1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
/*-
* ============LICENSE_START=======================================================
* SDC
* ================================================================================
* Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.openecomp.sdc.securityutil;
import org.openecomp.sdc.securityutil.filters.SessionValidationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.http.Cookie;
import java.io.IOException;
public class AuthenticationCookieUtils {
private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName());
/**
* Update given cookie session time value to current time
*
* @param cookie
* @param filterConfiguration
* @return
* @throws CipherUtilException
* @throws IOException
*/
public static Cookie updateSessionTime(Cookie cookie, ISessionValidationFilterConfiguration filterConfiguration) throws CipherUtilException, IOException {
AuthenticationCookie authenticationCookie = getAuthenticationCookie(cookie, filterConfiguration);
long newTime = System.currentTimeMillis();
log.debug("SessionValidationFilter: Going to set new session time in cookie, old value: {}, new value: {}", authenticationCookie.getCurrentSessionTime(), newTime);
authenticationCookie.setCurrentSessionTime(newTime);
String encryptedCookie = getEncryptedCookie(authenticationCookie, filterConfiguration);
return createUpdatedCookie(cookie, encryptedCookie, filterConfiguration);
}
/**
* Create new Cookie object with same attributes as original cookie
* @param cookie
* @param encryptedCookie
* @param cookieConfiguration
* @return
*/
public static Cookie createUpdatedCookie(Cookie cookie, String encryptedCookie, ISessionValidationCookieConfiguration cookieConfiguration) {
Cookie updatedCookie = new Cookie(cookie.getName(), encryptedCookie );
updatedCookie.setPath(cookieConfiguration.getCookiePath());
updatedCookie.setDomain(cookieConfiguration.getCookieDomain());
updatedCookie.setHttpOnly(cookieConfiguration.isCookieHttpOnly());
return updatedCookie;
}
/**
* Convert AuthenticationCookie to JSON and encrypt with given key
*
* @param authenticationCookie
* @param filterConfiguration
* @return
* @throws IOException
* @throws CipherUtilException
*/
public static String getEncryptedCookie(AuthenticationCookie authenticationCookie, ISessionValidationFilterConfiguration filterConfiguration) throws IOException, CipherUtilException {
String changedCookieJson = RepresentationUtils.toRepresentation(authenticationCookie);
return CipherUtil.encryptPKC(changedCookieJson, filterConfiguration.getSecurityKey());
}
/**
* Decrypt given Cookie to JSON and convert to AuthenticationCookie object
*
* @param cookie
* @param filterConfiguration
* @return
* @throws CipherUtilException
*/
public static AuthenticationCookie getAuthenticationCookie(Cookie cookie, ISessionValidationFilterConfiguration filterConfiguration) throws CipherUtilException {
String originalCookieJson = CipherUtil.decryptPKC(cookie.getValue(), filterConfiguration.getSecurityKey());
return RepresentationUtils.fromRepresentation(originalCookieJson, AuthenticationCookie.class);
}
/**
* session expired if session was idle or max time reached
*
* @param cookie
* @param filterConfiguration
* @return
* @throws CipherUtilException
*/
public static boolean isSessionExpired(Cookie cookie, ISessionValidationFilterConfiguration filterConfiguration) throws CipherUtilException {
AuthenticationCookie authenticationCookie = getAuthenticationCookie(cookie, filterConfiguration);
long sessionExpirationDate = authenticationCookie.getMaxSessionTime() + filterConfiguration.getMaxSessionTimeOut();
long sessionTime = authenticationCookie.getCurrentSessionTime();
long currentTime = System.currentTimeMillis();
log.debug("SessionValidationFilter: Checking if session expired: session time: {}, expiration time: {}, current time: {}", sessionTime, sessionExpirationDate, currentTime);
return currentTime > sessionExpirationDate || isSessionIdle(sessionTime, currentTime, filterConfiguration);
}
/**
* Session is idle if wasn't updated ( wasn't in use ) for more then value from filter configuration
*
* @param sessionTimeValue
* @param currentTime
* @param filterConfiguration
* @return
*/
public static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) {
long currentIdleTime = currentTime - sessionTimeValue;
long maxIdleTime = filterConfiguration.getSessionIdleTimeOut();
log.debug("SessionValidationFilter: Checking if session idle: session time: {}, current idle time: {}, max idle time: {}", currentTime, currentIdleTime, maxIdleTime);
return currentIdleTime >= maxIdleTime;
}
}
|