Support for signature token based account verification.

2026-04-26 19:03:22 +01:00 · 2014-11-13 14:25:33 -08:00
parent 8f2722263f
commit 222c7ea641
7 changed files with 284 additions and 38 deletions
--- a/src/main/java/org/whispersystems/textsecuregcm/auth/AuthorizationToken.java
+++ b/src/main/java/org/whispersystems/textsecuregcm/auth/AuthorizationToken.java
@@ -0,0 +1,76 @@
+package org.whispersystems.textsecuregcm.auth;
+
+
+import org.apache.commons.codec.DecoderException;
+import org.apache.commons.codec.binary.Hex;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.whispersystems.textsecuregcm.util.Util;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.InvalidKeyException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.concurrent.TimeUnit;
+
+public class AuthorizationToken {
+
+  private final Logger logger = LoggerFactory.getLogger(AuthorizationToken.class);
+
+  private final String token;
+  private final byte[] key;
+
+  public AuthorizationToken(String token, byte[] key) {
+    this.token = token;
+    this.key   = key;
+  }
+
+  public boolean isValid(String number, long currentTimeMillis) {
+    String[] parts = token.split(":");
+
+    if (parts.length != 3) {
+      return false;
+    }
+
+    if (!number.equals(parts[0])) {
+      return false;
+    }
+
+    if (!isValidTime(parts[1], currentTimeMillis)) {
+      return false;
+    }
+
+    return isValidSignature(parts[0] + ":" + parts[1], parts[2]);
+  }
+
+  private boolean isValidTime(String timeString, long currentTimeMillis) {
+    try {
+      long tokenTime = Long.parseLong(timeString);
+      long ourTime   = TimeUnit.MILLISECONDS.toSeconds(currentTimeMillis);
+
+      return TimeUnit.SECONDS.toHours(Math.abs(ourTime - tokenTime)) < 24;
+    } catch (NumberFormatException e) {
+      logger.warn("Number Format", e);
+      return false;
+    }
+  }
+
+  private boolean isValidSignature(String prefix, String suffix) {
+    try {
+      Mac hmac = Mac.getInstance("HmacSHA256");
+      hmac.init(new SecretKeySpec(key, "HmacSHA256"));
+
+      byte[] ourSuffix   = Util.truncate(hmac.doFinal(prefix.getBytes()), 10);
+      byte[] theirSuffix = Hex.decodeHex(suffix.toCharArray());
+
+      return MessageDigest.isEqual(ourSuffix, theirSuffix);
+    } catch (NoSuchAlgorithmException | InvalidKeyException e) {
+      throw new AssertionError(e);
+    } catch (DecoderException e) {
+      logger.warn("Authorizationtoken", e);
+      return false;
+    }
+  }
+
+}