Package play.libs.crypto

Class DefaultCSRFTokenSigner

Object

play.libs.crypto.DefaultCSRFTokenSigner

All Implemented Interfaces:

CSRFTokenSigner

@Singleton
public class DefaultCSRFTokenSigner
extends Object
implements CSRFTokenSigner

Cryptographic utilities for generating and validating CSRF tokens.

This trait should not be used as a general purpose encryption utility.

Constructor Summary

Constructors

Constructor	Description
DefaultCSRFTokenSigner(play.api.libs.crypto.CSRFTokenSigner csrfTokenSigner)

Method Summary

Modifier and Type	Method	Description
play.api.libs.crypto.CSRFTokenSigner	asScala()	Utility method needed for CSRFCheck.
boolean	compareSignedTokens(String tokenA, String tokenB)	Compare two signed tokens.
String	extractSignedToken(String token)	Extract a signed token that was signed by CSRFTokenSigner.signToken(String).
String	generateSignedToken()	Generates a signed token by calling generateToken / signToken.
String	generateToken()	Generates a cryptographically secure token.
String	signToken(String token)	Sign a token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultCSRFTokenSigner

@Inject
public DefaultCSRFTokenSigner(play.api.libs.crypto.CSRFTokenSigner csrfTokenSigner)

Method Detail

signToken

public String signToken(String token)

Description copied from interface: CSRFTokenSigner

Sign a token. This produces a new token, that has this token signed with a nonce.

This primarily exists to defeat the BREACH vulnerability, as it allows the token to effectively be random per request, without actually changing the value.

Specified by:

signToken in interface CSRFTokenSigner

Parameters:

token - The token to sign

Returns:

The signed token

extractSignedToken

public String extractSignedToken(String token)

Description copied from interface: CSRFTokenSigner

Extract a signed token that was signed by CSRFTokenSigner.signToken(String).

Specified by:

extractSignedToken in interface CSRFTokenSigner

Parameters:

token - The signed token to extract.

Returns:

The verified raw token, or null if the token isn't valid.

generateToken

public String generateToken()

Description copied from interface: CSRFTokenSigner

Generates a cryptographically secure token.

Specified by:

generateToken in interface CSRFTokenSigner

Returns:

a newly generated token.

generateSignedToken

public String generateSignedToken()

Description copied from interface: CSRFTokenSigner

Generates a signed token by calling generateToken / signToken.

Specified by:

generateSignedToken in interface CSRFTokenSigner

Returns:

a newly generated token that has been signed.

compareSignedTokens

public boolean compareSignedTokens(String tokenA,
                                   String tokenB)

Description copied from interface: CSRFTokenSigner

Compare two signed tokens.

Specified by:

compareSignedTokens in interface CSRFTokenSigner

Parameters:

tokenA - the first token

tokenB - another token

Returns:

true if the tokens match and are signed, false otherwise.

asScala

public play.api.libs.crypto.CSRFTokenSigner asScala()

Description copied from interface: CSRFTokenSigner

Utility method needed for CSRFCheck. Should not need to be used or extended by user level code.

Specified by:

asScala in interface CSRFTokenSigner

Returns:

the Scala API CSRFTokenSigner component.