2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.openecomp.sdc.securityutil;
22 import java.io.IOException;
23 import javax.servlet.http.Cookie;
24 import org.openecomp.sdc.securityutil.filters.SessionValidationFilter;
25 import org.slf4j.Logger;
26 import org.slf4j.LoggerFactory;
28 public class AuthenticationCookieUtils {
30 private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName());
32 private AuthenticationCookieUtils() {
36 * Update given cookie session time value to current time
39 * @param filterConfiguration
41 * @throws CipherUtilException
44 public static Cookie updateSessionTime(Cookie cookie, ISessionValidationFilterConfiguration filterConfiguration)
45 throws CipherUtilException, IOException {
46 AuthenticationCookie authenticationCookie = getAuthenticationCookie(cookie, filterConfiguration);
47 long newTime = System.currentTimeMillis();
48 log.debug("SessionValidationFilter: Going to set new session time in cookie, old value: {}, new value: {}",
49 authenticationCookie.getCurrentSessionTime(), newTime);
50 authenticationCookie.setCurrentSessionTime(newTime);
51 String encryptedCookie = getEncryptedCookie(authenticationCookie, filterConfiguration);
52 return createUpdatedCookie(cookie, encryptedCookie, filterConfiguration);
56 * Create new Cookie object with same attributes as original cookie
59 * @param encryptedCookie
60 * @param cookieConfiguration
63 public static Cookie createUpdatedCookie(Cookie cookie, String encryptedCookie, ISessionValidationCookieConfiguration cookieConfiguration) {
64 Cookie updatedCookie = new Cookie(cookie.getName(), encryptedCookie);
65 updatedCookie.setSecure(true);
66 updatedCookie.setPath(cookieConfiguration.getCookiePath());
67 updatedCookie.setDomain(cookieConfiguration.getCookieDomain());
68 updatedCookie.setHttpOnly(cookieConfiguration.isCookieHttpOnly());
73 * Convert AuthenticationCookie to JSON and encrypt with given key
75 * @param authenticationCookie
76 * @param filterConfiguration
79 * @throws CipherUtilException
81 public static String getEncryptedCookie(AuthenticationCookie authenticationCookie, ISessionValidationFilterConfiguration filterConfiguration)
82 throws IOException, CipherUtilException {
83 String changedCookieJson = RepresentationUtils.toRepresentation(authenticationCookie);
84 return CipherUtil.encryptPKC(changedCookieJson, filterConfiguration.getSecurityKey());
88 * Decrypt given Cookie to JSON and convert to AuthenticationCookie object
91 * @param filterConfiguration
93 * @throws CipherUtilException
95 public static AuthenticationCookie getAuthenticationCookie(Cookie cookie, ISessionValidationFilterConfiguration filterConfiguration)
96 throws CipherUtilException {
97 String originalCookieJson = CipherUtil.decryptPKC(cookie.getValue(), filterConfiguration.getSecurityKey());
98 return RepresentationUtils.fromRepresentation(originalCookieJson, AuthenticationCookie.class);
102 * session expired if session was idle or max time reached
105 * @param filterConfiguration
107 * @throws CipherUtilException
109 public static boolean isSessionExpired(Cookie cookie, ISessionValidationFilterConfiguration filterConfiguration) throws CipherUtilException {
110 AuthenticationCookie authenticationCookie = getAuthenticationCookie(cookie, filterConfiguration);
111 long sessionExpirationDate = authenticationCookie.getMaxSessionTime() + filterConfiguration.getMaxSessionTimeOut();
112 long sessionTime = authenticationCookie.getCurrentSessionTime();
113 long currentTime = System.currentTimeMillis();
114 log.debug("SessionValidationFilter: Checking if session expired: session time: {}, expiration time: {}, current time: {}", sessionTime,
115 sessionExpirationDate, currentTime);
116 return currentTime > sessionExpirationDate || isSessionIdle(sessionTime, currentTime, filterConfiguration);
120 * Session is idle if wasn't updated ( wasn't in use ) for more then value from filter configuration
122 * @param sessionTimeValue
124 * @param filterConfiguration
127 private static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) {
128 long currentIdleTime = currentTime - sessionTimeValue;
129 long maxIdleTime = filterConfiguration.getSessionIdleTimeOut();
130 log.debug("SessionValidationFilter: Checking if session idle: session time: {}, current idle time: {}, max idle time: {}", currentTime,
131 currentIdleTime, maxIdleTime);
132 return currentIdleTime >= maxIdleTime;