-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathPXCookieValidator.java
More file actions
103 lines (89 loc) · 4.21 KB
/
PXCookieValidator.java
File metadata and controls
103 lines (89 loc) · 4.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package com.perimeterx.internals;
import com.perimeterx.internals.cookie.AbstractPXCookie;
import com.perimeterx.models.PXContext;
import com.perimeterx.models.configuration.PXConfiguration;
import com.perimeterx.models.exceptions.PXException;
import com.perimeterx.models.risk.BlockReason;
import com.perimeterx.models.risk.PassReason;
import com.perimeterx.models.risk.S2SCallReason;
import com.perimeterx.models.risk.VidSource;
import com.perimeterx.utils.PXLogger;
import org.apache.commons.lang3.StringUtils;
import static com.perimeterx.utils.PXCommonUtils.logTime;
/**
* PXCookieValidator
* <p>
* Created by shikloshi on 07/07/2016.
*/
public class PXCookieValidator implements PXValidator {
private static final PXLogger logger = PXLogger.getLogger(PXCookieValidator.class);
private PXConfiguration pxConfiguration;
public PXCookieValidator(PXConfiguration pxConfiguration) {
this.pxConfiguration = pxConfiguration;
}
/**
* Verify cookieOrig and set vid, uuid, score on context
*
* @param context - request context, data from cookieOrig will be populated
* @return S2S call reason according to the result of cookieOrig verification
*/
public boolean verify(PXContext context) {
AbstractPXCookie pxCookie = null;
try {
String mobileError;
if (context.isMobileToken()) {
PXCookieOriginalTokenValidator mobileVerifier = new PXCookieOriginalTokenValidator(pxConfiguration);
mobileError = mobileVerifier.getMobileError(context);
logTime("mobileVerifier.verify", () -> mobileVerifier.verify(context));
if (!StringUtils.isEmpty(mobileError)) {
context.setS2sCallReason("mobile_error_" + mobileError);
return false;
}
}
pxCookie = CookieSelector.selectFromTokens(context, pxConfiguration);
if (ifLegitPxCookie(context, pxCookie) || pxCookie == null) {
return false;
}
context.setPxCookieRaw(pxCookie.getCookieOrig());
context.setCookieVersion(pxCookie.getCookieVersion());
context.setRiskCookie(pxCookie);
context.setVid(pxCookie.getVID());
context.setVidSource(VidSource.RISK_COOKIE);
context.setUuid(pxCookie.getUUID());
context.setRiskScore(pxCookie.getScore());
context.setBlockAction(pxCookie.getBlockAction());
context.setCookieHmac(pxCookie.getHmac());
if (pxCookie.isExpired()) {
logger.debug(PXLogger.LogReason.DEBUG_COOKIE_TLL_EXPIRED, pxCookie.getPxCookie(), System.currentTimeMillis() - pxCookie.getTimestamp());
context.setS2sCallReason(S2SCallReason.COOKIE_EXPIRED.getValue());
return false;
}
if (pxCookie.isHighScore()) {
context.setBlockReason(BlockReason.COOKIE);
return true;
}
if (!pxCookie.isSecured()) {
context.setS2sCallReason(S2SCallReason.INVALID_VERIFICATION.getValue());
return false;
}
if (context.isSensitiveRequest()) {
logger.debug(PXLogger.LogReason.DEBUG_S2S_RISK_API_SENSITIVE_ROUTE, context.getUri());
context.setS2sCallReason(S2SCallReason.SENSITIVE_ROUTE.getValue());
return false;
}
context.setPassReason(PassReason.COOKIE);
context.setS2sCallReason(S2SCallReason.NONE.getValue());
return true;
} catch (PXException e) {
logger.error(PXLogger.LogReason.DEBUG_COOKIE_DECRYPTION_HMAC_FAILED, pxCookie);
context.setS2sCallReason(S2SCallReason.INVALID_VERIFICATION.getValue());
return false;
}
}
private boolean ifLegitPxCookie(PXContext context, AbstractPXCookie pxCookie) {
if (StringUtils.isEmpty(context.getS2sCallReason()) && pxCookie == null) {
context.setS2sCallReason(S2SCallReason.NO_COOKIE.getValue());
}
return S2SCallReason.INVALID_DECRYPTION.getValue().equals(context.getS2sCallReason()) || S2SCallReason.NO_COOKIE.getValue().equals(context.getS2sCallReason());
}
}