diff options
author | Nils Schwabe | 2014-05-05 18:23:02 +0200 |
---|---|---|
committer | Nils Schwabe | 2014-05-05 18:23:02 +0200 |
commit | 01970c0672f9b8f4dbf9a35f40e8b0d3d67c0554 (patch) | |
tree | 1ef7c480d0a548eeb8daf3d6a46e9981e9b7c5ab /src/main | |
parent | Add some regex (diff) | |
download | masterserver-01970c0672f9b8f4dbf9a35f40e8b0d3d67c0554.tar.gz masterserver-01970c0672f9b8f4dbf9a35f40e8b0d3d67c0554.tar.xz masterserver-01970c0672f9b8f4dbf9a35f40e8b0d3d67c0554.zip |
Fix message signing
Diffstat (limited to 'src/main')
7 files changed, 58 insertions, 64 deletions
diff --git a/src/main/java/org/openslx/imagemaster/Globals.java b/src/main/java/org/openslx/imagemaster/Globals.java index 3dedc82..a03d401 100644 --- a/src/main/java/org/openslx/imagemaster/Globals.java +++ b/src/main/java/org/openslx/imagemaster/Globals.java @@ -22,7 +22,7 @@ public class Globals public static enum PropString { - IMAGEDIR, KEYSTOREFILE, KEYSTOREALIAS, KEYSTOREPASSWORD, LDAPHOST, LDAPBINDQUERY, LDAPSEARCHBASEDN, LDAPSEARCHFILTER, LDAPKEYSTOREPASSWORD, LDAPKEYSTOREPATH, FTPBASEDIR + IMAGEDIR, FTPKEYSTOREFILE, FTPKEYSTOREALIAS, FTPKEYSTOREPASSWORD, LDAPHOST, LDAPBINDQUERY, LDAPSEARCHBASEDN, LDAPSEARCHFILTER, LDAPKEYSTOREPASSWORD, LDAPKEYSTOREPATH, FTPBASEDIR } public static enum PropBool @@ -67,12 +67,12 @@ public class Globals || Globals.getPropertyString( PropString.LDAPKEYSTOREPATH ).isEmpty() || Globals.getPropertyString( PropString.FTPBASEDIR ) == null || Globals.getPropertyString( PropString.FTPBASEDIR ).isEmpty() - || Globals.getPropertyString( PropString.KEYSTOREFILE ) == null - || Globals.getPropertyString( PropString.KEYSTOREFILE ).isEmpty() - || Globals.getPropertyString( PropString.KEYSTOREALIAS ) == null - || Globals.getPropertyString( PropString.KEYSTOREALIAS ).isEmpty() - || Globals.getPropertyString( PropString.KEYSTOREPASSWORD ) == null - || Globals.getPropertyString( PropString.KEYSTOREPASSWORD ).isEmpty() + || Globals.getPropertyString( PropString.FTPKEYSTOREFILE ) == null + || Globals.getPropertyString( PropString.FTPKEYSTOREFILE ).isEmpty() + || Globals.getPropertyString( PropString.FTPKEYSTOREALIAS ) == null + || Globals.getPropertyString( PropString.FTPKEYSTOREALIAS ).isEmpty() + || Globals.getPropertyString( PropString.FTPKEYSTOREPASSWORD ) == null + || Globals.getPropertyString( PropString.FTPKEYSTOREPASSWORD ).isEmpty() || Globals.getPropertyInt( PropInt.LDAPPORT ) == 0 || Globals.getPropertyInt( PropInt.SESSIONTIMEOUTUSER ) == 0 @@ -95,7 +95,7 @@ public class Globals } // check keystore - if ( !Globals.getPropertyString( PropString.KEYSTOREFILE ).endsWith( ".jks" )) { + if ( !Globals.getPropertyString( PropString.FTPKEYSTOREFILE ).endsWith( ".jks" )) { log.error( "Keystore is not in jks format." ); return false; } @@ -153,14 +153,14 @@ public class Globals case IMAGEDIR: result = properties.getProperty( "image_dir" ); break; - case KEYSTOREFILE: - result = properties.getProperty( "keystore_file" ); + case FTPKEYSTOREFILE: + result = properties.getProperty( "ftp_keystore_file" ); break; - case KEYSTOREALIAS: - result = properties.getProperty( "keystore_alias" ); + case FTPKEYSTOREALIAS: + result = properties.getProperty( "ftp_keystore_alias" ); break; - case KEYSTOREPASSWORD: - result = properties.getProperty( "keystore_password" ); + case FTPKEYSTOREPASSWORD: + result = properties.getProperty( "ftp_keystore_password" ); break; case LDAPHOST: result = properties.getProperty( "ldap_host" ); diff --git a/src/main/java/org/openslx/imagemaster/db/LdapUser.java b/src/main/java/org/openslx/imagemaster/db/LdapUser.java index ae6aae2..0299829 100644 --- a/src/main/java/org/openslx/imagemaster/db/LdapUser.java +++ b/src/main/java/org/openslx/imagemaster/db/LdapUser.java @@ -153,7 +153,7 @@ public class LdapUser extends User /** * Login user locally if external Ldap server is not available - * @param username Must be in form "userid@organization" + * @param username Must be in form "username@organization" * @param password The user's password */ private static LdapUser localLogin( String login, String password ) diff --git a/src/main/java/org/openslx/imagemaster/ftp/ImageProcessor.java b/src/main/java/org/openslx/imagemaster/ftp/ImageProcessor.java index 62475e9..05b8101 100644 --- a/src/main/java/org/openslx/imagemaster/ftp/ImageProcessor.java +++ b/src/main/java/org/openslx/imagemaster/ftp/ImageProcessor.java @@ -115,12 +115,9 @@ public class ImageProcessor if (!imageData.uuid.matches( "^[0-9a-f]{8}\\-[0-9a-f]{4}\\-[0-9a-f]{4}\\-[0-9a-f]{4}\\-[0-9a-f]{12}$" )) { log.debug("UUID not valid"); return false; - } else if (!imageData.imageName.matches( "^[a-zA-Z0-9_\\-]{50}$" )) { + } else if (!imageData.imageName.matches( "^[a-zA-Z0-9_\\-]{5,50}$" )) { log.debug("ImageName not valid"); return false; - } else if (!imageData.imageOwner.matches( "^[0-9]*$" )) { - log.debug("ImageOwner not valid"); - return false; } // TODO: check some more regex diff --git a/src/main/java/org/openslx/imagemaster/ftp/MasterFtpServer.java b/src/main/java/org/openslx/imagemaster/ftp/MasterFtpServer.java index e3514f6..0f5267f 100644 --- a/src/main/java/org/openslx/imagemaster/ftp/MasterFtpServer.java +++ b/src/main/java/org/openslx/imagemaster/ftp/MasterFtpServer.java @@ -46,9 +46,9 @@ public class MasterFtpServer implements Runnable // config ssl SslConfigurationFactory sslConfigFactory = new SslConfigurationFactory(); - sslConfigFactory.setKeystoreFile( new File( Globals.getPropertyString( PropString.KEYSTOREFILE ) ) ); - sslConfigFactory.setKeyAlias( Globals.getPropertyString( PropString.KEYSTOREALIAS ) ); - sslConfigFactory.setKeystorePassword( Globals.getPropertyString( PropString.KEYSTOREPASSWORD ) ); + sslConfigFactory.setKeystoreFile( new File( Globals.getPropertyString( PropString.FTPKEYSTOREFILE ) ) ); + sslConfigFactory.setKeyAlias( Globals.getPropertyString( PropString.FTPKEYSTOREALIAS ) ); + sslConfigFactory.setKeystorePassword( Globals.getPropertyString( PropString.FTPKEYSTOREPASSWORD ) ); // set the port of the listener factory.setPort( port ); diff --git a/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java b/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java index 8a8e426..5660f2f 100644 --- a/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java +++ b/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java @@ -5,8 +5,6 @@ import java.util.HashMap; import org.apache.log4j.Logger; import org.apache.thrift.TException; -import org.openslx.imagemaster.Globals; -import org.openslx.imagemaster.Globals.PropString; import org.openslx.imagemaster.thrift.iface.AuthenticationException; import org.openslx.imagemaster.util.AsymMessageSign; import org.openslx.imagemaster.util.RandomString; @@ -24,9 +22,7 @@ public class ServerAuthenticator */ static { try { - messageSign = new AsymMessageSign( Globals.getPropertyString( PropString.KEYSTOREALIAS ), - Globals.getPropertyString( PropString.KEYSTOREPASSWORD ), - Globals.getPropertyString( PropString.KEYSTOREFILE ) ); + messageSign = new AsymMessageSign( "./config/servers.jks", "password" ); log.info( "Loaded keystore" ); } catch ( Exception e ) { log.error( "Error loading the keystore", e ); @@ -54,7 +50,7 @@ public class ServerAuthenticator } /** - * Authenticate with the challengeResponse + * Authenticate with the challengeResponse. * * @param organization * @param address @@ -72,7 +68,7 @@ public class ServerAuthenticator boolean result = false; try { - result = messageSign.verifyMessage( bytes, authenticatingServers.get( organization ).getBytes() ); + result = messageSign.verifyMessage( bytes, authenticatingServers.get( organization ).getBytes() , "uni-freiburg.de" ); } catch ( Exception e ) { log.error( "Error while verifying message", e ); } @@ -81,8 +77,7 @@ public class ServerAuthenticator throw new AuthenticationException(); } - log.info( "Server of organinzation '" + organization - + " authenticated." ); + log.info( "Server of organinzation '" + organization + " authenticated." ); authenticatingServers.remove( organization ); diff --git a/src/main/java/org/openslx/imagemaster/session/Authenticator.java b/src/main/java/org/openslx/imagemaster/session/Authenticator.java index 0796188..5f59a85 100644 --- a/src/main/java/org/openslx/imagemaster/session/Authenticator.java +++ b/src/main/java/org/openslx/imagemaster/session/Authenticator.java @@ -31,7 +31,7 @@ public class Authenticator String login = username; if (username.split( "@" ).length == 2) { log.info( "username is in username@organization format" ); - // we are in userid@organization format + // we are in username@organization format // --> get prefix DbSatellite satellite = DbSatellite.fromOrganization( username.split( "@" )[1] ); if (satellite == null) diff --git a/src/main/java/org/openslx/imagemaster/util/AsymMessageSign.java b/src/main/java/org/openslx/imagemaster/util/AsymMessageSign.java index 134b399..c49f9db 100644 --- a/src/main/java/org/openslx/imagemaster/util/AsymMessageSign.java +++ b/src/main/java/org/openslx/imagemaster/util/AsymMessageSign.java @@ -5,57 +5,59 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyPair; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; import java.security.cert.CertificateException; public class AsymMessageSign { - KeyPair pair; + private KeyStore keystore; -// String alias = "ftp"; -// String password = "password"; -// String file = "./config/keystore.jks"; - - - public AsymMessageSign(String alias, String password, String file) throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyStoreException, UnrecoverableKeyException + /** + * Load the keystore + * @param file Path to keystore + * @param password The keystore's password + * @throws NoSuchAlgorithmException + * @throws CertificateException + * @throws FileNotFoundException + * @throws IOException + * @throws KeyStoreException + * @throws UnrecoverableKeyException + */ + public AsymMessageSign(String file, String password) throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyStoreException, UnrecoverableKeyException { - KeyStore keystore = KeyStore.getInstance( "JKS" ); + keystore = KeyStore.getInstance( "JKS" ); keystore.load( new FileInputStream( new File( file ) ), password.toCharArray() ); - Certificate cert = null; - - Key key = keystore.getKey( alias, - password.toCharArray() ); - - if ( key instanceof PrivateKey ) { - cert = keystore.getCertificate( alias ); - PublicKey publicKey = cert.getPublicKey(); - pair = new KeyPair( publicKey, (PrivateKey)key ); - } - } - - public byte[] signMessage( String message ) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException - { - Signature signature = Signature.getInstance( "SHA256WITHRSA" ); - signature.initSign( pair.getPrivate() ); - signature.update( message.getBytes() ); - return signature.sign(); } - public boolean verifyMessage( byte[] signedMessage, byte[] realMessage ) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException + /** + * Verify an encrypted message + * @param signedMessage The signed message from hs/uni server + * @param realMessage The message that was sent before + * @param alias the alias of the certificate + * @param password the password of the certificate + * @return Whether the message could be verfied or not + * @throws NoSuchAlgorithmException + * @throws InvalidKeyException + * @throws SignatureException + * @throws UnrecoverableKeyException + * @throws KeyStoreException + */ + public boolean verifyMessage( byte[] signedMessage, byte[] realMessage, String alias ) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnrecoverableKeyException, KeyStoreException { + // first load key + //Key key = keystore.getKey( alias, password.toCharArray() ); + PublicKey key = keystore.getCertificate( alias ).getPublicKey(); + + // verify message Signature signature = Signature.getInstance( "SHA256WITHRSA" ); - signature.initVerify( pair.getPublic() ); + signature.initVerify( key ); signature.update( realMessage ); return signature.verify( signedMessage ); } |