cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: Some modifications to Hawk token nonce verification code, more is needed
Date Wed, 05 Nov 2014 16:17:55 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 7a5d8184f -> d6b88f980


Some modifications to Hawk token nonce verification code, more is needed


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d6b88f98
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d6b88f98
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d6b88f98

Branch: refs/heads/3.0.x-fixes
Commit: d6b88f98091501fb8009b8394fe0e3e22d4db12a
Parents: 7a5d818
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Nov 5 16:16:51 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Nov 5 16:17:39 2014 +0000

----------------------------------------------------------------------
 .../rs/security/oauth2/tokens/hawk/Nonce.java   | 11 +++++++-
 .../oauth2/tokens/hawk/NonceHistory.java        | 28 +++++++-------------
 .../security/oauth2/tokens/hawk/NonceStore.java |  2 +-
 .../oauth2/tokens/hawk/NonceVerifierImpl.java   | 23 +++++-----------
 4 files changed, 28 insertions(+), 36 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d6b88f98/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/Nonce.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/Nonce.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/Nonce.java
index 1669001..b87d959 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/Nonce.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/Nonce.java
@@ -25,7 +25,7 @@ public class Nonce implements Serializable {
     private static final long serialVersionUID = -6164115071533503490L;
 
     private String nonceString;
-    private long ts;
+    private Long ts;
 
     public Nonce(String nonce, long ts) {
         this.nonceString = nonce;
@@ -39,4 +39,13 @@ public class Nonce implements Serializable {
     public long getTs() {
         return ts;
     }
+    
+    public int hashCode() {
+        return nonceString.hashCode() + 37 * ts.hashCode();
+    }
+    public boolean equals(Object o) {
+        return o instanceof Nonce 
+            && this.nonceString.equals(((Nonce)o).nonceString)
+            && this.ts.equals(((Nonce)o).ts);
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/d6b88f98/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceHistory.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceHistory.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceHistory.java
index cb95e9c..99b6137 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceHistory.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceHistory.java
@@ -19,42 +19,34 @@
 package org.apache.cxf.rs.security.oauth2.tokens.hawk;
 
 import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
+import java.util.Collections;
+import java.util.LinkedHashSet;
+import java.util.Set;
 
 public class NonceHistory implements Serializable {
 
     private static final long serialVersionUID = -6404833046910698956L;
 
     private final long requestTimeDelta;
-    private final List<Nonce> nonceList = new ArrayList<Nonce>();
+    private final Set<Nonce> nonceList = Collections.synchronizedSet(new LinkedHashSet<Nonce>());
 
     public NonceHistory(long requestTimeDelta, Nonce nonce) {
         this.requestTimeDelta = requestTimeDelta;
         nonceList.add(nonce);
     }
 
-    public void addNonce(Nonce nonce) {
-        nonceList.add(nonce);
+    public boolean addNonce(Nonce nonce) {
+        return nonceList.add(nonce);
     }
 
     public long getRequestTimeDelta() {
         return requestTimeDelta;
     }
 
-    public List<Nonce> getNonceList() {
-        return nonceList;
-    }
-
-    public Collection<Nonce> findMatchingNonces(String nonceString, long ts) {
-        List<Nonce> nonceMatches = new ArrayList<Nonce>();
-        for (Nonce nonce : getNonceList()) {
-            if (nonce.getNonceString().equals(nonceString) && nonce.getTs() == ts)
{
-                nonceMatches.add(nonce);
-            }
-        }
-        return nonceMatches;
+    public Set<Nonce> getNonces() {
+        return Collections.unmodifiableSet(nonceList);
     }
+    
+    
 
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/d6b88f98/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceStore.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceStore.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceStore.java
index 7a55d39..18199ee 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceStore.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceStore.java
@@ -20,7 +20,7 @@ package org.apache.cxf.rs.security.oauth2.tokens.hawk;
 
 public interface NonceStore {
 
-    void storeNonce(String tokenKey, Nonce nonce, long requestTimeDelta);
+    void initNonceHistory(String tokenKey, Nonce nonce, long requestTimeDelta);
 
     NonceHistory getNonceHistory(String tokenKey);
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/d6b88f98/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceVerifierImpl.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceVerifierImpl.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceVerifierImpl.java
index 785f6ef..4ce1f36 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceVerifierImpl.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/NonceVerifierImpl.java
@@ -23,7 +23,7 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 
 public class NonceVerifierImpl implements NonceVerifier {
     private NonceStore nonceStore;
-    private long allowedWindow; // 2000 ms
+    private long allowedWindow;
 
     public void verifyNonce(String tokenKey, String clientNonceString, String clientTimestampString)

         throws OAuthServiceException {
@@ -34,26 +34,17 @@ public class NonceVerifierImpl implements NonceVerifier {
         }
         
         long serverClock = System.currentTimeMillis();
+        long clientTimestamp = Long.valueOf(clientTimestampString);
         NonceHistory nonceHistory = nonceStore.getNonceHistory(tokenKey);
-        boolean firstTimeRequest = false;
+        Nonce nonce = new Nonce(clientNonceString, clientTimestamp);
         if (nonceHistory == null) {
-            firstTimeRequest = true;
-        }
-        long clientTimestamp = Long.valueOf(clientTimestampString);
-        if (firstTimeRequest) {
             long requestTimeDelta = serverClock - clientTimestamp;
-            Nonce nonce = new Nonce(clientNonceString, clientTimestamp);
-            nonceStore.storeNonce(tokenKey, nonce, requestTimeDelta);
+            nonceStore.initNonceHistory(tokenKey, nonce, requestTimeDelta);
         } else {
             checkAdjustedRequestTime(serverClock, clientTimestamp, nonceHistory);
-            checkNonceHistory(nonceHistory, clientNonceString, clientTimestamp);
-        }
-    }
-
-    private static void checkNonceHistory(NonceHistory nonceHistory, final String clientNonceString,
-                                          final long ts) throws OAuthServiceException {
-        if (!nonceHistory.findMatchingNonces(clientNonceString, ts).isEmpty()) {
-            throw new OAuthServiceException("Duplicate nonce");
+            if (!nonceHistory.addNonce(nonce)) {
+                throw new OAuthServiceException("Duplicate nonce");
+            }
         }
     }
 


Mime
View raw message