Example 1 with GitSignResponse
use of co.krypt.krypton.protocol.GitSignResponse in project krypton-android by kryptco.
the class Silo method respondToRequest.
public void respondToRequest(Pairing pairing, Request request, boolean requestAllowed) throws Unrecoverable {
// Fine-grained locking allows performing signatures in parallel
synchronized ((Silo.class.getName() + request.requestID).intern()) {
synchronized (Silo.class) {
if (sendCachedResponseIfPresent(pairing, request)) {
return;
}
}
Response response = Response.with(request);
Analytics analytics = new Analytics(context);
if (analytics.isDisabled()) {
response.trackingID = "disabled";
} else {
response.trackingID = analytics.getClientID();
}
request.body.visit(new RequestBody.Visitor<Void, Unrecoverable>() {
@Override
public Void visit(MeRequest meRequest) throws CryptoException {
response.meResponse = new MeResponse(meStorage.loadWithUserID(meRequest.userID()));
return null;
}
@Override
public Void visit(SignRequest signRequest) throws Unrecoverable {
signRequest.validate();
response.signResponse = new SignResponse();
if (requestAllowed) {
try {
SSHKeyPairI key = MeStorage.getOrLoadKeyPair(context);
if (MessageDigest.isEqual(signRequest.publicKeyFingerprint, key.publicKeyFingerprint())) {
if (signRequest.verifyHostName()) {
String hostName = signRequest.hostAuth.hostNames[0];
String hostKey = Base64.encodeAsString(signRequest.hostAuth.hostKey);
synchronized (databaseLock) {
List<KnownHost> matchingKnownHosts = dbHelper.getKnownHostDao().queryForEq("host_name", hostName);
try {
Sigchain.NativeResult<List<Sigchain.PinnedHost>> teamPinnedHosts = TeamDataProvider.getPinnedKeysByHost(context, hostName);
if (teamPinnedHosts.success != null) {
for (Sigchain.PinnedHost pinnedHost : teamPinnedHosts.success) {
matchingKnownHosts.add(new KnownHost(pinnedHost.host, co.krypt.krypton.crypto.Base64.encode(pinnedHost.publicKey), 0));
}
}
} catch (Native.NotLinked e) {
e.printStackTrace();
}
if (matchingKnownHosts.size() == 0) {
dbHelper.getKnownHostDao().create(new KnownHost(hostName, hostKey, System.currentTimeMillis() / 1000));
broadcastKnownHostsChanged();
} else {
boolean foundKnownHost = false;
List<String> pinnedPublicKeys = new ArrayList<>();
for (KnownHost pinnedHost : matchingKnownHosts) {
pinnedPublicKeys.add(pinnedHost.publicKey);
if (pinnedHost.publicKey.equals(hostKey)) {
foundKnownHost = true;
break;
}
}
if (!foundKnownHost) {
throw new MismatchedHostKeyException(pinnedPublicKeys, "Expected " + pinnedPublicKeys.toString() + " received " + hostKey);
}
}
}
}
String algo = signRequest.algo();
if ((key instanceof RSASSHKeyPair) && request.semVer().lessThan(Versions.KR_SUPPORTS_RSA_SHA256_512)) {
algo = "ssh-rsa";
}
response.signResponse.signature = key.signDigestAppendingPubkey(signRequest.data, algo);
SSHSignatureLog log = new SSHSignatureLog(signRequest.data, true, signRequest.command, signRequest.user(), signRequest.firstHostnameIfExists(), System.currentTimeMillis() / 1000, signRequest.verifyHostName(), JSON.toJson(signRequest.hostAuth), pairing.getUUIDString(), pairing.workstationName);
co.krypt.krypton.team.log.Log teamLog = co.krypt.krypton.team.log.Log.fromSSHRequest(pairing, request, signRequest, co.krypt.krypton.team.log.Log.Body.SSH.Result.signature(response.signResponse.signature));
EventBus.getDefault().post(new TeamService.EncryptLog(C.background(context), teamLog));
pairingStorage.appendToSSHLog(log);
Notifications.notifySuccess(context, pairing, request, log);
if (signRequest.verifiedHostNameOrDefault("unknown host").equals("me.krypt.co")) {
Intent sshMeIntent = new Intent(TestSSHFragment.SSH_ME_ACTION);
LocalBroadcastManager.getInstance(context).sendBroadcast(sshMeIntent);
}
if (signRequest.hostAuth == null) {
new Analytics(context).postEvent("host", "unknown", null, null, false);
} else if (!signRequest.verifyHostName()) {
new Analytics(context).postEvent("host", "unverified", null, null, false);
}
} else {
Log.e(TAG, Base64.encodeAsString(signRequest.publicKeyFingerprint) + " != " + Base64.encodeAsString(key.publicKeyFingerprint()));
response.signResponse.error = "unknown key fingerprint";
}
} catch (SQLException e) {
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
e.printStackTrace(pw);
response.signResponse.error = "SQL error: " + e.getMessage() + "\n" + sw.toString();
e.printStackTrace();
} catch (MismatchedHostKeyException e) {
response.signResponse.error = "host public key mismatched";
if (signRequest.hostAuth.hostKey != null) {
co.krypt.krypton.team.log.Log teamLog = co.krypt.krypton.team.log.Log.fromSSHRequest(pairing, request, signRequest, co.krypt.krypton.team.log.Log.Body.SSH.Result.hostMismatch(e.pinnedPublicKeys.toArray(new String[] {})));
EventBus.getDefault().post(new TeamService.EncryptLog(C.background(context), teamLog));
}
Notifications.notifyReject(context, pairing, request, "Host public key mismatched.");
e.printStackTrace();
}
} else {
response.signResponse.error = "rejected";
co.krypt.krypton.team.log.Log teamLog = co.krypt.krypton.team.log.Log.fromSSHRequest(pairing, request, signRequest, co.krypt.krypton.team.log.Log.Body.SSH.Result.userRejected());
EventBus.getDefault().post(new TeamService.EncryptLog(C.background(context), teamLog));
pairingStorage.appendToSSHLog(new SSHSignatureLog(signRequest.data, false, signRequest.command, signRequest.user(), signRequest.firstHostnameIfExists(), System.currentTimeMillis() / 1000, signRequest.verifyHostName(), JSON.toJson(signRequest.hostAuth), pairing.getUUIDString(), pairing.workstationName));
}
return null;
}
@Override
public Void visit(GitSignRequest gitSignRequest) throws Unrecoverable {
if (requestAllowed) {
try {
SSHKeyPairI key = MeStorage.getOrLoadKeyPair(context);
new MeStorage(context).loadWithUserID(UserID.parse(gitSignRequest.userID));
co.krypt.krypton.team.log.Log.Body.GitSignatureResult gitSignatureResult = new co.krypt.krypton.team.log.Log.Body.GitSignatureResult();
co.krypt.krypton.log.Log log = gitSignRequest.body.visit(new GitSignRequestBody.Visitor<co.krypt.krypton.log.Log, Exception>() {
@Override
public co.krypt.krypton.log.Log visit(CommitInfo commit) throws Unrecoverable {
byte[] signature = SignableUtils.signBinaryDocument(commit, key, HashAlgorithm.SHA512);
response.gitSignResponse = new GitSignResponse(signature, null);
gitSignatureResult.signature = signature;
GitCommitSignatureLog commitLog = new GitCommitSignatureLog(pairing, commit, new AsciiArmor(AsciiArmor.HeaderLine.SIGNATURE, AsciiArmor.backwardsCompatibleHeaders(request.semVer()), signature).toString());
pairings().appendToCommitLogs(commitLog);
return commitLog;
}
@Override
public co.krypt.krypton.log.Log visit(TagInfo tag) throws Unrecoverable {
byte[] signature = SignableUtils.signBinaryDocument(tag, key, HashAlgorithm.SHA512);
response.gitSignResponse = new GitSignResponse(signature, null);
gitSignatureResult.signature = signature;
GitTagSignatureLog tagLog = new GitTagSignatureLog(pairing, tag, new AsciiArmor(AsciiArmor.HeaderLine.SIGNATURE, AsciiArmor.backwardsCompatibleHeaders(request.semVer()), signature).toString());
pairings().appendToTagLogs(tagLog);
return tagLog;
}
});
co.krypt.krypton.team.log.Log teamLog = co.krypt.krypton.team.log.Log.fromGitRequest(pairing, request, gitSignRequest, gitSignatureResult);
EventBus.getDefault().post(new TeamService.EncryptLog(C.background(context), teamLog));
Notifications.notifySuccess(context, pairing, request, log);
} catch (Exception e) {
e.printStackTrace();
response.gitSignResponse = new GitSignResponse(null, "unknown error");
}
} else {
response.gitSignResponse = new GitSignResponse(null, "rejected");
gitSignRequest.body.visit(new GitSignRequestBody.Visitor<Void, RuntimeException>() {
@Override
public Void visit(CommitInfo commit) throws RuntimeException {
pairings().appendToCommitLogs(new GitCommitSignatureLog(pairing, commit, null));
return null;
}
@Override
public Void visit(TagInfo tag) throws RuntimeException {
pairings().appendToTagLogs(new GitTagSignatureLog(pairing, tag, null));
return null;
}
});
co.krypt.krypton.team.log.Log teamLog = co.krypt.krypton.team.log.Log.fromGitRequest(pairing, request, gitSignRequest, co.krypt.krypton.team.log.Log.Body.GitSignatureResult.userRejected());
EventBus.getDefault().post(new TeamService.EncryptLog(C.background(context), teamLog));
}
return null;
}
@Override
public Void visit(UnpairRequest unpairRequest) throws Unrecoverable {
// Processed in handle()
return null;
}
@Override
public Void visit(HostsRequest hostsRequest) throws Unrecoverable {
HostsResponse hostsResponse = new HostsResponse();
synchronized (databaseLock) {
try {
List<SSHSignatureLog> sshLogs = dbHelper.getSSHSignatureLogDao().queryBuilder().groupByRaw("user, host_name").query();
List<UserAndHost> userAndHosts = new LinkedList<>();
for (SSHSignatureLog log : sshLogs) {
UserAndHost userAndHost = new UserAndHost();
userAndHost.user = log.user;
userAndHost.host = log.hostName;
userAndHosts.add(userAndHost);
}
HostInfo hostInfo = new HostInfo();
UserAndHost[] userAndHostsArray = new UserAndHost[userAndHosts.size()];
userAndHosts.toArray(userAndHostsArray);
hostInfo.hosts = userAndHostsArray;
List<UserID> userIDs = meStorage.getUserIDs();
List<String> userIDStrings = new LinkedList<>();
for (UserID userID : userIDs) {
userIDStrings.add(userID.toString());
}
String[] userIDArray = new String[userIDs.size()];
userIDStrings.toArray(userIDArray);
hostInfo.pgpUserIDs = userIDArray;
hostsResponse.hostInfo = hostInfo;
} catch (SQLException e1) {
hostsResponse.error = "sql exception";
}
}
response.hostsResponse = hostsResponse;
return null;
}
@Override
public Void visit(ReadTeamRequest readTeamRequest) throws Unrecoverable {
SuccessOrTaggedErrorResult<JsonObject> result = new SuccessOrTaggedErrorResult<>();
response.readTeamResponse = result;
if (requestAllowed) {
try {
Sigchain.NativeResult<JsonObject> readToken = TeamDataProvider.signReadToken(context, readTeamRequest.publicKey);
if (readToken.success != null) {
result.success = readToken.success;
} else {
result.error = readToken.error;
}
} catch (Native.NotLinked e) {
e.printStackTrace();
result.error = e.getMessage();
}
} else {
response.readTeamResponse.error = "rejected";
}
return null;
}
@Override
public Void visit(LogDecryptionRequest logDecryptionRequest) throws Unrecoverable {
SuccessOrTaggedErrorResult<JsonObject> result = new SuccessOrTaggedErrorResult<>();
response.logDecryptionResponse = result;
if (requestAllowed) {
try {
Sigchain.NativeResult<JsonObject> unwrappedKey = TeamDataProvider.unwrapKey(context, logDecryptionRequest.wrappedKey);
if (unwrappedKey.success != null) {
result.success = unwrappedKey.success;
} else {
result.error = unwrappedKey.error;
}
} catch (Native.NotLinked e) {
e.printStackTrace();
result.error = e.getMessage();
}
} else {
response.logDecryptionResponse.error = "rejected";
}
return null;
}
@Override
public Void visit(TeamOperationRequest teamOperationRequest) throws Unrecoverable {
SuccessOrTaggedErrorResult<Sigchain.TeamOperationResponse> result = new SuccessOrTaggedErrorResult<>();
response.teamOperationResponse = result;
if (requestAllowed) {
try {
Sigchain.NativeResult<Sigchain.TeamOperationResponse> nativeResult = TeamDataProvider.requestTeamOperation(context, teamOperationRequest.operation);
if (nativeResult.success != null) {
response.teamOperationResponse.success = nativeResult.success;
} else {
response.teamOperationResponse.error = nativeResult.error;
}
} catch (Native.NotLinked e) {
e.printStackTrace();
result.error = e.getMessage();
}
} else {
response.teamOperationResponse.error = "rejected";
}
return null;
}
});
response.snsEndpointARN = SNSTransport.getInstance(context).getEndpointARN();
synchronized (Silo.class) {
try {
if (responseDiskCacheByRequestID != null && !responseDiskCacheByRequestID.isClosed()) {
DiskLruCache.Editor cacheEditor = responseDiskCacheByRequestID.edit(request.requestIDCacheKey(pairing));
cacheEditor.set(0, JSON.toJson(response));
cacheEditor.commit();
responseDiskCacheByRequestID.flush();
}
} catch (IOException e) {
e.printStackTrace();
throw new Unrecoverable(e);
}
responseMemCacheByRequestID.put(request.requestIDCacheKey(pairing), response);
}
send(pairing, response);
}
}
Also used :
GitTagSignatureLog(co.krypt.krypton.log.GitTagSignatureLog)
TeamOperationRequest(co.krypt.krypton.protocol.TeamOperationRequest)
SSHKeyPairI(co.krypt.krypton.crypto.SSHKeyPairI)
KnownHost(co.krypt.krypton.knownhosts.KnownHost)
DiskLruCache(com.jakewharton.disklrucache.DiskLruCache)
TagInfo(co.krypt.krypton.git.TagInfo)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
GitTagSignatureLog(co.krypt.krypton.log.GitTagSignatureLog)
Log(android.util.Log)
GitCommitSignatureLog(co.krypt.krypton.log.GitCommitSignatureLog)
SSHSignatureLog(co.krypt.krypton.log.SSHSignatureLog)
HostsRequest(co.krypt.krypton.protocol.HostsRequest)
MeResponse(co.krypt.krypton.protocol.MeResponse)
LogDecryptionRequest(co.krypt.krypton.protocol.LogDecryptionRequest)
UserAndHost(co.krypt.krypton.protocol.UserAndHost)
TeamService(co.krypt.krypton.team.TeamService)
MismatchedHostKeyException(co.krypt.krypton.exception.MismatchedHostKeyException)
HostsResponse(co.krypt.krypton.protocol.HostsResponse)
MeRequest(co.krypt.krypton.protocol.MeRequest)
SQLException(java.sql.SQLException)
GitCommitSignatureLog(co.krypt.krypton.log.GitCommitSignatureLog)
Unrecoverable(co.krypt.krypton.exception.Unrecoverable)
AsciiArmor(co.krypt.krypton.pgp.asciiarmor.AsciiArmor)
StringWriter(java.io.StringWriter)
GitSignResponse(co.krypt.krypton.protocol.GitSignResponse)
SignResponse(co.krypt.krypton.protocol.SignResponse)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
UserID(co.krypt.krypton.pgp.UserID)
CommitInfo(co.krypt.krypton.git.CommitInfo)
RequestBody(co.krypt.krypton.protocol.RequestBody)
GitSignRequestBody(co.krypt.krypton.protocol.GitSignRequestBody)
RequestBody(co.krypt.krypton.protocol.RequestBody)
GitSignRequestBody(co.krypt.krypton.protocol.GitSignRequestBody)
PrintWriter(java.io.PrintWriter)
SuccessOrTaggedErrorResult(co.krypt.krypton.protocol.SuccessOrTaggedErrorResult)
RSASSHKeyPair(co.krypt.krypton.crypto.RSASSHKeyPair)
SignRequest(co.krypt.krypton.protocol.SignRequest)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
Sigchain(co.krypt.krypton.team.Sigchain)
Intent(android.content.Intent)
UnpairRequest(co.krypt.krypton.protocol.UnpairRequest)
IOException(java.io.IOException)
GitSignResponse(co.krypt.krypton.protocol.GitSignResponse)
Analytics(co.krypt.krypton.analytics.Analytics)
CryptoException(co.krypt.krypton.exception.CryptoException)
TransportException(co.krypt.krypton.exception.TransportException)
ProtocolException(co.krypt.krypton.exception.ProtocolException)
SQLException(java.sql.SQLException)
MismatchedHostKeyException(co.krypt.krypton.exception.MismatchedHostKeyException)
IOException(java.io.IOException)
HostsResponse(co.krypt.krypton.protocol.HostsResponse)
GitSignResponse(co.krypt.krypton.protocol.GitSignResponse)
MeResponse(co.krypt.krypton.protocol.MeResponse)
SignResponse(co.krypt.krypton.protocol.SignResponse)
UnpairResponse(co.krypt.krypton.protocol.UnpairResponse)
AckResponse(co.krypt.krypton.protocol.AckResponse)
Response(co.krypt.krypton.protocol.Response)
ReadTeamRequest(co.krypt.krypton.protocol.ReadTeamRequest)
SSHSignatureLog(co.krypt.krypton.log.SSHSignatureLog)
MeStorage(co.krypt.krypton.me.MeStorage)
CryptoException(co.krypt.krypton.exception.CryptoException)
HostInfo(co.krypt.krypton.protocol.HostInfo)
Aggregations
Intent (android.content.Intent)1
Log (android.util.Log)1
Analytics (co.krypt.krypton.analytics.Analytics)1
RSASSHKeyPair (co.krypt.krypton.crypto.RSASSHKeyPair)1
SSHKeyPairI (co.krypt.krypton.crypto.SSHKeyPairI)1
CryptoException (co.krypt.krypton.exception.CryptoException)1
MismatchedHostKeyException (co.krypt.krypton.exception.MismatchedHostKeyException)1
ProtocolException (co.krypt.krypton.exception.ProtocolException)1
TransportException (co.krypt.krypton.exception.TransportException)1
Unrecoverable (co.krypt.krypton.exception.Unrecoverable)1
CommitInfo (co.krypt.krypton.git.CommitInfo)1
TagInfo (co.krypt.krypton.git.TagInfo)1
KnownHost (co.krypt.krypton.knownhosts.KnownHost)1
GitCommitSignatureLog (co.krypt.krypton.log.GitCommitSignatureLog)1
GitTagSignatureLog (co.krypt.krypton.log.GitTagSignatureLog)1
SSHSignatureLog (co.krypt.krypton.log.SSHSignatureLog)1
MeStorage (co.krypt.krypton.me.MeStorage)1
UserID (co.krypt.krypton.pgp.UserID)1
AsciiArmor (co.krypt.krypton.pgp.asciiarmor.AsciiArmor)1
AckResponse (co.krypt.krypton.protocol.AckResponse)1
