Created
April 23, 2012 00:34
-
-
Save Molnfront/2467787 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
component persistent="false" accessors="true" output="false" { | |
property name="fw" type="any"; | |
property name="apiUsersDAO" type="any"; | |
public any function authenticateReuqest(required string verb,required string cfc,required struct requestArguments,required struct requestHeaders) { | |
if(!checkRequiredArguments(arguments.requestArguments)) { | |
return createAuthenticationRequiredMessage("Authentication Required: Missing Request Arguments."); | |
} | |
if(!havePrivateKey(arguments.requestArguments.publicKey)) { | |
return createAuthenticationRequiredMessage("Authentication Required: No API User By the Key given."); | |
} | |
//writeDump(createSignString(arguments.requestArguments)); | |
//abort; | |
if(!timeInAcceptableBounds(arguments.requestArguments.timestamp)) { | |
return createAuthenticationRequiredMessage("Authentication Required: Request Time Out"); | |
} | |
//writeDump(createSignString(arguments.requestArguments)); | |
//writeDump(EncryptSignature(argValue=createSignString(arguments.requestArguments),publicKey=arguments.requestArguments.publicKey)); | |
//abort; | |
// Since I already determined this timestamp was within acceptable bounds to be accepted, | |
// I still use it within my own hash calculation to make sure it was the same timestamp sent from the client originally in thier sign, | |
// and not a made-up timestamp from a man-in-the-middle attack. | |
if(!compareSignature(theirSign=arguments.requestArguments.signature,areSign=EncryptSignature(argValue=createSignString(arguments.requestArguments),publicKey=arguments.requestArguments.publicKey))) { | |
return createAuthenticationRequiredMessage("Signature does not match!"); | |
} | |
return true; | |
} | |
public any function timeInAcceptableBounds(required any timestamp) hint="I check request was send within acceptable bounds." { | |
local.dif=DateDiff("n",arguments.timestamp,now()); | |
if(local.dif gt 3) { | |
return false; | |
} else { | |
return true; | |
} | |
} | |
public any function compareSignature(required any theirSign,required any areSign) hint="I compare the two signatures." { | |
if(arguments.theirSign eq arguments.areSign) { | |
return true; | |
} else { | |
return false; | |
} | |
} | |
public any function EncryptSignature(required string argValue,required string publicKey) hint="I create my own signature that I will matching later." { | |
var jMsg=JavaCast("string",arguments.argValue).getBytes("iso-8859-1"); | |
var jKey=JavaCast("string",getapiUsersDAO().getSecretKey(arguments.publicKey)).getBytes("iso-8859-1"); | |
var key=createObject("java","javax.crypto.spec.SecretKeySpec"); | |
var mac=createObject("java","javax.crypto.Mac"); | |
key=key.init(jKey,"HmacSHA1"); | |
mac=mac.getInstance(key.getAlgorithm()); | |
mac.init(key); | |
mac.update(jMsg); | |
return lCase(binaryEncode(mac.doFinal(),'Hex')); | |
//return Encrypt(arguments.argValue,getapiUsersDAO().getSecretKey(arguments.publicKey),'HMAC-SHA1'); | |
} | |
public string function createSignString(required struct requestArguments) hint="I create the string for my signature." { | |
StructDelete(arguments.requestArguments,"signature"); | |
var myMap=createObject("java","java.util.TreeMap").init(arguments.requestArguments); | |
local.returnString=""; | |
for(key in myMap) { | |
local.returnString=local.returnString & myMap[key]; | |
} | |
return local.returnString; | |
} | |
public any function havePrivateKey(required string publicKey) hint="I check API User exisits and has a key." { | |
return getapiUsersDAO().hasPrivateKey(arguments.publicKey); | |
} | |
public any function checkRequiredArguments(required requestArguments) hint="I check we have the required arguments to authenticate this request." { | |
if(structkeyexists(arguments.requestArguments,"publicKey") AND structkeyexists(arguments.requestArguments,"signature") AND structkeyexists(arguments.requestArguments,"timestamp")) { | |
return true; | |
} | |
return false; | |
} | |
public any function createAuthenticationRequiredMessage(string message) { | |
local.bodyContent=structnew(); | |
local.reponseObject=createObject("component","taffy.core.genericRepresentation"); | |
bodycontent.msg=arguments.message; | |
return reponseObject.setData(local.bodyContent).withStatus(200); | |
} | |
/*public any function authenticateReuqest(required string verb,required string cfc,required struct requestArguments,required struct requestHeaders) { | |
// Check for Authorisation headers | |
if(not structkeyexists(arguments.requestHeaders,"Authorization")) { | |
return createAuthenticationRequiredMessage("Authentication Required"); | |
} | |
// Check Authorization valid | |
local.apiAccess=retrieveApiUserFromAuthorizationHeader(arguments.requestHeaders["Authorization"]); | |
if(not len(local.apiAccess)) { | |
return createAuthenticationRequiredMessage("Invalid login credentials provided"); | |
} | |
if(local.apiAccess eq true) { | |
return true; | |
} | |
return createAuthenticationRequiredMessage("Invalid login credentials provided"); | |
}*/ | |
public any function retrieveApiUserFromAuthorizationHeader(required string authorizationHeader) { | |
local.decodedAuthHeader=tostring(tobinary(listlast(arguments.authorizationHeader," "))); | |
local.username=ListFirst(local.decodedAuthHeader,":"); | |
local.password=Listlast(local.decodedAuthHeader,":"); | |
return validateLoginCredentials(local.username,local.password); | |
} | |
public any function validateLoginCredentials(required string login,required string password) { | |
local.result=getDAO().readByUserNameandPassword(arguments.login,arguments.password); | |
// If we have a match return true | |
if(!isNull(local.result)) { | |
return true; | |
} | |
// Default is always false. | |
return False; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment