Search in sources :

Example 1 with PrivateIdentityCertificate

use of org.terasology.engine.identity.PrivateIdentityCertificate in project Terasology by MovingBlocks.

the class ConfigurationSubsystem method validateServerIdentity.

private boolean validateServerIdentity() {
    PrivateIdentityCertificate privateCert = config.getSecurity().getServerPrivateCertificate();
    PublicIdentityCertificate publicCert = config.getSecurity().getServerPublicCertificate();
    if (privateCert == null || publicCert == null) {
        return false;
    }
    // Validate the signature
    if (!publicCert.verifySelfSigned()) {
        logger.error("Server signature is not self signed! Generating new server identity.");
        return false;
    }
    return true;
}
Also used : PrivateIdentityCertificate(org.terasology.engine.identity.PrivateIdentityCertificate) PublicIdentityCertificate(org.terasology.engine.identity.PublicIdentityCertificate)

Example 2 with PrivateIdentityCertificate

use of org.terasology.engine.identity.PrivateIdentityCertificate in project Terasology by MovingBlocks.

the class ClientHandshakeHandler method processNewIdentity.

/**
 * Generates a new secret key for a user and then decrypts the certificate into a byte array. Storing the certificate to the user ID.
 * @param provisionIdentity
 * @param ctx Channel Handler Context.
 */
private void processNewIdentity(NetData.ProvisionIdentity provisionIdentity, ChannelHandlerContext ctx) {
    logger.info("Received identity from server");
    if (!requestedCertificate) {
        logger.error("Received identity without requesting it: cancelling authentication");
        joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
        ctx.channel().close();
        return;
    }
    try {
        byte[] decryptedCert = null;
        try {
            SecretKeySpec key = HandshakeCommon.generateSymmetricKey(masterSecret, clientRandom, serverRandom);
            Cipher cipher = Cipher.getInstance(IdentityConstants.SYMMETRIC_ENCRYPTION_ALGORITHM);
            cipher.init(Cipher.DECRYPT_MODE, key);
            decryptedCert = cipher.doFinal(provisionIdentity.getEncryptedCertificates().toByteArray());
        } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            logger.error("Unexpected error decrypting received certificate, ending connection attempt", e);
            joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
            ctx.channel().close();
            return;
        }
        NetData.CertificateSet certificateSet = NetData.CertificateSet.parseFrom(decryptedCert);
        NetData.Certificate publicCertData = certificateSet.getPublicCertificate();
        PublicIdentityCertificate publicCert = NetMessageUtil.convert(publicCertData);
        if (!publicCert.verifySignedBy(serverCertificate)) {
            logger.error("Received invalid certificate, not signed by server: cancelling authentication");
            joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
            ctx.channel().close();
            return;
        }
        BigInteger exponent = new BigInteger(certificateSet.getPrivateExponent().toByteArray());
        PrivateIdentityCertificate privateCert = new PrivateIdentityCertificate(publicCert.getModulus(), exponent);
        // Store identity for later use
        identity = new ClientIdentity(publicCert, privateCert);
        config.getSecurity().addIdentity(serverCertificate, identity);
        config.save();
        // Try to upload the new identity to the identity storage service (if user is logged in)
        StorageServiceWorker storageServiceWorker = CoreRegistry.get(StorageServiceWorker.class);
        if (storageServiceWorker != null && storageServiceWorker.getStatus() == StorageServiceWorkerStatus.LOGGED_IN) {
            storageServiceWorker.putIdentity(serverCertificate, identity);
        }
        // And we're authenticated.
        ctx.pipeline().remove(this);
        channelAuthenticated(ctx);
    } catch (InvalidProtocolBufferException e) {
        logger.error("Received invalid certificate data: cancelling authentication", e);
        joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
        ctx.channel().close();
    }
}
Also used : NetData(org.terasology.protobuf.NetData) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) InvalidKeyException(java.security.InvalidKeyException) ClientIdentity(org.terasology.engine.identity.ClientIdentity) SecretKeySpec(javax.crypto.spec.SecretKeySpec) BigInteger(java.math.BigInteger) Cipher(javax.crypto.Cipher) StorageServiceWorker(org.terasology.engine.identity.storageServiceClient.StorageServiceWorker) PrivateIdentityCertificate(org.terasology.engine.identity.PrivateIdentityCertificate) PublicIdentityCertificate(org.terasology.engine.identity.PublicIdentityCertificate)

Aggregations

PrivateIdentityCertificate (org.terasology.engine.identity.PrivateIdentityCertificate)2 PublicIdentityCertificate (org.terasology.engine.identity.PublicIdentityCertificate)2 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 BigInteger (java.math.BigInteger)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 BadPaddingException (javax.crypto.BadPaddingException)1 Cipher (javax.crypto.Cipher)1 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)1 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1 ClientIdentity (org.terasology.engine.identity.ClientIdentity)1 StorageServiceWorker (org.terasology.engine.identity.storageServiceClient.StorageServiceWorker)1 NetData (org.terasology.protobuf.NetData)1