Add support for URL authorization token. Refactor AuthToken.

Rename window to duration.
Rename end time to expiration.
Rename setters.

Author: Amir Tocker

cloudinary-core/src/main/java/com/cloudinary/AuthToken.java

@@ -5,29 +5,41 @@
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 import javax.xml.bind.DatatypeConverter;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Calendar;
 import java.util.TimeZone;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 /**
  * Authentication Token generator
  */
 public class AuthToken {
-    public String tokenName = Cloudinary.AKAMAI_TOKEN_NAME;
+    public static final AuthToken NULL_AUTH_TOKEN = new AuthToken().setNull();
+    public static final String AUTH_TOKEN_NAME = "__cld_token__";
+
+    public String tokenName = AUTH_TOKEN_NAME;
     public String key;
     public long startTime;
-    public long endTime;
+    public long expiration;
     public String ip;
     public String acl;
-    public long window;
+    public long duration;
+    private boolean isNullToken = false;
+
+    public AuthToken() {
+    }
 
     public AuthToken(String key) {
         this.key = key;
     }
 
-    public AuthToken setTokenName(String tokenName) {
+    public AuthToken tokenName(String tokenName) {
         this.tokenName = tokenName;
         return this;
     }
@@ -38,41 +50,41 @@ public AuthToken setTokenName(String tokenName) {
      * @param startTime in seconds since epoch
      * @return
      */
-    public AuthToken setStartTime(long startTime) {
+    public AuthToken startTime(long startTime) {
         this.startTime = startTime;
         return this;
     }
 
     /**
      * Set the end time (expiration) of the token
      *
-     * @param endTime in seconds since epoch
+     * @param expiration in seconds since epoch
      * @return
      */
-    public AuthToken setEndTime(long endTime) {
-        this.endTime = endTime;
+    public AuthToken expiration(long expiration) {
+        this.expiration = expiration;
         return this;
     }
 
-    public AuthToken setIp(String ip) {
+    public AuthToken ip(String ip) {
         this.ip = ip;
         return this;
     }
 
-    public AuthToken setAcl(String acl) {
+    public AuthToken acl(String acl) {
         this.acl = acl;
         return this;
     }
 
     /**
      * The duration of the token in seconds. This value is used to calculate the expiration of the token.
-     * It is ignored if endTime is provided.
+     * It is ignored if expiration is provided.
      *
-     * @param window
+     * @param duration in seconds
      * @return
      */
-    public AuthToken setWindow(long window) {
-        this.window = window;
+    public AuthToken duration(long duration) {
+        this.duration = duration;
         return this;
     }
 
@@ -86,13 +98,13 @@ public String generate() {
     }
 
     public String generate(String url) {
-        long expiration = endTime;
+        long expiration = this.expiration;
         if (expiration == 0) {
-            if (window > 0) {
+            if (duration > 0) {
                 final long start = startTime > 0 ? startTime : Calendar.getInstance(TimeZone.getTimeZone("UTC")).getTimeInMillis() / 1000L;
-                expiration = start + window;
+                expiration = start + duration;
             } else {
-                throw new IllegalArgumentException("Must provide either endTime or window");
+                throw new IllegalArgumentException("Must provide either expiration or duration");
             }
         }
         ArrayList<String> tokenParts = new ArrayList<String>();
@@ -103,19 +115,56 @@ public String generate(String url) {
             tokenParts.add("st=" + startTime);
         }
         tokenParts.add("exp=" + expiration);
-        if (url != null) {
-            tokenParts.add("url=" + url);
-        } else if (acl != null) {
+        if (acl != null) {
             tokenParts.add("acl=" + acl);
-        } else {
-            throw new IllegalArgumentException("Must provide either url or acl");
         }
-        String auth = digest(StringUtils.join(tokenParts, "~"));
+        ArrayList<String> toSign = new ArrayList<String>(tokenParts);
+        if (url != null) {
+
+            try {
+                toSign.add("url=" + escapeUrl(url));
+            } catch (UnsupportedEncodingException e) {
+                e.printStackTrace();
+            }
+        }
+        String auth = digest(StringUtils.join(toSign, "~"));
         tokenParts.add("hmac=" + auth);
         return tokenName + "=" + StringUtils.join(tokenParts, "~");
 
     }
 
+    /**
+     * Escape url using lowercase hex code
+     * @param url a url string
+     * @return escaped url
+     * @throws UnsupportedEncodingException see {@link URLEncoder#encode}
+     */
+    private String escapeUrl(String url) throws UnsupportedEncodingException {
+        String escaped;
+        StringBuilder sb= new StringBuilder(URLEncoder.encode(url, "UTF-8"));
+        String regex= "%..";
+        Pattern p = Pattern.compile(regex); // Create the pattern.
+        Matcher matcher = p.matcher(sb); // Create the matcher.
+        while (matcher.find()) {
+            String buf= sb.substring(matcher.start(), matcher.end()).toLowerCase();
+            sb.replace(matcher.start(), matcher.end(), buf);
+        }
+        escaped = sb.toString();
+        return escaped;
+    }
+
+
+    public AuthToken copy() {
+        final AuthToken authToken = new AuthToken(key);
+        authToken.tokenName = tokenName;
+        authToken.startTime = startTime;
+        authToken.expiration = expiration;
+        authToken.ip = ip;
+        authToken.acl = acl;
+        authToken.duration = duration;
+        return authToken;
+    }
+
     private String digest(String message) {
         byte[] binKey = DatatypeConverter.parseHexBinary(key);
         try {
@@ -132,5 +181,34 @@ private String digest(String message) {
         return null;
     }
 
+    private AuthToken setNull() {
+        isNullToken = true;
+        return this;
+    }
 
+    @Override
+    public boolean equals(Object o) {
+        if(o instanceof AuthToken) {
+            AuthToken other = (AuthToken) o;
+            return  (isNullToken && other.isNullToken)  ||
+                    key == null ? other.key == null : key.equals(other.key) &&
+                    tokenName.equals(other.tokenName) &&
+                    startTime == other.startTime &&
+                    expiration == other.expiration &&
+                    duration == other.duration &&
+                    (ip == null ? other.ip == null : ip.equals(other.ip)) &&
+                    (acl == null ? other.acl == null : acl.equals(other.acl));
+        } else {
+            return false;
+        }
+    }
+
+    @Override
+    public int hashCode() {
+        if(isNullToken) {
+            return 0;
+        } else {
+            return Arrays.asList(tokenName, startTime, expiration, duration, ip, acl).hashCode();
+        }
+    }
 }

cloudinary-core/src/main/java/com/cloudinary/Configuration.java

@@ -39,6 +39,7 @@ public class Configuration {
     public int timeout;
     public boolean loadStrategies = true;
     public boolean clientHints = false;
+    public AuthToken authToken;
 
     public Configuration() {
     }
@@ -92,6 +93,17 @@ public void update(Map config) {
         this.loadStrategies = ObjectUtils.asBoolean(config.get("load_strategies"), true);
         this.timeout = ObjectUtils.asInteger(config.get("timeout"), 0);
         this.clientHints = ObjectUtils.asBoolean(config.get("client_hints"), false);
+        Map tokenMap = (Map) config.get("auth_token");
+        if (tokenMap != null) {
+            this.authToken = new AuthToken();
+            this.authToken.tokenName = (String) tokenMap.get("tokenName");
+            this.authToken.key = (String) tokenMap.get("key");
+            this.authToken.startTime = ObjectUtils.asLong(tokenMap.get("startTime"), 0L);
+            this.authToken.expiration = ObjectUtils.asLong(tokenMap.get("expiration"),0L);
+            this.authToken.ip = (String) tokenMap.get("ip");
+            this.authToken.acl = (String) tokenMap.get("acl");
+            this.authToken.duration = ObjectUtils.asLong(tokenMap.get("duration"), 0L);
+        }
     }
 
     @SuppressWarnings("rawtypes")
@@ -115,6 +127,7 @@ public Map<String, Object> asMap() {
         map.put("load_strategies", loadStrategies);
         map.put("timeout", timeout);
         map.put("client_hints", clientHints);
+        map.put("auth_token", authToken.copy());
         return map;
     }
 
@@ -137,6 +150,7 @@ public Configuration(Configuration other) {
         this.useRootPath = other.useRootPath;
         this.timeout = other.timeout;
         this.clientHints = other.clientHints;
+        this.authToken = other.authToken.copy();
     }
 
     /**
@@ -174,6 +188,7 @@ private static Configuration parseConfigUrl(String cloudinaryUrl) {
         builder.setPrivateCdn(!StringUtils.isEmpty(cloudinaryUri.getPath()));
         builder.setSecureDistribution(cloudinaryUri.getPath());
         if (cloudinaryUri.getQuery() != null) {
+            AuthToken token = null;
             for (String param : cloudinaryUri.getQuery().split("&")) {
                 String[] keyValue = param.split("=");
                 String val = null;
@@ -197,10 +212,33 @@ private static Configuration parseConfigUrl(String cloudinaryUrl) {
                     builder.setShorten(ObjectUtils.asBoolean(val, false));
                 } else if (key.equals("load_strategies")) {
                     builder.setLoadStrategies(ObjectUtils.asBoolean(val, true));
-                } else {
+                } else if (key.matches("auth_token\\[\\w+\\]")){
+                    if (token == null) {
+                        token = new AuthToken();
+                    }
+                    String subKey = key.substring(key.indexOf('[') + 1, key.indexOf(']') +1);
+                    System.out.println("sub key is " + subKey);
+                    if (subKey.equals("tokenName")) {
+                        token.tokenName  = val;
+                    } else if (subKey.equals("key")) {
+                        token.key = val;
+                    } else if (subKey.equals("startTime")) {
+                        token.startTime = ObjectUtils.asLong(val, 0L);
+                    } else if (subKey.equals("expiration")) {
+                        token.expiration = ObjectUtils.asLong(val, 0L);
+                    } else if (subKey.equals("ip")) {
+                        token.ip = val;
+                    } else if (subKey.equals("acl")) {
+                        token.acl = val;
+                    } else if (subKey.equals("duration")) {
+                        token.duration = ObjectUtils.asLong(val, 0L);
+                    }
 //                	Log.w("Cloudinary", "ignoring invalid parameter " + val);
                 }
             }
+            if (token != null) {
+                builder.setAuthToken(token);
+            }
         }
         return builder.build();
     }
@@ -227,6 +265,7 @@ public static class Builder {
         private boolean loadStrategies = true;
         private int timeout;
         private boolean clientHints = false;
+        private AuthToken authToken;
 
         /**
          * Set the HTTP connection timeout.
@@ -353,6 +392,11 @@ public Builder setClientHints(boolean clientHints) {
             return this;
         }
 
+        public Builder setAuthToken(AuthToken authToken) {
+            this.authToken = authToken;
+            return this;
+        }
+
         /**
          * Initialize builder from existing {@link Configuration}
          *
@@ -378,6 +422,7 @@ public Builder from(Configuration other) {
             this.loadStrategies = other.loadStrategies;
             this.timeout = other.timeout;
             this.clientHints = other.clientHints;
+            this.authToken = other.authToken;
             return this;
         }
     }

cloudinary-core/src/main/java/com/cloudinary/Url.java

@@ -28,6 +28,7 @@ public class Url {
     String version = null;
     Transformation transformation = null;
     boolean signUrl;
+    private AuthToken authToken;
     String source = null;
     private String urlSuffix;
     private Boolean useRootPath;
@@ -45,6 +46,7 @@ public class Url {
     public Url(Cloudinary cloudinary) {
         this.cloudinary = cloudinary;
         this.config = new Configuration(cloudinary.config);
+        this.authToken = config.authToken;
     }
 
     public Url clone() {
@@ -210,6 +212,11 @@ public Url signed(boolean signUrl) {
         return this;
     }
 
+    public Url authToken(AuthToken authToken) {
+        this.authToken = authToken;
+        return this;
+    }
+
     public Url sourceTransformation(Map<String, Transformation> sourceTransformation) {
         this.sourceTransformation = sourceTransformation;
         return this;
@@ -346,7 +353,7 @@ public String generate(String source) {
             version = "v" + version;
 
 
-        if (signUrl) {
+        if (signUrl && authToken == null) {
             MessageDigest md = null;
             try {
                 md = MessageDigest.getInstance("SHA-1");
@@ -367,7 +374,12 @@ public String generate(String source) {
         String finalResourceType = finalizeResourceType(resourceType, type, urlSuffix, useRootPath, config.shorten);
         String prefix = unsignedDownloadUrlPrefix(source, config.cloudName, config.privateCdn, config.cdnSubdomain, config.secureCdnSubdomain, config.cname, config.secure, config.secureDistribution);
 
-        return StringUtils.join(new String[]{prefix, finalResourceType, signature, transformationStr, version, source}, "/").replaceAll("([^:])\\/+", "$1/");
+        String s = "/" + StringUtils.join(new String[]{finalResourceType, signature, transformationStr, version, source}, "/").replaceAll("([^:])\\/+", "$1/");
+        if (signUrl && authToken != null && !authToken.equals(AuthToken.NULL_AUTH_TOKEN)) {
+            String token = authToken.generate(s);
+            s = s + "?" + token;
+        }
+        return prefix + s;
     }
 
     private String[] finalizeSource(String source, String format, String urlSuffix) {

cloudinary-core/src/main/java/com/cloudinary/utils/ObjectUtils.java

@@ -162,4 +162,14 @@ public static Integer asInteger(Object value, Integer defaultValue) {
         }
     }
 
+    public static Long asLong(Object value, Long defaultValue) {
+        if (value == null) {
+            return defaultValue;
+        } else if (value instanceof Long) {
+            return (Long) value;
+        } else {
+            return Long.parseLong(value.toString());
+        }
+    }
+
 }