HashLockedDomainService.java example

Explorer
Shindig-master
- shindig-1.0.x
  - java
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */
package org.apache.shindig.gadgets;

import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.util.Base32;
import org.apache.shindig.gadgets.spec.GadgetSpec;

import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import com.google.inject.name.Named;

import org.apache.commons.codec.digest.DigestUtils;

import java.util.Collection;
import java.util.Map;
import java.util.logging.Logger;

/**
 * Locked domain implementation based on sha1.
 *
 * The generated domain takes the form:
 *
 * base32(sha1(gadget url)).
 *
 * Other domain locking schemes are possible as well.
 */
@Singleton
public class HashLockedDomainService implements LockedDomainService {
  private static final Logger LOG = Logger.getLogger(HashLockedDomainService.class.getName());
  private final boolean enabled;
  private final Map<String, String> lockedSuffixes;
  private final Map<String, Boolean> required;

  public static final String LOCKED_DOMAIN_REQUIRED_KEY = "gadgets.lockedDomainRequired";
  public static final String LOCKED_DOMAIN_SUFFIX_KEY = "gadgets.lockedDomainSuffix";

  /**
   * Create a LockedDomainService
   * @param config per-container configuration
   * @param enabled whether this service should do anything at all.
   */
  @Inject
  public HashLockedDomainService(ContainerConfig config,
                                 @Named("shindig.locked-domain.enabled") boolean enabled) {
    this.enabled = enabled;
    lockedSuffixes = Maps.newHashMap();
    required = Maps.newHashMap();
    Collection<String> containers = config.getContainers();
    if (enabled) {
      for (String container : containers) {
        String suffix = config.get(container, LOCKED_DOMAIN_SUFFIX_KEY);
        if (suffix == null) {
          LOG.warning("No locked domain configuration for " + container);
        } else {
          lockedSuffixes.put(container, suffix);
        }

        String require = config.get(container, LOCKED_DOMAIN_REQUIRED_KEY);
        required.put(container, Boolean.parseBoolean(require));
      }
    }
  }

  public boolean isEnabled() {
    return enabled;
  }

  public boolean isSafeForOpenProxy(String host) {
    if (enabled) {
      return !hostRequiresLockedDomain(host);
    }
    return true;
  }

  public boolean gadgetCanRender(String host, GadgetSpec gadget, String container) {
    container = normalizeContainer(container);
    if (enabled) {
      if (gadgetWantsLockedDomain(gadget) ||
          hostRequiresLockedDomain(host) ||
          containerRequiresLockedDomain(container)) {
        String neededHost = getLockedDomain(gadget, container);
        return host.equals(neededHost);
      }
    }
    return true;
  }

  public String getLockedDomainForGadget(GadgetSpec gadget, String container) {
    container = normalizeContainer(container);
    if (enabled) {
      if (gadgetWantsLockedDomain(gadget) ||
          containerRequiresLockedDomain(container)) {
        return getLockedDomain(gadget, container);
      }
    }
    return null;
  }

  private String getLockedDomain(GadgetSpec gadget, String container) {
    String suffix = lockedSuffixes.get(container);
    if (suffix == null) {
      return null;
    }
    byte[] sha1 = DigestUtils.sha(gadget.getUrl().toString());
    String hash = new String(Base32.encodeBase32(sha1));
    return hash + suffix;
  }

  private boolean gadgetWantsLockedDomain(GadgetSpec gadget) {
    return gadget.getModulePrefs().getFeatures().containsKey("locked-domain");
  }

  private boolean hostRequiresLockedDomain(String host) {
    for (String suffix : lockedSuffixes.values()) {
      if (host.endsWith(suffix)) {
        return true;
      }
    }
    return false;
  }

  private boolean containerRequiresLockedDomain(String container) {
    return required.get(container);
  }

  private String normalizeContainer(String container) {
    if (required.containsKey(container)) {
      return container;
    }
    return ContainerConfig.DEFAULT_CONTAINER;
  }
}