diff options
Diffstat (limited to 'src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java')
-rw-r--r-- | src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java | 68 |
1 files changed, 27 insertions, 41 deletions
diff --git a/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java b/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java index 6ef037c..d851c4e 100644 --- a/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java +++ b/src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java @@ -1,14 +1,15 @@ package org.openslx.imagemaster.serversession; import java.nio.ByteBuffer; -import java.util.HashMap; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; import org.apache.log4j.Logger; import org.apache.thrift.TException; -import org.openslx.imagemaster.thrift.iface.AuthenticationException; +import org.openslx.encryption.AsymEncryptionHandler; +import org.openslx.imagemaster.db.DbSatellite; import org.openslx.imagemaster.thrift.iface.ServerAuthenticationError; import org.openslx.imagemaster.thrift.iface.ServerAuthenticationException; -import org.openslx.imagemaster.util.AsymMessageVerifier; import org.openslx.imagemaster.util.RandomString; /** @@ -18,8 +19,11 @@ public class ServerAuthenticator { private static Logger log = Logger.getLogger( ServerAuthenticator.class ); - // map of currently authenticating servers - private static HashMap<String, String> authenticatingServers = new HashMap<String, String>(); + + /** + * Servers currently doing authentication. Maps from organization to the challenge we sent. + */ + private static Map<String, byte[]> authenticatingServers = new ConcurrentHashMap<>(); /** * Start the server authentification. @@ -28,16 +32,14 @@ public class ServerAuthenticator * the organization of the server * @return encrypted random string */ - public static String startServerAuthentication( String organization ) + public static ByteBuffer startServerAuthentication( String organization ) { - String secret = RandomString.generate( 100, false ); - synchronized ( authenticatingServers ) { - authenticatingServers.put( organization, secret ); - log.info( "Server of organinzation '" + organization - + "' starts to authenticate. And got string: '" + secret - + "'" ); - } - return secret; + byte[] secret = RandomString.generateBinary( 100 ); + authenticatingServers.put( organization, secret ); + log.info( "Server of organinzation '" + organization + + "' starts to authenticate. And got string: '" + secret.length + + "'" ); + return ByteBuffer.wrap( secret ); } /** @@ -47,40 +49,24 @@ public class ServerAuthenticator * @param address * @param challengeResponse * @return - * @throws AuthenticationException + * @throws ServerAuthenticationException * @throws TException */ - public static ServerUser serverAuthenticate( String organization, - String address, ByteBuffer challengeResponse ) - throws AuthenticationException, TException + public static ServerUser serverAuthenticate( DbSatellite satellite, ByteBuffer challengeResponse ) + throws ServerAuthenticationException { - byte[] bytes = new byte[ 512 ]; - challengeResponse.get( bytes ); - - boolean result = false; - - AsymMessageVerifier verifier = null; - try { - verifier = new AsymMessageVerifier( organization ); - } catch ( Exception e ) { - throw new ServerAuthenticationException( ServerAuthenticationError.INVALID_ORGANIZATION, "Organization not found." ); - } + byte[] encryptedBytes = new byte[ challengeResponse.remaining() ]; + challengeResponse.get( encryptedBytes ); - try { - result = verifier.verifyMessage( bytes, authenticatingServers.get( organization ).getBytes() ); - } catch ( Exception e ) { - log.error( "Error while verifying message", e ); - throw new ServerAuthenticationException( ServerAuthenticationError.INVALID_KEY, "Could not verfiy key." ); - } + AsymEncryptionHandler verifier = new AsymEncryptionHandler( satellite.getPubkey() ); - if ( !result ) { - throw new ServerAuthenticationException( ServerAuthenticationError.INVALID_KEY, "Could not verfiy key." ); - } + if ( !verifier.verifyMessage( encryptedBytes, authenticatingServers.get( satellite.getOrganization() ) ) ) + throw new ServerAuthenticationException( ServerAuthenticationError.CHALLENGE_FAILED, "You failed the encryption challenge. private and public key don't seem to match." ); - log.info( "Server of organinzation '" + organization + " authenticated." ); + log.info( "Server of organinzation '" + satellite.getOrganization() + " authenticated." ); - authenticatingServers.remove( organization ); + authenticatingServers.remove( satellite.getOrganization() ); - return new ServerUser( organization, address ); + return new ServerUser( satellite.getOrganization(), satellite.getAddress() ); } } |