Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.wicket.core.request.mapper; import java.util.Iterator; import java.util.List; import java.util.function.Supplier; import org.apache.wicket.Application; import org.apache.wicket.core.request.handler.RequestSettingRequestHandler; import org.apache.wicket.protocol.http.PageExpiredException; import org.apache.wicket.request.IRequestHandler; import org.apache.wicket.request.IRequestMapper; import org.apache.wicket.request.Request; import org.apache.wicket.request.Url; import org.apache.wicket.request.mapper.IRequestMapperDelegate; import org.apache.wicket.request.mapper.info.PageComponentInfo; import org.apache.wicket.util.crypt.ICrypt; import org.apache.wicket.util.crypt.ICryptFactory; import org.apache.wicket.util.lang.Args; import org.apache.wicket.util.string.Strings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * <p> * A request mapper that encrypts URLs generated by another mapper. This mapper encrypts the segments * and query parameters of URLs starting with {@link IMapperContext#getNamespace()}, and just the * {@link PageComponentInfo} parameter for mounted URLs. * </p> * * <p> * <strong>Important</strong>: for better security it is recommended to use * {@link org.apache.wicket.core.request.mapper.CryptoMapper#CryptoMapper(IRequestMapper, Supplier)} * constructor with {@link org.apache.wicket.util.crypt.ICrypt} implementation that generates a * separate key for each user. {@link org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory} provides such an * implementation that stores the key in the HTTP session. * </p> * * <p> * This mapper can be mounted before or after mounting other pages, but will only encrypt URLs for * pages mounted before the {@link CryptoMapper}. If required, multiple {@link CryptoMapper}s may be * installed in an {@link Application}. * </p> * * <p> * When encrypting URLs in the Wicket namespace (starting with {@link IMapperContext#getNamespace()}), the entire URL, * including segments and parameters, is encrypted, with the encrypted form stored in the first segment of the encrypted URL. * </p> * * <p> * To be able to handle relative URLs, like for image URLs in a CSS file, checksum segments are appended to the * encrypted URL until the encrypted URL has the same number of segments as the original URL had. * Each checksum segment has a precise 5 character value, calculated using a checksum. This helps in calculating * the relative distance from the original URL. When a URL is returned by the browser, we iterate through these * checksummed placeholder URL segments. If the segment matches the expected checksum, then the segment is deemed * to be the corresponding segment in the original URL. If the segment does not match the expected checksum, then * the segment is deemed a plain text sibling of the corresponding segment in the original URL, and all subsequent * segments are considered plain text children of the current segment. * </p> * * <p> * When encrypting mounted URLs, we look for the {@link PageComponentInfo} parameter, and encrypt only that parameter. * </p> * * <p> * {@link CryptoMapper} can be configured to mark encrypted URLs as encrypted, and throw a {@link PageExpiredException} * exception if a encrypted URL cannot be decrypted. This can occur when using {@code KeyInSessionSunJceCryptFactory}, and * the session has expired. * </p> * * @author igor.vaynberg * @author Jesse Long * @author svenmeier * @see org.apache.wicket.settings.SecuritySettings#setCryptFactory(org.apache.wicket.util.crypt.ICryptFactory) * @see org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory * @see org.apache.wicket.util.crypt.SunJceCrypt */ public class CryptoMapper implements IRequestMapperDelegate { private static final Logger log = LoggerFactory.getLogger(CryptoMapper.class); /** * Name of the parameter which contains encrypted page component info. */ private static final String ENCRYPTED_PAGE_COMPONENT_INFO_PARAMETER = "wicket-crypt"; private static final String ENCRYPTED_URL_MARKER_PREFIX = "crypt."; private final IRequestMapper wrappedMapper; private final Supplier<ICrypt> cryptProvider; /** * Whether or not to mark encrypted URLs as encrypted. */ private boolean markEncryptedUrls = false; /** * Encrypt with {@link org.apache.wicket.settings.SecuritySettings#getCryptFactory()}. * <p> * <strong>Important</strong>: Encryption is done with {@link org.apache.wicket.settings.SecuritySettings#DEFAULT_ENCRYPTION_KEY} if you haven't * configured an alternative {@link ICryptFactory}. For better security it is recommended to use * {@link CryptoMapper#CryptoMapper(IRequestMapper, Supplier)} with a specific {@link ICrypt} implementation * that generates a separate key for each user. * {@link org.apache.wicket.core.util.crypt.KeyInSessionSunJceCryptFactory} provides such an implementation that stores the * key in the HTTP session. * </p> * * @param wrappedMapper * the non-crypted request mapper * @param application * the current application * @see org.apache.wicket.util.crypt.SunJceCrypt */ public CryptoMapper(final IRequestMapper wrappedMapper, final Application application) { this(wrappedMapper, () -> application.getSecuritySettings().getCryptFactory().newCrypt()); } /** * Construct. * * @param wrappedMapper * the non-crypted request mapper * @param cryptProvider * the custom crypt provider */ public CryptoMapper(final IRequestMapper wrappedMapper, final Supplier<ICrypt> cryptProvider) { this.wrappedMapper = Args.notNull(wrappedMapper, "wrappedMapper"); this.cryptProvider = Args.notNull(cryptProvider, "cryptProvider"); } /** * Whether or not to mark encrypted URLs as encrypted. If set, a {@link PageExpiredException} is thrown when * a encrypted URL can no longer be decrypted. * * @return whether or not to mark encrypted URLs as encrypted. */ public boolean getMarkEncryptedUrls() { return markEncryptedUrls; } /** * Sets whether or not to mark encrypted URLs as encrypted. If set, a {@link PageExpiredException} is thrown when * a encrypted URL can no longer be decrypted. * * @param markEncryptedUrls * whether or not to mark encrypted URLs as encrypted. * * @return {@code this}, for chaining. */ public CryptoMapper setMarkEncryptedUrls(boolean markEncryptedUrls) { this.markEncryptedUrls = markEncryptedUrls; return this; } /** * {@inheritDoc} * <p> * This implementation decrypts the URL and passes the decrypted URL to the wrapped mapper. * </p> * @param request * The request for which to get a compatibility score. * * @return The compatibility score. */ @Override public int getCompatibilityScore(final Request request) { Url decryptedUrl = decryptUrl(request, request.getUrl()); if (decryptedUrl == null) { return 0; } Request decryptedRequest = request.cloneWithUrl(decryptedUrl); return wrappedMapper.getCompatibilityScore(decryptedRequest); } @Override public Url mapHandler(final IRequestHandler requestHandler) { final Url url = wrappedMapper.mapHandler(requestHandler); if (url == null) { return null; } if (url.isFull()) { // do not encrypt full urls return url; } return encryptUrl(url); } @Override public IRequestHandler mapRequest(final Request request) { Url url = decryptUrl(request, request.getUrl()); if (url == null) { return null; } Request decryptedRequest = request.cloneWithUrl(url); IRequestHandler handler = wrappedMapper.mapRequest(decryptedRequest); if (handler != null) { handler = new RequestSettingRequestHandler(decryptedRequest, handler); } return handler; } /** * @return the {@link ICrypt} implementation that may be used to encrypt/decrypt {@link Url}'s * segments and/or query string */ protected final ICrypt getCrypt() { return cryptProvider.get(); } /** * @return the wrapped root request mapper */ @Override public final IRequestMapper getDelegateMapper() { return wrappedMapper; } /** * Returns the applications {@link IMapperContext}. * * @return The applications {@link IMapperContext}. */ protected IMapperContext getContext() { return Application.get().getMapperContext(); } /** * Encrypts a URL. This method should return a new, encrypted instance of the URL. If the URL starts with {@code /wicket/}, * the entire URL is encrypted. * * @param url * The URL to encrypt. * * @return A new, encrypted version of the URL. */ protected Url encryptUrl(final Url url) { if (url.getSegments().size() > 0 && url.getSegments().get(0).equals(getContext().getNamespace())) { return encryptEntireUrl(url); } else { return encryptRequestListenerParameter(url); } } /** * Encrypts an entire URL, segments and query parameters. * * @param url * The URL to encrypt. * * @return An encrypted form of the URL. */ protected Url encryptEntireUrl(final Url url) { String encryptedUrlString = getCrypt().encryptUrlSafe(url.toString()); Url encryptedUrl = new Url(url.getCharset()); if (getMarkEncryptedUrls()) { encryptedUrl.getSegments().add(ENCRYPTED_URL_MARKER_PREFIX + encryptedUrlString); } else { encryptedUrl.getSegments().add(encryptedUrlString); } int numberOfSegments = url.getSegments().size() - 1; HashedSegmentGenerator generator = new HashedSegmentGenerator(encryptedUrlString); for (int segNo = 0; segNo < numberOfSegments; segNo++) { encryptedUrl.getSegments().add(generator.next()); } return encryptedUrl; } /** * Encrypts the {@link PageComponentInfo} query parameter in the URL, if any is found. * * @param url * The URL to encrypt. * * @return An encrypted form of the URL. */ protected Url encryptRequestListenerParameter(final Url url) { Url encryptedUrl = new Url(url); boolean encrypted = false; for (Iterator<Url.QueryParameter> it = encryptedUrl.getQueryParameters().iterator(); it.hasNext();) { Url.QueryParameter qp = it.next(); if (MapperUtils.parsePageComponentInfoParameter(qp) != null) { it.remove(); String encryptedParameterValue = getCrypt().encryptUrlSafe(qp.getName()); Url.QueryParameter encryptedParameter = new Url.QueryParameter( ENCRYPTED_PAGE_COMPONENT_INFO_PARAMETER, encryptedParameterValue); encryptedUrl.getQueryParameters().add(0, encryptedParameter); encrypted = true; break; } } if (encrypted) { return encryptedUrl; } else { return url; } } /** * Decrypts a {@link Url}. This method should return {@code null} if the URL is not decryptable, or if the * URL should have been encrypted but was not. Returning {@code null} results in a 404 error. * * @param request * The {@link Request}. * @param encryptedUrl * The encrypted {@link Url}. * * @return Returns a decrypted {@link Url}. */ protected Url decryptUrl(final Request request, final Url encryptedUrl) { Url url = decryptEntireUrl(request, encryptedUrl); if (url == null) { if (encryptedUrl.getSegments().size() > 0 && encryptedUrl.getSegments().get(0).equals(getContext().getNamespace())) { /* * This URL should have been encrypted, but was not. We should refuse to handle this, except when * there is more than one CryptoMapper installed, and the request was decrypted by some other * CryptoMapper. */ if (request.getOriginalUrl().getSegments().size() > 0 && request.getOriginalUrl().getSegments().get(0).equals(getContext().getNamespace())) { return null; } else { return encryptedUrl; } } } if (url == null) { url = decryptRequestListenerParameter(request, encryptedUrl); } log.debug("Url '{}' has been decrypted to '{}'", encryptedUrl, url); return url; } /** * Decrypts an entire URL, which was previously encrypted by {@link #encryptEntireUrl(org.apache.wicket.request.Url)}. * This method should return {@code null} if the URL is not decryptable. * * @param request * The request that was made. * @param encryptedUrl * The encrypted URL. * * @return A decrypted form of the URL, or {@code null} if the URL is not decryptable. */ protected Url decryptEntireUrl(final Request request, final Url encryptedUrl) { Url url = new Url(request.getCharset()); List<String> encryptedSegments = encryptedUrl.getSegments(); if (encryptedSegments.isEmpty()) { return null; } /* * The first encrypted segment contains an encrypted version of the entire plain text url. */ String encryptedUrlString = encryptedSegments.get(0); if (Strings.isEmpty(encryptedUrlString)) { return null; } if (getMarkEncryptedUrls()) { if (encryptedUrlString.startsWith(ENCRYPTED_URL_MARKER_PREFIX)) { encryptedUrlString = encryptedUrlString.substring(ENCRYPTED_URL_MARKER_PREFIX.length()); } else { return null; } } String decryptedUrl; try { decryptedUrl = getCrypt().decryptUrlSafe(encryptedUrlString); } catch (Exception e) { log.error("Error decrypting URL", e); return null; } if (decryptedUrl == null) { if (getMarkEncryptedUrls()) { throw new PageExpiredException("Encrypted URL is no longer decryptable"); } else { return null; } } Url originalUrl = Url.parse(decryptedUrl, request.getCharset()); int originalNumberOfSegments = originalUrl.getSegments().size(); int encryptedNumberOfSegments = encryptedUrl.getSegments().size(); if (originalNumberOfSegments > 0) { /* * This should always be true. Home page URLs are the only ones without * segments, and we don't encrypt those with this method. * * We always add the first segment of the URL, because we encrypt a URL like: * /path/to/something * to: * /encrypted_full/hash/hash * * Notice the consistent number of segments. If we applied the following relative URL: * ../../something * then the resultant URL would be: * /something * * Hence, the mere existence of the first, encrypted version of complete URL, segment * tells us that the first segment of the original URL is still to be used. */ url.getSegments().add(originalUrl.getSegments().get(0)); } HashedSegmentGenerator generator = new HashedSegmentGenerator(encryptedUrlString); int segNo = 1; for (; segNo < encryptedNumberOfSegments; segNo++) { if (segNo >= originalNumberOfSegments) { break; } String next = generator.next(); String encryptedSegment = encryptedSegments.get(segNo); if (!next.equals(encryptedSegment)) { /* * This segment received from the browser is not the same as the expected segment generated * by the HashSegmentGenerator. Hence it, and all subsequent segments are considered plain * text siblings of the original encrypted url. */ break; } /* * This segments matches the expected checksum, so we add the corresponding segment from the * original URL. */ url.getSegments().add(originalUrl.getSegments().get(segNo)); } /* * Add all remaining segments from the encrypted url as plain text segments. */ for (; segNo < encryptedNumberOfSegments; segNo++) { // modified or additional segment url.getSegments().add(encryptedUrl.getSegments().get(segNo)); } url.getQueryParameters().addAll(originalUrl.getQueryParameters()); // WICKET-4923 additional parameters url.getQueryParameters().addAll(encryptedUrl.getQueryParameters()); return url; } /** * Decrypts a URL which may contain an encrypted {@link PageComponentInfo} query parameter. * * @param request * The request that was made. * @param encryptedUrl * The (potentially) encrypted URL. * * @return A decrypted form of the URL. */ protected Url decryptRequestListenerParameter(final Request request, Url encryptedUrl) { Url url = new Url(encryptedUrl); url.getQueryParameters().clear(); for (Url.QueryParameter qp : encryptedUrl.getQueryParameters()) { if (MapperUtils.parsePageComponentInfoParameter(qp) != null) { /* * Plain text request listener parameter found. This should have been encrypted, so we * refuse to map the request unless the original URL did not include this parameter, which * case there are likely to be multiple cryptomappers installed. */ if (request.getOriginalUrl().getQueryParameter(qp.getName()) == null) { url.getQueryParameters().add(qp); } else { return null; } } else if (ENCRYPTED_PAGE_COMPONENT_INFO_PARAMETER.equals(qp.getName())) { String encryptedValue = qp.getValue(); if (Strings.isEmpty(encryptedValue)) { url.getQueryParameters().add(qp); } else { String decryptedValue = null; try { decryptedValue = getCrypt().decryptUrlSafe(encryptedValue); } catch (Exception e) { log.error("Error decrypting encrypted request listener query parameter", e); } if (Strings.isEmpty(decryptedValue)) { url.getQueryParameters().add(qp); } else { Url.QueryParameter decryptedParamter = new Url.QueryParameter(decryptedValue, ""); url.getQueryParameters().add(0, decryptedParamter); } } } else { url.getQueryParameters().add(qp); } } return url; } /** * A generator of hashed segments. */ public static class HashedSegmentGenerator { private char[] characters; private int hash = 0; public HashedSegmentGenerator(String string) { characters = string.toCharArray(); } /** * Generate the next segment * * @return segment */ public String next() { char a = characters[Math.abs(hash % characters.length)]; hash++; char b = characters[Math.abs(hash % characters.length)]; hash++; char c = characters[Math.abs(hash % characters.length)]; String segment = "" + a + b + c; hash = hashString(segment); segment += String.format("%02x", Math.abs(hash % 256)); hash = hashString(segment); return segment; } public int hashString(final String str) { int hash = 97; for (char c : str.toCharArray()) { int i = c; hash = 47 * hash + i; } return hash; } } }