-
Notifications
You must be signed in to change notification settings - Fork 34
Commit
- Loading branch information
There are no files selected for viewing
Large diffs are not rendered by default.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
package com.enonic.xp.portal.impl; | ||
|
||
import java.nio.charset.StandardCharsets; | ||
import java.security.InvalidKeyException; | ||
import java.security.MessageDigest; | ||
import java.security.NoSuchAlgorithmException; | ||
import java.util.Arrays; | ||
import java.util.Base64; | ||
import java.util.function.Supplier; | ||
|
||
import javax.crypto.Mac; | ||
import javax.crypto.SecretKey; | ||
import javax.crypto.spec.SecretKeySpec; | ||
|
||
import org.osgi.service.component.annotations.Activate; | ||
import org.osgi.service.component.annotations.Component; | ||
import org.osgi.service.component.annotations.Reference; | ||
|
||
import com.google.common.base.Suppliers; | ||
|
||
import com.enonic.xp.context.Context; | ||
import com.enonic.xp.context.ContextAccessor; | ||
import com.enonic.xp.context.ContextBuilder; | ||
import com.enonic.xp.core.internal.HexCoder; | ||
import com.enonic.xp.node.NodePath; | ||
import com.enonic.xp.node.NodeService; | ||
import com.enonic.xp.security.RoleKeys; | ||
import com.enonic.xp.security.SecurityService; | ||
import com.enonic.xp.security.SystemConstants; | ||
import com.enonic.xp.security.auth.AuthenticationInfo; | ||
|
||
@Component(service = RedirectChecksumService.class) | ||
public class RedirectChecksumService | ||
{ | ||
private static final NodePath GENERIC_KEY_PATH = NodePath.create().addElement( "keys" ).addElement( "generic-hmac-sha512" ).build(); | ||
|
||
private final NodeService nodeService; | ||
|
||
/** | ||
* Used to make sure the SecurityInitializer is run before this component is activated. | ||
*/ | ||
@SuppressWarnings("unused") | ||
@Reference | ||
private SecurityService securityService; | ||
|
||
private final Supplier<SecretKey> keySupplier = Suppliers.memoize( this::doGetKey ); | ||
Check warning on line 46 in modules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java Codecov / codecov/patchmodules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java#L46
|
||
|
||
@Activate | ||
public RedirectChecksumService( @Reference final NodeService nodeService ) | ||
{ | ||
this.nodeService = nodeService; | ||
} | ||
Check warning on line 52 in modules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java Codecov / codecov/patchmodules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java#L50-L52
|
||
|
||
private SecretKey doGetKey() | ||
{ | ||
final String storedKey = | ||
createSystemContext().callWith( () -> nodeService.getByPath( GENERIC_KEY_PATH ) ).data().getString( "key" ); | ||
return new SecretKeySpec( Base64.getDecoder().decode( storedKey ), "HmacSHA512" ); | ||
Check warning on line 58 in modules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java Codecov / codecov/patchmodules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java#L57-L58
|
||
} | ||
|
||
public String generateChecksum( final String redirect ) | ||
{ | ||
final SecretKey key = keySupplier.get(); | ||
Check warning on line 63 in modules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java Codecov / codecov/patchmodules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java#L63
|
||
final Mac mac; | ||
try | ||
{ | ||
mac = Mac.getInstance( key.getAlgorithm() ); | ||
mac.init( key ); | ||
Check warning on line 68 in modules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java Codecov / codecov/patchmodules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java#L67-L68
|
||
} | ||
catch ( NoSuchAlgorithmException | InvalidKeyException e ) | ||
Check warning on line 70 in modules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java Codecov / codecov/patchmodules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java#L70
|
||
{ | ||
throw new IllegalStateException( e ); | ||
} | ||
Check warning on line 73 in modules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java Codecov / codecov/patchmodules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java#L72-L73
|
||
|
||
return HexCoder.toHex( Arrays.copyOf( mac.doFinal( redirect.getBytes( StandardCharsets.UTF_8 ) ), 20 ) ); | ||
Check warning on line 75 in modules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java Codecov / codecov/patchmodules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java#L75
|
||
} | ||
|
||
public boolean verifyChecksum( final String redirect, final String checksum ) | ||
{ | ||
final String expectedTicket = generateChecksum( redirect ); | ||
return MessageDigest.isEqual( expectedTicket.getBytes( StandardCharsets.ISO_8859_1 ), | ||
checksum.getBytes( StandardCharsets.ISO_8859_1 ) ); | ||
Check warning on line 82 in modules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java Codecov / codecov/patchmodules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java#L80-L82
|
||
} | ||
|
||
private static Context createSystemContext() | ||
{ | ||
return ContextBuilder.from( ContextAccessor.current() ) | ||
.authInfo( AuthenticationInfo.copyOf( ContextAccessor.current().getAuthInfo() ).principals( RoleKeys.ADMIN ).build() ) | ||
.repositoryId( SystemConstants.SYSTEM_REPO_ID ) | ||
.branch( SystemConstants.BRANCH_SYSTEM ) | ||
.build(); | ||
Check warning on line 91 in modules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java Codecov / codecov/patchmodules/portal/portal-impl/src/main/java/com/enonic/xp/portal/impl/RedirectChecksumService.java#L87-L91
|
||
} | ||
} |