Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
/*
* Copyright (C) 2016 Red Hat, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.syndesis.rest.v1.state;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.time.Instant;
import java.util.Base64;
import java.util.Base64.Decoder;
import java.util.Base64.Encoder;
import java.util.Collection;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.function.LongSupplier;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
import com.fasterxml.jackson.databind.ObjectWriter;
import io.syndesis.credential.CredentialModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Persists given state on the client with these properties:
*
*
State remains opaque (encrypted) so client cannot determine what is
* stored
*
State tampering is detected by using MAC
*
State timeout is enforced (default 15min)
*
*
* Given a {@link KeySource} construct {@link ClientSideState} as:
* {@code new ClientSideState(keySource)}, and then persist state into HTTP
* Cookie with {@link #persist(String, String, Object)} method, and restore the
* state with {@link #restoreFrom(Cookie, Class)} method.
*
* The implementation follows the
* RFC6896 Secure Cookie
* Sessions for HTTP.
*/
public final class ClientSideState {
// 15 min
public static final long DEFAULT_TIMEOUT = 15 * 60;
private static final Decoder DECODER = Base64.getUrlDecoder();
private static final Encoder ENCODER = Base64.getUrlEncoder().withoutPadding();
private static final int IV_LEN = 16;
private static final Logger LOG = LoggerFactory.getLogger(ClientSideState.class);
private static final ObjectMapper MAPPER = new ObjectMapper().registerModule(new CredentialModule());
private final BiFunction, byte[], Object> deserialization;
private final Edition edition;
private final Supplier ivSource;
private final Function