summaryrefslogblamecommitdiffstats
path: root/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java
blob: a7c7fde16830a219b5dbf13fe70eef11d6c54860 (plain) (tree) 
d5e1e55 ^


40d5286 ^

9af7654 ^


d5e1e55 ^

298f7ca ^

d5e1e55 ^

3aa85cd ^


9af7654 ^

3aa85cd ^

d5e1e55 ^


d9b0b68 ^



f71e8a5 ^


b9878ed ^

f71e8a5 ^

9af7654 ^




3aa85cd ^

298f7ca ^

d5e1e55 ^


298f7ca ^

3aa85cd ^

f71e8a5 ^

d5e1e55 ^


3aa85cd ^

f71e8a5 ^

9af7654 ^

3aa85cd ^


9af7654 ^



d5e1e55 ^

298f7ca ^

f7b3d0a ^

01970c0 ^

298f7ca ^

0ed5db9 ^

f7b3d0a ^


9af7654 ^

f7b3d0a ^


3aa85cd ^


f71e8a5 ^

9af7654 ^


eb1e609 ^

9af7654 ^

b9878ed ^

3aa85cd ^




f71e8a5 ^

3aa85cd ^

298f7ca ^

3aa85cd ^

d5e1e55 ^


1
2

3

4
5

6

7

8

9
10

11

12

13
14

15
16
17

18
19

20

21

22
23
24
25

26

27

28
29

30

31

32

33
34

35

36

37

38
39

40
41
42

43

44

45

46

47

48

49
50

51

52
53

54
55

56

57
58

59

60

61

62
63
64
65

66

67

68

69

70
71


                                              
                           

                                              
 
                               
                                    

                                                             
                                                    
                                                        

                                                 


                                                

                                
 
                                                                                  



                                                                                                   
                                                                                              
 

                                             
           
                             
                                                   

                                          
                                                                             
         
                                                                   

                                                                   


                                                                                               
         
 
           
                                                   
           
                                                     

                                   
                                                

                             

                                                                                                       
         

                                                                                  
 
                                                                                                    
 



                                                                                                                             
 
                                                                                                                         
 
                                                                         

         
package org.openslx.imagemaster.serversession;

import java.nio.ByteBuffer;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

import org.apache.log4j.Logger;
import org.apache.thrift.TException;
import org.openslx.bwlp.thrift.iface.AuthorizationError;
import org.openslx.bwlp.thrift.iface.TAuthorizationException;
import org.openslx.encryption.AsymEncryptionHandler;
import org.openslx.imagemaster.db.models.LocalSatellite;
import org.openslx.imagemaster.util.RandomString;

/**
 * Authenticating a server with message signing.
 */
public class ServerAuthenticator
{

	private static Logger log = Logger.getLogger( ServerAuthenticator.class );

	/**
	 * Servers currently doing authentication. Maps from organization to the challenge we sent.
	 */
	private static Map<Integer, byte[]> authenticatingServers = new ConcurrentHashMap<>();

	/**
	 * Start the server authentification.
	 * 
	 * @param satelliteId
	 *           the organization of the server
	 * @return encrypted random string
	 */
	public static ByteBuffer startServerAuthentication( int satelliteId )
	{
		byte[] secret = RandomString.generateBinary( 100 );
		authenticatingServers.put( satelliteId, secret );
		log.info( "Server of organinzation '" + satelliteId
				+ "' starts to authenticate. And got string: '" + secret.length
				+ "'" );
		return ByteBuffer.wrap( secret );
	}

	/**
	 * Authenticate with the challengeResponse.
	 * 
	 * @param organizationId Is already verified.
	 * @param address
	 * @param challengeResponse
	 * @throws ServerAuthenticationException
	 * @throws TException
	 */
	public static void serverAuthenticate( LocalSatellite satellite, ByteBuffer challengeResponse )
			throws TAuthorizationException
	{
		byte[] encryptedBytes = new byte[ challengeResponse.remaining() ];
		challengeResponse.get( encryptedBytes );

		AsymEncryptionHandler verifier = new AsymEncryptionHandler( satellite.getPubkey() );

		if ( !verifier.verifyMessage( encryptedBytes, authenticatingServers.get( satellite.satelliteId ) ) ) {
			throw new TAuthorizationException( AuthorizationError.CHALLENGE_FAILED,
					"You failed the encryption challenge. private and public key don't seem to match." );
		}

		log.info( "Server '" + satellite.satelliteName + "' (" + satellite.organizationId + ") authenticated." );

		authenticatingServers.remove( satellite.organizationId );
	}
}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-18 03:30:53 +0200