Package com.google.walkaround.wave.server

Source Code of com.google.walkaround.wave.server.ObjectSessionHelper

/*
* Copyright 2011 Google Inc. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.google.walkaround.wave.server;

import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import com.google.walkaround.proto.ObjectSessionProto;
import com.google.walkaround.proto.gson.ConnectResponseGsonImpl;
import com.google.walkaround.proto.gson.ObjectSessionProtoGsonImpl;
import com.google.walkaround.proto.gson.SignedObjectSessionGsonImpl;
import com.google.walkaround.slob.server.GsonProto;
import com.google.walkaround.slob.server.SlobStore.ConnectResult;
import com.google.walkaround.slob.shared.ClientId;
import com.google.walkaround.slob.shared.MessageException;
import com.google.walkaround.slob.shared.SlobId;
import com.google.walkaround.util.server.auth.InvalidSecurityTokenException;
import com.google.walkaround.util.server.servlet.AbstractHandler;
import com.google.walkaround.util.server.servlet.BadRequestException;
import com.google.walkaround.wave.server.auth.XsrfHelper;
import com.google.walkaround.wave.server.auth.XsrfHelper.XsrfTokenExpiredException;
import com.google.walkaround.wave.shared.SharedConstants.Params;

import java.util.logging.Logger;

import javax.servlet.http.HttpServletRequest;

/**
* Deals with {@link ObjectSession}s: Serializes, parses, signs, verifies.
*
* @author ohler@google.com (Christian Ohler)
*/
public class ObjectSessionHelper {

  @SuppressWarnings("unused")
  private static final Logger log = Logger.getLogger(ObjectSessionHelper.class.getName());

  private final XsrfHelper xsrfHelper;

  @Inject
  public ObjectSessionHelper(XsrfHelper xsrfHelper) {
    this.xsrfHelper = xsrfHelper;
  }

  private String makeAction(ObjectSessionProto session) {
    // If we made sure GSON serialization has the keys in deterministic order,
    // we could just serialize the protobuf and use that.
    Preconditions.checkArgument(!session.getObjectId().contains(" "),
        "Object ID contains a space: %s", session);
    Preconditions.checkArgument(!session.getClientId().contains(" "),
        "Client ID contains a space: %s", session);
    return session.getObjectId() + " " + session.getClientId()
        + " " + session.getStoreType();
  }

  /**
   * Extracts a signed ObjectSession from req, verifies its signature, and
   * returns it.
   */
  public ObjectSession getVerifiedSession(HttpServletRequest req)
      throws InvalidSecurityTokenException, XsrfTokenExpiredException {
    String rawSessionString = AbstractHandler.requireParameter(req, Params.SESSION);
    log.info("Parsing and verifying signed session " + rawSessionString);
    SignedObjectSessionGsonImpl signedSession;
    try {
      signedSession = GsonProto.fromGson(
          new SignedObjectSessionGsonImpl(), rawSessionString);
    } catch (MessageException e) {
      throw new BadRequestException("Failed to parse signed session", e);
    }
    xsrfHelper.verify(makeAction(signedSession.getSession()), signedSession.getSignature());
    return objectSessionFromProto(signedSession.getSession());
  }

  public static ObjectSession objectSessionFromProto(ObjectSessionProto proto) {
    return new ObjectSession(new SlobId(proto.getObjectId()),
        new ClientId(proto.getClientId()),
        proto.getStoreType());
  }

  public static ObjectSessionProto protoFromObjectSession(ObjectSession session) {
    ObjectSessionProto proto = new ObjectSessionProtoGsonImpl();
    proto.setObjectId(session.getObjectId().getId());
    proto.setClientId(session.getClientId().getId());
    proto.setStoreType(session.getStoreType());
    return proto;
  }

  private SignedObjectSessionGsonImpl createSignedSession(ObjectSession session) {
    ObjectSessionProto proto = protoFromObjectSession(session);
    SignedObjectSessionGsonImpl signedSession = new SignedObjectSessionGsonImpl();
    signedSession.setSession(proto);
    signedSession.setSignature(xsrfHelper.createToken(makeAction(proto)));
    return signedSession;
  }

  /**
   * Signs the ObjectSession and puts it in a ConnectResponse together with the
   * ConnectResult.
   */
  public ConnectResponseGsonImpl createConnectResponse(
      ObjectSession session, ConnectResult result) {
    ConnectResponseGsonImpl response = new ConnectResponseGsonImpl();
    SignedObjectSessionGsonImpl signedSession = createSignedSession(session);
    response.setSignedSession(signedSession);
    response.setSignedSessionString(GsonProto.toJson(signedSession));
    if (result.getChannelToken() != null) {
      response.setChannelToken(result.getChannelToken());
    }
    response.setObjectVersion(result.getVersion());
    return response;
  }

}
TOP

Related Classes of com.google.walkaround.wave.server.ObjectSessionHelper

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.