Exemplo n.º 1
0
 /**
  * Extract a signed token that was signed by {@link #signToken(String)}.
  *
  * @param token The signed token to extract.
  * @return The verified raw token, or null if the token isn't valid.
  */
 public String extractSignedToken(String token) {
   scala.Option<String> extracted = crypto.extractSignedToken(token);
   if (extracted.isDefined()) {
     return extracted.get();
   } else {
     return null;
   }
 }
Exemplo n.º 2
0
  public static boolean validate(String cookieValue) {
    if (cookieValue == null) {
      return false;
    }

    Properties props = new java.util.Properties();
    try {
      props.load(new java.io.FileInputStream(new java.io.File("conf/mturk.properties")));
    } catch (IOException e) {
      System.err.println(
          "There was a problem reading your properties file from " + "mturk.properties");
      System.err.println("The exception was " + e.toString());
      throw new RuntimeException(
          "Cannot load configuration properties file from " + "mturk.properties", e);
    }
    String store = props.getProperty(Application.PASSWORD);
    if (store == null) {
      store = Crypto.encryptAES(Application.DEFAULT_PASSWORD);
    }

    return store.equals(cookieValue);
  }
Exemplo n.º 3
0
 public static Result authenticate() {
   DynamicForm df = new DynamicForm().bindFromRequest();
   session().clear();
   session(Application.PASSWORD, Crypto.encryptAES(df.get("password")));
   return redirect(routes.Application.index());
 }
Exemplo n.º 4
0
 /** Generate a signed token */
 public String generateSignedToken() {
   return crypto.generateSignedToken();
 }
Exemplo n.º 5
0
 /**
  * Sign a token. This produces a new token, that has this token signed with a nonce.
  *
  * <p>This primarily exists to defeat the BREACH vulnerability, as it allows the token to
  * effectively be random per request, without actually changing the value.
  *
  * @param token The token to sign
  * @return The signed token
  */
 public String signToken(String token) {
   return crypto.signToken(token);
 }
Exemplo n.º 6
0
 /**
  * Signs the given String with HMAC-SHA1 using the application's secret key. <br>
  * By default this uses the platform default JSSE provider. This can be overridden by defining
  * <code>application.crypto.provider</code> in <code>application.conf</code>.
  *
  * @param message The message to sign.
  * @return A hexadecimal encoded signature.
  */
 public String sign(String message) {
   return crypto.sign(message);
 }
Exemplo n.º 7
0
 /**
  * Decrypt a String with the AES encryption standard. <br>
  * The private key must have a length of 16 bytes. <br>
  * The provider used is by default this uses the platform default JSSE provider. This can be
  * overridden by defining <code>application.crypto.provider</code> in <code>application.conf
  * </code>. <br>
  * The transformation used is by default <code>AES/CTR/NoPadding</code>. It can be configured by
  * defining <code>application.crypto.aes.transformation</code> in <code>application.conf</code>.
  * Although any cipher transformation algorithm can be selected here, the secret key spec used is
  * always AES, so only AES transformation algorithms will work.
  *
  * @deprecated This method is deprecated and will be removed in future versions.
  * @param value An hexadecimal encrypted string.
  * @param privateKey The key used to encrypt.
  * @return The decrypted String.
  */
 @Deprecated
 public String decryptAES(String value, String privateKey) {
   return crypto.decryptAES(value, privateKey);
 }
Exemplo n.º 8
0
 /**
  * Decrypt a String with the AES encryption standard using the application's secret key. <br>
  * The provider used is by default this uses the platform default JSSE provider. This can be
  * overridden by defining <code>application.crypto.provider</code> in <code>application.conf
  * </code>. <br>
  * The transformation used is by default <code>AES/CTR/NoPadding</code>. It can be configured by
  * defining <code>application.crypto.aes.transformation</code> in <code>application.conf</code>.
  * Although any cipher transformation algorithm can be selected here, the secret key spec used is
  * always AES, so only AES transformation algorithms will work.
  *
  * @deprecated This method is deprecated and will be removed in future versions.
  * @param value An hexadecimal encrypted string.
  * @return The decrypted String.
  */
 @Deprecated
 public String decryptAES(String value) {
   return crypto.decryptAES(value);
 }
Exemplo n.º 9
0
 /**
  * Constant time equals method.
  *
  * <p>Given a length that both Strings are equal to, this method will always run in constant time.
  * This prevents timing attacks.
  */
 public boolean constantTimeEquals(String a, String b) {
   return crypto.constantTimeEquals(a, b);
 }
Exemplo n.º 10
0
 /** Compare two signed tokens */
 public boolean compareSignedTokens(String tokenA, String tokenB) {
   return crypto.compareSignedTokens(tokenA, tokenB);
 }