in src/main/java/org/apache/sling/auth/oauth_client/impl/TokenStore.java [202:235]
boolean isValid(@NotNull String value) {
String[] parts = split(value);
if (parts.length != 3) {
log.error("AuthNCookie value '{}' has invalid format", value);
return false;
}
// single digit token number
int tokenNumber = parts[1].charAt(0) - '0';
if (tokenNumber < 0 || tokenNumber >= currentTokens.length()) {
log.error("AuthNCookie value '{}' is invalid: refers to an invalid token number {}", value, tokenNumber);
return false;
}
long cookieTime = Long.parseLong(parts[1].substring(1));
if (isExpired(cookieTime)) {
log.error("AuthNCookie value '{}' has expired {}ms ago", value, (System.currentTimeMillis() - cookieTime));
return false;
}
try {
SecretKey secretKey = currentTokens.get(tokenNumber);
if ( secretKey == null ) {
log.error("AuthNCookie value '{}' points to an unknown token number", value);
return false;
}
String hmac = encode(cookieTime, parts[2], tokenNumber, secretKey);
return value.equals(hmac);
} catch (ArrayIndexOutOfBoundsException | InvalidKeyException | IllegalStateException | NoSuchAlgorithmException e) {
log.error(e.getMessage(), e);
}
log.error("AuthNCookie value '{}' is invalid", value);
return false;
}