diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/model/constraint/PostChecksumConstraint.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/model/constraint/PostChecksumConstraint.java deleted file mode 100755 index 4e359b8fed..0000000000 --- a/bbb-common-web/src/main/java/org/bigbluebutton/api/model/constraint/PostChecksumConstraint.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bigbluebutton.api.model.constraint; - -import org.bigbluebutton.api.model.validator.PostChecksumValidator; - -import javax.validation.Constraint; -import javax.validation.Payload; -import java.lang.annotation.Retention; -import java.lang.annotation.Target; - -import static java.lang.annotation.ElementType.TYPE; -import static java.lang.annotation.RetentionPolicy.RUNTIME; - -@Constraint(validatedBy = PostChecksumValidator.class) -@Target(TYPE) -@Retention(RUNTIME) -public @interface PostChecksumConstraint { - - String key() default "checksumError"; - String message() default "Checksums do not match"; - Class[] groups() default {}; - Class[] payload() default {}; -} diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/model/shared/PostChecksum.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/model/shared/PostChecksum.java deleted file mode 100755 index 577c244e63..0000000000 --- a/bbb-common-web/src/main/java/org/bigbluebutton/api/model/shared/PostChecksum.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bigbluebutton.api.model.shared; - -import org.bigbluebutton.api.model.constraint.PostChecksumConstraint; -import org.bigbluebutton.api.service.ValidationService; - -import javax.servlet.http.HttpServletRequest; -import java.util.Map; - -@PostChecksumConstraint(groups = ChecksumValidationGroup.class) -public class PostChecksum extends Checksum { - - Map params; - - public PostChecksum(String apiCall, String checksum, Map params, HttpServletRequest request) { - super(apiCall, checksum, request); - this.params = params; - queryStringWithoutChecksum = ValidationService.buildQueryStringFromParamsMap(params); - } - - public Map getParams() { return params; } - - public void setParams(Map params) { this.params = params; } -} diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/model/validator/PostChecksumValidator.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/model/validator/PostChecksumValidator.java deleted file mode 100755 index b34a178197..0000000000 --- a/bbb-common-web/src/main/java/org/bigbluebutton/api/model/validator/PostChecksumValidator.java +++ /dev/null @@ -1,53 +0,0 @@ -package org.bigbluebutton.api.model.validator; - -import org.apache.commons.codec.digest.DigestUtils; -import org.bigbluebutton.api.model.constraint.PostChecksumConstraint; -import org.bigbluebutton.api.model.shared.PostChecksum; -import org.bigbluebutton.api.service.ServiceUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.validation.ConstraintValidator; -import javax.validation.ConstraintValidatorContext; - -public class PostChecksumValidator implements ConstraintValidator { - - private static Logger log = LoggerFactory.getLogger(PostChecksumValidator.class); - - @Override - public void initialize(PostChecksumConstraint constraintAnnotation) {} - - @Override - public boolean isValid(PostChecksum checksum, ConstraintValidatorContext context) { - String securitySalt = ServiceUtils.getValidationService().getSecuritySalt(); - - if (securitySalt.isEmpty()) { - log.warn("Security is disabled in this service. Make sure this is intentional."); - return true; - } - - String queryStringWithoutChecksum = checksum.getQueryStringWithoutChecksum(); - log.info("query string after checksum removed: [{}]", queryStringWithoutChecksum); - - if(queryStringWithoutChecksum == null) { - return false; - } - - String providedChecksum = checksum.getChecksum(); - log.info("CHECKSUM={} length={}", providedChecksum, providedChecksum.length()); - - if(providedChecksum == null) { - return false; - } - - String data = checksum.getApiCall() + queryStringWithoutChecksum + securitySalt; - String createdCheckSum = DigestUtils.sha1Hex(data); - - if (createdCheckSum == null || !createdCheckSum.equalsIgnoreCase(providedChecksum)) { - log.info("checksumError: failed checksum. our checksum: [{}], client: [{}]", createdCheckSum, providedChecksum); - return false; - } - - return true; - } -} diff --git a/bbb-common-web/src/main/java/org/bigbluebutton/api/service/ValidationService.java b/bbb-common-web/src/main/java/org/bigbluebutton/api/service/ValidationService.java index bba230759e..8c241d40eb 100755 --- a/bbb-common-web/src/main/java/org/bigbluebutton/api/service/ValidationService.java +++ b/bbb-common-web/src/main/java/org/bigbluebutton/api/service/ValidationService.java @@ -4,7 +4,6 @@ import org.bigbluebutton.api.model.request.*; import org.bigbluebutton.api.model.shared.Checksum; import org.bigbluebutton.api.model.shared.ChecksumValidationGroup; import org.bigbluebutton.api.model.shared.GetChecksum; -import org.bigbluebutton.api.model.shared.PostChecksum; import org.bigbluebutton.api.util.ParamsUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -113,51 +112,23 @@ public class ValidationService { checksumValue = params.get("checksum")[0]; } - switch(apiCall.requestType) { - case GET: - checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest); - switch(apiCall) { - case CREATE: - request = new CreateMeeting(checksum, servletRequest); - break; - case JOIN: - request = new JoinMeeting(checksum, servletRequest); - break; - case MEETING_RUNNING: - request = new MeetingRunning(checksum, servletRequest); - break; - case END: - request = new EndMeeting(checksum, servletRequest); - break; - case GET_MEETING_INFO: - request = new MeetingInfo(checksum, servletRequest); - break; - case GET_MEETINGS: - case GET_SESSIONS: - request = new SimpleRequest(checksum, servletRequest); - break; - case INSERT_DOCUMENT: - request = new InsertDocument(checksum, servletRequest); - break; - case GUEST_WAIT: - request = new GuestWait(servletRequest); - break; - case ENTER: - request = new Enter(servletRequest); - break; - case STUNS: - request = new Stuns(servletRequest); - break; - case SIGN_OUT: - request = new SignOut(servletRequest); - break; - case LEARNING_DASHBOARD: - request = new LearningDashboard(servletRequest); - break; - case GET_JOIN_URL: - request = new GetJoinUrl(servletRequest); - break; - } + if (Objects.requireNonNull(apiCall.requestType) == RequestType.GET) { + checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest); + request = switch (apiCall) { + case CREATE -> new CreateMeeting(checksum, servletRequest); + case JOIN -> new JoinMeeting(checksum, servletRequest); + case MEETING_RUNNING -> new MeetingRunning(checksum, servletRequest); + case END -> new EndMeeting(checksum, servletRequest); + case GET_MEETING_INFO -> new MeetingInfo(checksum, servletRequest); + case GET_MEETINGS, GET_SESSIONS -> new SimpleRequest(checksum, servletRequest); + case INSERT_DOCUMENT -> new InsertDocument(checksum, servletRequest); + case GUEST_WAIT -> new GuestWait(servletRequest); + case ENTER -> new Enter(servletRequest); + case STUNS -> new Stuns(servletRequest); + case SIGN_OUT -> new SignOut(servletRequest); + case LEARNING_DASHBOARD -> new LearningDashboard(servletRequest); + case GET_JOIN_URL -> new GetJoinUrl(servletRequest); + }; } return request;