aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/org/traccar/api/signature
diff options
context:
space:
mode:
authorAnton Tananaev <anton@traccar.org>2022-08-02 19:16:11 -0700
committerAnton Tananaev <anton@traccar.org>2022-08-02 19:16:11 -0700
commitab6970135850655313e257cf44fb68c67e9f1e80 (patch)
tree2327f3d05816fd7431b7a08aad4830041f2e3131 /src/main/java/org/traccar/api/signature
parent057262001dd933738fc070a57d51dc57518aa57b (diff)
downloadtrackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.tar.gz
trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.tar.bz2
trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.zip
New API token system
Diffstat (limited to 'src/main/java/org/traccar/api/signature')
-rw-r--r--src/main/java/org/traccar/api/signature/CryptoManager.java25
-rw-r--r--src/main/java/org/traccar/api/signature/TokenManager.java64
2 files changed, 78 insertions, 11 deletions
diff --git a/src/main/java/org/traccar/api/signature/CryptoManager.java b/src/main/java/org/traccar/api/signature/CryptoManager.java
index ea59dcd70..8a3e7704c 100644
--- a/src/main/java/org/traccar/api/signature/CryptoManager.java
+++ b/src/main/java/org/traccar/api/signature/CryptoManager.java
@@ -15,7 +15,6 @@
*/
package org.traccar.api.signature;
-import org.traccar.helper.DataConverter;
import org.traccar.storage.Storage;
import org.traccar.storage.StorageException;
import org.traccar.storage.query.Columns;
@@ -46,28 +45,32 @@ public class CryptoManager {
this.storage = storage;
}
- public String sign(String data) throws GeneralSecurityException, StorageException {
+ public byte[] sign(byte[] data) throws GeneralSecurityException, StorageException {
if (privateKey == null) {
initializeKeys();
}
Signature signature = Signature.getInstance("SHA256withECDSA");
signature.initSign(privateKey);
- signature.update(data.getBytes());
- return data + '.' + DataConverter.printBase64(signature.sign());
+ signature.update(data);
+ byte[] block = signature.sign();
+ byte[] combined = new byte[1 + block.length + data.length];
+ combined[0] = (byte) block.length;
+ System.arraycopy(block, 0, combined, 1, block.length);
+ System.arraycopy(data, 0, combined, 1 + block.length, data.length);
+ return combined;
}
- public String verify(String data) throws GeneralSecurityException, StorageException {
+ public byte[] verify(byte[] data) throws GeneralSecurityException, StorageException {
if (publicKey == null) {
initializeKeys();
}
Signature signature = Signature.getInstance("SHA256withECDSA");
signature.initVerify(publicKey);
-
- int delimiter = data.lastIndexOf('.');
- String originalData = data.substring(0, delimiter);
-
- signature.update(originalData.getBytes());
- if (!signature.verify(DataConverter.parseBase64(data.substring(delimiter + 1)))) {
+ int length = data[0];
+ byte[] originalData = new byte[data.length - 1 - length];
+ System.arraycopy(data, 1 + length, originalData, 0, originalData.length);
+ signature.update(originalData);
+ if (!signature.verify(data, 1, length)) {
throw new SecurityException("Invalid signature");
}
return originalData;
diff --git a/src/main/java/org/traccar/api/signature/TokenManager.java b/src/main/java/org/traccar/api/signature/TokenManager.java
new file mode 100644
index 000000000..3f39d5380
--- /dev/null
+++ b/src/main/java/org/traccar/api/signature/TokenManager.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2022 Anton Tananaev (anton@traccar.org)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.api.signature;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.codec.binary.Base64;
+import org.traccar.storage.StorageException;
+
+import javax.inject.Inject;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Date;
+
+public class TokenManager {
+
+ private final ObjectMapper objectMapper;
+ private final CryptoManager cryptoManager;
+
+ public static class Data {
+ @JsonProperty("u")
+ private long userId;
+ @JsonProperty("e")
+ private Date expiration;
+ }
+
+ @Inject
+ public TokenManager(ObjectMapper objectMapper, CryptoManager cryptoManager) {
+ this.objectMapper = objectMapper;
+ this.cryptoManager = cryptoManager;
+ }
+
+ public String generateToken(
+ long userId, Date expiration) throws IOException, GeneralSecurityException, StorageException {
+ Data data = new Data();
+ data.userId = userId;
+ data.expiration = expiration;
+ byte[] encoded = objectMapper.writeValueAsBytes(data);
+ return Base64.encodeBase64URLSafeString(cryptoManager.sign(encoded));
+ }
+
+ public long verifyToken(String token) throws IOException, GeneralSecurityException, StorageException {
+ byte[] encoded = cryptoManager.verify(Base64.decodeBase64(token));
+ Data data = objectMapper.readValue(encoded, Data.class);
+ if (data.expiration.before(new Date())) {
+ throw new SecurityException("Token has expired");
+ }
+ return data.userId;
+ }
+
+}