InMemoryNonceServices.java example

Explorer
spring-security-oauth-master
/*
 * Copyright 2008 Web Cohesion
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.security.oauth.provider.nonce;

import java.util.Iterator;
import java.util.TreeSet;

import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.oauth.provider.ConsumerDetails;

/**
 * Expands on the {@link org.springframework.security.oauth.provider.nonce.ExpiringTimestampNonceServices} to include
 * validation of the nonce for replay protection.
 * 
 * To validate the nonce, the InMemoryNonceService first validates the consumer key and timestamp as does the
 * {@link org.springframework.security.oauth.provider.nonce.ExpiringTimestampNonceServices}. Assuming the consumer and
 * timestamp are valid, the InMemoryNonceServices further ensures that the specified nonce was not used with the
 * specified timestamp within the specified validity window. The list of nonces used within the validity window is kept
 * in memory.
 *
 * Note: the default validity window in this class is different from the one used in
 * {@link org.springframework.security.oauth.provider.nonce.ExpiringTimestampNonceServices}. The reason for this is that
 * this class has a per request memory overhead. Keeping the validity window short helps prevent wasting a lot of
 * memory. 10 minutes that allows for minor variations in time between servers.
 *
 * @author Ryan Heaton
 * @author Jilles van Gurp
 */
public class InMemoryNonceServices implements OAuthNonceServices {

	/**
	 * Contains all the nonces that were used inside the validity window.
	 */
	static final TreeSet<NonceEntry> NONCES = new TreeSet<NonceEntry>();

	private volatile long lastCleaned = 0;

	// we'll default to a 10 minute validity window, otherwise the amount of memory used on NONCES can get quite large.
	private long validityWindowSeconds = 60 * 10;

	public void validateNonce(ConsumerDetails consumerDetails, long timestamp, String nonce) {
		if (System.currentTimeMillis() / 1000 - timestamp > getValidityWindowSeconds()) {
			throw new CredentialsExpiredException("Expired timestamp.");
		}

		NonceEntry entry = new NonceEntry(consumerDetails.getConsumerKey(), timestamp, nonce);

		synchronized (NONCES) {
			if (NONCES.contains(entry)) {
				throw new NonceAlreadyUsedException("Nonce already used: " + nonce);
			}
			else {
				NONCES.add(entry);
			}
			cleanupNonces();
		}
	}

	private void cleanupNonces() {
		long now = System.currentTimeMillis() / 1000;
		// don't clean out the NONCES for each request, this would cause the service to be constantly locked on this
		// loop under load. One second is small enough that cleaning up does not become too expensive.
		// Also see SECOAUTH-180 for reasons this class was refactored.
		if (now - lastCleaned > 1) {
			Iterator<NonceEntry> iterator = NONCES.iterator();
			while (iterator.hasNext()) {
				// the nonces are already sorted, so simply iterate and remove until the first nonce within the validity
				// window.
				NonceEntry nextNonce = iterator.next();
				long difference = now - nextNonce.timestamp;
				if (difference > getValidityWindowSeconds()) {
					iterator.remove();
				}
				else {
					break;
				}
			}
			// keep track of when cleanupNonces last ran
			lastCleaned = now;
		}
	}

	/**
	 * Set the timestamp validity window (in seconds).
	 *
	 * @return the timestamp validity window (in seconds).
	 */
	public long getValidityWindowSeconds() {
		return validityWindowSeconds;
	}

	/**
	 * The timestamp validity window (in seconds).
	 *
	 * @param validityWindowSeconds the timestamp validity window (in seconds).
	 */
	public void setValidityWindowSeconds(long validityWindowSeconds) {
		this.validityWindowSeconds = validityWindowSeconds;
	}

	/**
	 * Representation of a nonce with the right hashCode, equals, and compareTo methods for the TreeSet approach above
	 * to work.
	 */
	static class NonceEntry implements Comparable<NonceEntry> {
		private final String consumerKey;

		private final long timestamp;

		private final String nonce;

		public NonceEntry(String consumerKey, long timestamp, String nonce) {
			this.consumerKey = consumerKey;
			this.timestamp = timestamp;
			this.nonce = nonce;
		}

		@Override
		public int hashCode() {
			return consumerKey.hashCode() * nonce.hashCode() * Long.valueOf(timestamp).hashCode();
		}

		@Override
		public boolean equals(Object obj) {
			if (obj == null || !(obj instanceof NonceEntry)) {
				return false;
			}
			NonceEntry arg = (NonceEntry) obj;
			return timestamp == arg.timestamp && consumerKey.equals(arg.consumerKey) && nonce.equals(arg.nonce);
		}

		public int compareTo(NonceEntry o) {
			// sort by timestamp
			if (timestamp < o.timestamp) {
				return -1;
			}
			else if (timestamp == o.timestamp) {
				int consumerKeyCompare = consumerKey.compareTo(o.consumerKey);
				if (consumerKeyCompare == 0) {
					return nonce.compareTo(o.nonce);
				}
				else {
					return consumerKeyCompare;
				}
			}
			else {
				return 1;
			}
		}

		@Override
		public String toString() {
			return timestamp + " " + consumerKey + " " + nonce;
		}
	}
}