1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
package org.openslx.imagemaster.serversession;
import java.nio.ByteBuffer;
import java.util.HashMap;
import org.apache.log4j.Logger;
import org.apache.thrift.TException;
import org.openslx.imagemaster.thrift.iface.AuthenticationException;
import org.openslx.imagemaster.thrift.iface.ServerAuthenticationError;
import org.openslx.imagemaster.thrift.iface.ServerAuthenticationException;
import org.openslx.imagemaster.util.AsymMessageVerifier;
import org.openslx.imagemaster.util.RandomString;
public class ServerAuthenticator
{
private static Logger log = Logger.getLogger( ServerAuthenticator.class );
// map of currently authenticating servers
private static HashMap<String, String> authenticatingServers = new HashMap<String, String>();
/**
* Start the server authentification.
*
* @param organization
* the organization of the server
* @return encrypted random string
*/
public static String startServerAuthentication( String organization )
{
String secret = RandomString.generate( 100, false );
synchronized ( authenticatingServers ) {
authenticatingServers.put( organization, secret );
log.info( "Server of organinzation '" + organization
+ "' starts to authenticate. And got string: '" + secret
+ "'" );
}
return secret;
}
/**
* Authenticate with the challengeResponse.
*
* @param organization Is already verified.
* @param address
* @param challengeResponse
* @return
* @throws AuthenticationException
* @throws TException
*/
public static ServerUser serverAuthenticate( String organization,
String address, ByteBuffer challengeResponse )
throws AuthenticationException, TException
{
byte[] bytes = challengeResponse.array();
boolean result = false;
AsymMessageVerifier verifier = null;
try {
verifier = new AsymMessageVerifier( organization );
} catch ( Exception e ) {
throw new ServerAuthenticationException(ServerAuthenticationError.INVALID_ORGANIZATION, "Organization not found.");
}
try {
result = verifier.verifyMessage( bytes, authenticatingServers.get( organization ).getBytes() , "uni-freiburg.de" );
} catch ( Exception e ) {
log.error( "Error while verifying message", e );
throw new ServerAuthenticationException(ServerAuthenticationError.GENERIC_ERROR, "Could not verfiy key.");
}
if ( !result ) {
/*
* TODO: new error for invalid key
*/
throw new ServerAuthenticationException(ServerAuthenticationError.GENERIC_ERROR, "Could not verfiy key.");
}
log.info( "Server of organinzation '" + organization + " authenticated." );
authenticatingServers.remove( organization );
return new ServerUser( organization, address );
}
}
|