[Statelessfilter-commits] SF.net SVN: statelessfilter:[115] trunk/stateless-cookie-aes/src/main/jav
Status: Beta
Brought to you by:
nricheton
Menu
▾
▴
[Statelessfilter-commits] SF.net SVN: statelessfilter:[115] trunk/stateless-cookie-aes/src/main/java/ net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java
Revision: 115
http://sourceforge.net/p/statelessfilter/code/115
Author: nricheton
Date: 2013-10-24 08:33:06 +0000 (Thu, 24 Oct 2013)
Log Message:
-----------
Enable signing
Modified Paths:
--------------
trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java
Modified: trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java
===================================================================
--- trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java 2013-10-24 08:24:50 UTC (rev 114)
+++ trunk/stateless-cookie-aes/src/main/java/net/sourceforge/statelessfilter/backend/aescookie/AESCookieBackend.java 2013-10-24 08:33:06 UTC (rev 115)
@@ -25,6 +25,7 @@
import java.security.SignatureException;
import java.util.List;
import java.util.Map;
+import java.util.UUID;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
@@ -62,180 +63,171 @@
*
*/
public class AESCookieBackend extends CookieBackendSupport {
- private static final String DESERIALIZE_ERROR = "Cannot deserialize session. A new one will be created"; //$NON-NLS-1$
- private static final String ENCRYPTION = "AES"; //$NON-NLS-1$
- private static final String ENCRYPTION_WITH_PARAM = "AES/CBC/PKCS5Padding"; //$NON-NLS-1$
- private static final String ID = "aescookie"; //$NON-NLS-1$
- private static final String PARAM_COMPRESS = "compress"; //$NON-NLS-1$
- private static final String PARAM_IV = "iv"; //$NON-NLS-1$
- private static final String PARAM_KEY = "key"; //$NON-NLS-1$
- private static final String SEPARATOR = "B"; //$NON-NLS-1$
- private boolean compress = true;
- private IvParameterSpec iv = null;
- Logger logger = LoggerFactory.getLogger(AESCookieBackend.class);
- private SecretKeySpec secretKey = null;
+ private static final String DESERIALIZE_ERROR = "Cannot deserialize session. A new one will be created"; //$NON-NLS-1$
+ private static final String ENCRYPTION = "AES"; //$NON-NLS-1$
+ private static final String ENCRYPTION_WITH_PARAM = "AES/CBC/PKCS5Padding"; //$NON-NLS-1$
+ private static final String ID = "aescookie"; //$NON-NLS-1$
+ private static final String PARAM_COMPRESS = "compress"; //$NON-NLS-1$
+ private static final String PARAM_IV = "iv"; //$NON-NLS-1$
+ private static final String PARAM_KEY = "key"; //$NON-NLS-1$
+ private static final String SEPARATOR = "B"; //$NON-NLS-1$
+ private static final Object PARAM_SIGN_SECRET = "secret";
+ private boolean compress = true;
+ private IvParameterSpec iv = null;
+ Logger logger = LoggerFactory.getLogger(AESCookieBackend.class);
+ private SecretKeySpec secretKey = null;
+ private String signSecret;
- public AESCookieBackend() {
- setCookieName("es"); //$NON-NLS-1$
- }
+ public AESCookieBackend() {
+ setCookieName("es"); //$NON-NLS-1$
+ }
- /**
- * @see com.capgemini.stateless.backend.plaincookie.ISessionBackend#destroy()
- */
- @Override
- public void destroy() {
- // Nothing to do
- }
+ /**
+ * @see com.capgemini.stateless.backend.plaincookie.ISessionBackend#destroy()
+ */
+ @Override
+ public void destroy() {
+ // Nothing to do
+ }
- private byte[] getEncryptionBytes(String data, int length) {
- byte[] keyRaw = new byte[length];
- for (int i = 0; i < length; i++) {
- keyRaw[i] = 0;
- }
+ private byte[] getEncryptionBytes(String data, int length) {
+ byte[] keyRaw = new byte[length];
+ for (int i = 0; i < length; i++) {
+ keyRaw[i] = 0;
+ }
- byte[] dataRaw = Base64.decodeBase64(data);
- System.arraycopy(dataRaw, 0, keyRaw, 0,
- dataRaw.length > length ? length : dataRaw.length);
+ byte[] dataRaw = Base64.decodeBase64(data);
+ System.arraycopy(dataRaw, 0, keyRaw, 0, dataRaw.length > length ? length : dataRaw.length);
- return keyRaw;
- }
+ return keyRaw;
+ }
- /**
- * @see com.capgemini.stateless.backend.plaincookie.ISessionBackend#getId()
- */
- @Override
- public String getId() {
- return ID;
- }
+ /**
+ * @see com.capgemini.stateless.backend.plaincookie.ISessionBackend#getId()
+ */
+ @Override
+ public String getId() {
+ return ID;
+ }
- /**
- * Loads key and iv for encryption and performs normal init.
- *
- * @throws Exception
- * @see com.capgemini.stateless.backend.plaincookie.ISessionBackend#init(java.util.Map)
- */
- @Override
- public void init(Map<String, String> config) throws Exception {
- super.init(config);
+ /**
+ * Loads key and iv for encryption and performs normal init.
+ *
+ * @throws Exception
+ * @see com.capgemini.stateless.backend.plaincookie.ISessionBackend#init(java.util.Map)
+ */
+ @Override
+ public void init(Map<String, String> config) throws Exception {
+ super.init(config);
+ this.compress = Boolean.parseBoolean(StringUtils.defaultIfEmpty(config.get(PARAM_COMPRESS), "true"));
+ this.signSecret = StringUtils.defaultIfEmpty(config.get(PARAM_SIGN_SECRET), UUID.randomUUID().toString());
+ if (logger.isInfoEnabled()) {
+ logger.info("Cookie name: '" + cookieName + "', compression: '" //$NON-NLS-1$//$NON-NLS-2$
+ + this.compress + "'"); //$NON-NLS-1$
+ }
- String compress = config.get(PARAM_COMPRESS);
- if (!StringUtils.isEmpty(compress)) {
- this.compress = Boolean.parseBoolean(compress);
- }
+ // AES configuration
+ String key = config.get(PARAM_KEY);
+ String iv = config.get(PARAM_IV);
- if (logger.isInfoEnabled()) {
- logger.info("Cookie name: '" + cookieName + "', compression: '" //$NON-NLS-1$//$NON-NLS-2$
- + this.compress + "'"); //$NON-NLS-1$
- }
+ if (StringUtils.isEmpty(key) || StringUtils.isEmpty(iv)) {
+ throw new Exception(ID
+ + "." + PARAM_KEY + " or " + ID + "." + PARAM_IV + " parameter missing in /stateless.properties."); //$NON-NLS-1$
+ }
- String key = config.get(PARAM_KEY);
- String iv = config.get(PARAM_IV);
+ secretKey = new SecretKeySpec(getEncryptionBytes(key, 16), ENCRYPTION);
+ this.iv = new IvParameterSpec(getEncryptionBytes(iv, 16));
- if (StringUtils.isEmpty(key) || StringUtils.isEmpty(iv)) {
- throw new Exception(
- ID
- + "." + PARAM_KEY + " or " + ID + "." + PARAM_IV + " parameter missing in /stateless.properties."); //$NON-NLS-1$
- }
+ }
- secretKey = new SecretKeySpec(getEncryptionBytes(key, 16), ENCRYPTION);
- this.iv = new IvParameterSpec(getEncryptionBytes(iv, 16));
+ /**
+ * @see com.capgemini.stateless.backend.plaincookie.ISessionBackend#restore(javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public ISessionData restore(HttpServletRequest request) {
- }
+ try {
+ byte[] data = getCookieData(request, null, true, this.signSecret);
- /**
- * @see com.capgemini.stateless.backend.plaincookie.ISessionBackend#restore(javax.servlet.http.HttpServletRequest)
- */
- @Override
- public ISessionData restore(HttpServletRequest request) {
+ if (data != null) {
+ int index = ArrayUtils.indexOf(data, SEPARATOR.getBytes()[0]);
- try {
- byte[] data = getCookieData(request, null);
+ int size = Integer.parseInt(new String(ArrayUtils.subarray(data, 0, index)));
+ data = ArrayUtils.subarray(data, index + 1, data.length);
- if (data != null) {
- int index = ArrayUtils.indexOf(data, SEPARATOR.getBytes()[0]);
+ Cipher decryptCipher = Cipher.getInstance(ENCRYPTION_WITH_PARAM);
+ decryptCipher.init(Cipher.DECRYPT_MODE, secretKey, iv);
+ data = decryptCipher.doFinal(data);
- int size = Integer.parseInt(new String(ArrayUtils.subarray(
- data, 0, index)));
- data = ArrayUtils.subarray(data, index + 1, data.length);
+ data = ArrayUtils.subarray(data, 0, size + 1);
- Cipher decryptCipher = Cipher
- .getInstance(ENCRYPTION_WITH_PARAM);
- decryptCipher.init(Cipher.DECRYPT_MODE, secretKey, iv);
- data = decryptCipher.doFinal(data);
+ InputStream inputStream = new ByteArrayInputStream(data);
+ if (compress) {
+ inputStream = new GZIPInputStream(inputStream);
+ }
- data = ArrayUtils.subarray(data, 0, size + 1);
+ ObjectInputStream ois = new ObjectInputStream(inputStream);
+ CookieDataSupport s = (CookieDataSupport) ois.readObject();
- InputStream inputStream = new ByteArrayInputStream(data);
- if (compress) {
- inputStream = new GZIPInputStream(inputStream);
- }
+ if (s.isValid() && s.getRemoteAddress().equals(getFullRemoteAddr(request))) {
+ return s;
+ }
+ }
+ } catch (Exception e) {
+ logger.info(DESERIALIZE_ERROR, e);
+ }
- ObjectInputStream ois = new ObjectInputStream(inputStream);
- CookieDataSupport s = (CookieDataSupport) ois.readObject();
+ return null;
+ }
- if (s.isValid()
- && s.getRemoteAddress().equals(
- getFullRemoteAddr(request))) {
- return s;
- }
- }
- } catch (Exception e) {
- logger.info(DESERIALIZE_ERROR, e);
- }
+ /**
+ * @see net.sourceforge.statelessfilter.backend.support.CookieBackendSupport#save(net.sourceforge.statelessfilter.backend.ISessionData,
+ * java.util.List, javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void save(ISessionData session, List<String> dirtyAttributes, HttpServletRequest request,
+ HttpServletResponse response) throws IOException {
- return null;
- }
+ try {
+ if (session != null) {
+ CookieDataSupport cookieData = new CookieDataSupport(session);
+ cookieData.setRemoteAddress(getFullRemoteAddr(request));
- /**
- * @see net.sourceforge.statelessfilter.backend.support.CookieBackendSupport#save(net.sourceforge.statelessfilter.backend.ISessionData,
- * java.util.List, javax.servlet.http.HttpServletRequest,
- * javax.servlet.http.HttpServletResponse)
- */
- @Override
- public void save(ISessionData session, List<String> dirtyAttributes,
- HttpServletRequest request, HttpServletResponse response)
- throws IOException {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ OutputStream outputStream = baos;
+ if (compress) {
+ outputStream = new GZIPOutputStream(outputStream);
+ }
- try {
- if (session != null) {
- CookieDataSupport cookieData = new CookieDataSupport(session);
- cookieData.setRemoteAddress(getFullRemoteAddr(request));
+ ObjectOutputStream oos = new ObjectOutputStream(outputStream);
+ oos.writeObject(cookieData);
+ oos.close();
+ outputStream.close();
+ baos.close();
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- OutputStream outputStream = baos;
- if (compress) {
- outputStream = new GZIPOutputStream(outputStream);
- }
+ byte[] data;
+ try {
+ Cipher encryptCipher = Cipher.getInstance(ENCRYPTION_WITH_PARAM);
+ encryptCipher.init(Cipher.ENCRYPT_MODE, secretKey, iv);
+ data = encryptCipher.doFinal(baos.toByteArray());
+ } catch (Exception e) {
+ throw new IOException(e.getMessage());
+ }
- ObjectOutputStream oos = new ObjectOutputStream(outputStream);
- oos.writeObject(cookieData);
- oos.close();
- outputStream.close();
- baos.close();
+ byte[] size = (data.length + SEPARATOR).getBytes();
- byte[] data;
- try {
- Cipher encryptCipher = Cipher
- .getInstance(ENCRYPTION_WITH_PARAM);
- encryptCipher.init(Cipher.ENCRYPT_MODE, secretKey, iv);
- data = encryptCipher.doFinal(baos.toByteArray());
- } catch (Exception e) {
- throw new IOException(e.getMessage());
- }
+ setCookieData(request, response, ArrayUtils.addAll(size, data), true, this.signSecret);
- byte[] size = (data.length + SEPARATOR).getBytes();
+ if (logger.isDebugEnabled()) {
+ logger.debug("Cookie size : " + ArrayUtils.addAll(size, data).length); //$NON-NLS-1$
+ }
- setCookieData(request, response, ArrayUtils.addAll(size, data));
-
- if (logger.isDebugEnabled()) {
- logger.debug("Cookie size : " + ArrayUtils.addAll(size, data).length); //$NON-NLS-1$
- }
-
- } else {
- setCookieData(request, response, null);
- }
- } catch (SignatureException e) {
- throw new IOException(e);
- }
- }
+ } else {
+ setCookieData(request, response, null, true, this.signSecret);
+ }
+ } catch (SignatureException e) {
+ throw new IOException(e);
+ }
+ }
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
