001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet.filters.secure;
016    
017    import com.liferay.portal.kernel.util.Digester;
018    import com.liferay.portal.kernel.util.DigesterUtil;
019    import com.liferay.portal.kernel.util.Time;
020    import com.liferay.portal.model.Company;
021    import com.liferay.portal.service.CompanyLocalServiceUtil;
022    
023    import java.util.concurrent.DelayQueue;
024    import java.util.concurrent.Delayed;
025    import java.util.concurrent.TimeUnit;
026    
027    /**
028     * @author Alexander Chow
029     */
030    public class NonceUtil {
031    
032            public static String generate(long companyId, String remoteAddress) {
033                    String companyKey = null;
034    
035                    try {
036                            Company company = CompanyLocalServiceUtil.getCompanyById(companyId);
037    
038                            companyKey = company.getKey();
039                    }
040                    catch (Exception e) {
041                            throw new RuntimeException("Invalid companyId " + companyId, e);
042                    }
043    
044                    long timestamp = System.currentTimeMillis();
045    
046                    String nonce = DigesterUtil.digestHex(
047                            Digester.MD5, remoteAddress, String.valueOf(timestamp), companyKey);
048    
049                    _nonceDelayQueue.put(new NonceDelayed(nonce));
050    
051                    return nonce;
052            }
053    
054            public static boolean verify(String nonce) {
055                    _cleanUp();
056    
057                    return _nonceDelayQueue.contains(new NonceDelayed(nonce));
058            }
059    
060            private static void _cleanUp() {
061                    while (_nonceDelayQueue.poll() != null);
062            }
063    
064            private static final long _NONCE_EXPIRATION = 10 * Time.MINUTE;
065    
066            private static DelayQueue<NonceDelayed> _nonceDelayQueue =
067                    new DelayQueue<NonceDelayed>();
068    
069            private static class NonceDelayed implements Delayed {
070    
071                    public NonceDelayed(String nonce) {
072                            if (nonce == null) {
073                                    throw new NullPointerException("Nonce is null");
074                            }
075    
076                            _nonce = nonce;
077                            _createTime = System.currentTimeMillis();
078                    }
079    
080                    public long getDelay(TimeUnit timeUnit) {
081                            long leftDelayTime =
082                                    _NONCE_EXPIRATION + _createTime - System.currentTimeMillis();
083    
084                            return timeUnit.convert(leftDelayTime, TimeUnit.MILLISECONDS);
085                    }
086    
087                    public int compareTo(Delayed delayed) {
088                            NonceDelayed nonceDelayed = (NonceDelayed)delayed;
089    
090                            long result = _createTime - nonceDelayed._createTime;
091    
092                            if (result == 0) {
093                                    return 0;
094                            }
095                            else if (result > 0) {
096                                    return 1;
097                            }
098                            else {
099                                    return -1;
100                            }
101                    }
102    
103                    public boolean equals(Object obj) {
104                            if (this == obj) {
105                                    return true;
106                            }
107    
108                            if (!(obj instanceof NonceDelayed)) {
109                                    return false;
110                            }
111    
112                            NonceDelayed nonceDelayed = (NonceDelayed)obj;
113    
114                            if (_nonce.equals(nonceDelayed._nonce)) {
115                                    return true;
116                            }
117    
118                            return false;
119                    }
120    
121                    public int hashCode() {
122                            return _nonce.hashCode();
123                    }
124    
125                    private final long _createTime;
126                    private final String _nonce;
127    
128            }
129    
130    }