From c48ec1604744ab330d18af1f55256c35dc5c34c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Magdalena=20Grodzi=C5=84ska?= Date: Sun, 12 Jan 2020 22:58:08 +0100 Subject: Improve query signer and its api --- .../mimuw/cloudatlas/client/ClientController.java | 10 ++- .../mimuw/cloudatlas/querysigner/QuerySigner.java | 12 +++- .../querysigner/QuerySignerApiImplementation.java | 84 +++++++++++++++------- .../cloudatlas/querysignerapi/QuerySignerApi.java | 10 ++- 4 files changed, 78 insertions(+), 38 deletions(-) (limited to 'src/main/java/pl') diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/client/ClientController.java b/src/main/java/pl/edu/mimuw/cloudatlas/client/ClientController.java index 14f531e..56b478c 100644 --- a/src/main/java/pl/edu/mimuw/cloudatlas/client/ClientController.java +++ b/src/main/java/pl/edu/mimuw/cloudatlas/client/ClientController.java @@ -35,7 +35,6 @@ import java.util.*; public class ClientController { private Api agentApi; private QuerySignerApi querySignerApi; - private Map querySignatures; private Map attributes; private String currentZoneName; private static final int MAX_ENTRIES = 10; @@ -60,7 +59,6 @@ public class ClientController { } }; this.currentZoneName = System.getProperty("zone_path"); - this.querySignatures = new HashMap<>(); fetchAttributeData(); // fetch attribute data as early as possible } @@ -81,9 +79,8 @@ public class ClientController { boolean success = true; try { - byte[] querySignature = this.querySignerApi.signQuery(queryObject.getName(), queryObject.getValue()); - querySignatures.put(queryObject.getName(), querySignature); - this.agentApi.installQuery(queryObject.getName(), queryObject.getValue(), querySignature); + ValueQuery query = this.querySignerApi.signInstallQuery(queryObject.getName(), queryObject.getValue()); + this.agentApi.installQuery(queryObject.getName(), query); } catch (Exception e) { success = false; System.err.println("Client exception:"); @@ -108,7 +105,8 @@ public class ClientController { boolean success = true; try { - this.agentApi.uninstallQuery(queryObject.getName(), querySignatures.get(queryObject.getName())); + ValueQuery query = querySignerApi.signUninstallQuery(queryObject.getName()); + this.agentApi.uninstallQuery(queryObject.getName(), query); } catch (Exception e) { success = false; System.err.println("Client exception:"); diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java index 69a25d7..90a86b7 100644 --- a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java +++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySigner.java @@ -1,7 +1,5 @@ package pl.edu.mimuw.cloudatlas.querysigner; -import pl.edu.mimuw.cloudatlas.agent.EventBus; -import pl.edu.mimuw.cloudatlas.api.Api; import pl.edu.mimuw.cloudatlas.querysignerapi.QuerySignerApi; import java.rmi.registry.LocateRegistry; @@ -9,10 +7,18 @@ import java.rmi.registry.Registry; import java.rmi.server.UnicastRemoteObject; public class QuerySigner { + public static class InvalidQueryException extends Exception { + InvalidQueryException() { + super("Query invalid"); + } + } public static void runRegistry() { try { - QuerySignerApiImplementation api = new QuerySignerApiImplementation(); + // TODO reading from files + String publicKey = System.getProperty("public_key"); + String privateKey = System.getProperty("private_key"); + QuerySignerApiImplementation api = new QuerySignerApiImplementation(publicKey.getBytes(), privateKey.getBytes()); QuerySignerApi apiStub = (QuerySignerApi) UnicastRemoteObject.exportObject(api, 0); Registry registry = LocateRegistry.getRegistry(); diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java index 38a86c6..d1c0e7c 100644 --- a/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java +++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysigner/QuerySignerApiImplementation.java @@ -1,5 +1,6 @@ package pl.edu.mimuw.cloudatlas.querysigner; +import pl.edu.mimuw.cloudatlas.ByteSerializer; import pl.edu.mimuw.cloudatlas.model.ValueQuery; import pl.edu.mimuw.cloudatlas.querysignerapi.QuerySignerApi; @@ -9,27 +10,27 @@ import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import java.rmi.RemoteException; import java.security.*; +import java.security.interfaces.RSAPrivateCrtKey; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; public class QuerySignerApiImplementation implements QuerySignerApi { + private final static String ENCRYPTION_ALGORITHM = "RSA"; + private final static String DIGEST_ALGORITHM = "SHA-256"; private PublicKey publicKey; private PrivateKey privateKey; - private final static String ENCRYPTION_ALGORITHM = "RSA"; - private final static int NUM_KEY_BITS = 1024; private Map queries; private Set attribsSetByQueries; + private ByteSerializer byteSerializer; - QuerySignerApiImplementation() { + QuerySignerApiImplementation(byte[] serializedPublicKey, byte[] serializedPrivateKey) { + this.byteSerializer = new ByteSerializer(); + this.publicKey = (PublicKey) byteSerializer.deserialize(serializedPublicKey, PublicKey.class); + this.privateKey = (PrivateKey) byteSerializer.deserialize(serializedPrivateKey, PrivateKey.class); this.queries = new HashMap<>(); this.attribsSetByQueries = new HashSet<>(); - try { - generateKeys(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } } private String byteArrayToString(byte[] arr, int offset, int len) { @@ -44,19 +45,10 @@ public class QuerySignerApiImplementation implements QuerySignerApi { return sb.toString(); } - private void generateKeys() throws NoSuchAlgorithmException { - KeyPairGenerator keyGenerator = - KeyPairGenerator.getInstance(ENCRYPTION_ALGORITHM); - keyGenerator.initialize(NUM_KEY_BITS); - KeyPair keyPair = keyGenerator.generateKeyPair(); - this.privateKey = keyPair.getPrivate(); - this.publicKey = keyPair.getPublic(); - } - - private byte[] encryptQuery(String query) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { + private byte[] encryptQuery(byte[] query) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { Cipher signCipher = Cipher.getInstance(ENCRYPTION_ALGORITHM); signCipher.init(Cipher.ENCRYPT_MODE, privateKey); - byte[] encryptedBytes = signCipher.doFinal(query.getBytes()); + byte[] encryptedBytes = signCipher.doFinal(query); System.out.println( "Bytes encrypted with " + ENCRYPTION_ALGORITHM + ": " + byteArrayToString( @@ -64,7 +56,7 @@ public class QuerySignerApiImplementation implements QuerySignerApi { return encryptedBytes; } - private String decryptQuery(byte[] encryptedQuery) throws NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException { + private byte[] decryptQuery(byte[] encryptedQuery) throws NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException { Cipher verifyCipher = Cipher.getInstance(ENCRYPTION_ALGORITHM); verifyCipher.init(Cipher.DECRYPT_MODE, publicKey); byte[] decryptedBytes = verifyCipher.doFinal(encryptedQuery); @@ -72,29 +64,67 @@ public class QuerySignerApiImplementation implements QuerySignerApi { "Bytes decrypted with " + ENCRYPTION_ALGORITHM + ": " + byteArrayToString( decryptedBytes, 0, decryptedBytes.length)); - return new String(decryptedBytes); + return decryptedBytes; + } + + private byte[] cryptographicHash(byte[] serializedQuery) throws NoSuchAlgorithmException { + MessageDigest digestGenerator = + MessageDigest.getInstance(DIGEST_ALGORITHM); + byte[] digest = digestGenerator.digest(serializedQuery); + System.out.println( + DIGEST_ALGORITHM + " digest: " + + byteArrayToString( + digest, 0, digest.length)); + return digest; + } + + // TODO + private byte[] serializeQuery(String queryName, String queryCode) { + return byteSerializer.serialize(queryName + queryCode); } @Override - public byte[] signQuery(String queryName, String queryCode) throws RemoteException { + public ValueQuery signInstallQuery(String queryName, String queryCode) throws RemoteException { + QueryUtils.validateQueryName(queryName); try { - return encryptQuery(queryName + queryCode); - } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) { + byte[] serializedQuery = serializeQuery(queryName, queryCode); + byte[] hashedQuery = cryptographicHash(serializedQuery); + byte[] querySignature = encryptQuery(hashedQuery); + return new ValueQuery(queryCode, querySignature); + } catch (Exception e) { e.printStackTrace(); throw new RemoteException(e.getLocalizedMessage()); } } @Override - public String checkQuery(byte[] encryptedQuery, String queryName, String queryCode) throws RemoteException { + public void validateInstallQuery(String queryName, ValueQuery query) throws RemoteException { + QueryUtils.validateQueryName(queryName); try { - return decryptQuery(encryptedQuery); - } catch (NoSuchPaddingException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | InvalidKeyException e) { + byte[] decryptedQuery = decryptQuery(query.getSignature()); + byte[] serializedQuery = serializeQuery(queryName, query.getCode()); + byte[] hashedSerializedQuery = cryptographicHash(serializedQuery); + if (hashedSerializedQuery != decryptedQuery) { + throw new QuerySigner.InvalidQueryException(); + } + } catch (NoSuchPaddingException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | InvalidKeyException | QuerySigner.InvalidQueryException e) { e.printStackTrace(); throw new RemoteException(e.getLocalizedMessage()); } } + // TODO + @Override + public ValueQuery signUninstallQuery(String queryName) throws RemoteException { + return null; + } + + // TODO + @Override + public void validateUninstallQuery(String queryName, ValueQuery query) throws RemoteException { + + } + @Override public PublicKey getPublicKey() throws RemoteException { return publicKey; diff --git a/src/main/java/pl/edu/mimuw/cloudatlas/querysignerapi/QuerySignerApi.java b/src/main/java/pl/edu/mimuw/cloudatlas/querysignerapi/QuerySignerApi.java index 3c77c0a..fa46da3 100644 --- a/src/main/java/pl/edu/mimuw/cloudatlas/querysignerapi/QuerySignerApi.java +++ b/src/main/java/pl/edu/mimuw/cloudatlas/querysignerapi/QuerySignerApi.java @@ -1,13 +1,19 @@ package pl.edu.mimuw.cloudatlas.querysignerapi; +import pl.edu.mimuw.cloudatlas.model.ValueQuery; + import java.rmi.Remote; import java.rmi.RemoteException; import java.security.PublicKey; public interface QuerySignerApi extends Remote { - public byte[] signQuery(String queryName, String queryCode) throws RemoteException; + public ValueQuery signInstallQuery(String queryName, String queryCode) throws RemoteException; + + public ValueQuery signUninstallQuery(String queryName) throws RemoteException; + + public void validateInstallQuery(String queryName, ValueQuery query) throws RemoteException; - public String checkQuery(byte[] encryptedQuery, String queryName, String queryCode) throws RemoteException; + public void validateUninstallQuery(String queryName, ValueQuery query) throws RemoteException; public PublicKey getPublicKey() throws RemoteException; -- cgit v1.2.3