@Test
 public void testExternalizableOverride() {
   FSTConfiguration conf = getTestConfiguration();
   Object original[] = {
     "A", new SubClassedAList().$("A").$("B").$("C"), "Ensure stream not corrupted"
   };
   Object deser = conf.asObject(conf.asByteArray(original));
   assertTrue(DeepEquals.deepEquals(original, deser));
 }
 @Test
 public void testNestedSerializers() {
   FSTConfiguration conf = getTestConfiguration();
   conf.registerSerializer(T.class, new TSer(), true);
   conf.registerSerializer(T1.class, new T1Ser(), true);
   Object p = new T(1);
   byte[] bytes = conf.asByteArray(p);
   Object deser = conf.asObject(bytes);
   assertTrue(DeepEquals.deepEquals(p, deser));
 }
 // fails if objenesis is used
 @Test
 public void testNotSerializable() {
   FSTConfiguration conf = getTestConfiguration().setForceSerializable(true);
   NotSer ser = new NotSer(11, 12);
   assertTrue(DeepEquals.deepEquals(ser, conf.asObject(conf.asByteArray(ser))));
   NotSerSub sersub = new NotSerSub(11, 12);
   final Object deser = conf.asObject(conf.asByteArray(sersub));
   assertTrue(DeepEquals.deepEquals(sersub, deser));
   assertTrue(((NotSerSub) deser).pubConsCalled);
 }
Пример #4
0
  public void writeSession(HttpServletRequest request, HttpServletResponse response)
      throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
          BadPaddingException, IllegalBlockSizeException {
    SparkHttpRequestWrapper sparkRequest = (SparkHttpRequestWrapper) request;
    if (!sparkRequest.sessionAccessed()) return;
    CookieSession session = (CookieSession) request.getSession();

    // serialize session
    byte[] sessionBytes = conf.asByteArray(session);

    // encrypt content
    final Cipher symmetricalCipher = Cipher.getInstance(symmetricEncryptionAlgorithm);
    symmetricalCipher.init(Cipher.ENCRYPT_MODE, this.symmetricEncryptionKey);
    byte[] encryptedBytes = symmetricalCipher.doFinal(sessionBytes);

    // sign content
    byte[] signature = sign(encryptedBytes);
    byte[] cookieContent = new byte[encryptedBytes.length + signature.length];

    System.arraycopy(encryptedBytes, 0, cookieContent, 0, encryptedBytes.length);
    System.arraycopy(
        signature, 0, cookieContent, cookieContent.length - signature.length, signature.length);

    String base64CookieContent = Base64.getEncoder().encodeToString(cookieContent);
    addCookie(base64CookieContent, response);
  }
Пример #5
0
  public CookieSession readSession(HttpServletRequest request)
      throws InvalidKeyException, NoSuchAlgorithmException, BadPaddingException,
          IllegalBlockSizeException, NoSuchPaddingException {
    Cookie sessionCookie = getCookie(request, CookieSessionHandler.session);
    if (sessionCookie == null) {
      return new CookieSession(request);
    }
    CookieSessionContent cookieSessionContent = new CookieSessionContent(sessionCookie.getValue());

    // check the signature
    if (!verify(cookieSessionContent.getContent(), cookieSessionContent.getSignature())) {
      return new CookieSession(request);
    }

    // now decrypt the content
    final Cipher symmetricalCipher = Cipher.getInstance(symmetricEncryptionAlgorithm);
    symmetricalCipher.init(Cipher.DECRYPT_MODE, this.symmetricEncryptionKey);
    byte[] decodedContent = symmetricalCipher.doFinal(cookieSessionContent.getContent());

    // deserialize content
    return (CookieSession) conf.asObject(decodedContent);
  }
Пример #6
0
 static {
   conf.setPreferSpeed(true);
 }
Пример #7
0
/** Created by Tim Heinrich on 27.08.2015. */
public final class CookieSessionHandler {
  private static final String session = "session";
  private static final String symmetricEncryptionAlgorithm = "AES";
  private static final FSTConfiguration conf = FSTConfiguration.createDefaultConfiguration();

  private final SecretKey symmetricEncryptionKey;
  private final SecretKey hmacKey;

  static {
    conf.setPreferSpeed(true);
  }

  public CookieSessionHandler(String encryptionKey) throws NoSuchAlgorithmException {

    byte[] key = hash(encryptionKey.getBytes());
    key = Arrays.copyOf(key, 16);
    this.symmetricEncryptionKey = new SecretKeySpec(key, symmetricEncryptionAlgorithm);
    this.hmacKey = new SecretKeySpec(key, "HmacSHA1");
  }

  public CookieSession readSession(HttpServletRequest request)
      throws InvalidKeyException, NoSuchAlgorithmException, BadPaddingException,
          IllegalBlockSizeException, NoSuchPaddingException {
    Cookie sessionCookie = getCookie(request, CookieSessionHandler.session);
    if (sessionCookie == null) {
      return new CookieSession(request);
    }
    CookieSessionContent cookieSessionContent = new CookieSessionContent(sessionCookie.getValue());

    // check the signature
    if (!verify(cookieSessionContent.getContent(), cookieSessionContent.getSignature())) {
      return new CookieSession(request);
    }

    // now decrypt the content
    final Cipher symmetricalCipher = Cipher.getInstance(symmetricEncryptionAlgorithm);
    symmetricalCipher.init(Cipher.DECRYPT_MODE, this.symmetricEncryptionKey);
    byte[] decodedContent = symmetricalCipher.doFinal(cookieSessionContent.getContent());

    // deserialize content
    return (CookieSession) conf.asObject(decodedContent);
  }

  public void writeSession(HttpServletRequest request, HttpServletResponse response)
      throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
          BadPaddingException, IllegalBlockSizeException {
    SparkHttpRequestWrapper sparkRequest = (SparkHttpRequestWrapper) request;
    if (!sparkRequest.sessionAccessed()) return;
    CookieSession session = (CookieSession) request.getSession();

    // serialize session
    byte[] sessionBytes = conf.asByteArray(session);

    // encrypt content
    final Cipher symmetricalCipher = Cipher.getInstance(symmetricEncryptionAlgorithm);
    symmetricalCipher.init(Cipher.ENCRYPT_MODE, this.symmetricEncryptionKey);
    byte[] encryptedBytes = symmetricalCipher.doFinal(sessionBytes);

    // sign content
    byte[] signature = sign(encryptedBytes);
    byte[] cookieContent = new byte[encryptedBytes.length + signature.length];

    System.arraycopy(encryptedBytes, 0, cookieContent, 0, encryptedBytes.length);
    System.arraycopy(
        signature, 0, cookieContent, cookieContent.length - signature.length, signature.length);

    String base64CookieContent = Base64.getEncoder().encodeToString(cookieContent);
    addCookie(base64CookieContent, response);
  }

  private byte[] hash(byte[] encryptedBytes) throws NoSuchAlgorithmException {
    MessageDigest instance = MessageDigest.getInstance("SHA-1");
    return instance.digest(encryptedBytes);
  }

  private void addCookie(String cookieContent, HttpServletResponse response) {
    Cookie cookie = new Cookie(CookieSessionHandler.session, cookieContent);
    cookie.setSecure(SparkBase.isSecure());
    cookie.setHttpOnly(true);
    cookie.setMaxAge(-1);
    response.addCookie(cookie);
  }

  private boolean verify(byte[] dataToVerify, byte[] signature)
      throws NoSuchAlgorithmException, InvalidKeyException {
    Mac hmacSHA1 = Mac.getInstance("HmacSHA1");
    hmacSHA1.init(this.hmacKey);
    return Arrays.equals(hmacSHA1.doFinal(dataToVerify), signature);
  }

  private byte[] sign(byte[] dataToSign) throws NoSuchAlgorithmException, InvalidKeyException {
    Mac hmacSHA1 = Mac.getInstance("HmacSHA1");
    hmacSHA1.init(this.hmacKey);
    return hmacSHA1.doFinal(dataToSign);
  }

  private Cookie getCookie(HttpServletRequest request, String cookieName) {
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
      for (Cookie cookie : cookies) {
        if (cookieName.equals(cookie.getName())) {
          return cookie;
        }
      }
    }
    return null;
  }
}
 protected FSTConfiguration getTestConfiguration() {
   FSTConfiguration.isAndroid = false;
   return FSTConfiguration.createDefaultConfiguration();
 }
  @Test
  public void testVersioning() {
    Versioning v = new Versioning();

    FSTConfiguration conf = getTestConfiguration();
    conf.registerClass(Versioning.class);

    byte[] bytes = conf.asByteArray(v);
    Versioning res = (Versioning) conf.asObject(bytes);

    assertTrue(DeepEquals.deepEquals(v, res));

    FSTConfiguration old = getTestConfiguration();
    old.registerClass(VersioningOld.class);
    VersioningOld vold = new VersioningOld();
    vold.originalMap.put("uz", "aspdokasd");
    bytes = old.asByteArray(vold);

    Versioning newReadFromOld = (Versioning) conf.asObject(bytes);
    assertTrue(newReadFromOld.originalOne.equals("OOPASDKAPSODKPASODKBla"));

    FSTConfiguration oldv4 = getTestConfiguration();
    oldv4.registerClass(VersioningV4.class);
    VersioningV4 oldv4Inst = new VersioningV4();
    oldv4Inst.veryNew.put("uz", "aspdokasd");
    bytes = oldv4.asByteArray(oldv4Inst);

    Versioning newReadFromV4 = (Versioning) conf.asObject(bytes);
    assertTrue(newReadFromV4.veryNew.get("uz").equals("aspdokasd"));
  }