diff options
Diffstat (limited to 'src/main/java/pl/edu/mimuw/cloudatlas/querysigner')
3 files changed, 194 insertions, 0 deletions
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java new file mode 100644 index 0000000..90a86b7 --- /dev/null +++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java @@ -0,0 +1,36 @@ +package pl.edu.mimuw.cloudatlas.querysigner; + +import pl.edu.mimuw.cloudatlas.querysignerapi.QuerySignerApi; + +import java.rmi.registry.LocateRegistry; +import java.rmi.registry.Registry; +import java.rmi.server.UnicastRemoteObject; + +public class QuerySigner { + public static class InvalidQueryException extends Exception { + InvalidQueryException() { + super("Query invalid"); + } + } + + public static void runRegistry() { + try { + // TODO reading from files + String publicKey = System.getProperty("public_key"); + String privateKey = System.getProperty("private_key"); + QuerySignerApiImplementation api = new QuerySignerApiImplementation(publicKey.getBytes(), privateKey.getBytes()); + QuerySignerApi apiStub = + (QuerySignerApi) UnicastRemoteObject.exportObject(api, 0); + Registry registry = LocateRegistry.getRegistry(); + registry.rebind("QuerySignerApi", apiStub); + System.out.println("QuerySigner: api bound"); + } catch (Exception e) { + System.err.println("QuerySigner registry initialization exception:"); + e.printStackTrace(); + } + } + + public static void main(String[] args) { + runRegistry(); + } +} diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java new file mode 100644 index 0000000..d1c0e7c --- /dev/null +++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java @@ -0,0 +1,142 @@ +package pl.edu.mimuw.cloudatlas.querysigner; + +import pl.edu.mimuw.cloudatlas.ByteSerializer; +import pl.edu.mimuw.cloudatlas.model.ValueQuery; +import pl.edu.mimuw.cloudatlas.querysignerapi.QuerySignerApi; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import java.rmi.RemoteException; +import java.security.*; +import java.security.interfaces.RSAPrivateCrtKey; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +public class QuerySignerApiImplementation implements QuerySignerApi { + private final static String ENCRYPTION_ALGORITHM = "RSA"; + private final static String DIGEST_ALGORITHM = "SHA-256"; + private PublicKey publicKey; + private PrivateKey privateKey; + private Map<String, ValueQuery> queries; + private Set<String> attribsSetByQueries; + private ByteSerializer byteSerializer; + + QuerySignerApiImplementation(byte[] serializedPublicKey, byte[] serializedPrivateKey) { + this.byteSerializer = new ByteSerializer(); + this.publicKey = (PublicKey) byteSerializer.deserialize(serializedPublicKey, PublicKey.class); + this.privateKey = (PrivateKey) byteSerializer.deserialize(serializedPrivateKey, PrivateKey.class); + this.queries = new HashMap<>(); + this.attribsSetByQueries = new HashSet<>(); + } + + private String byteArrayToString(byte[] arr, int offset, int len) { + StringBuffer sb = new StringBuffer(); + for (int i = offset, n = Math.min(arr.length, offset + len); i < n; ++i) { + String hex = Integer.toHexString(0xFF & arr[i]); + if (hex.length() < 2) { + sb.append('0'); + } + sb.append(hex); + } + return sb.toString(); + } + + private byte[] encryptQuery(byte[] query) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { + Cipher signCipher = Cipher.getInstance(ENCRYPTION_ALGORITHM); + signCipher.init(Cipher.ENCRYPT_MODE, privateKey); + byte[] encryptedBytes = signCipher.doFinal(query); + System.out.println( + "Bytes encrypted with " + ENCRYPTION_ALGORITHM + + ": " + byteArrayToString( + encryptedBytes, 0, encryptedBytes.length)); + return encryptedBytes; + } + + private byte[] decryptQuery(byte[] encryptedQuery) throws NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException { + Cipher verifyCipher = Cipher.getInstance(ENCRYPTION_ALGORITHM); + verifyCipher.init(Cipher.DECRYPT_MODE, publicKey); + byte[] decryptedBytes = verifyCipher.doFinal(encryptedQuery); + System.out.println( + "Bytes decrypted with " + ENCRYPTION_ALGORITHM + + ": " + byteArrayToString( + decryptedBytes, 0, decryptedBytes.length)); + return decryptedBytes; + } + + private byte[] cryptographicHash(byte[] serializedQuery) throws NoSuchAlgorithmException { + MessageDigest digestGenerator = + MessageDigest.getInstance(DIGEST_ALGORITHM); + byte[] digest = digestGenerator.digest(serializedQuery); + System.out.println( + DIGEST_ALGORITHM + " digest: " + + byteArrayToString( + digest, 0, digest.length)); + return digest; + } + + // TODO + private byte[] serializeQuery(String queryName, String queryCode) { + return byteSerializer.serialize(queryName + queryCode); + } + + @Override + public ValueQuery signInstallQuery(String queryName, String queryCode) throws RemoteException { + QueryUtils.validateQueryName(queryName); + try { + byte[] serializedQuery = serializeQuery(queryName, queryCode); + byte[] hashedQuery = cryptographicHash(serializedQuery); + byte[] querySignature = encryptQuery(hashedQuery); + return new ValueQuery(queryCode, querySignature); + } catch (Exception e) { + e.printStackTrace(); + throw new RemoteException(e.getLocalizedMessage()); + } + } + + @Override + public void validateInstallQuery(String queryName, ValueQuery query) throws RemoteException { + QueryUtils.validateQueryName(queryName); + try { + byte[] decryptedQuery = decryptQuery(query.getSignature()); + byte[] serializedQuery = serializeQuery(queryName, query.getCode()); + byte[] hashedSerializedQuery = cryptographicHash(serializedQuery); + if (hashedSerializedQuery != decryptedQuery) { + throw new QuerySigner.InvalidQueryException(); + } + } catch (NoSuchPaddingException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | InvalidKeyException | QuerySigner.InvalidQueryException e) { + e.printStackTrace(); + throw new RemoteException(e.getLocalizedMessage()); + } + } + + // TODO + @Override + public ValueQuery signUninstallQuery(String queryName) throws RemoteException { + return null; + } + + // TODO + @Override + public void validateUninstallQuery(String queryName, ValueQuery query) throws RemoteException { + + } + + @Override + public PublicKey getPublicKey() throws RemoteException { + return publicKey; + } + + @Override + public void setPublicKey(PublicKey publicKey) throws RemoteException { + this.publicKey = publicKey; + } + + @Override + public byte[] getQuerySignature(String queryName) throws RemoteException { + return queries.get(queryName).getSignature(); + } +} diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryUtils.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryUtils.java new file mode 100644 index 0000000..6ec62f4 --- /dev/null +++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryUtils.java @@ -0,0 +1,16 @@ +package pl.edu.mimuw.cloudatlas.querysigner; + +import java.rmi.RemoteException; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +public class QueryUtils { + + public static void validateQueryName(String queryName) throws RemoteException { + Pattern queryNamePattern = Pattern.compile("&[a-zA-Z][\\w_]*"); + Matcher matcher = queryNamePattern.matcher(queryName); + if (!matcher.matches()) { + throw new RemoteException("Invalid query identifier"); + } + } +} |