Improve token authorisation

author Mathieu Baudier <mbaudier@argeo.org>

Mon, 2 Oct 2017 12:54:12 +0000 (14:54 +0200)

committer Mathieu Baudier <mbaudier@argeo.org>

Mon, 2 Oct 2017 12:54:12 +0000 (14:54 +0200)
author Mathieu Baudier <mbaudier@argeo.org>
Mon, 2 Oct 2017 12:54:12 +0000 (14:54 +0200)
committer Mathieu Baudier <mbaudier@argeo.org>
Mon, 2 Oct 2017 12:54:12 +0000 (14:54 +0200)
diff --git a/org.argeo.enterprise/src/org/argeo/naming/NamingUtils.java b/org.argeo.enterprise/src/org/argeo/naming/NamingUtils.java

index fc505022fee0f6ac646dd5f215f4fe8f16a7d5ca..0b74ee18c4f4521ad4ceb48994594665fecbd9b6 100644 (file)
--- a/org.argeo.enterprise/src/org/argeo/naming/NamingUtils.java
+++ b/org.argeo.enterprise/src/org/argeo/naming/NamingUtils.java
@@ -4,7 +4,10 @@ import java.io.UnsupportedEncodingException;
  import java.net.URI;
  import java.net.URLDecoder;
  import java.nio.charset.StandardCharsets;
+import java.time.Instant;
  import java.time.OffsetDateTime;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
  import java.time.format.DateTimeFormatter;
  import java.util.LinkedHashMap;
  import java.util.LinkedList;
@@ -12,11 +15,15 @@ import java.util.List;
  import java.util.Map;
  
  public class NamingUtils {
-       private final static DateTimeFormatter ldapDateTimeFormatter = DateTimeFormatter
-                       .ofPattern("uuuuMMddHHmmss[,S][.S]X");
+       private final static DateTimeFormatter utcLdapDate = DateTimeFormatter.ofPattern("uuuuMMddHHmmssX")
+                       .withZone(ZoneOffset.UTC);
  
-       public static OffsetDateTime ldapDateToInstant(String ldapDate) {
-               return OffsetDateTime.parse(ldapDate, ldapDateTimeFormatter);
+       public static Instant ldapDateToInstant(String ldapDate) {
+               return OffsetDateTime.parse(ldapDate, utcLdapDate).toInstant();
+       }
+
+       public static String instantToLdapDate(ZonedDateTime instant) {
+               return utcLdapDate.format(instant.withZoneSameInstant(ZoneOffset.UTC));
         }
  
         public static String getQueryValue(Map<String, List<String>> query, String key) {
@@ -59,4 +66,11 @@ public class NamingUtils {
         private NamingUtils() {
  
         }
+
+//     public static void main(String args[]) {
+//             ZonedDateTime now = ZonedDateTime.now().withZoneSameInstant(ZoneOffset.UTC);
+//             String str = utcLdapDate.format(now);
+//             System.out.println(str);
+//             utcLdapDate.parse(str);
+//     }
  }
diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java

index 7cf416526ffdea417975c0cc9c3f704d564c8e2e..4eab8cd87023a0cd5b3f791979af0b1e70ef52ce 100644 (file)
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java
@@ -4,9 +4,8 @@ import java.net.URI;
  import java.net.URISyntaxException;
  import java.nio.ByteBuffer;
  import java.nio.CharBuffer;
-import java.nio.charset.Charset;
  import java.nio.charset.StandardCharsets;
-import java.time.OffsetDateTime;
+import java.time.Instant;
  import java.util.ArrayList;
  import java.util.Arrays;
  import java.util.Base64;
@@ -104,8 +103,8 @@ class LdifUser implements DirectoryUser {
                                         Map<String, List<String>> query = NamingUtils.queryToMap(uri);
                                         String expiryTimestamp = NamingUtils.getQueryValue(query, LdapAttrs.modifyTimestamp.name());
                                         if (expiryTimestamp != null) {
-                                               OffsetDateTime expiryOdt = NamingUtils.ldapDateToInstant(expiryTimestamp);
-                                               if (expiryOdt.isBefore(OffsetDateTime.now()))
+                                               Instant expiryOdt = NamingUtils.ldapDateToInstant(expiryTimestamp);
+                                               if (expiryOdt.isBefore(Instant.now()))
                                                         return false;
                                         } else {
                                                 throw new UnsupportedOperationException("An expiry timestamp "
@@ -143,7 +142,7 @@ class LdifUser implements DirectoryUser {
                 CharBuffer charBuffer = CharBuffer.wrap(chars);
                 ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer);
                 byte[] bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
-               Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
+               // Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data
                 Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
                 return bytes;
         }
author	Mathieu Baudier <mbaudier@argeo.org>
	Mon, 2 Oct 2017 12:54:12 +0000 (14:54 +0200)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Mon, 2 Oct 2017 12:54:12 +0000 (14:54 +0200)
org.argeo.enterprise/src/org/argeo/naming/NamingUtils.java		patch \| blob \| history
org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUser.java		patch \| blob \| history