CommandToken.java

package com.opentravelsoft.util;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/**
 * コマンドトークンを扱うクラスです．
 * @author nokami
 */
public class CommandToken {
	
	/**
	 * コマンドトークンをセットします．
	 * @param request			HttpServletRequest
	 */
	public static void set(HttpServletRequest request) {
		
		HttpSession session	= request.getSession(true);
		
		long systemTime		= System.currentTimeMillis();
		byte[] time			= String.valueOf(systemTime).getBytes();
		byte[] sessionId	= session.getId().getBytes();
		
		MessageDigest md5 = null;
		try {
			md5 = MessageDigest.getInstance("SHA");
		} catch (NoSuchAlgorithmException ignore) {
		}
		md5.update(sessionId);
		md5.update(time);
		String token = toHex(md5.digest());
		request.setAttribute("SYSTEM_COMMAND_TOKEN", token);
		session.setAttribute("SYSTEM_COMMAND_TOKEN", token);
	}
	
	/**
	 * コマンドトークンが正しいかどうかチェックします．
	 * @param request			HttpServletRequest
	 * @return					チェック結果 ( true：成功，false：失敗 )
	 */
	public static boolean isValid(HttpServletRequest request) {
		
		HttpSession session	= request.getSession(true);
		
		String requestToken	= request.getParameter("SYSTEM_COMMAND_TOKEN");
		String sessionToken	= (String)session.getAttribute("SYSTEM_COMMAND_TOKEN");
		
		if ( requestToken == null || sessionToken == null ) {
			return false;
		} else {
			session.removeAttribute("SYSTEM_COMMAND_TOKEN");
			return requestToken.equals(sessionToken);
		}
		
	}
	
	/**
	 * 16 進ダンプを行います．
	 * @param digest
	 * @return
	 */
	private static String toHex(byte[] digest) {
		
		StringBuffer sb = new StringBuffer();
		for ( int i = 0; i < digest.length; i++ ) {
			sb.append(Integer.toHexString((int)digest[i] & 0x00ff));
		}
		
		return sb.toString();
	}
	
}