Java tutorial
/** * personium.io * Copyright 2014 FUJITSU LIMITED * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package io.personium.common.auth.token; import java.io.UnsupportedEncodingException; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.lang.CharEncoding; import org.apache.commons.lang.StringUtils; import io.personium.common.utils.PersoniumCoreUtils; /** * Cell Local Token ???. */ public abstract class LocalToken extends AbstractOAuth2Token { /** * AES/CBC/PKCS5Padding. */ public static final String AES_CBC_PKCS5_PADDING = "AES/CBC/PKCS5Padding"; private static final String SEPARATOR = "\t"; static final int IV_BYTE_LENGTH = 16; private static byte[] keyBytes; private static SecretKey aesKey; /** * Key??? * @param keyString . */ public static void setKeyString(String keyString) { keyBytes = keyString.getBytes(); // 16/24/32???? aesKey = new SecretKeySpec(keyBytes, "AES"); } /** * ?????. * @param issuedAt (epoch??) * @param lifespan () * @param issuer * @param subject * @param schema */ public LocalToken(final long issuedAt, final long lifespan, final String issuer, final String subject, final String schema) { this.issuedAt = issuedAt; this.lifespan = lifespan; this.issuer = issuer; this.subject = subject; this.schema = schema; } final String doCreateTokenString(final String[] contents) { StringBuilder raw = new StringBuilder(); // ?Epoch????????????? String iaS = Long.toString(this.issuedAt); String iaSr = StringUtils.reverse(iaS); raw.append(iaSr); raw.append(SEPARATOR); raw.append(Long.toString(this.lifespan)); raw.append(SEPARATOR); raw.append(this.subject); raw.append(SEPARATOR); if (this.schema != null) { raw.append(this.schema); } if (contents != null) { for (String cont : contents) { raw.append(SEPARATOR); if (cont != null) { raw.append(cont); } } } raw.append(SEPARATOR); raw.append(this.issuer); return encode(raw.toString(), getIvBytes(issuer)); } /** * ?Issuer???IV(Initial Vector)??????. * IV???issuer????????? ?????Issuer??????? * @param issuer Issuer URL * @return Initial Vector? Byte? */ protected static byte[] getIvBytes(final String issuer) { try { return StringUtils.reverse("123456789abcdefg" + issuer).substring(0, IV_BYTE_LENGTH) .getBytes(CharEncoding.UTF_8); } catch (UnsupportedEncodingException e) { throw new RuntimeException(e); } } /** * ?. * @param token * @param issuer * @param numFields * @return ?? * @throws AbstractOAuth2Token.TokenParseException ?????? */ static String[] doParse(final String token, final String issuer, final int numFields) throws AbstractOAuth2Token.TokenParseException { String tokenDecoded = decode(token, getIvBytes(issuer)); String[] frag = tokenDecoded.split(SEPARATOR); // ???????? if (frag.length != numFields || !issuer.equals(frag[numFields - 1])) { throw AbstractOAuth2Token.PARSE_EXCEPTION; } return frag; } /** * ??. * @param in * @param ivBytes * @return ??? */ public static String encode(final String in, final byte[] ivBytes) { // IV??CELL?URL?????? Cipher cipher; try { cipher = Cipher.getInstance(AES_CBC_PKCS5_PADDING); cipher.init(Cipher.ENCRYPT_MODE, aesKey, new IvParameterSpec(ivBytes)); byte[] cipherBytes = cipher.doFinal(in.getBytes(CharEncoding.UTF_8)); return PersoniumCoreUtils.encodeBase64Url(cipherBytes); } catch (Exception e) { throw new RuntimeException(e); } } /** * ??. * @param in ? * @param ivBytes * @return ??? * @throws AbstractOAuth2Token.TokenParseException */ public static String decode(final String in, final byte[] ivBytes) throws AbstractOAuth2Token.TokenParseException { byte[] inBytes = PersoniumCoreUtils.decodeBase64Url(in); Cipher cipher; try { cipher = Cipher.getInstance(AES_CBC_PKCS5_PADDING); } catch (NoSuchAlgorithmException e) { throw AbstractOAuth2Token.PARSE_EXCEPTION; } catch (NoSuchPaddingException e) { throw AbstractOAuth2Token.PARSE_EXCEPTION; } try { cipher.init(Cipher.DECRYPT_MODE, aesKey, new IvParameterSpec(ivBytes)); } catch (InvalidKeyException e) { throw AbstractOAuth2Token.PARSE_EXCEPTION; } catch (InvalidAlgorithmParameterException e) { throw AbstractOAuth2Token.PARSE_EXCEPTION; } byte[] plainBytes; try { plainBytes = cipher.doFinal(inBytes); } catch (IllegalBlockSizeException e) { throw AbstractOAuth2Token.PARSE_EXCEPTION; } catch (BadPaddingException e) { throw AbstractOAuth2Token.PARSE_EXCEPTION; } try { return new String(plainBytes, CharEncoding.UTF_8); } catch (UnsupportedEncodingException e) { throw AbstractOAuth2Token.PARSE_EXCEPTION; } } }