private boolean validateServerIdentity() { PrivateIdentityCertificate privateCert = config.getSecurity().getServerPrivateCertificate(); PublicIdentityCertificate publicCert = config.getSecurity().getServerPublicCertificate(); if (privateCert == null || publicCert == null) { return false; } // Validate the signature if (!publicCert.verifySelfSigned()) { logger.error("Server signature is not self signed! Generating new server identity."); return false; } return true; }
public StorageServiceWorker(Context context) { this.config = context.get(Config.class); this.storageConfig = this.config.getIdentityStorageService(); this.securityConfig = this.config.getSecurity(); this.translationSystem = context.get(TranslationSystem.class); this.notificationBuffer = new LinkedBlockingDeque<>(); this.conflictingRemoteIdentities = new ArrayDeque<>(); }
@Override public void channelConnected(ChannelHandlerContext ctx, ChannelStateEvent e) throws Exception { logger.info("Sending Server Hello"); PublicIdentityCertificate serverPublicCert = config.getSecurity().getServerPublicCertificate(); new SecureRandom().nextBytes(serverRandom); serverHello = NetData.HandshakeHello.newBuilder() .setRandom(ByteString.copyFrom(serverRandom)) .setCertificate(NetMessageUtil.convert(serverPublicCert)) .setTimestamp(System.currentTimeMillis()) .build(); e.getChannel().write(NetData.NetMessage.newBuilder() .setHandshakeHello(serverHello) .build()); }
public IdentityIOHelper(Context context) { securityConfig = context.get(Config.class).getSecurity(); nuiManager = context.get(NUIManager.class); translationSystem = context.get(TranslationSystem.class); importPopupTitle = translationSystem.translate("${engine:menu#identity-import}"); exportPopupTitle = translationSystem.translate("${engine:menu#identity-export}"); }
private void processClientHandshake(NetData.HandshakeHello clientHello, NetData.HandshakeVerification handshakeVerification, ChannelHandlerContext ctx) { logger.info("Received client certificate"); PublicIdentityCertificate clientCert = NetMessageUtil.convert(clientHello.getCertificate()); if (!clientCert.verifySignedBy(config.getSecurity().getServerPublicCertificate())) { logger.error("Received invalid client certificate, ending connection attempt"); ctx.getChannel().close(); return; } byte[] clientSignature = handshakeVerification.getSignature().toByteArray(); byte[] signatureData = HandshakeCommon.getSignatureData(serverHello, clientHello); if (!clientCert.verify(signatureData, clientSignature)) { logger.error("Received invalid verification signature, ending connection attempt"); ctx.getChannel().close(); return; } logger.info("Sending server verification"); byte[] serverSignature = config.getSecurity().getServerPrivateCertificate().sign(signatureData); ctx.getChannel().write(NetData.NetMessage.newBuilder() .setHandshakeVerification(NetData.HandshakeVerification.newBuilder() .setSignature(ByteString.copyFrom(serverSignature))).build()); // Identity has been established, inform the server handler and withdraw from the pipeline ctx.getPipeline().remove(this); serverConnectionHandler.channelAuthenticated(clientCert); }
private void checkServerIdentity() { if (!validateServerIdentity()) { CertificateGenerator generator = new CertificateGenerator(); CertificatePair serverIdentity = generator.generateSelfSigned(); config.getSecurity().setServerCredentials(serverIdentity.getPublicCert(), serverIdentity.getPrivateCert()); config.save(); } }
private void processNewIdentityRequest(NetData.NewIdentityRequest newIdentityRequest, ChannelHandlerContext ctx) { logger.info("Received new identity request"); try { byte[] preMasterSecret = config.getSecurity().getServerPrivateCertificate().decrypt(newIdentityRequest.getPreMasterSecret().toByteArray()); byte[] masterSecret = HandshakeCommon.generateMasterSecret(preMasterSecret, newIdentityRequest.getRandom().toByteArray(), serverRandom); CertificatePair clientCertificates = new CertificateGenerator().generate(config.getSecurity().getServerPrivateCertificate());
identity = config.getSecurity().getIdentity(serverCertificate); if (identity == null) { requestIdentity(ctx);
config.getSecurity().addIdentity(serverCertificate, identity); config.save();
@Override public void initialise() { UIText url = find("url", UIText.class); UIText login = find("login", UIText.class); UIText password = find("password", UIText.class); find("existing-identities-warning", UILabel.class).setVisible(!config.getSecurity().getAllIdentities().isEmpty()); WidgetUtil.trySubscribe(this, "cancel", widget -> getManager().popScreen()); WidgetUtil.trySubscribe(this, "ok", widget -> { try { storageService.login(new URL(url.getText()), login.getText(), password.getText()); getManager().popScreen(); } catch (MalformedURLException e) { getManager().pushScreen(MessagePopup.ASSET_URI, MessagePopup.class).setMessage( translationSystem.translate("${engine:menu#error}"), translationSystem.translate("${engine:menu#storage-service-popup-bad-url}") ); } }); } }
@Before public void setup() throws Exception { super.setup(); CertificateGenerator generator = new CertificateGenerator(); CertificatePair serverIdentiy = generator.generateSelfSigned(); context.get(Config.class).getSecurity().setServerCredentials(serverIdentiy.getPublicCert(), serverIdentiy.getPrivateCert()); }