Fix message signing

7 files changed, 58 insertions, 64 deletions

diff --git a/src/main/java/org/openslx/imagemaster/Globals.java b/src/main/java/org/openslx/imagemaster/Globals.java
index 3dedc82..a03d401 100644
--- a/src/main/java/org/openslx/imagemaster/Globals.java
+++ b/src/main/java/org/openslx/imagemaster/Globals.java
@@ -22,7 +22,7 @@ public class Globals
 
 	public static enum PropString
 	{
-		IMAGEDIR, KEYSTOREFILE, KEYSTOREALIAS, KEYSTOREPASSWORD, LDAPHOST, LDAPBINDQUERY, LDAPSEARCHBASEDN, LDAPSEARCHFILTER, LDAPKEYSTOREPASSWORD, LDAPKEYSTOREPATH, FTPBASEDIR
+		IMAGEDIR, FTPKEYSTOREFILE, FTPKEYSTOREALIAS, FTPKEYSTOREPASSWORD, LDAPHOST, LDAPBINDQUERY, LDAPSEARCHBASEDN, LDAPSEARCHFILTER, LDAPKEYSTOREPASSWORD, LDAPKEYSTOREPATH, FTPBASEDIR
 	}
 
 	public static enum PropBool
@@ -67,12 +67,12 @@ public class Globals
 				|| Globals.getPropertyString( PropString.LDAPKEYSTOREPATH ).isEmpty()
 				|| Globals.getPropertyString( PropString.FTPBASEDIR ) == null
 				|| Globals.getPropertyString( PropString.FTPBASEDIR ).isEmpty()
-				|| Globals.getPropertyString( PropString.KEYSTOREFILE ) == null
-				|| Globals.getPropertyString( PropString.KEYSTOREFILE ).isEmpty()
-				|| Globals.getPropertyString( PropString.KEYSTOREALIAS ) == null
-				|| Globals.getPropertyString( PropString.KEYSTOREALIAS ).isEmpty()
-				|| Globals.getPropertyString( PropString.KEYSTOREPASSWORD ) == null
-				|| Globals.getPropertyString( PropString.KEYSTOREPASSWORD ).isEmpty()
+				|| Globals.getPropertyString( PropString.FTPKEYSTOREFILE ) == null
+				|| Globals.getPropertyString( PropString.FTPKEYSTOREFILE ).isEmpty()
+				|| Globals.getPropertyString( PropString.FTPKEYSTOREALIAS ) == null
+				|| Globals.getPropertyString( PropString.FTPKEYSTOREALIAS ).isEmpty()
+				|| Globals.getPropertyString( PropString.FTPKEYSTOREPASSWORD ) == null
+				|| Globals.getPropertyString( PropString.FTPKEYSTOREPASSWORD ).isEmpty()
 
 				|| Globals.getPropertyInt( PropInt.LDAPPORT ) == 0
 				|| Globals.getPropertyInt( PropInt.SESSIONTIMEOUTUSER ) == 0
@@ -95,7 +95,7 @@ public class Globals
 		}
 		
 		// check keystore
-		if ( !Globals.getPropertyString( PropString.KEYSTOREFILE ).endsWith( ".jks" )) {
+		if ( !Globals.getPropertyString( PropString.FTPKEYSTOREFILE ).endsWith( ".jks" )) {
 			log.error( "Keystore is not in jks format." );
 			return false;
 		}
@@ -153,14 +153,14 @@ public class Globals
 		case IMAGEDIR:
 			result = properties.getProperty( "image_dir" );
 			break;
-		case KEYSTOREFILE:
-			result = properties.getProperty( "keystore_file" );
+		case FTPKEYSTOREFILE:
+			result = properties.getProperty( "ftp_keystore_file" );
 			break;
-		case KEYSTOREALIAS:
-			result = properties.getProperty( "keystore_alias" );
+		case FTPKEYSTOREALIAS:
+			result = properties.getProperty( "ftp_keystore_alias" );
 			break;
-		case KEYSTOREPASSWORD:
-			result = properties.getProperty( "keystore_password" );
+		case FTPKEYSTOREPASSWORD:
+			result = properties.getProperty( "ftp_keystore_password" );
 			break;
 		case LDAPHOST:
 			result = properties.getProperty( "ldap_host" );
diff --git a/src/main/java/org/openslx/imagemaster/db/LdapUser.java b/src/main/java/org/openslx/imagemaster/db/LdapUser.java
index ae6aae2..0299829 100644
--- a/src/main/java/org/openslx/imagemaster/db/LdapUser.java
+++ b/src/main/java/org/openslx/imagemaster/db/LdapUser.java
@@ -153,7 +153,7 @@ public class LdapUser extends User
 
 	/**
 	 * Login user locally if external Ldap server is not available
-	 * @param username Must be in form "userid@organization"
+	 * @param username Must be in form "username@organization"
 	 * @param password The user's password
 	 */
 	private static LdapUser localLogin( String login, String password )
diff --git a/src/main/java/org/openslx/imagemaster/ftp/ImageProcessor.java b/src/main/java/org/openslx/imagemaster/ftp/ImageProcessor.java
index 62475e9..05b8101 100644
--- a/src/main/java/org/openslx/imagemaster/ftp/ImageProcessor.java
+++ b/src/main/java/org/openslx/imagemaster/ftp/ImageProcessor.java
@@ -115,12 +115,9 @@ public class ImageProcessor
 		if (!imageData.uuid.matches( "^[0-9a-f]{8}\\-[0-9a-f]{4}\\-[0-9a-f]{4}\\-[0-9a-f]{4}\\-[0-9a-f]{12}$" )) {
 			log.debug("UUID not valid");
 			return false;
-		} else if (!imageData.imageName.matches( "^[a-zA-Z0-9_\\-]{50}$" )) {
+		} else if (!imageData.imageName.matches( "^[a-zA-Z0-9_\\-]{5,50}$" )) {
 			log.debug("ImageName not valid");
 			return false;
-		} else if (!imageData.imageOwner.matches( "^[0-9]*$" )) {
-			log.debug("ImageOwner not valid");
-			return false;
 		}
 		// TODO: check some more regex
 		
diff --git a/src/main/java/org/openslx/imagemaster/ftp/MasterFtpServer.java b/src/main/java/org/openslx/imagemaster/ftp/MasterFtpServer.java
index e3514f6..0f5267f 100644
--- a/src/main/java/org/openslx/imagemaster/ftp/MasterFtpServer.java
+++ b/src/main/java/org/openslx/imagemaster/ftp/MasterFtpServer.java
@@ -46,9 +46,9 @@ public class MasterFtpServer implements Runnable
 
 		// config ssl
 		SslConfigurationFactory sslConfigFactory = new SslConfigurationFactory();
-		sslConfigFactory.setKeystoreFile( new File( Globals.getPropertyString( PropString.KEYSTOREFILE ) ) );
-		sslConfigFactory.setKeyAlias( Globals.getPropertyString( PropString.KEYSTOREALIAS ) );
-		sslConfigFactory.setKeystorePassword( Globals.getPropertyString( PropString.KEYSTOREPASSWORD ) );
+		sslConfigFactory.setKeystoreFile( new File( Globals.getPropertyString( PropString.FTPKEYSTOREFILE ) ) );
+		sslConfigFactory.setKeyAlias( Globals.getPropertyString( PropString.FTPKEYSTOREALIAS ) );
+		sslConfigFactory.setKeystorePassword( Globals.getPropertyString( PropString.FTPKEYSTOREPASSWORD ) );
 
 		// set the port of the listener
 		factory.setPort( port );
diff --git a/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java b/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java
index 8a8e426..5660f2f 100644
--- a/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java
+++ b/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java
@@ -5,8 +5,6 @@ import java.util.HashMap;
 
 import org.apache.log4j.Logger;
 import org.apache.thrift.TException;
-import org.openslx.imagemaster.Globals;
-import org.openslx.imagemaster.Globals.PropString;
 import org.openslx.imagemaster.thrift.iface.AuthenticationException;
 import org.openslx.imagemaster.util.AsymMessageSign;
 import org.openslx.imagemaster.util.RandomString;
@@ -24,9 +22,7 @@ public class ServerAuthenticator
 	 */
 	static {
 		try {
-			messageSign = new AsymMessageSign( Globals.getPropertyString( PropString.KEYSTOREALIAS ),
-					Globals.getPropertyString( PropString.KEYSTOREPASSWORD ),
-					Globals.getPropertyString( PropString.KEYSTOREFILE ) );
+			messageSign = new AsymMessageSign( "./config/servers.jks", "password" );
 			log.info( "Loaded keystore" );
 		} catch ( Exception e ) {
 			log.error( "Error loading the keystore", e );
@@ -54,7 +50,7 @@ public class ServerAuthenticator
 	}
 
 	/**
-	 * Authenticate with the challengeResponse
+	 * Authenticate with the challengeResponse.
 	 * 
 	 * @param organization
 	 * @param address
@@ -72,7 +68,7 @@ public class ServerAuthenticator
 		boolean result = false;
 
 		try {
-			result = messageSign.verifyMessage( bytes, authenticatingServers.get( organization ).getBytes() );
+			result = messageSign.verifyMessage( bytes, authenticatingServers.get( organization ).getBytes() , "uni-freiburg.de" );
 		} catch ( Exception e ) {
 			log.error( "Error while verifying message", e );
 		}
@@ -81,8 +77,7 @@ public class ServerAuthenticator
 			throw new AuthenticationException();
 		}
 
-		log.info( "Server of organinzation '" + organization
-				+ " authenticated." );
+		log.info( "Server of organinzation '" + organization + " authenticated." );
 
 		authenticatingServers.remove( organization );
 
diff --git a/src/main/java/org/openslx/imagemaster/session/Authenticator.java b/src/main/java/org/openslx/imagemaster/session/Authenticator.java
index 0796188..5f59a85 100644
--- a/src/main/java/org/openslx/imagemaster/session/Authenticator.java
+++ b/src/main/java/org/openslx/imagemaster/session/Authenticator.java
@@ -31,7 +31,7 @@ public class Authenticator
 		String login = username;
 		if (username.split( "@" ).length == 2) {
 			log.info( "username is in username@organization format" );
-			// we are in userid@organization format
+			// we are in username@organization format
 			// --> get prefix
 			DbSatellite satellite = DbSatellite.fromOrganization( username.split( "@" )[1] );
 			if (satellite == null)
diff --git a/src/main/java/org/openslx/imagemaster/util/AsymMessageSign.java b/src/main/java/org/openslx/imagemaster/util/AsymMessageSign.java
index 134b399..c49f9db 100644
--- a/src/main/java/org/openslx/imagemaster/util/AsymMessageSign.java
+++ b/src/main/java/org/openslx/imagemaster/util/AsymMessageSign.java
@@ -5,57 +5,59 @@ import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyPair;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.Signature;
 import java.security.SignatureException;
 import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 
 public class AsymMessageSign
 {
 	
-	KeyPair pair;
+	private KeyStore keystore;
 	
-//	String alias = "ftp";
-//	String password = "password";
-//	String file = "./config/keystore.jks";
-	
-	
-	public AsymMessageSign(String alias, String password, String file) throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyStoreException, UnrecoverableKeyException
+	/**
+	 * Load the keystore
+	 * @param file Path to keystore
+	 * @param password The keystore's password
+	 * @throws NoSuchAlgorithmException
+	 * @throws CertificateException
+	 * @throws FileNotFoundException
+	 * @throws IOException
+	 * @throws KeyStoreException
+	 * @throws UnrecoverableKeyException
+	 */
+	public AsymMessageSign(String file, String password) throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyStoreException, UnrecoverableKeyException
 	{
-		KeyStore keystore = KeyStore.getInstance( "JKS" );
+		keystore = KeyStore.getInstance( "JKS" );
 		keystore.load( new FileInputStream( new File( file ) ), password.toCharArray() );
-		Certificate cert = null;
-
-		Key key = keystore.getKey( alias,
-				password.toCharArray() );
-
-		if ( key instanceof PrivateKey ) {
-			cert = keystore.getCertificate( alias );
-			PublicKey publicKey = cert.getPublicKey();
-			pair = new KeyPair( publicKey, (PrivateKey)key );
-		}
-	}
-
-	public byte[] signMessage( String message ) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException
-	{
-		Signature signature = Signature.getInstance( "SHA256WITHRSA" );
-		signature.initSign( pair.getPrivate() );
-		signature.update( message.getBytes() );
-		return signature.sign();
 	}
 
-	public boolean verifyMessage( byte[] signedMessage, byte[] realMessage ) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException
+	/**
+	 * Verify an encrypted message
+	 * @param signedMessage The signed message from hs/uni server
+	 * @param realMessage The message that was sent before
+	 * @param alias the alias of the certificate
+	 * @param password the password of the certificate
+	 * @return Whether the message could be verfied or not
+	 * @throws NoSuchAlgorithmException
+	 * @throws InvalidKeyException
+	 * @throws SignatureException
+	 * @throws UnrecoverableKeyException
+	 * @throws KeyStoreException
+	 */
+	public boolean verifyMessage( byte[] signedMessage, byte[] realMessage, String alias ) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, UnrecoverableKeyException, KeyStoreException
 	{
+		// first load key
+		//Key key = keystore.getKey( alias, password.toCharArray() );
+		PublicKey key = keystore.getCertificate( alias ).getPublicKey();
+		
+		// verify message
 		Signature signature = Signature.getInstance( "SHA256WITHRSA" );
-		signature.initVerify( pair.getPublic() );
+		signature.initVerify( key );
 		signature.update( realMessage );
 		return signature.verify( signedMessage );
 	}