path: root/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java

package org.openslx.imagemaster.serversession;

import java.nio.ByteBuffer;
import java.util.HashMap;

import org.apache.log4j.Logger;
import org.apache.thrift.TException;
import org.openslx.imagemaster.Globals;
import org.openslx.imagemaster.Globals.PropString;
import org.openslx.imagemaster.thrift.iface.AuthenticationException;
import org.openslx.imagemaster.util.AsymMessageSign;
import org.openslx.imagemaster.util.RandomString;

public class ServerAuthenticator
{
	private static Logger log = Logger.getLogger( ServerAuthenticator.class );
	// map of currently authenticating servers
	private static HashMap<String, String> authenticatingServers = new HashMap<String, String>();
	private static AsymMessageSign messageSign = null;
	
	/**
	 * Initialize the message signer/verifier
	 */
	static {
		try {
			messageSign = new AsymMessageSign( Globals.getPropertyString( PropString.KEYSTOREALIAS ),
					Globals.getPropertyString( PropString.KEYSTOREPASSWORD ),
					Globals.getPropertyString( PropString.KEYSTOREFILE ) );
			log.info( "Loaded keystore" );
		} catch ( Exception e ) {
			log.error( "Error loading the keystore", e );
			System.exit(1);
		}
	}

	/**
	 * Start the server authentification.
	 * 
	 * @param organization
	 *           the organization of the server
	 * @return encrypted random string
	 */
	public static String startServerAuthentication( String organization )
	{
		String secret = RandomString.generate( 100, false );
		synchronized ( authenticatingServers ) {
			authenticatingServers.put( organization, secret );
			log.info( "Server of organinzation '" + organization
					+ "' starts to authenticate. And got string: '" + secret
					+ "'" );
		}
		return secret;
	}

	/**
	 * Authenticate with the challengeResponse
	 * 
	 * @param organization
	 * @param address
	 * @param challengeResponse
	 * @return
	 * @throws AuthenticationException
	 * @throws TException
	 */
	public static ServerUser serverAuthenticate( String organization,
			String address, ByteBuffer challengeResponse )
			throws AuthenticationException, TException
	{
		byte[] bytes = challengeResponse.array();
		log.info( "Response was: " + challengeResponse + " with length: " + bytes.length);
		
		boolean result = false;
		
		try {
			result = messageSign.verifyMessage( bytes, authenticatingServers.get( organization ).getBytes() );
		} catch (Exception e) {
			log.error( "Error while verifying message", e );		
		}
		
		if ( !result ) {
			throw new AuthenticationException();
		}

		log.info( "Server of organinzation '" + organization
				+ " authenticated.");

		authenticatingServers.remove( organization );

		return new ServerUser( organization, address );
	}
}