.apache.logging.log4j.Logger;

import java.util.ArrayList;
import java.util.List;


/**
 * Abstract access token validator.
 */
abstract class AbstractAccessTokenValidator implements MasterAccessTokenValidator {
	
	
	/**
	 * The expected access token hashes, empty list if access to the web
	 * API is disabled.
	 */
	protected final List expectedTokenHashes = new ArrayList<>();
	
	
	/**
	 * Optional salt for computing the SHA-256 hashes.
	 */
	protected byte[] hashSalt = null;
	
	
	/**
	 * Optional logger.
	 */
	protected Logger log;
	
	
	@Override
	public boolean accessIsDisabled() {
		
		return expectedTokenHashes.isEmpty();
	}
	
	
	@Override
	public boolean isValid(final BearerAccessToken accessToken) {
		
		if (accessToken == null) return false;
		
		final byte[] receivedTokenHash = MasterAccessTokenValidator.computeSHA256(accessToken, hashSalt);
		
		for (byte[] expectedHash: expectedTokenHashes) {
			if (ConstantTimeUtils.areEqual(receivedTokenHash, expectedHash)) {
				return true;
			}
		}
		
		return false;
	}
	
	
	@Override
	public Logger getLogger() {
		return log;
	}
	
	
	@Override
	public void setLogger(final Logger log) {
		this.log = log;
	}
	
	
	/**
	 * Returns the number of configured tokens.
	 *
 	 * @return The number of configured tokens, zero if none.
	 */
	public int getNumberConfiguredTokens() {
		
		return expectedTokenHashes.size();
	}
}