Example 1 with PrivateIdentityCertificate
use of org.terasology.engine.identity.PrivateIdentityCertificate in project Terasology by MovingBlocks.
the class ConfigurationSubsystem method validateServerIdentity.
private boolean validateServerIdentity() {
PrivateIdentityCertificate privateCert = config.getSecurity().getServerPrivateCertificate();
PublicIdentityCertificate publicCert = config.getSecurity().getServerPublicCertificate();
if (privateCert == null || publicCert == null) {
return false;
}
// Validate the signature
if (!publicCert.verifySelfSigned()) {
logger.error("Server signature is not self signed! Generating new server identity.");
return false;
}
return true;
}
Also used :
PrivateIdentityCertificate(org.terasology.engine.identity.PrivateIdentityCertificate)
PublicIdentityCertificate(org.terasology.engine.identity.PublicIdentityCertificate)
Example 2 with PrivateIdentityCertificate
use of org.terasology.engine.identity.PrivateIdentityCertificate in project Terasology by MovingBlocks.
the class ClientHandshakeHandler method processNewIdentity.
/**
* Generates a new secret key for a user and then decrypts the certificate into a byte array. Storing the certificate to the user ID.
* @param provisionIdentity
* @param ctx Channel Handler Context.
*/
private void processNewIdentity(NetData.ProvisionIdentity provisionIdentity, ChannelHandlerContext ctx) {
logger.info("Received identity from server");
if (!requestedCertificate) {
logger.error("Received identity without requesting it: cancelling authentication");
joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
ctx.channel().close();
return;
}
try {
byte[] decryptedCert = null;
try {
SecretKeySpec key = HandshakeCommon.generateSymmetricKey(masterSecret, clientRandom, serverRandom);
Cipher cipher = Cipher.getInstance(IdentityConstants.SYMMETRIC_ENCRYPTION_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, key);
decryptedCert = cipher.doFinal(provisionIdentity.getEncryptedCertificates().toByteArray());
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
logger.error("Unexpected error decrypting received certificate, ending connection attempt", e);
joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
ctx.channel().close();
return;
}
NetData.CertificateSet certificateSet = NetData.CertificateSet.parseFrom(decryptedCert);
NetData.Certificate publicCertData = certificateSet.getPublicCertificate();
PublicIdentityCertificate publicCert = NetMessageUtil.convert(publicCertData);
if (!publicCert.verifySignedBy(serverCertificate)) {
logger.error("Received invalid certificate, not signed by server: cancelling authentication");
joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
ctx.channel().close();
return;
}
BigInteger exponent = new BigInteger(certificateSet.getPrivateExponent().toByteArray());
PrivateIdentityCertificate privateCert = new PrivateIdentityCertificate(publicCert.getModulus(), exponent);
// Store identity for later use
identity = new ClientIdentity(publicCert, privateCert);
config.getSecurity().addIdentity(serverCertificate, identity);
config.save();
// Try to upload the new identity to the identity storage service (if user is logged in)
StorageServiceWorker storageServiceWorker = CoreRegistry.get(StorageServiceWorker.class);
if (storageServiceWorker != null && storageServiceWorker.getStatus() == StorageServiceWorkerStatus.LOGGED_IN) {
storageServiceWorker.putIdentity(serverCertificate, identity);
}
// And we're authenticated.
ctx.pipeline().remove(this);
channelAuthenticated(ctx);
} catch (InvalidProtocolBufferException e) {
logger.error("Received invalid certificate data: cancelling authentication", e);
joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
ctx.channel().close();
}
}
Also used :
NetData(org.terasology.protobuf.NetData)
InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
InvalidKeyException(java.security.InvalidKeyException)
ClientIdentity(org.terasology.engine.identity.ClientIdentity)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
BigInteger(java.math.BigInteger)
Cipher(javax.crypto.Cipher)
StorageServiceWorker(org.terasology.engine.identity.storageServiceClient.StorageServiceWorker)
PrivateIdentityCertificate(org.terasology.engine.identity.PrivateIdentityCertificate)
PublicIdentityCertificate(org.terasology.engine.identity.PublicIdentityCertificate)
Aggregations
PrivateIdentityCertificate (org.terasology.engine.identity.PrivateIdentityCertificate)2
PublicIdentityCertificate (org.terasology.engine.identity.PublicIdentityCertificate)2
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1
BigInteger (java.math.BigInteger)1
InvalidKeyException (java.security.InvalidKeyException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
BadPaddingException (javax.crypto.BadPaddingException)1
Cipher (javax.crypto.Cipher)1
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)1
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1
SecretKeySpec (javax.crypto.spec.SecretKeySpec)1
ClientIdentity (org.terasology.engine.identity.ClientIdentity)1
StorageServiceWorker (org.terasology.engine.identity.storageServiceClient.StorageServiceWorker)1
NetData (org.terasology.protobuf.NetData)1
