diff options
Diffstat (limited to 'eaaf_core_utils/src')
3 files changed, 42 insertions, 3 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java index e5003e2f..6ae5ee18 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java @@ -116,6 +116,13 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy @Override public String validateAndGetPendingRequestId(final String externalPendingReqId) throws PendingReqIdValidationException { + return validateAndGetPendingRequestId(externalPendingReqId, maxPendingRequestIdLifeTime); + + } + + @Override + public String validateAndGetPendingRequestId(String externalPendingReqId, int maxTokenAge) + throws PendingReqIdValidationException { try { String stringToken = getDecryptedExternalPendingRequestId(externalPendingReqId); log.debug("Token decryption successful"); @@ -133,7 +140,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy log.trace("Checking valid period ... "); final DateTime now = DateTime.now(); - if (timeStamp.withFieldAdded(DurationFieldType.seconds(), maxPendingRequestIdLifeTime) + if (timeStamp.withFieldAdded(DurationFieldType.seconds(), getMaxTokenAgeValue(maxTokenAge)) .isBefore(now)) { log.info("Token exceeds the valid period. Token: {} | Now: {}", timeStamp, now); throw new PendingReqIdValidationException(internalPendingReqId, @@ -199,6 +206,11 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy } + private int getMaxTokenAgeValue(int overrideValue) { + return overrideValue < 0 ? maxPendingRequestIdLifeTime : overrideValue; + + } + private String selectKeyWrappingAlgorithm(SecretKey first) { if ("AES".equals(first.getAlgorithm())) { return KeyManagementAlgorithmIdentifiers.A128GCMKW; @@ -277,5 +289,4 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy .encodeToString(encToken.getCompactSerialization().getBytes(StandardCharsets.UTF_8)); } - } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java index 8da773f8..1eae05e9 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java @@ -101,6 +101,13 @@ public class SecurePendingRequestIdGenerationStrategy @Override public String validateAndGetPendingRequestId(final String externalPendingReqId) throws PendingReqIdValidationException { + return validateAndGetPendingRequestId(externalPendingReqId, maxPendingRequestIdLifeTime); + + } + + @Override + public String validateAndGetPendingRequestId(final String externalPendingReqId, int maxTokenAge) + throws PendingReqIdValidationException { try { final String[] tokenElements = extractTokens(externalPendingReqId); final String internalPendingReqId = tokenElements[1]; @@ -120,7 +127,7 @@ public class SecurePendingRequestIdGenerationStrategy log.trace("Checking valid period ... "); final DateTime now = DateTime.now(); - if (timeStamp.withFieldAdded(DurationFieldType.seconds(), maxPendingRequestIdLifeTime) + if (timeStamp.withFieldAdded(DurationFieldType.seconds(), getMaxTokenAgeValue(maxTokenAge)) .isBefore(now)) { log.warn("Token exceeds the valid period"); log.debug("Token: {} | Now: {}", timeStamp, now); @@ -235,6 +242,10 @@ public class SecurePendingRequestIdGenerationStrategy new Object[] { "Can NOT caluclate digist for secure pendingRequestId" }, e); } + } + + private int getMaxTokenAgeValue(int overrideValue) { + return overrideValue < 0 ? maxPendingRequestIdLifeTime : overrideValue; } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java index 78f0cdec..22c15fbd 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java @@ -28,6 +28,23 @@ public class SimplePendingRequestIdGenerationStrategy } + /** + * Validate a pendingRequestId according to implemented strategy. + * + * <p> + * Simple strategy does not implement validation. + * </p> + * + * @param maxTokenAge SimplePendingRequestIdGenerationStrategy implements NO + * timestamp validation on tokens + */ + @Override + public String validateAndGetPendingRequestId(String pendingReqId, int maxTokenAge) + throws PendingReqIdValidationException { + return getPendingRequestIdWithOutChecks(pendingReqId); + + } + @Override public String getPendingRequestIdWithOutChecks(final String externalPendingReqId) throws PendingReqIdValidationException { |