diff options
author | Simon Rettberg | 2014-09-29 16:43:51 +0200 |
---|---|---|
committer | Simon Rettberg | 2014-09-29 16:43:51 +0200 |
commit | 7b730e4d0a747974e93fedc6ce4ea06c80b67b6c (patch) | |
tree | 0b955ab9f169aaca93ac6731d5d1f9c038a89ab3 /src | |
parent | adapted to changes in CrcFile. (diff) | |
download | master-sync-shared-7b730e4d0a747974e93fedc6ce4ea06c80b67b6c.tar.gz master-sync-shared-7b730e4d0a747974e93fedc6ce4ea06c80b67b6c.tar.xz master-sync-shared-7b730e4d0a747974e93fedc6ce4ea06c80b67b6c.zip |
Change data type of auth challenge from string to byte array, add message verifier that will use private/public keypair directly
Diffstat (limited to 'src')
4 files changed, 128 insertions, 24 deletions
diff --git a/src/main/java/org/openslx/encryption/AsymEncryptionHandler.java b/src/main/java/org/openslx/encryption/AsymEncryptionHandler.java new file mode 100644 index 0000000..98109f2 --- /dev/null +++ b/src/main/java/org/openslx/encryption/AsymEncryptionHandler.java @@ -0,0 +1,89 @@ +package org.openslx.encryption; + +import java.security.InvalidKeyException; +import java.security.InvalidParameterException; +import java.security.Key; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; + +import org.apache.log4j.Logger; + +public class AsymEncryptionHandler +{ + private static final Logger LOG = Logger.getLogger( AsymEncryptionHandler.class ); + + private final Key key; + + /** + * Create a handler. + */ + public AsymEncryptionHandler( Key key ) + { + this.key = key; + } + + /** + * Encrypt given plain text message with the key this class was + * instantiated with. + * + * @param cleartext a clear text message + * @return The encrypted message + */ + public byte[] encryptMessage( byte[] cleartext ) + { + try { + Cipher cipher = Cipher.getInstance( "RSA" ); + cipher.init( Cipher.ENCRYPT_MODE, key ); + return cipher.doFinal( cleartext ); + } catch ( NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException e ) { + LOG.warn( "Cannot encrypt message", e ); + } + return null; + } + + /** + * Verify an encrypted message, where we know the plain text. + * + * @param encryptedMessage + * @param expectedCleartext + * @return true if the message matches the expected plain text after decrypting + */ + public boolean verifyMessage( byte[] encryptedMessage, byte[] expectedCleartext ) + { + try { + Cipher cipher = Cipher.getInstance( "RSA" ); + cipher.init( Cipher.DECRYPT_MODE, key ); + byte[] result = cipher.doFinal( encryptedMessage ); + return Arrays.equals( expectedCleartext, result ); + } catch ( NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException e ) { + LOG.warn( "Cannot verify message", e ); + } + return false; + } + + /** + * Generate a fresh RSA key pair. + * + * @param bits length of key + * @return key pair, or null on error + */ + public static KeyPair generateKeyPair( int bits ) + { + try { + KeyPairGenerator kpg = KeyPairGenerator.getInstance( "RSA" ); + kpg.initialize( bits ); + return kpg.genKeyPair(); + } catch ( NoSuchAlgorithmException | InvalidParameterException e ) { + LOG.warn( "Cannot generate RSA Keypair", e ); + return null; + } + } + +} diff --git a/src/main/java/org/openslx/imagemaster/thrift/iface/ImageServer.java b/src/main/java/org/openslx/imagemaster/thrift/iface/ImageServer.java index ff9c288..cd7f02b 100644 --- a/src/main/java/org/openslx/imagemaster/thrift/iface/ImageServer.java +++ b/src/main/java/org/openslx/imagemaster/thrift/iface/ImageServer.java @@ -42,7 +42,7 @@ public class ImageServer { public UserInfo getUserFromToken(String token) throws InvalidTokenException, org.apache.thrift.TException; - public String startServerAuthentication(String organization) throws ServerAuthenticationException, org.apache.thrift.TException; + public ByteBuffer startServerAuthentication(String organization) throws ServerAuthenticationException, org.apache.thrift.TException; public boolean isServerAuthenticated(String serverSessionId) throws org.apache.thrift.TException; @@ -169,7 +169,7 @@ public class ImageServer { throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "getUserFromToken failed: unknown result"); } - public String startServerAuthentication(String organization) throws ServerAuthenticationException, org.apache.thrift.TException + public ByteBuffer startServerAuthentication(String organization) throws ServerAuthenticationException, org.apache.thrift.TException { send_startServerAuthentication(organization); return recv_startServerAuthentication(); @@ -182,7 +182,7 @@ public class ImageServer { sendBase("startServerAuthentication", args); } - public String recv_startServerAuthentication() throws ServerAuthenticationException, org.apache.thrift.TException + public ByteBuffer recv_startServerAuthentication() throws ServerAuthenticationException, org.apache.thrift.TException { startServerAuthentication_result result = new startServerAuthentication_result(); receiveBase(result, "startServerAuthentication"); @@ -445,7 +445,7 @@ public class ImageServer { prot.writeMessageEnd(); } - public String getResult() throws ServerAuthenticationException, org.apache.thrift.TException { + public ByteBuffer getResult() throws ServerAuthenticationException, org.apache.thrift.TException { if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) { throw new IllegalStateException("Method call not finished!"); } @@ -1001,7 +1001,7 @@ public class ImageServer { } } - public static class startServerAuthentication<I extends AsyncIface> extends org.apache.thrift.AsyncProcessFunction<I, startServerAuthentication_args, String> { + public static class startServerAuthentication<I extends AsyncIface> extends org.apache.thrift.AsyncProcessFunction<I, startServerAuthentication_args, ByteBuffer> { public startServerAuthentication() { super("startServerAuthentication"); } @@ -1010,10 +1010,10 @@ public class ImageServer { return new startServerAuthentication_args(); } - public AsyncMethodCallback<String> getResultHandler(final AsyncFrameBuffer fb, final int seqid) { + public AsyncMethodCallback<ByteBuffer> getResultHandler(final AsyncFrameBuffer fb, final int seqid) { final org.apache.thrift.AsyncProcessFunction fcall = this; - return new AsyncMethodCallback<String>() { - public void onComplete(String o) { + return new AsyncMethodCallback<ByteBuffer>() { + public void onComplete(ByteBuffer o) { startServerAuthentication_result result = new startServerAuthentication_result(); result.success = o; try { @@ -1053,7 +1053,7 @@ public class ImageServer { return false; } - public void start(I iface, startServerAuthentication_args args, org.apache.thrift.async.AsyncMethodCallback<String> resultHandler) throws TException { + public void start(I iface, startServerAuthentication_args args, org.apache.thrift.async.AsyncMethodCallback<ByteBuffer> resultHandler) throws TException { iface.startServerAuthentication(args.organization,resultHandler); } } @@ -3994,7 +3994,7 @@ public class ImageServer { schemes.put(TupleScheme.class, new startServerAuthentication_resultTupleSchemeFactory()); } - public String success; // required + public ByteBuffer success; // required public ServerAuthenticationException failure; // required /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */ @@ -4063,7 +4063,7 @@ public class ImageServer { static { Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class); tmpMap.put(_Fields.SUCCESS, new org.apache.thrift.meta_data.FieldMetaData("success", org.apache.thrift.TFieldRequirementType.DEFAULT, - new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING))); + new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING , true))); tmpMap.put(_Fields.FAILURE, new org.apache.thrift.meta_data.FieldMetaData("failure", org.apache.thrift.TFieldRequirementType.DEFAULT, new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRUCT))); metaDataMap = Collections.unmodifiableMap(tmpMap); @@ -4074,7 +4074,7 @@ public class ImageServer { } public startServerAuthentication_result( - String success, + ByteBuffer success, ServerAuthenticationException failure) { this(); @@ -4087,7 +4087,8 @@ public class ImageServer { */ public startServerAuthentication_result(startServerAuthentication_result other) { if (other.isSetSuccess()) { - this.success = other.success; + this.success = org.apache.thrift.TBaseHelper.copyBinary(other.success); +; } if (other.isSetFailure()) { this.failure = new ServerAuthenticationException(other.failure); @@ -4104,11 +4105,21 @@ public class ImageServer { this.failure = null; } - public String getSuccess() { - return this.success; + public byte[] getSuccess() { + setSuccess(org.apache.thrift.TBaseHelper.rightSize(success)); + return success == null ? null : success.array(); + } + + public ByteBuffer bufferForSuccess() { + return success; } - public startServerAuthentication_result setSuccess(String success) { + public startServerAuthentication_result setSuccess(byte[] success) { + setSuccess(success == null ? (ByteBuffer)null : ByteBuffer.wrap(success)); + return this; + } + + public startServerAuthentication_result setSuccess(ByteBuffer success) { this.success = success; return this; } @@ -4158,7 +4169,7 @@ public class ImageServer { if (value == null) { unsetSuccess(); } else { - setSuccess((String)value); + setSuccess((ByteBuffer)value); } break; @@ -4291,7 +4302,7 @@ public class ImageServer { if (this.success == null) { sb.append("null"); } else { - sb.append(this.success); + org.apache.thrift.TBaseHelper.toString(this.success, sb); } first = false; if (!first) sb.append(", "); @@ -4347,7 +4358,7 @@ public class ImageServer { switch (schemeField.id) { case 0: // SUCCESS if (schemeField.type == org.apache.thrift.protocol.TType.STRING) { - struct.success = iprot.readString(); + struct.success = iprot.readBinary(); struct.setSuccessIsSet(true); } else { org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type); @@ -4379,7 +4390,7 @@ public class ImageServer { oprot.writeStructBegin(STRUCT_DESC); if (struct.success != null) { oprot.writeFieldBegin(SUCCESS_FIELD_DESC); - oprot.writeString(struct.success); + oprot.writeBinary(struct.success); oprot.writeFieldEnd(); } if (struct.failure != null) { @@ -4413,7 +4424,7 @@ public class ImageServer { } oprot.writeBitSet(optionals, 2); if (struct.isSetSuccess()) { - oprot.writeString(struct.success); + oprot.writeBinary(struct.success); } if (struct.isSetFailure()) { struct.failure.write(oprot); @@ -4425,7 +4436,7 @@ public class ImageServer { TTupleProtocol iprot = (TTupleProtocol) prot; BitSet incoming = iprot.readBitSet(2); if (incoming.get(0)) { - struct.success = iprot.readString(); + struct.success = iprot.readBinary(); struct.setSuccessIsSet(true); } if (incoming.get(1)) { diff --git a/src/main/java/org/openslx/imagemaster/thrift/iface/ServerAuthenticationError.java b/src/main/java/org/openslx/imagemaster/thrift/iface/ServerAuthenticationError.java index df3f9b6..8c3f1d3 100644 --- a/src/main/java/org/openslx/imagemaster/thrift/iface/ServerAuthenticationError.java +++ b/src/main/java/org/openslx/imagemaster/thrift/iface/ServerAuthenticationError.java @@ -15,7 +15,8 @@ public enum ServerAuthenticationError implements org.apache.thrift.TEnum { GENERIC_ERROR(0), INVALID_ORGANIZATION(1), INVALID_KEY(2), - BANNED_NETWORK(3); + CHALLENGE_FAILED(3), + BANNED_NETWORK(4); private final int value; @@ -43,6 +44,8 @@ public enum ServerAuthenticationError implements org.apache.thrift.TEnum { case 2: return INVALID_KEY; case 3: + return CHALLENGE_FAILED; + case 4: return BANNED_NETWORK; default: return null; diff --git a/src/main/thrift/imagemaster.thrift b/src/main/thrift/imagemaster.thrift index b03cb0e..c6bd3cb 100644 --- a/src/main/thrift/imagemaster.thrift +++ b/src/main/thrift/imagemaster.thrift @@ -27,6 +27,7 @@ enum ServerAuthenticationError { GENERIC_ERROR, INVALID_ORGANIZATION, INVALID_KEY, + CHALLENGE_FAILED, BANNED_NETWORK } @@ -127,7 +128,7 @@ service ImageServer { UserInfo getUserFromToken(1:Token token) throws (1:InvalidTokenException failure), - string startServerAuthentication(1:string organization) throws (1: ServerAuthenticationException failure), + binary startServerAuthentication(1:string organization) throws (1: ServerAuthenticationException failure), bool isServerAuthenticated(1:string serverSessionId), |