The following document contains the results of PMD's CPD 6.13.0.
| File | Line |
|---|---|
| fr/paris/lutece/util/signrequest/HeaderHashAuthenticator.java | 57 |
| fr/paris/lutece/util/signrequest/RequestHashAuthenticator.java | 58 |
String strTimestamp = request.getHeader( HEADER_TIMESTAMP );
// no signature or timestamp
if ( ( strHash1 == null ) || ( strTimestamp == null ) )
{
LOGGER.info( "SignRequest - Invalid signature" );
return false;
}
if ( !isValidTimestamp( strTimestamp ) )
{
LOGGER.info( "SignRequest - Invalid timestamp : " + strTimestamp );
return false;
}
List<String> listElements = new ArrayList<String>( );
for ( String strParameter : getSignatureElements( ) )
{
String strValue = request.getParameter( strParameter );
if ( strValue != null )
{
listElements.add( strValue );
}
}
String strHash2 = buildSignature( listElements, strTimestamp, getPrivateKey( ) );
return strHash1.equals( strHash2 );
}
/**
* {@inheritDoc }
*/
@Override
public AuthenticateRequestInformations getSecurityInformations( List<String> elements )
{
String strTimestamp = String.valueOf( new Date( ).getTime( ) );
String strSignature = buildSignature( elements, strTimestamp, getPrivateKey( ) );
return new AuthenticateRequestInformations().addSecurityHeader(HEADER_TIMESTAMP,strTimestamp).addSecurityHeader(HEADER_SIGNATURE, strSignature); | |
