Examples with ThreePartName dev.hawala.xns.level4.common.AuthChsCommon.ThreePartName used on opensource projects

Example 1 with ThreePartName

use of dev.hawala.xns.level4.common.AuthChsCommon.ThreePartName in project dodo by devhawala.

the class MailingNewImpl method transport5_postBegin.

/*
	 * postBegin
	 *  = procedure 1
	 */
private static void transport5_postBegin(PostBeginParams params, PostBeginResults results) {
    // log ingoing data
    if (logParamsAndResults) {
        StringBuilder sb = new StringBuilder();
        params.append(sb, "  ", "params");
        logf("##\n## procedure MailingNewImpl.transport5_postBegin() -- params\n%s\n##\n", sb.toString());
    }
    // check the credentials:
    // - this procedure is called for the generic mail server ("Mail Service:CHServers:CHServers")
    // - not for this specific mail service (which the 1st mail service name in the clearinghouse database)
    // - so use the generic nameconversationKey
    // - and: only the machine id for *this* mail service works...
    Credentials credentials = params.getCredentials();
    Verifier verifier = params.getVerifier();
    StrongVerifier decodedVerifier = StrongVerifier.make();
    int[] decodedConversationKey = new int[4];
    ThreePartName senderName = // throws an exception on invalid credentials
    mailService.checkCredentials(mailService.getChsDatabase().getGenericMailServiceName(), mailService.getMachineId(), credentials, verifier, decodedConversationKey, decodedVerifier);
    // start the mail transaction for this post call sequence
    PostMailTransaction mailTransaction = createMailTransaction();
    // just to be sure we have some sender name
    mailTransaction.senderName = senderName;
    // set return values
    results.mailTransaction.set(mailTransaction.transactionId);
    if (credentials.type.get() == CredentialsType.simple) {
        // return the initiators verifier
        results.verifier.add().set(verifier.get(0).get());
    } else {
        // create a strong verifier based on the received verifier
        // session.getConversationKey();
        int[] conversationKey = decodedConversationKey;
        if (conversationKey != null && conversationKey.length == 4) {
            // xor-ing values
            // the server machine, not(!) the remoteHostId extracted from the Logon request
            long xorHostId = machineId;
            // left justified machine-id => upper 32 bits
            long rcptTimestampMachineId32Bits = (xorHostId >> 16) & 0xFFFFFFFFL;
            // left justified machine-id => lower 32 bits
            long rcptTicksMachineId32Bits = (xorHostId & 0x0000FFFFL) << 16;
            // new verifier values
            long newTicks = decodedVerifier.ticks.get() + 1;
            long newTimestamp = decodedVerifier.timeStamp.get();
            if (newTicks > 0xFFFFFFFFL) {
                newTicks = 0;
                newTimestamp++;
            }
            // plain (unencrypted) verifier with xor-ed values
            StrongVerifier verfr = StrongVerifier.make();
            verfr.ticks.set(newTicks ^ rcptTicksMachineId32Bits);
            verfr.timeStamp.set(newTimestamp ^ rcptTimestampMachineId32Bits);
            // encrypt verifier and transfer into results
            try {
                WireWriter writer = new WireWriter();
                verfr.serialize(writer);
                int[] sourceBytes = writer.getWords();
                int[] encrypted = StrongAuthUtils.xnsDesEncrypt(conversationKey, sourceBytes);
                for (int i = 0; i < encrypted.length; i++) {
                    results.verifier.add().set(encrypted[i]);
                }
            } catch (Exception e) {
                // log and set no verifier => let the invoker decide if acceptable
                logf("** !! unable to serialize or encrypt the verifier in logon results: " + e.getMessage());
            }
        }
    }
    results.unknown0.set(0);
    // log outgoing data
    if (logParamsAndResults) {
        StringBuilder sb = new StringBuilder();
        results.append(sb, "  ", "results");
        logf("##\n## procedure MailingNewImpl.transport5_postBegin() -- results\n%s\n##\n", sb.toString());
    }
}

Example 2 with ThreePartName

use of dev.hawala.xns.level4.common.AuthChsCommon.ThreePartName in project dodo by devhawala.

the class MailingOldImpl method transport_post.

/*
	 *  post
	 *   = procedure 1
	 */
private static void transport_post(PostParams params, PostResults results) {
    // log ingoing data
    if (logParamsAndResults) {
        StringBuilder sb = new StringBuilder();
        params.append(sb, "  ", "params");
        log("##\n## procedure MailingImpl.transport_post() -- params\n%s\n##\n", sb.toString());
    }
    // check the credentials:
    // - this procedure is called for the generic mail server ("Mail Service:CHServers:CHServers")
    // - not for this specific mail service (which the 1st mail service name in the clearinghouse database)
    // - so use the generic name
    // - and: only the machine id for *this* mail service works...
    Credentials credentials = params.authPair.credentials;
    Verifier verifier = params.authPair.verifier;
    StrongVerifier decodedVerifier = StrongVerifier.make();
    int[] decodedConversationKey = new int[4];
    ThreePartName senderName = // throws an exception on invalid credentials
    mailService.checkCredentials(mailService.getChsDatabase().getGenericMailServiceName(), mailService.getMachineId(), credentials, verifier, decodedConversationKey, decodedVerifier);
    // check the recipients
    NameList allRecipients = NameList.make();
    ChsDatabase chs = mailService.getChsDatabase();
    for (int i = 0; i < params.recipients.size(); i++) {
        Name rcpt = params.recipients.get(i);
        String rcptFqn = chs.resolveName(rcpt);
        List<Name> dlMemberNames;
        if (rcptFqn != null && mailService.hasMailbox(rcptFqn)) {
            Name rcptName = Name.make();
            rcptName.from(rcptFqn);
            allRecipients.addDistinct(rcptName);
        } else if (params.allowDLRecipients.get() && rcptFqn != null && (dlMemberNames = getUserGroupMembersLcFqns(rcptFqn)) != null) {
            for (Name dlMember : dlMemberNames) {
                allRecipients.addDistinct(dlMember);
            }
        } else {
            UndeliveredName undelivered = UndeliveredName.make();
            undelivered.reason.set(UndeliveredNameType.noSuchRecipient);
            undelivered.name.from(rcpt);
            results.invalidNames.add(undelivered);
        }
    }
    // if invalid recipients are not allowed and we have some or if all recipients are invalid: throw error...
    if ((results.invalidNames.size() > 0 && !params.postIfInvalidNames.get()) || results.invalidNames.size() == params.recipients.size()) {
        InvalidRecipientsErrorRecord err = new InvalidRecipientsErrorRecord();
        for (int i = 0; i < results.invalidNames.size(); i++) {
            err.nameList.add(results.invalidNames.get(i));
        }
        err.raise();
    }
    // so create the mail
    try {
        ByteContentSource source = new ByteContentSource(params.content);
        if (allRecipients.size() > 0) {
            int[] mailId = mailService.postMail(senderName, allRecipients, params.contentsType.get(), source);
            for (int i = 0; i < mailId.length; i++) {
                results.msgID.get(i).set(mailId[i]);
            }
        } else {
            // abort bulk-data transfer
            source.read(null);
        }
    } catch (EndOfMessageException e) {
        new ConnectionErrorRecord(ConnectionProblem.otherCallProblem).raise();
    }
    // log outgoing data
    if (logParamsAndResults) {
        StringBuilder sb = new StringBuilder();
        results.append(sb, "  ", "results");
        log("##\n## procedure MailingImpl.transport_post() -- results\n%s\n##\n", sb.toString());
    }
}

Example 3 with ThreePartName

use of dev.hawala.xns.level4.common.AuthChsCommon.ThreePartName in project dodo by devhawala.

the class ChsDatabase method getEntryProperty.

// 0 => entry not found
// 1 => entry found, but not property
// 2 => entry found, but wrong property type (group, not item)
// 3 => both found
public int getEntryProperty(ThreePartName forPattern, int property, ObjectName distinguishedObject, Item value) {
    ChsEntry e = this.findEntryForPattern(forPattern);
    if (e == null) {
        return 0;
    }
    if (distinguishedObject != null) {
        distinguishedObject.object.set(e.getObjectName());
        distinguishedObject.domain.set(this.domainName);
        distinguishedObject.organization.set(this.organizationName);
    }
    Item item = e.getItemProperty(property);
    if (item != null) {
        value.clear();
        for (int i = 0; i < item.size(); i++) {
            value.add().set(item.get(i).get());
        }
        return 3;
    } else {
        return (e.getGroupProperty(property) != null) ? 2 : 1;
    }
}

Example 4 with ThreePartName

use of dev.hawala.xns.level4.common.AuthChsCommon.ThreePartName in project dodo by devhawala.

the class AuthChsCommon method checkStrongCredentials.

/**
 * Check that the strong credentials and the strong verifier are
 * both valid for the recipient on the given machine.
 *
 * @param chsDatabase the clearinghouse database to check against
 * @param credentials the credentials to verify
 * @param verifier the verifier going with the credentials
 * @param recipient the recipient for which the the strong credentials are encoded
 * @param recipientMachineId the target machine for which the verifier is encoded
 * @param decodedConversationKey target where to store the conversation encryption key for
 *   the session (the key will only be stored there if not {@code null} and at least
 *   4 entries long).
 * @return {@code null} if the credentials is not of strong type or the
 *   initiator encoded in the credentials is invalid or if the expiration time
 *   of the credentials are expired or the verifier timestamp is invalid;
 *   else the Clearinghouse name of the user if the credentials passed the tests.
 * @throws EndOfMessageException if decoding the credentials or verifier after
 *    decryption fails
 * @throws IllegalArgumentException if the recipient is invalid or has no
 *    strong password for decryption
 * @throws Exception if any decryption fails
 */
public static ThreePartName checkStrongCredentials(ChsDatabase chsDatabase, Credentials credentials, Verifier verifier, ThreePartName recipient, long recipientMachineId, int[] decodedConversationKey, StrongVerifier decodedVerifier) throws Exception {
    // get the recipient decryption password
    if (credentials.type.get() != CredentialsType.strong) {
        return null;
    }
    byte[] recipientStrongPw = chsDatabase.getStrongPassword(recipient);
    if (recipientStrongPw == null) {
        throw new IllegalArgumentException("Invalid recipient (strong password not found)");
    }
    int[] recipientDecryptPw = StrongAuthUtils.toWords(recipientStrongPw);
    // decode the credentials with the recipient's strong password
    StrongCredentials creds = StrongCredentials.make();
    decryptFrom(recipientDecryptPw, credentials.value, creds);
    // decrypt the verifier
    if (decodedConversationKey == null || decodedConversationKey.length < 4) {
        decodedConversationKey = new int[4];
    }
    decodedConversationKey[0] = creds.conversationKey.get(0).get();
    decodedConversationKey[1] = creds.conversationKey.get(1).get();
    decodedConversationKey[2] = creds.conversationKey.get(2).get();
    decodedConversationKey[3] = creds.conversationKey.get(3).get();
    StrongVerifier verfr = StrongVerifier.make();
    decryptFrom(decodedConversationKey, verifier, verfr);
    // left justified machine-id => upper 32 bits
    long rcptTimestampMachineId32Bits = (recipientMachineId >> 16) & 0xFFFFFFFFL;
    // left justified machine-id => lower 32 bits
    long rcptTicksMachineId32Bits = (recipientMachineId & 0x0000FFFFL) << 16;
    long verifierTicks = verfr.ticks.get() ^ rcptTicksMachineId32Bits;
    long verifierTimestamp = verfr.timeStamp.get() ^ rcptTimestampMachineId32Bits;
    if (decodedVerifier != null) {
        decodedVerifier.ticks.set(verifierTicks);
        decodedVerifier.timeStamp.set(verifierTimestamp);
    }
    // (temp) log the relevant data
    Time now = Time.make().now();
    System.out.printf("creds.initiator: %s:%s:%s\n", creds.initiator.object.get(), creds.initiator.domain.get(), creds.initiator.organization.get());
    System.out.printf("creds.expiration: %d (now: %d)\n", creds.expirationTime.get(), now.get());
    System.out.printf("verifier.timeStamp: 0x%08X = %d -> xor-ed(machineId): 0x%08X = %s (now: 0x%08X =  %d)\n", verfr.timeStamp.get(), verfr.timeStamp.get(), verifierTimestamp, verifierTimestamp, now.get(), now.get());
    System.out.printf("verifier.ticks: 0x%08X = %d -> xor-ed(machineId): 0x%08X = %d\n", verfr.ticks.get(), verfr.ticks.get(), verifierTicks, verifierTicks);
    // check the credentials / verifier
    if (!chsDatabase.isValidName(creds.initiator)) {
        System.out.println("** checkStrongCredentials() => ERR: creds.initiator is not a valid name");
        return null;
    }
    boolean skipTimestampChecks = MachineIds.getCfgBoolean(credentials.remoteHostId.get(), MachineIds.CFG_AUTH_SKIP_TIMESTAMP_CHECKS, false);
    if (!skipTimestampChecks) {
        if (now.get() > creds.expirationTime.get()) {
            System.out.println("** checkStrongCredentials() => ERR: now > creds.expirationTime");
            return null;
        }
        if (now.get() < verifierTimestamp) {
            System.out.println("** checkStrongCredentials() => ERR: now < verifierTimestamp");
            return null;
        }
        if (now.get() > (verifierTimestamp + 60)) {
            System.out.println("** checkStrongCredentials() => ERR: now > verifierTimestamp+60secs");
            return null;
        }
    } else {
        System.out.println("** checkStrongCredentials() => timestamp checks skipped (creds.expirationTime, verifier.timestamp)");
    }
    System.out.println("** checkStrongCredentials() => strong credentials OK");
    return new ThreePartName().from(creds.initiator);
}

Example 5 with ThreePartName

use of dev.hawala.xns.level4.common.AuthChsCommon.ThreePartName in project dodo by devhawala.

the class Service method createSession.

public synchronized Session createSession(Credentials credentials, Verifier verifier, StrongVerifier decodedVerifier, int filingVersion) {
    if (this.shutdown) {
        throw new IllegalStateException("Service shut down");
    }
    int[] conversationKey = new int[4];
    ThreePartName username = this.checkCredentials(credentials, verifier, conversationKey, decodedVerifier);
    Session s = new Session(this, username, conversationKey, filingVersion);
    this.sessions.add(s);
    return s;
}