Removed unused POST checksum validation code
This commit is contained in:
Paul Trudel
parent
7a1081a974
commit
e757cf15ee
@ -1,22 +0,0 @@
|
|||||||
package org.bigbluebutton.api.model.constraint;
|
|
||||||
|
|
||||||
import org.bigbluebutton.api.model.validator.PostChecksumValidator;
|
|
||||||
|
|
||||||
import javax.validation.Constraint;
|
|
||||||
import javax.validation.Payload;
|
|
||||||
import java.lang.annotation.Retention;
|
|
||||||
import java.lang.annotation.Target;
|
|
||||||
|
|
||||||
import static java.lang.annotation.ElementType.TYPE;
|
|
||||||
import static java.lang.annotation.RetentionPolicy.RUNTIME;
|
|
||||||
|
|
||||||
@Constraint(validatedBy = PostChecksumValidator.class)
|
|
||||||
@Target(TYPE)
|
|
||||||
@Retention(RUNTIME)
|
|
||||||
public @interface PostChecksumConstraint {
|
|
||||||
|
|
||||||
String key() default "checksumError";
|
|
||||||
String message() default "Checksums do not match";
|
|
||||||
Class<?>[] groups() default {};
|
|
||||||
Class<? extends Payload>[] payload() default {};
|
|
||||||
}
|
|
||||||
@ -1,23 +0,0 @@
|
|||||||
package org.bigbluebutton.api.model.shared;
|
|
||||||
|
|
||||||
import org.bigbluebutton.api.model.constraint.PostChecksumConstraint;
|
|
||||||
import org.bigbluebutton.api.service.ValidationService;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
@PostChecksumConstraint(groups = ChecksumValidationGroup.class)
|
|
||||||
public class PostChecksum extends Checksum {
|
|
||||||
|
|
||||||
Map<String, String[]> params;
|
|
||||||
|
|
||||||
public PostChecksum(String apiCall, String checksum, Map<String, String[]> params, HttpServletRequest request) {
|
|
||||||
super(apiCall, checksum, request);
|
|
||||||
this.params = params;
|
|
||||||
queryStringWithoutChecksum = ValidationService.buildQueryStringFromParamsMap(params);
|
|
||||||
}
|
|
||||||
|
|
||||||
public Map<String, String[]> getParams() { return params; }
|
|
||||||
|
|
||||||
public void setParams(Map<String, String[]> params) { this.params = params; }
|
|
||||||
}
|
|
||||||
@ -1,53 +0,0 @@
|
|||||||
package org.bigbluebutton.api.model.validator;
|
|
||||||
|
|
||||||
import org.apache.commons.codec.digest.DigestUtils;
|
|
||||||
import org.bigbluebutton.api.model.constraint.PostChecksumConstraint;
|
|
||||||
import org.bigbluebutton.api.model.shared.PostChecksum;
|
|
||||||
import org.bigbluebutton.api.service.ServiceUtils;
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
|
|
||||||
import javax.validation.ConstraintValidator;
|
|
||||||
import javax.validation.ConstraintValidatorContext;
|
|
||||||
|
|
||||||
public class PostChecksumValidator implements ConstraintValidator<PostChecksumConstraint, PostChecksum> {
|
|
||||||
|
|
||||||
private static Logger log = LoggerFactory.getLogger(PostChecksumValidator.class);
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void initialize(PostChecksumConstraint constraintAnnotation) {}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean isValid(PostChecksum checksum, ConstraintValidatorContext context) {
|
|
||||||
String securitySalt = ServiceUtils.getValidationService().getSecuritySalt();
|
|
||||||
|
|
||||||
if (securitySalt.isEmpty()) {
|
|
||||||
log.warn("Security is disabled in this service. Make sure this is intentional.");
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
String queryStringWithoutChecksum = checksum.getQueryStringWithoutChecksum();
|
|
||||||
log.info("query string after checksum removed: [{}]", queryStringWithoutChecksum);
|
|
||||||
|
|
||||||
if(queryStringWithoutChecksum == null) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
String providedChecksum = checksum.getChecksum();
|
|
||||||
log.info("CHECKSUM={} length={}", providedChecksum, providedChecksum.length());
|
|
||||||
|
|
||||||
if(providedChecksum == null) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
String data = checksum.getApiCall() + queryStringWithoutChecksum + securitySalt;
|
|
||||||
String createdCheckSum = DigestUtils.sha1Hex(data);
|
|
||||||
|
|
||||||
if (createdCheckSum == null || !createdCheckSum.equalsIgnoreCase(providedChecksum)) {
|
|
||||||
log.info("checksumError: failed checksum. our checksum: [{}], client: [{}]", createdCheckSum, providedChecksum);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -4,7 +4,6 @@ import org.bigbluebutton.api.model.request.*;
|
|||||||
import org.bigbluebutton.api.model.shared.Checksum;
|
import org.bigbluebutton.api.model.shared.Checksum;
|
||||||
import org.bigbluebutton.api.model.shared.ChecksumValidationGroup;
|
import org.bigbluebutton.api.model.shared.ChecksumValidationGroup;
|
||||||
import org.bigbluebutton.api.model.shared.GetChecksum;
|
import org.bigbluebutton.api.model.shared.GetChecksum;
|
||||||
import org.bigbluebutton.api.model.shared.PostChecksum;
|
|
||||||
import org.bigbluebutton.api.util.ParamsUtil;
|
import org.bigbluebutton.api.util.ParamsUtil;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
@ -113,51 +112,23 @@ public class ValidationService {
|
|||||||
checksumValue = params.get("checksum")[0];
|
checksumValue = params.get("checksum")[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
switch(apiCall.requestType) {
|
if (Objects.requireNonNull(apiCall.requestType) == RequestType.GET) {
|
||||||
case GET:
|
|
||||||
checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest);
|
checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest);
|
||||||
switch(apiCall) {
|
request = switch (apiCall) {
|
||||||
case CREATE:
|
case CREATE -> new CreateMeeting(checksum, servletRequest);
|
||||||
request = new CreateMeeting(checksum, servletRequest);
|
case JOIN -> new JoinMeeting(checksum, servletRequest);
|
||||||
break;
|
case MEETING_RUNNING -> new MeetingRunning(checksum, servletRequest);
|
||||||
case JOIN:
|
case END -> new EndMeeting(checksum, servletRequest);
|
||||||
request = new JoinMeeting(checksum, servletRequest);
|
case GET_MEETING_INFO -> new MeetingInfo(checksum, servletRequest);
|
||||||
break;
|
case GET_MEETINGS, GET_SESSIONS -> new SimpleRequest(checksum, servletRequest);
|
||||||
case MEETING_RUNNING:
|
case INSERT_DOCUMENT -> new InsertDocument(checksum, servletRequest);
|
||||||
request = new MeetingRunning(checksum, servletRequest);
|
case GUEST_WAIT -> new GuestWait(servletRequest);
|
||||||
break;
|
case ENTER -> new Enter(servletRequest);
|
||||||
case END:
|
case STUNS -> new Stuns(servletRequest);
|
||||||
request = new EndMeeting(checksum, servletRequest);
|
case SIGN_OUT -> new SignOut(servletRequest);
|
||||||
break;
|
case LEARNING_DASHBOARD -> new LearningDashboard(servletRequest);
|
||||||
case GET_MEETING_INFO:
|
case GET_JOIN_URL -> new GetJoinUrl(servletRequest);
|
||||||
request = new MeetingInfo(checksum, servletRequest);
|
};
|
||||||
break;
|
|
||||||
case GET_MEETINGS:
|
|
||||||
case GET_SESSIONS:
|
|
||||||
request = new SimpleRequest(checksum, servletRequest);
|
|
||||||
break;
|
|
||||||
case INSERT_DOCUMENT:
|
|
||||||
request = new InsertDocument(checksum, servletRequest);
|
|
||||||
break;
|
|
||||||
case GUEST_WAIT:
|
|
||||||
request = new GuestWait(servletRequest);
|
|
||||||
break;
|
|
||||||
case ENTER:
|
|
||||||
request = new Enter(servletRequest);
|
|
||||||
break;
|
|
||||||
case STUNS:
|
|
||||||
request = new Stuns(servletRequest);
|
|
||||||
break;
|
|
||||||
case SIGN_OUT:
|
|
||||||
request = new SignOut(servletRequest);
|
|
||||||
break;
|
|
||||||
case LEARNING_DASHBOARD:
|
|
||||||
request = new LearningDashboard(servletRequest);
|
|
||||||
break;
|
|
||||||
case GET_JOIN_URL:
|
|
||||||
request = new GetJoinUrl(servletRequest);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return request;
|
return request;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user