diff options
| author | Anton Tananaev <anton@traccar.org> | 2022-08-02 19:16:11 -0700 |
|---|---|---|
| committer | Anton Tananaev <anton@traccar.org> | 2022-08-02 19:16:11 -0700 |
| commit | ab6970135850655313e257cf44fb68c67e9f1e80 (patch) | |
| tree | 2327f3d05816fd7431b7a08aad4830041f2e3131 /src/main/java/org/traccar/api/signature | |
| parent | 057262001dd933738fc070a57d51dc57518aa57b (diff) | |
| download | trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.tar.gz trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.tar.bz2 trackermap-server-ab6970135850655313e257cf44fb68c67e9f1e80.zip | |
New API token system
Diffstat (limited to 'src/main/java/org/traccar/api/signature')
| -rw-r--r-- | src/main/java/org/traccar/api/signature/CryptoManager.java | 25 | ||||
| -rw-r--r-- | src/main/java/org/traccar/api/signature/TokenManager.java | 64 |
2 files changed, 78 insertions, 11 deletions
diff --git a/src/main/java/org/traccar/api/signature/CryptoManager.java b/src/main/java/org/traccar/api/signature/CryptoManager.java index ea59dcd70..8a3e7704c 100644 --- a/src/main/java/org/traccar/api/signature/CryptoManager.java +++ b/src/main/java/org/traccar/api/signature/CryptoManager.java @@ -15,7 +15,6 @@ */ package org.traccar.api.signature; -import org.traccar.helper.DataConverter; import org.traccar.storage.Storage; import org.traccar.storage.StorageException; import org.traccar.storage.query.Columns; @@ -46,28 +45,32 @@ public class CryptoManager { this.storage = storage; } - public String sign(String data) throws GeneralSecurityException, StorageException { + public byte[] sign(byte[] data) throws GeneralSecurityException, StorageException { if (privateKey == null) { initializeKeys(); } Signature signature = Signature.getInstance("SHA256withECDSA"); signature.initSign(privateKey); - signature.update(data.getBytes()); - return data + '.' + DataConverter.printBase64(signature.sign()); + signature.update(data); + byte[] block = signature.sign(); + byte[] combined = new byte[1 + block.length + data.length]; + combined[0] = (byte) block.length; + System.arraycopy(block, 0, combined, 1, block.length); + System.arraycopy(data, 0, combined, 1 + block.length, data.length); + return combined; } - public String verify(String data) throws GeneralSecurityException, StorageException { + public byte[] verify(byte[] data) throws GeneralSecurityException, StorageException { if (publicKey == null) { initializeKeys(); } Signature signature = Signature.getInstance("SHA256withECDSA"); signature.initVerify(publicKey); - - int delimiter = data.lastIndexOf('.'); - String originalData = data.substring(0, delimiter); - - signature.update(originalData.getBytes()); - if (!signature.verify(DataConverter.parseBase64(data.substring(delimiter + 1)))) { + int length = data[0]; + byte[] originalData = new byte[data.length - 1 - length]; + System.arraycopy(data, 1 + length, originalData, 0, originalData.length); + signature.update(originalData); + if (!signature.verify(data, 1, length)) { throw new SecurityException("Invalid signature"); } return originalData; diff --git a/src/main/java/org/traccar/api/signature/TokenManager.java b/src/main/java/org/traccar/api/signature/TokenManager.java new file mode 100644 index 000000000..3f39d5380 --- /dev/null +++ b/src/main/java/org/traccar/api/signature/TokenManager.java @@ -0,0 +1,64 @@ +/* + * Copyright 2022 Anton Tananaev (anton@traccar.org) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.traccar.api.signature; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.commons.codec.binary.Base64; +import org.traccar.storage.StorageException; + +import javax.inject.Inject; +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.Date; + +public class TokenManager { + + private final ObjectMapper objectMapper; + private final CryptoManager cryptoManager; + + public static class Data { + @JsonProperty("u") + private long userId; + @JsonProperty("e") + private Date expiration; + } + + @Inject + public TokenManager(ObjectMapper objectMapper, CryptoManager cryptoManager) { + this.objectMapper = objectMapper; + this.cryptoManager = cryptoManager; + } + + public String generateToken( + long userId, Date expiration) throws IOException, GeneralSecurityException, StorageException { + Data data = new Data(); + data.userId = userId; + data.expiration = expiration; + byte[] encoded = objectMapper.writeValueAsBytes(data); + return Base64.encodeBase64URLSafeString(cryptoManager.sign(encoded)); + } + + public long verifyToken(String token) throws IOException, GeneralSecurityException, StorageException { + byte[] encoded = cryptoManager.verify(Base64.decodeBase64(token)); + Data data = objectMapper.readValue(encoded, Data.class); + if (data.expiration.before(new Date())) { + throw new SecurityException("Token has expired"); + } + return data.userId; + } + +} |