m-chrzan.xyz
aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/pl/edu/mimuw/cloudatlas/querysigner
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/pl/edu/mimuw/cloudatlas/querysigner')
-rw-r--r--src/main/java/pl/edu/mimuw/cloudatlas/querysigner/KeyUtils.java35
-rw-r--r--src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryData.java30
-rw-r--r--src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java44
-rw-r--r--src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java128
-rw-r--r--src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryUtils.java16
5 files changed, 253 insertions, 0 deletions
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/KeyUtils.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/KeyUtils.java
new file mode 100644
index 0000000..7a543ba
--- /dev/null
+++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/KeyUtils.java
@@ -0,0 +1,35 @@
+package pl.edu.mimuw.cloudatlas.querysigner;
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.*;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+
+public class KeyUtils {
+ private final static String ENCRYPTION_ALGORITHM = "RSA";
+
+ public static PublicKey getPublicKey(String filename){
+ try {
+ byte[] byteKey = Files.readAllBytes(Paths.get(filename));
+ X509EncodedKeySpec X509publicKey = new X509EncodedKeySpec(byteKey);
+ KeyFactory kf = KeyFactory.getInstance(ENCRYPTION_ALGORITHM);
+ return kf.generatePublic(X509publicKey);
+ } catch(Exception e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ public static PrivateKey getPrivateKey(String filename){
+ try {
+ byte[] byteKey = Files.readAllBytes(Paths.get(filename));
+ PKCS8EncodedKeySpec PKCS8privateKey = new PKCS8EncodedKeySpec(byteKey);
+ KeyFactory kf = KeyFactory.getInstance(ENCRYPTION_ALGORITHM);
+ return kf.generatePrivate(PKCS8privateKey);
+ } catch(Exception e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+}
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryData.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryData.java
new file mode 100644
index 0000000..7801a28
--- /dev/null
+++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryData.java
@@ -0,0 +1,30 @@
+package pl.edu.mimuw.cloudatlas.querysigner;
+
+import java.io.Serializable;
+
+public class QueryData implements Serializable {
+ // Original source code
+ private String code;
+ // Query signature
+ private byte[] signature;
+ // Query signing timestamp
+ private long timestamp;
+
+ public QueryData(String code, byte[] signature) {
+ this.code = code;
+ this.signature = signature;
+ this.timestamp = System.currentTimeMillis();;
+ }
+
+ public String getCode() {
+ return code;
+ }
+
+ public byte[] getSignature() {
+ return signature;
+ }
+
+ public long getTimestamp() {
+ return timestamp;
+ }
+}
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java
new file mode 100644
index 0000000..735601d
--- /dev/null
+++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java
@@ -0,0 +1,44 @@
+package pl.edu.mimuw.cloudatlas.querysigner;
+
+import pl.edu.mimuw.cloudatlas.querysignerapi.QuerySignerApi;
+
+import java.io.IOException;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+import java.rmi.server.UnicastRemoteObject;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+public class QuerySigner {
+ public static class InvalidQueryException extends Exception {
+ InvalidQueryException() {
+ super("Query invalid");
+ }
+ }
+
+ private static QuerySignerApiImplementation initApi() throws IOException {
+ String publicKeyFile = System.getProperty("public_key_file");
+ String privateKeyFile = System.getProperty("private_key_file");
+ PublicKey publicKey = KeyUtils.getPublicKey(publicKeyFile);
+ PrivateKey privateKey = KeyUtils.getPrivateKey(privateKeyFile);
+ return new QuerySignerApiImplementation(publicKey, privateKey);
+ }
+
+ public static void runRegistry() {
+ try {
+ QuerySignerApiImplementation api = initApi();
+ QuerySignerApi apiStub =
+ (QuerySignerApi) UnicastRemoteObject.exportObject(api, 0);
+ Registry registry = LocateRegistry.getRegistry();
+ registry.rebind("QuerySignerApi", apiStub);
+ System.out.println("QuerySigner: api bound");
+ } catch (Exception e) {
+ System.err.println("QuerySigner registry initialization exception:");
+ e.printStackTrace();
+ }
+ }
+
+ public static void main(String[] args) {
+ runRegistry();
+ }
+}
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java
new file mode 100644
index 0000000..32bc634
--- /dev/null
+++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java
@@ -0,0 +1,128 @@
+package pl.edu.mimuw.cloudatlas.querysigner;
+
+import pl.edu.mimuw.cloudatlas.ByteSerializer;
+import pl.edu.mimuw.cloudatlas.model.ValueQuery;
+import pl.edu.mimuw.cloudatlas.querysignerapi.QuerySignerApi;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import java.rmi.RemoteException;
+import java.security.*;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+public class QuerySignerApiImplementation implements QuerySignerApi {
+ private final static String ENCRYPTION_ALGORITHM = "RSA";
+ private final static String DIGEST_ALGORITHM = "SHA-256";
+ private PublicKey publicKey;
+ private PrivateKey privateKey;
+ private Map<String, ValueQuery> queries;
+ private Set<String> attribsSetByQueries;
+ private ByteSerializer byteSerializer;
+
+ QuerySignerApiImplementation(PublicKey publicKey, PrivateKey privateKey) {// (byte[] serializedPublicKey, byte[] serializedPrivateKey) {
+ this.byteSerializer = new ByteSerializer();
+// this.publicKey = (PublicKey) byteSerializer.deserialize(serializedPublicKey, PublicKey.class);
+// this.privateKey = (PrivateKey) byteSerializer.deserialize(serializedPrivateKey, PrivateKey.class);
+ this.publicKey = publicKey;
+ this.privateKey = privateKey;
+ this.queries = new HashMap<>();
+ this.attribsSetByQueries = new HashSet<>();
+ }
+
+ private String byteArrayToString(byte[] arr, int offset, int len) {
+ StringBuffer sb = new StringBuffer();
+ for (int i = offset, n = Math.min(arr.length, offset + len); i < n; ++i) {
+ String hex = Integer.toHexString(0xFF & arr[i]);
+ if (hex.length() < 2) {
+ sb.append('0');
+ }
+ sb.append(hex);
+ }
+ return sb.toString();
+ }
+
+ private byte[] encryptQuery(byte[] query) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
+ Cipher signCipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
+ signCipher.init(Cipher.ENCRYPT_MODE, privateKey);
+ byte[] encryptedBytes = signCipher.doFinal(query);
+ System.out.println(
+ "Bytes encrypted with " + ENCRYPTION_ALGORITHM +
+ ": " + byteArrayToString(
+ encryptedBytes, 0, encryptedBytes.length));
+ return encryptedBytes;
+ }
+
+ private byte[] decryptQuery(byte[] encryptedQuery) throws NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException {
+ Cipher verifyCipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
+ verifyCipher.init(Cipher.DECRYPT_MODE, publicKey);
+ byte[] decryptedBytes = verifyCipher.doFinal(encryptedQuery);
+ System.out.println(
+ "Bytes decrypted with " + ENCRYPTION_ALGORITHM +
+ ": " + byteArrayToString(
+ decryptedBytes, 0, decryptedBytes.length));
+ return decryptedBytes;
+ }
+
+ private byte[] cryptographicHash(byte[] serializedQuery) throws NoSuchAlgorithmException {
+ MessageDigest digestGenerator =
+ MessageDigest.getInstance(DIGEST_ALGORITHM);
+ byte[] digest = digestGenerator.digest(serializedQuery);
+ System.out.println(
+ DIGEST_ALGORITHM + " digest: " +
+ byteArrayToString(
+ digest, 0, digest.length));
+ return digest;
+ }
+
+ // TODO
+ private byte[] serializeQuery(String queryName, String queryCode) {
+ return byteSerializer.serialize(queryName + queryCode);
+ }
+
+ @Override
+ public QueryData signInstallQuery(String queryName, String queryCode) throws RemoteException {
+ QueryUtils.validateQueryName(queryName);
+ try {
+ byte[] serializedQuery = serializeQuery(queryName, queryCode);
+ byte[] hashedQuery = cryptographicHash(serializedQuery);
+ byte[] querySignature = encryptQuery(hashedQuery);
+ return new QueryData(queryCode, querySignature);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RemoteException(e.getLocalizedMessage());
+ }
+ }
+
+ @Override
+ public void validateInstallQuery(String queryName, QueryData query) throws RemoteException {
+ QueryUtils.validateQueryName(queryName);
+ try {
+ byte[] decryptedQuery = decryptQuery(query.getSignature());
+ byte[] serializedQuery = serializeQuery(queryName, query.getCode());
+ byte[] hashedSerializedQuery = cryptographicHash(serializedQuery);
+ if (hashedSerializedQuery != decryptedQuery) {
+ throw new QuerySigner.InvalidQueryException();
+ }
+ } catch (NoSuchPaddingException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | InvalidKeyException | QuerySigner.InvalidQueryException e) {
+ e.printStackTrace();
+ throw new RemoteException(e.getLocalizedMessage());
+ }
+ }
+
+ // TODO
+ @Override
+ public QueryData signUninstallQuery(String queryName) throws RemoteException {
+ return null;
+ }
+
+ // TODO
+ @Override
+ public void validateUninstallQuery(String queryName, QueryData query) throws RemoteException {
+
+ }
+}
diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryUtils.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryUtils.java
new file mode 100644
index 0000000..6ec62f4
--- /dev/null
+++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QueryUtils.java
@@ -0,0 +1,16 @@
+package pl.edu.mimuw.cloudatlas.querysigner;
+
+import java.rmi.RemoteException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class QueryUtils {
+
+ public static void validateQueryName(String queryName) throws RemoteException {
+ Pattern queryNamePattern = Pattern.compile("&[a-zA-Z][\\w_]*");
+ Matcher matcher = queryNamePattern.matcher(queryName);
+ if (!matcher.matches()) {
+ throw new RemoteException("Invalid query identifier");
+ }
+ }
+}