package org.openslx.imagemaster.server; import java.nio.ByteBuffer; import java.util.List; import org.apache.thrift.TException; import org.openslx.imagemaster.db.DbImage; import org.openslx.imagemaster.db.DbSatellite; import org.openslx.imagemaster.serverconnection.ImageProcessor; import org.openslx.imagemaster.serversession.ServerAuthenticator; import org.openslx.imagemaster.serversession.ServerSession; import org.openslx.imagemaster.serversession.ServerSessionManager; import org.openslx.imagemaster.serversession.ServerUser; import org.openslx.imagemaster.session.Authenticator; import org.openslx.imagemaster.session.Session; import org.openslx.imagemaster.session.SessionManager; import org.openslx.imagemaster.session.User; import org.openslx.imagemaster.thrift.iface.AuthenticationError; import org.openslx.imagemaster.thrift.iface.AuthenticationException; import org.openslx.imagemaster.thrift.iface.AuthorizationError; import org.openslx.imagemaster.thrift.iface.AuthorizationException; import org.openslx.imagemaster.thrift.iface.DownloadInfos; import org.openslx.imagemaster.thrift.iface.ImageData; import org.openslx.imagemaster.thrift.iface.ImageDataError; import org.openslx.imagemaster.thrift.iface.ImageDataException; import org.openslx.imagemaster.thrift.iface.InvalidTokenException; import org.openslx.imagemaster.thrift.iface.ServerAuthenticationError; import org.openslx.imagemaster.thrift.iface.ServerAuthenticationException; import org.openslx.imagemaster.thrift.iface.ServerSessionData; import org.openslx.imagemaster.thrift.iface.SessionData; import org.openslx.imagemaster.thrift.iface.UploadException; import org.openslx.imagemaster.thrift.iface.UploadInfos; import org.openslx.imagemaster.thrift.iface.UserInfo; /** * API Server This is where all the requests from the outside arrive. We don't * handle them directly in the Thrift handlers, as we might be adding other APIs * later, like JSON/SOAP/REST/HTTP/XML or some other stuff. They'd all just * interface with this static class here. Note that we use the exceptions from * the thrift interface that you can simply catch in any other API handler and * eg. transform into error codes, if the API doesn't support exceptions. * * This will be accessed from multiple threads, so use synchronization when * needed (or in doubt) */ public class ApiServer { /** * Request for authentication * * @param login The user's login in the form "user@organization.com" * @param password user's password * @return SessionData struct with session id/token iff login successful * @throws AuthenticationException if login not successful */ public static SessionData authenticate( String login, String password ) throws AuthenticationException { if ( login == null || password == null ) { throw new AuthenticationException( AuthenticationError.INVALID_CREDENTIALS, "Empty username or password!" ); } final User user = Authenticator.authenticate( login, password ); final Session session = new Session( user ); return SessionManager.addSession( session ); } /** * Request information about user for given token * * @param token a user's token * @return UserInfo struct for given token's user * @throws InvalidTokenException if no user matches the given token */ public static UserInfo getUserFromToken( String token ) throws InvalidTokenException { final Session session = SessionManager.getSession( token ); if ( session == null ) throw new InvalidTokenException(); return new UserInfo( session.getUserId(), session.getFirstName(), session.getLastName(), session.getEMail() ); } public static UploadInfos submitImage( String serverSessionId, ImageData imageDescription, List crcSums ) throws AuthorizationException, ImageDataException, UploadException { // first check session of server if ( ServerSessionManager.getSession( serverSessionId ) == null ) { throw new AuthorizationException( AuthorizationError.NOT_AUTHENTICATED, "No valid serverSessioId" ); } // then let the image processor decide what to do return ImageProcessor.getUploadInfos( serverSessionId, imageDescription, crcSums ); } public static DownloadInfos getImage( String uuid, String serverSessionId, List requestedBlocks ) throws AuthorizationException, ImageDataException { // first check session of server if ( ServerSessionManager.getSession( serverSessionId ) == null ) { throw new AuthorizationException( AuthorizationError.NOT_AUTHENTICATED, "No valid serverSessionId" ); } if ( !DbImage.exists( uuid ) ) { throw new ImageDataException( ImageDataError.UNKNOWN_IMAGE, "UUID is not known by this server." ); } // then let the image processor decide what to do return ImageProcessor.getDownloadInfos( serverSessionId, uuid, requestedBlocks ); } /** * Start the server authentication of a uni/hs satellite server. * * @param organization the organization that the server belongs to * @return a random string that needs to be encrypted with the private * key of the requesting satellite server * @throws ServerAuthenticationException when organization is invalid/unknown */ public static String startServerAuthentication( String organization ) throws ServerAuthenticationException { if ( organization == null || organization.isEmpty() ) { throw new ServerAuthenticationException( ServerAuthenticationError.INVALID_ORGANIZATION, "Empty organization" ); } if ( DbSatellite.fromOrganization( organization ) == null ) { throw new ServerAuthenticationException( ServerAuthenticationError.INVALID_ORGANIZATION, "Unknown organization" ); } return ServerAuthenticator.startServerAuthentication( organization ); } /** * Authenticate the uni/hs satellite server with the encrypted string. * * @param organization the organization that the server belongs to * @param challengeResponse the encrypted string * @return session data iff the authentication was successful * @throws AuthenticationException * @throws TException */ public static ServerSessionData serverAuthenticate( String organization, ByteBuffer challengeResponse ) throws ServerAuthenticationException, TException { if ( organization == null || challengeResponse == null ) { throw new ServerAuthenticationException( ServerAuthenticationError.INVALID_ORGANIZATION, "Empty organization or challengeResponse" ); } DbSatellite satellite = DbSatellite.fromOrganization( organization ); if ( satellite == null ) { throw new ServerAuthenticationException( ServerAuthenticationError.INVALID_ORGANIZATION, "Unknown organization" ); } final ServerUser serverUser = ServerAuthenticator.serverAuthenticate( organization, satellite.getAddress(), challengeResponse ); final ServerSession session = new ServerSession( serverUser ); return ServerSessionManager.addSession( session ); } public static boolean isServerAuthenticated( String serverSessionId ) { return ( ServerSessionManager.getSession( serverSessionId ) != null ); } }