From a4682ceae6774956461edd03b2485bbacea445f4 Mon Sep 17 00:00:00 2001 From: mharmsen Date: Tue, 4 Oct 2011 01:17:41 +0000 Subject: Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1 git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../src/com/netscape/certsrv/base/Nonces.java | 128 +++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 pki/base/common/src/com/netscape/certsrv/base/Nonces.java (limited to 'pki/base/common/src/com/netscape/certsrv/base/Nonces.java') diff --git a/pki/base/common/src/com/netscape/certsrv/base/Nonces.java b/pki/base/common/src/com/netscape/certsrv/base/Nonces.java new file mode 100644 index 000000000..e1d992e40 --- /dev/null +++ b/pki/base/common/src/com/netscape/certsrv/base/Nonces.java @@ -0,0 +1,128 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.base; + +import java.util.*; +import java.security.cert.X509Certificate; + + +/** + * This class manages nonces sometimes used to control request state flow. + *

+ * + * @version $Revision$, $Date$ + */ +public class Nonces implements IAuthInfo { + + private Hashtable mNonces = new Hashtable(); + private Vector mNonceList = new Vector(); + private int mNonceLimit; + + /** + * Constructs nonces. + */ + public Nonces() { + mNonceLimit = 100; + Vector mNonceList = new Vector(); + Hashtable mNonces = new Hashtable(); + } + + public Nonces(int limit) { + mNonceLimit = limit; + Vector mNonceList = new Vector(); + Hashtable mNonces = new Hashtable(); + } + + public long addNonce(long nonce, X509Certificate cert) { + long i; + long k = 0; + long n = nonce; + long m = (long)((mNonceLimit / 2) + 1); + + for (i = 0; i < m; i++) { + k = n + i; + // avoid collisions + if (!mNonceList.contains((Object)k)) { + break; + } + k = n - i; + // avoid collisions + if (!mNonceList.contains((Object)k)) { + break; + } + } + if (i < m) { + mNonceList.add(k); + mNonces.put(k, cert); + if (mNonceList.size() > mNonceLimit) { + n = ((Long)(mNonceList.firstElement())).longValue(); + mNonceList.remove(0); + mNonces.remove((Object)n); + } + } else { + // failed to resolved collision + k = -nonce; + } + return k; + } + + public X509Certificate getCertificate(long nonce) { + X509Certificate cert = (X509Certificate)mNonces.get(nonce); + return cert; + } + + public X509Certificate getCertificate(int index) { + X509Certificate cert = null; + if (index >= 0 && index < mNonceList.size()) { + long nonce = ((Long)(mNonceList.elementAt(index))).longValue(); + cert = (X509Certificate)mNonces.get(nonce); + } + return cert; + } + + public long getNonce(int index) { + long nonce = 0; + if (index >= 0 && index < mNonceList.size()) { + nonce = ((Long)(mNonceList.elementAt(index))).longValue(); + } + return nonce; + } + + public void removeNonce(long nonce) { + mNonceList.remove((Object)nonce); + mNonces.remove((Object)nonce); + } + + + public int size() { + return mNonceList.size(); + } + + public int maxSize() { + return mNonceLimit; + } + + public void clear() { + mNonceList.clear(); + mNonces.clear(); + } + + public boolean isInSync() { + return (mNonceList.size() == mNonces.size()); + } +} -- cgit