001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet.filters.secure;
016    
017    import com.liferay.portal.kernel.util.Digester;
018    import com.liferay.portal.kernel.util.DigesterUtil;
019    import com.liferay.portal.kernel.util.Time;
020    import com.liferay.portal.model.Company;
021    import com.liferay.portal.service.CompanyLocalServiceUtil;
022    import com.liferay.portal.util.PropsValues;
023    
024    import java.util.concurrent.DelayQueue;
025    import java.util.concurrent.Delayed;
026    import java.util.concurrent.TimeUnit;
027    
028    /**
029     * @author Alexander Chow
030     */
031    public class NonceUtil {
032    
033            public static String generate(long companyId, String remoteAddress) {
034                    String companyKey = null;
035    
036                    try {
037                            Company company = CompanyLocalServiceUtil.getCompanyById(companyId);
038    
039                            companyKey = company.getKey();
040                    }
041                    catch (Exception e) {
042                            throw new RuntimeException("Invalid companyId " + companyId, e);
043                    }
044    
045                    long timestamp = System.currentTimeMillis();
046    
047                    String nonce = DigesterUtil.digestHex(
048                            Digester.MD5, remoteAddress, String.valueOf(timestamp), companyKey);
049    
050                    _nonceDelayQueue.put(new NonceDelayed(nonce));
051    
052                    return nonce;
053            }
054    
055            public static boolean verify(String nonce) {
056                    _cleanUp();
057    
058                    return _nonceDelayQueue.contains(new NonceDelayed(nonce));
059            }
060    
061            private static void _cleanUp() {
062                    while (_nonceDelayQueue.poll() != null);
063            }
064    
065            private static final long _NONCE_EXPIRATION =
066                    PropsValues.WEBDAV_NONCE_EXPIRATION * Time.MINUTE;
067    
068            private static DelayQueue<NonceDelayed> _nonceDelayQueue =
069                    new DelayQueue<NonceDelayed>();
070    
071            private static class NonceDelayed implements Delayed {
072    
073                    public NonceDelayed(String nonce) {
074                            if (nonce == null) {
075                                    throw new NullPointerException("Nonce is null");
076                            }
077    
078                            _nonce = nonce;
079                            _createTime = System.currentTimeMillis();
080                    }
081    
082                    @Override
083                    public long getDelay(TimeUnit timeUnit) {
084                            long leftDelayTime =
085                                    _NONCE_EXPIRATION + _createTime - System.currentTimeMillis();
086    
087                            return timeUnit.convert(leftDelayTime, TimeUnit.MILLISECONDS);
088                    }
089    
090                    @Override
091                    public int compareTo(Delayed delayed) {
092                            NonceDelayed nonceDelayed = (NonceDelayed)delayed;
093    
094                            long result = _createTime - nonceDelayed._createTime;
095    
096                            if (result == 0) {
097                                    return 0;
098                            }
099                            else if (result > 0) {
100                                    return 1;
101                            }
102                            else {
103                                    return -1;
104                            }
105                    }
106    
107                    @Override
108                    public boolean equals(Object obj) {
109                            NonceDelayed nonceDelayed = (NonceDelayed)obj;
110    
111                            if (_nonce.equals(nonceDelayed._nonce)) {
112                                    return true;
113                            }
114    
115                            return false;
116                    }
117    
118                    @Override
119                    public int hashCode() {
120                            return _nonce.hashCode();
121                    }
122    
123                    private final long _createTime;
124                    private final String _nonce;
125    
126            }
127    
128    }