AuthTokenProvider.java

/*
 ###############################################################################
 #                                                                             #
 #    Copyright (C) 2011-2016 OpenMEAP, Inc.                                   #
 #    Credits to Jonathan Schang & Rob Thacher                                 #
 #                                                                             #
 #    Released under the LGPLv3                                                #
 #                                                                             #
 #    OpenMEAP is free software: you can redistribute it and/or modify         #
 #    it under the terms of the GNU Lesser General Public License as published #
 #    by the Free Software Foundation, either version 3 of the License, or     #
 #    (at your option) any later version.                                      #
 #                                                                             #
 #    OpenMEAP is distributed in the hope that it will be useful,              #
 #    but WITHOUT ANY WARRANTY; without even the implied warranty of           #
 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
 #    GNU Lesser General Public License for more details.                      #
 #                                                                             #
 #    You should have received a copy of the GNU Lesser General Public License #
 #    along with OpenMEAP.  If not, see <http://www.gnu.org/licenses/>.        #
 #                                                                             #
 ###############################################################################
 */

package com.openmeap.util;

import java.io.ByteArrayInputStream;
import java.util.Date;

import com.openmeap.digest.DigestException;
import com.openmeap.digest.DigestInputStream;
import com.openmeap.digest.DigestInputStreamFactory;

import com.openmeap.util.UUID;

public class AuthTokenProvider {
	
	private static String AUTH_PARTS_DELIM = ".";
	
	public static String newAuthToken(String authSalt) throws DigestException {
		String authToken = UUID.randomUUID() + AUTH_PARTS_DELIM + new Date().getTime();
		authToken = authToken + "." + getSha1( authSalt+authToken );
		return authToken;
	}
	
	public static boolean validateAuthToken(String authSalt, String authToken) throws DigestException {
		if( authToken==null )
			return false;
		String[] parts = StringUtils.split(authToken,AUTH_PARTS_DELIM);
		if( parts.length!=3 )
			return false;
		
		String[] slice = (String[]) Utils.arraySlice(parts, new String[parts.length-1], 0);
		StringBuffer sb = new StringBuffer();
		boolean firstRun = true;
		for(int i=0; i<slice.length; i++) {
			if( !firstRun ) {
				sb.append(".");
			} else {
				firstRun = false;
			}
			sb.append((String)slice[i]);
		}
		String prefix = sb.toString();
		
		return getSha1( authSalt+prefix ).compareTo(parts[parts.length-1])==0;
	}
	
	private static String getSha1(String value) throws DigestException {
		DigestInputStream sha1 = DigestInputStreamFactory.getDigestInputStream("SHA1");
		sha1.setInputStream(new ByteArrayInputStream(value.getBytes()));
		return Utils.byteArray2Hex(sha1.digest());
	}
}