Improve query signer and its api

author: Magdalena Grodzińska <mag.grodzinska@gmail.com> 2020-01-12 22:58:08 +0100
committer: Magdalena Grodzińska <mag.grodzinska@gmail.com> 2020-01-12 22:58:08 +0100
commit: c48ec1604744ab330d18af1f55256c35dc5c34c6 (patch)
tree: bd847d0a328e30d545cd4d2ea64a0a07020424b4
parent: 36cf47fd63352c67a5fdeea7a922c16f0856e9aa (diff)
4 files changed, 78 insertions, 38 deletions
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/client/ClientController.java b/src/main/java/pl/edu/mimuw/cloudatlas/client/ClientController.java
index 14f531e..56b478c 100644
--- a/src/main/java/pl/edu/mimuw/cloudatlas/client/ClientController.java
+++ b/src/main/java/pl/edu/mimuw/cloudatlas/client/ClientController.java
@@ -35,7 +35,6 @@ import java.util.*;
 public class ClientController {
     private Api agentApi;
     private QuerySignerApi querySignerApi;
-    private Map<String, byte[]> querySignatures;
     private Map<ValueTime, AttributesMap> attributes;
     private String currentZoneName;
     private static final int MAX_ENTRIES = 10;
@@ -60,7 +59,6 @@ public class ClientController {
             }
         };
         this.currentZoneName = System.getProperty("zone_path");
-        this.querySignatures = new HashMap<>();
         fetchAttributeData(); // fetch attribute data as early as possible
     }
 
@@ -81,9 +79,8 @@ public class ClientController {
         boolean success = true;
 
         try {
-            byte[] querySignature = this.querySignerApi.signQuery(queryObject.getName(), queryObject.getValue());
-            querySignatures.put(queryObject.getName(), querySignature);
-            this.agentApi.installQuery(queryObject.getName(), queryObject.getValue(), querySignature);
+            ValueQuery query = this.querySignerApi.signInstallQuery(queryObject.getName(), queryObject.getValue());
+            this.agentApi.installQuery(queryObject.getName(), query);
         } catch (Exception e) {
             success = false;
             System.err.println("Client exception:");
@@ -108,7 +105,8 @@ public class ClientController {
         boolean success = true;
 
         try {
-            this.agentApi.uninstallQuery(queryObject.getName(), querySignatures.get(queryObject.getName()));
+            ValueQuery query = querySignerApi.signUninstallQuery(queryObject.getName());
+            this.agentApi.uninstallQuery(queryObject.getName(), query);
         } catch (Exception e) {
             success = false;
             System.err.println("Client exception:");
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java
index 69a25d7..90a86b7 100644
--- a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java
+++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java
@@ -1,7 +1,5 @@
 package pl.edu.mimuw.cloudatlas.querysigner;
 
-import pl.edu.mimuw.cloudatlas.agent.EventBus;
-import pl.edu.mimuw.cloudatlas.api.Api;
 import pl.edu.mimuw.cloudatlas.querysignerapi.QuerySignerApi;
 
 import java.rmi.registry.LocateRegistry;
@@ -9,10 +7,18 @@ import java.rmi.registry.Registry;
 import java.rmi.server.UnicastRemoteObject;
 
 public class QuerySigner {
+    public static class InvalidQueryException extends Exception {
+        InvalidQueryException() {
+            super("Query invalid");
+        }
+    }
 
     public static void runRegistry() {
         try {
-            QuerySignerApiImplementation api = new QuerySignerApiImplementation();
+            // TODO reading from files
+            String publicKey = System.getProperty("public_key");
+            String privateKey = System.getProperty("private_key");
+            QuerySignerApiImplementation api = new QuerySignerApiImplementation(publicKey.getBytes(), privateKey.getBytes());
             QuerySignerApi apiStub =
                     (QuerySignerApi) UnicastRemoteObject.exportObject(api, 0);
             Registry registry = LocateRegistry.getRegistry();
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java
index 38a86c6..d1c0e7c 100644
--- a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java
+++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java
@@ -1,5 +1,6 @@
 package pl.edu.mimuw.cloudatlas.querysigner;
 
+import pl.edu.mimuw.cloudatlas.ByteSerializer;
 import pl.edu.mimuw.cloudatlas.model.ValueQuery;
 import pl.edu.mimuw.cloudatlas.querysignerapi.QuerySignerApi;
 
@@ -9,27 +10,27 @@ import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import java.rmi.RemoteException;
 import java.security.*;
+import java.security.interfaces.RSAPrivateCrtKey;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
 public class QuerySignerApiImplementation implements QuerySignerApi {
+    private final static String ENCRYPTION_ALGORITHM = "RSA";
+    private final static String DIGEST_ALGORITHM = "SHA-256";
     private PublicKey publicKey;
     private PrivateKey privateKey;
-    private final static String ENCRYPTION_ALGORITHM = "RSA";
-    private final static int NUM_KEY_BITS = 1024;
     private Map<String, ValueQuery> queries;
     private Set<String> attribsSetByQueries;
+    private ByteSerializer byteSerializer;
 
-    QuerySignerApiImplementation() {
+    QuerySignerApiImplementation(byte[] serializedPublicKey, byte[] serializedPrivateKey) {
+        this.byteSerializer = new ByteSerializer();
+        this.publicKey = (PublicKey) byteSerializer.deserialize(serializedPublicKey, PublicKey.class);
+        this.privateKey = (PrivateKey) byteSerializer.deserialize(serializedPrivateKey, PrivateKey.class);
         this.queries = new HashMap<>();
         this.attribsSetByQueries = new HashSet<>();
-        try {
-            generateKeys();
-        } catch (NoSuchAlgorithmException e) {
-            e.printStackTrace();
-        }
     }
 
     private String byteArrayToString(byte[] arr, int offset, int len) {
@@ -44,19 +45,10 @@ public class QuerySignerApiImplementation implements QuerySignerApi {
         return sb.toString();
     }
 
-    private void generateKeys() throws NoSuchAlgorithmException {
-        KeyPairGenerator keyGenerator =
-                KeyPairGenerator.getInstance(ENCRYPTION_ALGORITHM);
-        keyGenerator.initialize(NUM_KEY_BITS);
-        KeyPair keyPair = keyGenerator.generateKeyPair();
-        this.privateKey = keyPair.getPrivate();
-        this.publicKey = keyPair.getPublic();
-    }
-
-    private byte[] encryptQuery(String query) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
+    private byte[] encryptQuery(byte[] query) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
         Cipher signCipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
         signCipher.init(Cipher.ENCRYPT_MODE, privateKey);
-        byte[] encryptedBytes = signCipher.doFinal(query.getBytes());
+        byte[] encryptedBytes = signCipher.doFinal(query);
         System.out.println(
                 "Bytes encrypted with " + ENCRYPTION_ALGORITHM +
                         ": " + byteArrayToString(
@@ -64,7 +56,7 @@ public class QuerySignerApiImplementation implements QuerySignerApi {
         return encryptedBytes;
     }
 
-    private String decryptQuery(byte[] encryptedQuery) throws NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException {
+    private byte[] decryptQuery(byte[] encryptedQuery) throws NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException {
         Cipher verifyCipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
         verifyCipher.init(Cipher.DECRYPT_MODE, publicKey);
         byte[] decryptedBytes = verifyCipher.doFinal(encryptedQuery);
@@ -72,29 +64,67 @@ public class QuerySignerApiImplementation implements QuerySignerApi {
                 "Bytes decrypted with " + ENCRYPTION_ALGORITHM +
                         ": " + byteArrayToString(
                         decryptedBytes, 0, decryptedBytes.length));
-        return new String(decryptedBytes);
+        return decryptedBytes;
+    }
+
+    private byte[] cryptographicHash(byte[] serializedQuery) throws NoSuchAlgorithmException {
+        MessageDigest digestGenerator =
+                MessageDigest.getInstance(DIGEST_ALGORITHM);
+        byte[] digest = digestGenerator.digest(serializedQuery);
+        System.out.println(
+                DIGEST_ALGORITHM + " digest: " +
+                        byteArrayToString(
+                                digest, 0, digest.length));
+        return digest;
+    }
+
+    // TODO
+    private byte[] serializeQuery(String queryName, String queryCode) {
+        return byteSerializer.serialize(queryName + queryCode);
     }
 
     @Override
-    public byte[] signQuery(String queryName, String queryCode) throws RemoteException {
+    public ValueQuery signInstallQuery(String queryName, String queryCode) throws RemoteException {
+        QueryUtils.validateQueryName(queryName);
         try {
-            return encryptQuery(queryName + queryCode);
-        } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
+            byte[] serializedQuery = serializeQuery(queryName, queryCode);
+            byte[] hashedQuery = cryptographicHash(serializedQuery);
+            byte[] querySignature = encryptQuery(hashedQuery);
+            return new ValueQuery(queryCode, querySignature);
+        } catch (Exception e) {
             e.printStackTrace();
             throw new RemoteException(e.getLocalizedMessage());
         }
     }
 
     @Override
-    public String checkQuery(byte[] encryptedQuery, String queryName, String queryCode) throws RemoteException {
+    public void validateInstallQuery(String queryName, ValueQuery query) throws RemoteException {
+        QueryUtils.validateQueryName(queryName);
         try {
-            return decryptQuery(encryptedQuery);
-        } catch (NoSuchPaddingException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | InvalidKeyException e) {
+            byte[] decryptedQuery = decryptQuery(query.getSignature());
+            byte[] serializedQuery = serializeQuery(queryName, query.getCode());
+            byte[] hashedSerializedQuery = cryptographicHash(serializedQuery);
+            if (hashedSerializedQuery != decryptedQuery) {
+                throw new QuerySigner.InvalidQueryException();
+            }
+        } catch (NoSuchPaddingException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | InvalidKeyException | QuerySigner.InvalidQueryException e) {
             e.printStackTrace();
             throw new RemoteException(e.getLocalizedMessage());
         }
     }
 
+    // TODO
+    @Override
+    public ValueQuery signUninstallQuery(String queryName) throws RemoteException {
+        return null;
+    }
+
+    // TODO
+    @Override
+    public void validateUninstallQuery(String queryName, ValueQuery query) throws RemoteException {
+
+    }
+
     @Override
     public PublicKey getPublicKey() throws RemoteException {
         return publicKey;
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysignerapi/QuerySignerApi.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysignerapi/QuerySignerApi.java
index 3c77c0a..fa46da3 100644
--- a/src/main/java/pl/edu/mimuw/cloudatlas/querysignerapi/QuerySignerApi.java
+++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysignerapi/QuerySignerApi.java
@@ -1,13 +1,19 @@
 package pl.edu.mimuw.cloudatlas.querysignerapi;
 
+import pl.edu.mimuw.cloudatlas.model.ValueQuery;
+
 import java.rmi.Remote;
 import java.rmi.RemoteException;
 import java.security.PublicKey;
 
 public interface QuerySignerApi extends Remote {
-    public byte[] signQuery(String queryName, String queryCode) throws RemoteException;
+    public ValueQuery signInstallQuery(String queryName, String queryCode) throws RemoteException;
+
+    public ValueQuery signUninstallQuery(String queryName) throws RemoteException;
+
+    public void validateInstallQuery(String queryName, ValueQuery query) throws RemoteException;
 
-    public String checkQuery(byte[] encryptedQuery, String queryName, String queryCode) throws RemoteException;
+    public void validateUninstallQuery(String queryName, ValueQuery query) throws RemoteException;
 
     public PublicKey getPublicKey() throws RemoteException;
author	Magdalena Grodzińska <mag.grodzinska@gmail.com>	2020-01-12 22:58:08 +0100
committer	Magdalena Grodzińska <mag.grodzinska@gmail.com>	2020-01-12 22:58:08 +0100
commit	c48ec1604744ab330d18af1f55256c35dc5c34c6 (patch)
tree	bd847d0a328e30d545cd4d2ea64a0a07020424b4
parent	36cf47fd63352c67a5fdeea7a922c16f0856e9aa (diff)