public class SimpleNonceManager extends Object implements SessionNonceManager
NonceManagerimplementation to provide reasonable single host management of nonces. This
NonceManagermanages nonces in two groups, the first is the group that are allocated to new requests, this group is a problem as we want to be able to limit how many we distribute so we don't have a DOS storing too many but we also don't a high number of requests to to push the other valid nonces out faster than they can be used. The second group is the set of nonces actively in use - these should be maintained as we can also maintain the nonce count and even track the next nonce once invalid. Maybe group one should be a timestamp and private key hashed together, if used with a nonce count they move to be tracked to ensure the same count is not used again - if successfully used without a nonce count add to a blacklist until expiration? A nonce used without a nonce count will essentially be single use with each request getting a new nonce.
|Constructor and Description|
|Modifier and Type||Method and Description|
| || |
Associate the supplied hash with the nonce specified.
| || |
Retrieve the existing hash associated with the nonce specified.
| || |
Select the next nonce to be sent from the server taking into account the last valid nonce.
| || |
Validate that a nonce can be used.
public SimpleNonceManager(String hashAlg)
public String nextNonce(String lastNonce, HttpServerExchange exchange)
lastNonce- - The last valid nonce received from the client or null if we don't already have a nonce.
public boolean validateNonce(String nonce, int nonceCount, HttpServerExchange exchange)
nonce- - The nonce received from the client.
nonceCount- - The nonce count from the client or -1 of none specified.
NonceManager.validateNonce(java.lang.String, int, io.undertow.server.HttpServerExchange)
public void associateHash(String nonce, byte hash)
public byte lookupHash(String nonce)
Copyright © 2017 JBoss by Red Hat. All rights reserved.