blob: a7c7fde16830a219b5dbf13fe70eef11d6c54860 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
package org.openslx.imagemaster.serversession;
import java.nio.ByteBuffer;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.log4j.Logger;
import org.apache.thrift.TException;
import org.openslx.bwlp.thrift.iface.AuthorizationError;
import org.openslx.bwlp.thrift.iface.TAuthorizationException;
import org.openslx.encryption.AsymEncryptionHandler;
import org.openslx.imagemaster.db.models.LocalSatellite;
import org.openslx.imagemaster.util.RandomString;
/**
* Authenticating a server with message signing.
*/
public class ServerAuthenticator
{
private static Logger log = Logger.getLogger( ServerAuthenticator.class );
/**
* Servers currently doing authentication. Maps from organization to the challenge we sent.
*/
private static Map<Integer, byte[]> authenticatingServers = new ConcurrentHashMap<>();
/**
* Start the server authentification.
*
* @param satelliteId
* the organization of the server
* @return encrypted random string
*/
public static ByteBuffer startServerAuthentication( int satelliteId )
{
byte[] secret = RandomString.generateBinary( 100 );
authenticatingServers.put( satelliteId, secret );
log.info( "Server of organinzation '" + satelliteId
+ "' starts to authenticate. And got string: '" + secret.length
+ "'" );
return ByteBuffer.wrap( secret );
}
/**
* Authenticate with the challengeResponse.
*
* @param organizationId Is already verified.
* @param address
* @param challengeResponse
* @throws ServerAuthenticationException
* @throws TException
*/
public static void serverAuthenticate( LocalSatellite satellite, ByteBuffer challengeResponse )
throws TAuthorizationException
{
byte[] encryptedBytes = new byte[ challengeResponse.remaining() ];
challengeResponse.get( encryptedBytes );
AsymEncryptionHandler verifier = new AsymEncryptionHandler( satellite.getPubkey() );
if ( !verifier.verifyMessage( encryptedBytes, authenticatingServers.get( satellite.satelliteId ) ) ) {
throw new TAuthorizationException( AuthorizationError.CHALLENGE_FAILED,
"You failed the encryption challenge. private and public key don't seem to match." );
}
log.info( "Server '" + satellite.satelliteName + "' (" + satellite.organizationId + ") authenticated." );
authenticatingServers.remove( satellite.organizationId );
}
}
|
