时间戳解析失败

时间:2014-11-24 12:35:10

标签: java datetime

我正在开发Spring-MVC应用程序,我正在为密码重置程序工作。在那里,我发送一个手动创建的令牌,其中将emailid:timestamp:secretkey加密为令牌。在验证令牌时,它无法验证时间,计算时间少于24小时。我发布了我的代码。请让我知道我做错了什么:

ServiceClass:

@Service
public class PersonServiceImpl implements PersonService {

    private static final String HMAC_ALGO = "HmacSHA256";
    private static final String TOKEN_SEPARATOR = ":";
    private static final long MAX_AGE = 1_000 * 60 * 60 * 24; // 24h
     private static final String signKey = "secretvalue";
 @Override
    public void createToken(String username){
        long timestamp = System.currentTimeMillis();
        StringBuilder sb = new StringBuilder();
        sb.append(generateTokenStringPublicPart(username, timestamp));
        sb.append(TOKEN_SEPARATOR);
        try {
            sb.append(computeSignature(username, timestamp, signKey));
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
}
 private static String generateTokenStringPublicPart(String username, long timestamp) {
        StringBuilder sb = new StringBuilder();
        sb.append(username);
        sb.append(TOKEN_SEPARATOR);
        sb.append(timestamp);
        return sb.toString();
    }

    private static String computeSignature(String username, long timestamp, String secretKey) throws InvalidKeyException, NoSuchAlgorithmException {
        StringBuilder sb = new StringBuilder();
        sb.append(generateTokenStringPublicPart(username, timestamp));
        SecretKeySpec sks = new SecretKeySpec(secretKey.getBytes(StandardCharsets.UTF_8), HMAC_ALGO);
        Mac hmac = Mac.getInstance(HMAC_ALGO);
        hmac.init(sks);
     return Base64.encodeBase64URLSafeString(hmac.doFinal(sb.toString().getBytes(StandardCharsets.UTF_8)));
    }

 public static boolean verifyToken(String token) throws InvalidKeyException, NoSuchAlgorithmException {
        String[] parts = token.split(TOKEN_SEPARATOR);
        boolean result = false;
        if (parts.length == 3) {
            String username = parts[0];
            System.out.println("username in verify token is"+username);
            Long timestamp = Long.valueOf(parts[1]);
            System.out.println("Current timestamp of token is"+timestamp);
            String signature = parts[2];
            if (signature.equals(computeSignature(username, timestamp, signKey))) {
                if (System.currentTimeMillis() - timestamp < MAX_AGE) {  // It fails here
                    result = true;
                }else {
                    System.out.println("Timestamp remaining is"+(System.currentTimeMillis() - timestamp));
                    System.out.println("Time verificaiton failed");
                }
            }
            else {
                System.out.println("Signature is not equal");
            }
        } else{
            System.out.println("Token parts are not 3"+parts.length);
        }

        return result;
    }

控制台输出:

Token value is mymail@gmail.com:1416659092440:MUYLhJS24EIQv5f-Ak7TXyzWKZSjSFKjcmJkJx2SVew
username in verify token is mymail@gmail.com
Current timestamp of token is 1416659092440
Timestamp remaining is 173238774
Time verificaiton failed
Token verification failed

1 个答案:

答案 0 :(得分:0)

问题在于Java乘法/除法运算在加/减

之前完成

尝试:

  if ((System.currentTimeMillis() - timestamp) < MAX_AGE) {

MAX_AGE的定义也是错误的:

    private static final long MAX_AGE = 1000 * 60 * 60 * 24; // 24h
相关问题
最新问题