/**
* Extract a signed token that was signed by {@link #signToken(String)}.
*
* @param token The signed token to extract.
* @return The verified raw token, or null if the token isn't valid.
*/
public String extractSignedToken(String token) {
scala.Option<String> extracted = crypto.extractSignedToken(token);
if (extracted.isDefined()) {
return extracted.get();
} else {
return null;
}
}
public static boolean validate(String cookieValue) {
if (cookieValue == null) {
return false;
}
Properties props = new java.util.Properties();
try {
props.load(new java.io.FileInputStream(new java.io.File("conf/mturk.properties")));
} catch (IOException e) {
System.err.println(
"There was a problem reading your properties file from " + "mturk.properties");
System.err.println("The exception was " + e.toString());
throw new RuntimeException(
"Cannot load configuration properties file from " + "mturk.properties", e);
}
String store = props.getProperty(Application.PASSWORD);
if (store == null) {
store = Crypto.encryptAES(Application.DEFAULT_PASSWORD);
}
return store.equals(cookieValue);
}
public static Result authenticate() {
DynamicForm df = new DynamicForm().bindFromRequest();
session().clear();
session(Application.PASSWORD, Crypto.encryptAES(df.get("password")));
return redirect(routes.Application.index());
}
/** Generate a signed token */
public String generateSignedToken() {
return crypto.generateSignedToken();
}
/**
* Sign a token. This produces a new token, that has this token signed with a nonce.
*
* <p>This primarily exists to defeat the BREACH vulnerability, as it allows the token to
* effectively be random per request, without actually changing the value.
*
* @param token The token to sign
* @return The signed token
*/
public String signToken(String token) {
return crypto.signToken(token);
}
/**
* Signs the given String with HMAC-SHA1 using the application's secret key. <br>
* By default this uses the platform default JSSE provider. This can be overridden by defining
* <code>application.crypto.provider</code> in <code>application.conf</code>.
*
* @param message The message to sign.
* @return A hexadecimal encoded signature.
*/
public String sign(String message) {
return crypto.sign(message);
}
/**
* Decrypt a String with the AES encryption standard. <br>
* The private key must have a length of 16 bytes. <br>
* The provider used is by default this uses the platform default JSSE provider. This can be
* overridden by defining <code>application.crypto.provider</code> in <code>application.conf
* </code>. <br>
* The transformation used is by default <code>AES/CTR/NoPadding</code>. It can be configured by
* defining <code>application.crypto.aes.transformation</code> in <code>application.conf</code>.
* Although any cipher transformation algorithm can be selected here, the secret key spec used is
* always AES, so only AES transformation algorithms will work.
*
* @deprecated This method is deprecated and will be removed in future versions.
* @param value An hexadecimal encrypted string.
* @param privateKey The key used to encrypt.
* @return The decrypted String.
*/
@Deprecated
public String decryptAES(String value, String privateKey) {
return crypto.decryptAES(value, privateKey);
}
/**
* Decrypt a String with the AES encryption standard using the application's secret key. <br>
* The provider used is by default this uses the platform default JSSE provider. This can be
* overridden by defining <code>application.crypto.provider</code> in <code>application.conf
* </code>. <br>
* The transformation used is by default <code>AES/CTR/NoPadding</code>. It can be configured by
* defining <code>application.crypto.aes.transformation</code> in <code>application.conf</code>.
* Although any cipher transformation algorithm can be selected here, the secret key spec used is
* always AES, so only AES transformation algorithms will work.
*
* @deprecated This method is deprecated and will be removed in future versions.
* @param value An hexadecimal encrypted string.
* @return The decrypted String.
*/
@Deprecated
public String decryptAES(String value) {
return crypto.decryptAES(value);
}
/**
* Constant time equals method.
*
* <p>Given a length that both Strings are equal to, this method will always run in constant time.
* This prevents timing attacks.
*/
public boolean constantTimeEquals(String a, String b) {
return crypto.constantTimeEquals(a, b);
}
/** Compare two signed tokens */
public boolean compareSignedTokens(String tokenA, String tokenB) {
return crypto.compareSignedTokens(tokenA, tokenB);
}
