From 953b9f75a436889a466159d24573443acfd1a18d Mon Sep 17 00:00:00 2001 From: lhyla Date: Mon, 1 Mar 2021 19:49:03 +0100 Subject: [PATCH] [ADS-276] Add info, that ipAddresses may contain multiple addresses SignatureVerifier may take multiple ipAddresses as parameter, from multiple sources (e.g httpXForwardForIpAddresses and remoteIpAddresses headers), internally check all against signature and in case of the correct result returns IPs that matched with the signature. --- README.md | 6 +++++- .../com/adscore/signature/SignatureVerifier.java | 16 ++++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index b28ef5a..07ad19d 100644 --- a/README.md +++ b/README.md @@ -109,7 +109,9 @@ The definition of verify function looks as follows: * customers this should be always set to 'customer' * @param key string containing related zone key * @param ipAddresses array of strings containing ip4 or ip6 addresses against which we check - * signature + * signature. Usually, is fulfilled from httpXForwardForIpAddresses or/and remoteIpAddresses + * header. All possible ip addresses may be provided at once, in case of correct result, + * verifier returns list of chosen ip addresses that matched with the signature. * @param expiry number which is time in seconds. IF signatureTime + expiry > CurrentDateInSeconds * THEN result is expired. If null than expiry is not checked. * @param isKeyBase64Encoded boolean defining if passed key is base64 encoded or not @@ -175,6 +177,8 @@ than you have at least few options of how to verify signatures: "customer", "key_non_base64_encoded", false, // notify that we use non encoded key + + //Multiple ip addresses either from httpXForwardForIpAddresses and remoteIpAddresses header "73.109.57.137", "73.109.57.138", "73.109.57.139", "73.109.57.140", "0:0:0:0:0:ffff:4d73:55d3", "0:0:0:0:0:fffff:4d73:55d4", "0:0:0:0:0:fffff:4d73:55d5", "0:0:0:0:0:fffff:4d73:55d6"); [..] diff --git a/src/main/java/com/adscore/signature/SignatureVerifier.java b/src/main/java/com/adscore/signature/SignatureVerifier.java index 184c27a..1a52bca 100644 --- a/src/main/java/com/adscore/signature/SignatureVerifier.java +++ b/src/main/java/com/adscore/signature/SignatureVerifier.java @@ -44,7 +44,9 @@ public class SignatureVerifier { * customers this should be always set to 'customer' * @param key string containing related zone key * @param ipAddresses array of strings containing ip4 or ip6 addresses against which we check - * signature + * signature. Usually, is fulfilled from httpXForwardForIpAddresses or/and remoteIpAddresses + * header. All possible ip addresses may be provided at once, in case of correct result, + * verifier returns list of chosen ip addresses that matched with the signature. * @return VerificationResult */ public static SignatureVerificationResult verify( @@ -61,7 +63,9 @@ public static SignatureVerificationResult verify( * customers this should be always set to 'customer' * @param key string containing related zone key * @param ipAddresses array of strings containing ip4 or ip6 addresses against which we check - * signature + * signature. Usually, is fulfilled from httpXForwardForIpAddresses or/and remoteIpAddresses + * header. All possible ip addresses may be provided at once, in case of correct result, + * verifier returns list of chosen ip addresses that matched with the signature. * @param expiry number which is time in seconds. IF signatureTime + expiry > CurrentDateInSeconds * THEN result is expired * @return VerificationResult @@ -87,7 +91,9 @@ public static SignatureVerificationResult verify( * customers this should be always set to 'customer' * @param key string containing related zone key * @param ipAddresses array of strings containing ip4 or ip6 addresses against which we check - * signature + * signature. Usually, is fulfilled from httpXForwardForIpAddresses or/and remoteIpAddresses + * header. All possible ip addresses may be provided at once, in case of correct result, + * verifier returns list of chosen ip addresses that matched with the signature. * @param isKeyBase64Encoded boolean defining if passed key is base64 encoded or not * @return VerificationResult */ @@ -117,7 +123,9 @@ public static SignatureVerificationResult verify( * customers this should be always set to 'customer' * @param key string containing related zone key * @param ipAddresses array of strings containing ip4 or ip6 addresses against which we check - * signature + * signature. Usually, is fulfilled from httpXForwardForIpAddresses or/and remoteIpAddresses + * header. All possible ip addresses may be provided at once, in case of correct result, + * verifier returns list of chosen ip addresses that matched with the signature. * @param expiry number which is time in seconds. IF signatureTime + expiry > CurrentDateInSeconds * THEN result is expired * @param isKeyBase64Encoded boolean defining if passed key is base64 encoded or not