public class SimpleNonceManager extends Object implements SessionNonceManager
NonceManager
implementation to provide reasonable single host management of nonces.
This NonceManager
manages nonces in two groups, the first is the group that are allocated to new requests, this group
is a problem as we want to be able to limit how many we distribute so we don't have a DOS storing too many but we also don't
a high number of requests to to push the other valid nonces out faster than they can be used.
The second group is the set of nonces actively in use - these should be maintained as we can also maintain the nonce count
and even track the next nonce once invalid.
Maybe group one should be a timestamp and private key hashed together, if used with a nonce count they move to be tracked to
ensure the same count is not used again - if successfully used without a nonce count add to a blacklist until expiration? A
nonce used without a nonce count will essentially be single use with each request getting a new nonce.Constructor and Description |
---|
SimpleNonceManager() |
SimpleNonceManager(String hashAlg) |
Modifier and Type | Method and Description |
---|---|
void |
associateHash(String nonce,
byte[] hash)
Associate the supplied hash with the nonce specified.
|
byte[] |
lookupHash(String nonce)
Retrieve the existing hash associated with the nonce specified.
|
String |
nextNonce(String lastNonce,
HttpServerExchange exchange)
Select the next nonce to be sent from the server taking into account the last valid nonce.
|
boolean |
validateNonce(String nonce,
int nonceCount,
HttpServerExchange exchange)
Validate that a nonce can be used.
|
public SimpleNonceManager()
public SimpleNonceManager(String hashAlg)
public String nextNonce(String lastNonce, HttpServerExchange exchange)
NonceManager
nextNonce
in interface NonceManager
lastNonce
- - The last valid nonce received from the client or null if we don't already have a nonce.NonceManager.nextNonce(java.lang.String, io.undertow.server.HttpServerExchange)
public boolean validateNonce(String nonce, int nonceCount, HttpServerExchange exchange)
NonceManager
validateNonce
in interface NonceManager
nonce
- - The nonce received from the client.nonceCount
- - The nonce count from the client or -1 of none specified.NonceManager.validateNonce(java.lang.String, int, io.undertow.server.HttpServerExchange)
public void associateHash(String nonce, byte[] hash)
SessionNonceManager
associateHash
in interface SessionNonceManager
nonce
- - The nonce the hash is to be associated with.hash
- - The hash to associate.public byte[] lookupHash(String nonce)
SessionNonceManager
lookupHash
in interface SessionNonceManager
nonce
- - The nonce the hash is required for.Copyright © 2016 JBoss by Red Hat. All rights reserved.