Java tutorial
package net.sf.gazpachoquest.rest.auth; /* * Licensed to the Sakai Foundation (SF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The SF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. */ import java.io.DataInputStream; import java.io.DataOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * The <code>TokenStore</code> class provides the secure token hash * implementation used by the {@link FormAuthenticationHandler} to generate, * validate and persist secure tokens. */ class TokenStore { /** * Array of hex characters used by {@link #byteToHex(byte[])} to convert a * byte array to a hex string. */ private static final char[] TOHEX = "0123456789abcdef".toCharArray(); /** * Name of the <code>SecureRandom</code> generator algorithm */ private static final String SHA1PRNG = "SHA1PRNG"; /** * The name of the HMAC function to calculate the hash code of the payload * with the secure token. */ private static final String HMAC_SHA1 = "HmacSHA1"; /** * String encoding to convert byte arrays to strings and vice-versa. */ private static final String UTF_8 = "UTF-8"; /** The number of secret keys in the token buffer currentTokens */ private static final int TOKEN_BUFFER_SIZE = 5; public final Logger log = LoggerFactory.getLogger(TokenStore.class); /** * The ttl of the cookie before it becomes invalid (in ms) */ private final long ttl; /** * The time when a new token should be created. */ private long nextUpdate = System.currentTimeMillis(); /** * The location of the current token. */ private volatile int currentToken = 0; /** * A ring of tokens used to encrypt. */ private volatile SecretKey[] currentTokens; /** * A secure random used for generating new tokens. */ private SecureRandom random; /** The token file to persist the secure tokens */ private File tokenFile; /** A temporary file used to update the secure token file */ private File tmpTokenFile; /** * @throws NoSuchAlgorithmException * @throws InvalidKeyException * @throws UnsupportedEncodingException * @throws IllegalStateException * @throws NullPointerException if <code>tokenFile</code> is * <code>null</code>. */ TokenStore(final File tokenFile, final long sessionTimeout, final boolean fastSeed) throws NoSuchAlgorithmException, InvalidKeyException, IllegalStateException, UnsupportedEncodingException { if (tokenFile == null) { throw new NullPointerException("tokenfile"); } this.random = SecureRandom.getInstance(SHA1PRNG); this.ttl = sessionTimeout; this.tokenFile = tokenFile; this.tmpTokenFile = new File(tokenFile + ".tmp"); // prime the secret keys from persistence loadTokens(); // warm up the crypto API if (fastSeed) { random.setSeed(getFastEntropy()); } else { log.info("Seeding the secure random number generator can take " + "up to several minutes on some operating systems depending " + "upon environment factors. If this is a problem for you, " + "set the system property 'java.security.egd' to " + "'file:/dev/./urandom' or enable the Fast Seed Generator " + "in the Web Console"); } byte[] b = new byte[20]; random.nextBytes(b); final SecretKey secretKey = new SecretKeySpec(b, HMAC_SHA1); final Mac m = Mac.getInstance(HMAC_SHA1); m.init(secretKey); m.update(UTF_8.getBytes(UTF_8)); m.doFinal(); } /** * @param expires * @param userId * @return * @throws UnsupportedEncodingException * @throws IllegalStateException * @throws NoSuchAlgorithmException * @throws InvalidKeyException */ String encode(final long expires, final String userId) throws IllegalStateException, UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException { int token = getActiveToken(); SecretKey key = currentTokens[token]; return encode(expires, userId, token, key); } private String encode(final long expires, final String userId, final int token, final SecretKey key) throws IllegalStateException, UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeyException { String cookiePayload = String.valueOf(token) + String.valueOf(expires) + "@" + userId; Mac m = Mac.getInstance(HMAC_SHA1); m.init(key); m.update(cookiePayload.getBytes(UTF_8)); String cookieValue = byteToHex(m.doFinal()); return cookieValue + "@" + cookiePayload; } /** * Splits the authentication data into the three parts packed together while * encoding the cookie. * * @param authData The authentication data to split in three parts * @return A string array with three elements being the three parts of the * cookie value or <code>null</code> if the input is * <code>null</code> or if the string does not contain (at least) * three '@' separated parts. */ static String[] split(final String authData) { String[] parts = StringUtils.split(authData, "@", 3); if (parts != null && parts.length == 3) { return parts; } return null; } /** * Returns <code>true</code> if the <code>value</code> is a valid secure * token as follows: * <ul> * <li>The string is not <code>null</code></li> * <li>The string contains three fields separated by an @ sign</li> * <li>The expiry time encoded in the second field has not yet passed</li> * <li>The hashing the third field, the expiry time and token number with * the secure token (indicated by the token number) gives the same value as * contained in the first field</li> * </ul> * <p> * Otherwise the method returns <code>false</code>. */ boolean isValid(String value) { String[] parts = split(value); if (parts != null) { // single digit token number int tokenNumber = parts[1].charAt(0) - '0'; if (tokenNumber >= 0 && tokenNumber < currentTokens.length) { long cookieTime = Long.parseLong(parts[1].substring(1)); if (System.currentTimeMillis() < cookieTime) { try { SecretKey secretKey = currentTokens[tokenNumber]; String hmac = encode(cookieTime, parts[2], tokenNumber, secretKey); return value.equals(hmac); } catch (ArrayIndexOutOfBoundsException e) { log.error(e.getMessage(), e); } catch (InvalidKeyException e) { log.error(e.getMessage(), e); } catch (IllegalStateException e) { log.error(e.getMessage(), e); } catch (UnsupportedEncodingException e) { log.error(e.getMessage(), e); } catch (NoSuchAlgorithmException e) { log.error(e.getMessage(), e); } log.error("AuthNCookie value '{}' is invalid", value); } else { log.error("AuthNCookie value '{}' has expired {}ms ago", value, (System.currentTimeMillis() - cookieTime)); } } else { log.error("AuthNCookie value '{}' is invalid: refers to an invalid token number", value, tokenNumber); } } else { log.error("AuthNCookie value '{}' has invalid format", value); } // failed verification, reason is logged return false; } /** * Maintain a circular buffer to tokens, and return the current one. * * @return the current token. */ private synchronized int getActiveToken() { if (System.currentTimeMillis() > nextUpdate || currentTokens[currentToken] == null) { // cycle so that during a typical ttl the tokens get completely // refreshed. nextUpdate = System.currentTimeMillis() + ttl / (currentTokens.length - 1); byte[] b = new byte[20]; random.nextBytes(b); SecretKey newToken = new SecretKeySpec(b, HMAC_SHA1); int nextToken = currentToken + 1; if (nextToken == currentTokens.length) { nextToken = 0; } currentTokens[nextToken] = newToken; currentToken = nextToken; saveTokens(); } return currentToken; } /** * Stores the current set of tokens to the token file */ private void saveTokens() { FileOutputStream fout = null; DataOutputStream keyOutputStream = null; try { File parent = tokenFile.getAbsoluteFile().getParentFile(); log.info("Token File {} parent {} ", tokenFile, parent); if (!parent.exists()) { parent.mkdirs(); } fout = new FileOutputStream(tmpTokenFile); keyOutputStream = new DataOutputStream(fout); keyOutputStream.writeInt(currentToken); keyOutputStream.writeLong(nextUpdate); for (int i = 0; i < currentTokens.length; i++) { if (currentTokens[i] == null) { keyOutputStream.writeInt(0); } else { keyOutputStream.writeInt(1); byte[] b = currentTokens[i].getEncoded(); keyOutputStream.writeInt(b.length); keyOutputStream.write(b); } } keyOutputStream.close(); tmpTokenFile.renameTo(tokenFile); } catch (IOException e) { log.error("Failed to save cookie keys " + e.getMessage()); } finally { try { keyOutputStream.close(); } catch (Exception e) { } try { fout.close(); } catch (Exception e) { } } } /** * Load the current set of tokens from the token file. If reading the tokens * fails or the token file does not exist, tokens will be generated on * demand. */ private void loadTokens() { if (tokenFile.isFile() && tokenFile.canRead()) { FileInputStream fin = null; DataInputStream keyInputStream = null; try { fin = new FileInputStream(tokenFile); keyInputStream = new DataInputStream(fin); int newCurrentToken = keyInputStream.readInt(); long newNextUpdate = keyInputStream.readLong(); SecretKey[] newKeys = new SecretKey[TOKEN_BUFFER_SIZE]; for (int i = 0; i < newKeys.length; i++) { int isNull = keyInputStream.readInt(); if (isNull == 1) { int l = keyInputStream.readInt(); byte[] b = new byte[l]; keyInputStream.read(b); newKeys[i] = new SecretKeySpec(b, HMAC_SHA1); } else { newKeys[i] = null; } } // assign the tokes and schedule a next update nextUpdate = newNextUpdate; currentToken = newCurrentToken; currentTokens = newKeys; } catch (IOException e) { log.error("Failed to load cookie keys " + e.getMessage()); } finally { if (keyInputStream != null) { try { keyInputStream.close(); } catch (IOException e) { } } else if (fin != null) { try { fin.close(); } catch (IOException e) { } } } } // if there was a failure to read the current tokens, create new ones if (currentTokens == null) { currentTokens = new SecretKey[TOKEN_BUFFER_SIZE]; nextUpdate = System.currentTimeMillis(); currentToken = 0; } } /** * Encode a byte array. * * @param base * @return */ private String byteToHex(byte[] base) { char[] c = new char[base.length * 2]; int i = 0; for (byte b : base) { int j = b; j = j + 128; c[i++] = TOHEX[j / 0x10]; c[i++] = TOHEX[j % 0x10]; } return new String(c); } /** * Creates a byte array of entry from the current state of the system: * <ul> * <li>The current system time in milliseconds since the epoch</li> * <li>The number of nanoseconds since system startup</li> * <li>The name, size and last modification time of the files in the * <code>java.io.tmpdir</code> folder.</li> * </ul> * <p> * <b>NOTE</b> This method generates entropy fast but not necessarily * secure enough for seeding the random number generator. * * @return bytes of entropy */ private static byte[] getFastEntropy() { final MessageDigest md; try { md = MessageDigest.getInstance("SHA"); } catch (NoSuchAlgorithmException nsae) { throw new InternalError("internal error: SHA-1 not available."); } // update with XorShifted time values update(md, System.currentTimeMillis()); update(md, System.nanoTime()); // scan the temp file system File file = new File(System.getProperty("java.io.tmpdir")); File[] entries = file.listFiles(); if (entries != null) { for (File entry : entries) { md.update(entry.getName().getBytes()); update(md, entry.lastModified()); update(md, entry.length()); } } return md.digest(); } /** * Updates the message digest with an XOR-Shifted value. * * @param md The MessageDigest to update * @param value The original value to be XOR-Shifted first before taking the * bytes ot update the message digest */ private static void update(final MessageDigest md, long value) { value ^= (value << 21); value ^= (value >>> 35); value ^= (value << 4); for (int i = 0; i < 8; i++) { md.update((byte) value); value >>= 8; } } }