package org.apache.shindig.auth;
import java.util.Map;
import org.apache.commons.lang.Validate;
import org.apache.shindig.common.crypto.BlobCrypter;
import org.apache.shindig.common.crypto.BlobCrypterException;
/** Implementation of token decoder.
*
* This is an implementation of SecurityTokenCodec that can be configured with
* an external BlobCrypter, instead of creating itself the crypters with
* information from ContainerConfig, as the default token decoder does.
*
* The BlobCrypter created by the default codec can only obtain the password
* from a file.
*
* This is a hack because shindig's BlobCrypterSecurityToken#decrypt is package
* access.
*
* @see {@link org.apache.shindig.auth.BlobCrypterSecurityTokenDecoder}
*
* @author waabox (emiliano[dot]arango[at]globant[dot]com)
*/
public class KatariBlobCrypterSecurityTokenDecoder
implements SecurityTokenCodec {
/** {@link String} the name of the domain related with this decoder.
* Never null.
*/
private final String domain;
/** {@link BlobCrypter}.
* Never null.
*/
private final BlobCrypter crypter;
/** Constructor.
*
* @param containerDomain {@linkString} the domain related with this decoder.
* Can not be empty.
* @param blobCrypter {@link BlobCrypter} the token crypter. Can not be null.
*/
public KatariBlobCrypterSecurityTokenDecoder(final String containerDomain,
final BlobCrypter blobCrypter) {
Validate.notEmpty(containerDomain, "domain can not be blank");
Validate.notNull(blobCrypter, "blobCrypter can not be blank");
domain = containerDomain;
crypter = blobCrypter;
}
/** @see org.apache.shindig.auth.SecurityTokenDecoder#createToken(
* java.util.Map)
*
* @param tokenParameters {@link Map<String, String>} can not be empty.
*
* @return {@link SecurityToken} if the token is null will return the
* implementation: {@link AnonymousSecurityToken}
*
* @throws SecurityTokenException if can not decrypt the given token.
*/
public SecurityToken createToken(final Map<String, String> tokenParameters)
throws SecurityTokenException {
Validate.notNull(tokenParameters);
String token = tokenParameters.get(SECURITY_TOKEN_NAME);
if (token == null || token.trim().length() == 0) {
return new AnonymousSecurityToken();
}
String[] fields = token.split(":");
if (fields.length != 2) {
throw new SecurityTokenException("Invalid security token " + token);
}
String container = fields[0];
String activeUrl = tokenParameters.get(ACTIVE_URL_NAME);
String crypted = fields[1];
try {
return BlobCrypterSecurityToken.decrypt(
crypter, container, domain, crypted, activeUrl);
} catch (BlobCrypterException e) {
throw new SecurityTokenException(e);
}
}
public String encodeToken(final SecurityToken token)
throws SecurityTokenException {
if (!(token instanceof BlobCrypterSecurityToken)) {
throw new SecurityTokenException(
"Can only encode BlogCrypterSecurityTokens");
}
BlobCrypterSecurityToken t = (BlobCrypterSecurityToken) token;
try {
return t.encrypt();
} catch (BlobCrypterException e) {
throw new SecurityTokenException(e);
}
}
}