com.sun.jersey.oauth.server.NonceManager Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of oauth-server Show documentation
There is a newer version: 1.19.4
/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 2010-2012 Oracle and/or its affiliates. All rights reserved.
 *
 * The contents of this file are subject to the terms of either the GNU
 * General Public License Version 2 only ("GPL") or the Common Development
 * and Distribution License("CDDL") (collectively, the "License").  You
 * may not use this file except in compliance with the License.  You can
 * obtain a copy of the License at
 * http://glassfish.java.net/public/CDDL+GPL_1_1.html
 * or packager/legal/LICENSE.txt.  See the License for the specific
 * language governing permissions and limitations under the License.
 *
 * When distributing the software, include this License Header Notice in each
 * file and include the License file at packager/legal/LICENSE.txt.
 *
 * GPL Classpath Exception:
 * Oracle designates this particular file as subject to the "Classpath"
 * exception as provided by Oracle in the GPL Version 2 section of the License
 * file that accompanied this code.
 *
 * Modifications:
 * If applicable, add the following below the License Header, with the fields
 * enclosed by brackets [] replaced by your own identifying information:
 * "Portions Copyright [year] [name of copyright owner]"
 *
 * Contributor(s):
 * If you wish your version of this file to be governed by only the CDDL or
 * only the GPL Version 2, indicate your decision by adding "[Contributor]
 * elects to include this software in this distribution under the [CDDL or GPL
 * Version 2] license."  If you don't indicate a single choice of license, a
 * recipient has the option to distribute your version of this file under
 * either the CDDL, the GPL Version 2 or to extend the choice of license to
 * its licensees as provided above.  However, if you add GPL Version 2 code
 * and therefore, elected the GPL Version 2 license, then the option applies
 * only if the new code is made subject to such option by the copyright
 * holder.
 */

package com.sun.jersey.oauth.server;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;

/**
 * Tracks the nonces for a given consumer key and/or token. Automagically
 * ensures timestamp is monotonically increasing and tracks all nonces
 * for a given timestamp.
 *
 * @author Paul C. Bryan
 * @author Martin Matula (martin.matula at oracle.com)
 * @author Thomas Meire
 */
public final class NonceManager {
    /**
     * The maximum valid age of a nonce timestamp, in milliseconds.
     */
    private final long maxAge;

    /**
     * Verifications to perform on average before performing garbage collection.
     */
    private final int gcPeriod;

    /**
     * Counts number of verification requests performed to schedule garbage collection.
     */
    private int gcCounter = 0;

    /**
     * Maps timestamps to key-nonce pairs.
     */
    private final SortedMap>> tsToKeyNoncePairs = new TreeMap>>();

    /**
     * TODO: Description.
     *
     * @param maxAge   the maximum valid age of a nonce timestamp, in milliseconds.
     * @param gcPeriod verifications to perform on average before performing garbage collection.
     */
    public NonceManager(long maxAge, int gcPeriod) {
        if (maxAge <= 0 || gcPeriod <= 0) {
            throw new IllegalArgumentException();
        }

        this.maxAge = maxAge;
        this.gcPeriod = gcPeriod;
    }

    /**
     * Evaluates the timestamp/nonce combination for validity, storing and/or
     * clearing nonces as required.
     *
     * @param key       the oauth_consumer_key value for a given consumer request
     * @param timestamp the oauth_timestamp value for a given consumer request.
     * @param nonce     the oauth_nonce value for a given consumer request.
     * @return true if the timestamp/nonce are valid.
     */
    public synchronized boolean verify(String key, String timestamp, String nonce) {
        long now = System.currentTimeMillis();

        // convert timestamp to milliseconds since epoch to deal with uniformly
        long stamp = longValue(timestamp) * 1000;

        // invalid timestamp supplied; automatically invalid
        if (stamp + maxAge < now) {
            return false;
        }

        Map> keyToNonces = tsToKeyNoncePairs.get(stamp);
        if (keyToNonces == null) {
            keyToNonces = new HashMap>();
            tsToKeyNoncePairs.put(stamp, keyToNonces);
        }

        Set nonces = keyToNonces.get(key);
        if (nonces == null) {
            nonces = new HashSet();
            keyToNonces.put(key, nonces);
        }

        boolean result = nonces.add(nonce);

        // perform garbage collection if counter is up to established number of passes
        if (++gcCounter >= gcPeriod) {
            gc(now);
        }

        // returns false if nonce already encountered for given timestamp
        return result;
    }

    /**
     * Deletes all nonces older than maxAge.
     * This method is package private (instead of private) for testability purposes.
     *
     * @param now milliseconds since epoch representing "now"
     */
    void gc(long now) {
        gcCounter = 0;
        tsToKeyNoncePairs.headMap(now - maxAge).clear();
    }

    /**
     * Returns number of currently tracked timestamp-key-nonce tuples. The method is used by tests.
     * @return number of currently tracked timestamp-key-nonce tuples.
     */
    long size() {
        long size = 0;
        for (Map> keyToNonces : tsToKeyNoncePairs.values()) {
            size += keyToNonces.values().size();
        }
        return size;
    }

    private static long longValue(String value) {
        try {
            return Long.valueOf(value);
        } catch (NumberFormatException nfe) {
            return -1;
        }
    }
}