summaryrefslogtreecommitdiffstats
path: root/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java')
-rw-r--r--src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java68
1 files changed, 27 insertions, 41 deletions
diff --git a/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java b/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java
index 6ef037c..d851c4e 100644
--- a/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java
+++ b/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java
@@ -1,14 +1,15 @@
package org.openslx.imagemaster.serversession;
import java.nio.ByteBuffer;
-import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
import org.apache.log4j.Logger;
import org.apache.thrift.TException;
-import org.openslx.imagemaster.thrift.iface.AuthenticationException;
+import org.openslx.encryption.AsymEncryptionHandler;
+import org.openslx.imagemaster.db.DbSatellite;
import org.openslx.imagemaster.thrift.iface.ServerAuthenticationError;
import org.openslx.imagemaster.thrift.iface.ServerAuthenticationException;
-import org.openslx.imagemaster.util.AsymMessageVerifier;
import org.openslx.imagemaster.util.RandomString;
/**
@@ -18,8 +19,11 @@ public class ServerAuthenticator
{
private static Logger log = Logger.getLogger( ServerAuthenticator.class );
- // map of currently authenticating servers
- private static HashMap<String, String> authenticatingServers = new HashMap<String, String>();
+
+ /**
+ * Servers currently doing authentication. Maps from organization to the challenge we sent.
+ */
+ private static Map<String, byte[]> authenticatingServers = new ConcurrentHashMap<>();
/**
* Start the server authentification.
@@ -28,16 +32,14 @@ public class ServerAuthenticator
* the organization of the server
* @return encrypted random string
*/
- public static String startServerAuthentication( String organization )
+ public static ByteBuffer startServerAuthentication( String organization )
{
- String secret = RandomString.generate( 100, false );
- synchronized ( authenticatingServers ) {
- authenticatingServers.put( organization, secret );
- log.info( "Server of organinzation '" + organization
- + "' starts to authenticate. And got string: '" + secret
- + "'" );
- }
- return secret;
+ byte[] secret = RandomString.generateBinary( 100 );
+ authenticatingServers.put( organization, secret );
+ log.info( "Server of organinzation '" + organization
+ + "' starts to authenticate. And got string: '" + secret.length
+ + "'" );
+ return ByteBuffer.wrap( secret );
}
/**
@@ -47,40 +49,24 @@ public class ServerAuthenticator
* @param address
* @param challengeResponse
* @return
- * @throws AuthenticationException
+ * @throws ServerAuthenticationException
* @throws TException
*/
- public static ServerUser serverAuthenticate( String organization,
- String address, ByteBuffer challengeResponse )
- throws AuthenticationException, TException
+ public static ServerUser serverAuthenticate( DbSatellite satellite, ByteBuffer challengeResponse )
+ throws ServerAuthenticationException
{
- byte[] bytes = new byte[ 512 ];
- challengeResponse.get( bytes );
-
- boolean result = false;
-
- AsymMessageVerifier verifier = null;
- try {
- verifier = new AsymMessageVerifier( organization );
- } catch ( Exception e ) {
- throw new ServerAuthenticationException( ServerAuthenticationError.INVALID_ORGANIZATION, "Organization not found." );
- }
+ byte[] encryptedBytes = new byte[ challengeResponse.remaining() ];
+ challengeResponse.get( encryptedBytes );
- try {
- result = verifier.verifyMessage( bytes, authenticatingServers.get( organization ).getBytes() );
- } catch ( Exception e ) {
- log.error( "Error while verifying message", e );
- throw new ServerAuthenticationException( ServerAuthenticationError.INVALID_KEY, "Could not verfiy key." );
- }
+ AsymEncryptionHandler verifier = new AsymEncryptionHandler( satellite.getPubkey() );
- if ( !result ) {
- throw new ServerAuthenticationException( ServerAuthenticationError.INVALID_KEY, "Could not verfiy key." );
- }
+ if ( !verifier.verifyMessage( encryptedBytes, authenticatingServers.get( satellite.getOrganization() ) ) )
+ throw new ServerAuthenticationException( ServerAuthenticationError.CHALLENGE_FAILED, "You failed the encryption challenge. private and public key don't seem to match." );
- log.info( "Server of organinzation '" + organization + " authenticated." );
+ log.info( "Server of organinzation '" + satellite.getOrganization() + " authenticated." );
- authenticatingServers.remove( organization );
+ authenticatingServers.remove( satellite.getOrganization() );
- return new ServerUser( organization, address );
+ return new ServerUser( satellite.getOrganization(), satellite.getAddress() );
}
}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-06 09:43:33 +0200