1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
|
17 | |
|
18 | |
|
19 | |
package org.apache.myfaces.application.viewstate; |
20 | |
|
21 | |
import java.util.Map; |
22 | |
import javax.faces.context.ExternalContext; |
23 | |
import javax.faces.context.FacesContext; |
24 | |
import org.apache.commons.codec.DecoderException; |
25 | |
import org.apache.commons.codec.binary.Hex; |
26 | |
import org.apache.myfaces.shared.renderkit.RendererUtils; |
27 | |
import org.apache.myfaces.shared.util.WebConfigParamUtils; |
28 | |
|
29 | |
|
30 | |
|
31 | |
|
32 | |
|
33 | |
|
34 | 0 | class SecureRandomKeyFactory extends KeyFactory<byte[]> |
35 | |
{ |
36 | |
private final SessionIdGenerator sessionIdGenerator; |
37 | |
private final int length; |
38 | |
|
39 | |
public SecureRandomKeyFactory(FacesContext facesContext) |
40 | 0 | { |
41 | 0 | length = WebConfigParamUtils.getIntegerInitParameter( |
42 | |
facesContext.getExternalContext(), |
43 | |
ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM, |
44 | |
ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM_DEFAULT); |
45 | 0 | sessionIdGenerator = new SessionIdGenerator(); |
46 | 0 | sessionIdGenerator.setSessionIdLength(length); |
47 | 0 | String secureRandomClass = WebConfigParamUtils.getStringInitParameter( |
48 | |
facesContext.getExternalContext(), |
49 | |
ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS_PARAM); |
50 | 0 | if (secureRandomClass != null) |
51 | |
{ |
52 | 0 | sessionIdGenerator.setSecureRandomClass(secureRandomClass); |
53 | |
} |
54 | 0 | String secureRandomProvider = WebConfigParamUtils.getStringInitParameter( |
55 | |
facesContext.getExternalContext(), |
56 | |
ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER_PARAM); |
57 | 0 | if (secureRandomProvider != null) |
58 | |
{ |
59 | 0 | sessionIdGenerator.setSecureRandomProvider(secureRandomProvider); |
60 | |
} |
61 | 0 | String secureRandomAlgorithm = WebConfigParamUtils.getStringInitParameter( |
62 | |
facesContext.getExternalContext(), |
63 | |
ServerSideStateCacheImpl.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITM_PARAM); |
64 | 0 | if (secureRandomAlgorithm != null) |
65 | |
{ |
66 | 0 | sessionIdGenerator.setSecureRandomAlgorithm(secureRandomAlgorithm); |
67 | |
} |
68 | 0 | } |
69 | |
|
70 | |
public Integer generateCounterKey(FacesContext facesContext) |
71 | |
{ |
72 | 0 | ExternalContext externalContext = facesContext.getExternalContext(); |
73 | 0 | Object sessionObj = externalContext.getSession(true); |
74 | |
Integer sequence; |
75 | 0 | synchronized (sessionObj) |
76 | |
{ |
77 | 0 | Map<String, Object> map = externalContext.getSessionMap(); |
78 | 0 | sequence = (Integer) map.get(RendererUtils.SEQUENCE_PARAM); |
79 | 0 | if (sequence == null || sequence.intValue() == Integer.MAX_VALUE) |
80 | |
{ |
81 | 0 | sequence = Integer.valueOf(1); |
82 | |
} |
83 | |
else |
84 | |
{ |
85 | 0 | sequence = Integer.valueOf(sequence.intValue() + 1); |
86 | |
} |
87 | 0 | map.put(RendererUtils.SEQUENCE_PARAM, sequence); |
88 | 0 | } |
89 | 0 | return sequence; |
90 | |
} |
91 | |
|
92 | |
@Override |
93 | |
public byte[] generateKey(FacesContext facesContext) |
94 | |
{ |
95 | 0 | byte[] array = new byte[length]; |
96 | 0 | byte[] key = new byte[length + 4]; |
97 | 0 | sessionIdGenerator.getRandomBytes(array); |
98 | 0 | for (int i = 0; i < array.length; i++) |
99 | |
{ |
100 | 0 | key[i] = array[i]; |
101 | |
} |
102 | 0 | int value = generateCounterKey(facesContext); |
103 | 0 | key[array.length] = (byte) (value >>> 24); |
104 | 0 | key[array.length + 1] = (byte) (value >>> 16); |
105 | 0 | key[array.length + 2] = (byte) (value >>> 8); |
106 | 0 | key[array.length + 3] = (byte) (value); |
107 | 0 | return key; |
108 | |
} |
109 | |
|
110 | |
@Override |
111 | |
public String encode(byte[] key) |
112 | |
{ |
113 | 0 | return new String(Hex.encodeHex(key)); |
114 | |
} |
115 | |
|
116 | |
@Override |
117 | |
public byte[] decode(String value) |
118 | |
{ |
119 | |
try |
120 | |
{ |
121 | 0 | return Hex.decodeHex(value.toCharArray()); |
122 | |
} |
123 | 0 | catch (DecoderException ex) |
124 | |
{ |
125 | |
|
126 | |
|
127 | |
} |
128 | 0 | return null; |
129 | |
} |
130 | |
|
131 | |
} |