Le document suivant contient les résultats de l'inspection CPD CPD 6.13.0.
Fichier | Ligne |
---|---|
fr/paris/lutece/util/signrequest/HeaderHashAuthenticator.java | 57 |
fr/paris/lutece/util/signrequest/RequestHashAuthenticator.java | 58 |
String strTimestamp = request.getHeader( HEADER_TIMESTAMP ); // no signature or timestamp if ( ( strHash1 == null ) || ( strTimestamp == null ) ) { LOGGER.info( "SignRequest - Invalid signature" ); return false; } if ( !isValidTimestamp( strTimestamp ) ) { LOGGER.info( "SignRequest - Invalid timestamp : " + strTimestamp ); return false; } List<String> listElements = new ArrayList<String>( ); for ( String strParameter : getSignatureElements( ) ) { String strValue = request.getParameter( strParameter ); if ( strValue != null ) { listElements.add( strValue ); } } String strHash2 = buildSignature( listElements, strTimestamp, getPrivateKey( ) ); return strHash1.equals( strHash2 ); } /** * {@inheritDoc } */ @Override public AuthenticateRequestInformations getSecurityInformations( List<String> elements ) { String strTimestamp = String.valueOf( new Date( ).getTime( ) ); String strSignature = buildSignature( elements, strTimestamp, getPrivateKey( ) ); return new AuthenticateRequestInformations().addSecurityHeader(HEADER_TIMESTAMP,strTimestamp).addSecurityHeader(HEADER_SIGNATURE, strSignature); |