src/main/java/org/openslx/imagemaster/serversession/ServerAuthenticator.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

package org.openslx.imagemaster.serversession;

import java.nio.ByteBuffer;
import java.util.HashMap;

import org.apache.log4j.Logger;
import org.apache.thrift.TException;
import org.openslx.imagemaster.thrift.iface.AuthenticationException;
import org.openslx.imagemaster.util.AsymMessageSign;
import org.openslx.imagemaster.util.RandomString;

public class ServerAuthenticator
{

	private static Logger log = Logger.getLogger( ServerAuthenticator.class );
	// map of currently authenticating servers
	private static HashMap<String, String> authenticatingServers = new HashMap<String, String>();
	private static AsymMessageSign messageSign = null;

	/**
	 * Initialize the message signer/verifier
	 */
	static {
		try {
			messageSign = new AsymMessageSign( "./config/servers.jks", "password" );
			log.info( "Loaded keystore" );
		} catch ( Exception e ) {
			log.error( "Error loading the keystore", e );
			System.exit( 1 );
		}
	}

	/**
	 * Start the server authentification.
	 * 
	 * @param organization
	 *           the organization of the server
	 * @return encrypted random string
	 */
	public static String startServerAuthentication( String organization )
	{
		String secret = RandomString.generate( 100, false );
		synchronized ( authenticatingServers ) {
			authenticatingServers.put( organization, secret );
			log.info( "Server of organinzation '" + organization
					+ "' starts to authenticate. And got string: '" + secret
					+ "'" );
		}
		return secret;
	}

	/**
	 * Authenticate with the challengeResponse.
	 * 
	 * @param organization
	 * @param address
	 * @param challengeResponse
	 * @return
	 * @throws AuthenticationException
	 * @throws TException
	 */
	public static ServerUser serverAuthenticate( String organization,
			String address, ByteBuffer challengeResponse )
			throws AuthenticationException, TException
	{
		byte[] bytes = challengeResponse.array();

		boolean result = false;

		try {
			result = messageSign.verifyMessage( bytes, authenticatingServers.get( organization ).getBytes() , "uni-freiburg.de" );
		} catch ( Exception e ) {
			log.error( "Error while verifying message", e );
		}

		if ( !result ) {
			throw new AuthenticationException();
		}

		log.info( "Server of organinzation '" + organization + " authenticated." );

		authenticatingServers.remove( organization );

		return new ServerUser( organization, address );
	}
}