@Override
public boolean isSafelyAllowed(HttpServletRequest request, String safeExamBrowserKeys) {
boolean safe = false;
boolean debug = log.isDebug();
if (StringHelper.containsNonWhitespace(safeExamBrowserKeys)) {
String safeExamHash = request.getHeader("x-safeexambrowser-requesthash");
String url = request.getRequestURL().toString();
for (StringTokenizer tokenizer = new StringTokenizer(safeExamBrowserKeys);
tokenizer.hasMoreTokens() && !safe; ) {
String safeExamBrowserKey = tokenizer.nextToken();
String hash = Encoder.sha256Exam(url + safeExamBrowserKey);
if (safeExamHash != null && safeExamHash.equals(hash)) {
safe = true;
}
if (debug) {
log.debug(
(safeExamHash.equals(hash) ? "Success" : "Failed")
+ " : "
+ safeExamHash
+ " (Header) "
+ hash
+ " (Calculated)");
}
}
} else {
safe = true;
}
return safe;
}
