Removed unused POST checksum validation code
This commit is contained in:
parent
7a1081a974
commit
e757cf15ee
@ -1,22 +0,0 @@
|
||||
package org.bigbluebutton.api.model.constraint;
|
||||
|
||||
import org.bigbluebutton.api.model.validator.PostChecksumValidator;
|
||||
|
||||
import javax.validation.Constraint;
|
||||
import javax.validation.Payload;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
import static java.lang.annotation.ElementType.TYPE;
|
||||
import static java.lang.annotation.RetentionPolicy.RUNTIME;
|
||||
|
||||
@Constraint(validatedBy = PostChecksumValidator.class)
|
||||
@Target(TYPE)
|
||||
@Retention(RUNTIME)
|
||||
public @interface PostChecksumConstraint {
|
||||
|
||||
String key() default "checksumError";
|
||||
String message() default "Checksums do not match";
|
||||
Class<?>[] groups() default {};
|
||||
Class<? extends Payload>[] payload() default {};
|
||||
}
|
@ -1,23 +0,0 @@
|
||||
package org.bigbluebutton.api.model.shared;
|
||||
|
||||
import org.bigbluebutton.api.model.constraint.PostChecksumConstraint;
|
||||
import org.bigbluebutton.api.service.ValidationService;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.Map;
|
||||
|
||||
@PostChecksumConstraint(groups = ChecksumValidationGroup.class)
|
||||
public class PostChecksum extends Checksum {
|
||||
|
||||
Map<String, String[]> params;
|
||||
|
||||
public PostChecksum(String apiCall, String checksum, Map<String, String[]> params, HttpServletRequest request) {
|
||||
super(apiCall, checksum, request);
|
||||
this.params = params;
|
||||
queryStringWithoutChecksum = ValidationService.buildQueryStringFromParamsMap(params);
|
||||
}
|
||||
|
||||
public Map<String, String[]> getParams() { return params; }
|
||||
|
||||
public void setParams(Map<String, String[]> params) { this.params = params; }
|
||||
}
|
@ -1,53 +0,0 @@
|
||||
package org.bigbluebutton.api.model.validator;
|
||||
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.bigbluebutton.api.model.constraint.PostChecksumConstraint;
|
||||
import org.bigbluebutton.api.model.shared.PostChecksum;
|
||||
import org.bigbluebutton.api.service.ServiceUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import javax.validation.ConstraintValidator;
|
||||
import javax.validation.ConstraintValidatorContext;
|
||||
|
||||
public class PostChecksumValidator implements ConstraintValidator<PostChecksumConstraint, PostChecksum> {
|
||||
|
||||
private static Logger log = LoggerFactory.getLogger(PostChecksumValidator.class);
|
||||
|
||||
@Override
|
||||
public void initialize(PostChecksumConstraint constraintAnnotation) {}
|
||||
|
||||
@Override
|
||||
public boolean isValid(PostChecksum checksum, ConstraintValidatorContext context) {
|
||||
String securitySalt = ServiceUtils.getValidationService().getSecuritySalt();
|
||||
|
||||
if (securitySalt.isEmpty()) {
|
||||
log.warn("Security is disabled in this service. Make sure this is intentional.");
|
||||
return true;
|
||||
}
|
||||
|
||||
String queryStringWithoutChecksum = checksum.getQueryStringWithoutChecksum();
|
||||
log.info("query string after checksum removed: [{}]", queryStringWithoutChecksum);
|
||||
|
||||
if(queryStringWithoutChecksum == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
String providedChecksum = checksum.getChecksum();
|
||||
log.info("CHECKSUM={} length={}", providedChecksum, providedChecksum.length());
|
||||
|
||||
if(providedChecksum == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
String data = checksum.getApiCall() + queryStringWithoutChecksum + securitySalt;
|
||||
String createdCheckSum = DigestUtils.sha1Hex(data);
|
||||
|
||||
if (createdCheckSum == null || !createdCheckSum.equalsIgnoreCase(providedChecksum)) {
|
||||
log.info("checksumError: failed checksum. our checksum: [{}], client: [{}]", createdCheckSum, providedChecksum);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
@ -4,7 +4,6 @@ import org.bigbluebutton.api.model.request.*;
|
||||
import org.bigbluebutton.api.model.shared.Checksum;
|
||||
import org.bigbluebutton.api.model.shared.ChecksumValidationGroup;
|
||||
import org.bigbluebutton.api.model.shared.GetChecksum;
|
||||
import org.bigbluebutton.api.model.shared.PostChecksum;
|
||||
import org.bigbluebutton.api.util.ParamsUtil;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@ -113,51 +112,23 @@ public class ValidationService {
|
||||
checksumValue = params.get("checksum")[0];
|
||||
}
|
||||
|
||||
switch(apiCall.requestType) {
|
||||
case GET:
|
||||
if (Objects.requireNonNull(apiCall.requestType) == RequestType.GET) {
|
||||
checksum = new GetChecksum(apiCall.getName(), checksumValue, queryString, servletRequest);
|
||||
switch(apiCall) {
|
||||
case CREATE:
|
||||
request = new CreateMeeting(checksum, servletRequest);
|
||||
break;
|
||||
case JOIN:
|
||||
request = new JoinMeeting(checksum, servletRequest);
|
||||
break;
|
||||
case MEETING_RUNNING:
|
||||
request = new MeetingRunning(checksum, servletRequest);
|
||||
break;
|
||||
case END:
|
||||
request = new EndMeeting(checksum, servletRequest);
|
||||
break;
|
||||
case GET_MEETING_INFO:
|
||||
request = new MeetingInfo(checksum, servletRequest);
|
||||
break;
|
||||
case GET_MEETINGS:
|
||||
case GET_SESSIONS:
|
||||
request = new SimpleRequest(checksum, servletRequest);
|
||||
break;
|
||||
case INSERT_DOCUMENT:
|
||||
request = new InsertDocument(checksum, servletRequest);
|
||||
break;
|
||||
case GUEST_WAIT:
|
||||
request = new GuestWait(servletRequest);
|
||||
break;
|
||||
case ENTER:
|
||||
request = new Enter(servletRequest);
|
||||
break;
|
||||
case STUNS:
|
||||
request = new Stuns(servletRequest);
|
||||
break;
|
||||
case SIGN_OUT:
|
||||
request = new SignOut(servletRequest);
|
||||
break;
|
||||
case LEARNING_DASHBOARD:
|
||||
request = new LearningDashboard(servletRequest);
|
||||
break;
|
||||
case GET_JOIN_URL:
|
||||
request = new GetJoinUrl(servletRequest);
|
||||
break;
|
||||
}
|
||||
request = switch (apiCall) {
|
||||
case CREATE -> new CreateMeeting(checksum, servletRequest);
|
||||
case JOIN -> new JoinMeeting(checksum, servletRequest);
|
||||
case MEETING_RUNNING -> new MeetingRunning(checksum, servletRequest);
|
||||
case END -> new EndMeeting(checksum, servletRequest);
|
||||
case GET_MEETING_INFO -> new MeetingInfo(checksum, servletRequest);
|
||||
case GET_MEETINGS, GET_SESSIONS -> new SimpleRequest(checksum, servletRequest);
|
||||
case INSERT_DOCUMENT -> new InsertDocument(checksum, servletRequest);
|
||||
case GUEST_WAIT -> new GuestWait(servletRequest);
|
||||
case ENTER -> new Enter(servletRequest);
|
||||
case STUNS -> new Stuns(servletRequest);
|
||||
case SIGN_OUT -> new SignOut(servletRequest);
|
||||
case LEARNING_DASHBOARD -> new LearningDashboard(servletRequest);
|
||||
case GET_JOIN_URL -> new GetJoinUrl(servletRequest);
|
||||
};
|
||||
}
|
||||
|
||||
return request;
|
||||
|
Loading…
Reference in New Issue
Block a user