blob: 24e292816c98233b5ff5567d3374237887f6e492 (
plain) (
tree)
|
|
package org.openslx.imagemaster.serversession;
import java.nio.ByteBuffer;
import java.util.HashMap;
import org.apache.log4j.Logger;
import org.apache.thrift.TException;
import org.openslx.imagemaster.Globals;
import org.openslx.imagemaster.Globals.PropString;
import org.openslx.imagemaster.thrift.iface.AuthenticationException;
import org.openslx.imagemaster.util.AsymMessageSign;
import org.openslx.imagemaster.util.RandomString;
public class ServerAuthenticator
{
private static Logger log = Logger.getLogger( ServerAuthenticator.class );
// map of currently authenticating servers
private static HashMap<String, String> authenticatingServers = new HashMap<String, String>();
private static AsymMessageSign messageSign = null;
/**
* Initialize the message signer/verifier
*/
static {
try {
messageSign = new AsymMessageSign( Globals.getPropertyString( PropString.KEYSTOREALIAS ),
Globals.getPropertyString( PropString.KEYSTOREPASSWORD ),
Globals.getPropertyString( PropString.KEYSTOREFILE ) );
log.info( "Loaded keystore" );
} catch ( Exception e ) {
log.error( "Error loading the keystore", e );
System.exit(1);
}
}
/**
* Start the server authentification.
*
* @param organization
* the organization of the server
* @return encrypted random string
*/
public static String startServerAuthentication( String organization )
{
String secret = RandomString.generate( 100, false );
synchronized ( authenticatingServers ) {
authenticatingServers.put( organization, secret );
log.info( "Server of organinzation '" + organization
+ "' starts to authenticate. And got string: '" + secret
+ "'" );
}
return secret;
}
/**
* Authenticate with the challengeResponse
*
* @param organization
* @param address
* @param challengeResponse
* @return
* @throws AuthenticationException
* @throws TException
*/
public static ServerUser serverAuthenticate( String organization,
String address, ByteBuffer challengeResponse )
throws AuthenticationException, TException
{
byte[] bytes = challengeResponse.array();
log.info( "Response was: " + challengeResponse + " with length: " + bytes.length);
boolean result = false;
try {
result = messageSign.verifyMessage( bytes, authenticatingServers.get( organization ).getBytes() );
} catch (Exception e) {
log.error( "Error while verifying message", e );
}
if ( !result ) {
throw new AuthenticationException();
}
log.info( "Server of organinzation '" + organization
+ " authenticated.");
authenticatingServers.remove( organization );
return new ServerUser( organization, address );
}
}
|