Examples with PublicIdentityCertificate - org.terasology.engine.identity.PublicIdentityCertificate

Example 1 with PublicIdentityCertificate

use of org.terasology.engine.identity.PublicIdentityCertificate in project Terasology by MovingBlocks.

the class ServerHandshakeHandler method processClientHandshake.

private void processClientHandshake(NetData.HandshakeHello clientHello, NetData.HandshakeVerification handshakeVerification, ChannelHandlerContext ctx) {
    logger.info("Received client certificate");
    PublicIdentityCertificate clientCert = NetMessageUtil.convert(clientHello.getCertificate());
    if (!clientCert.verifySignedBy(config.getSecurity().getServerPublicCertificate())) {
        logger.error("Received invalid client certificate, ending connection attempt");
        ctx.channel().close();
        return;
    }
    byte[] clientSignature = handshakeVerification.getSignature().toByteArray();
    byte[] signatureData = HandshakeCommon.getSignatureData(serverHello, clientHello);
    if (!clientCert.verify(signatureData, clientSignature)) {
        logger.error("Received invalid verification signature, ending connection attempt");
        ctx.channel().close();
        return;
    }
    logger.info("Sending server verification");
    byte[] serverSignature = config.getSecurity().getServerPrivateCertificate().sign(signatureData);
    ctx.channel().writeAndFlush(NetData.NetMessage.newBuilder().setHandshakeVerification(NetData.HandshakeVerification.newBuilder().setSignature(ByteString.copyFrom(serverSignature))).build());
    // Identity has been established, inform the server handler and withdraw from the pipeline
    ctx.pipeline().remove(this);
    serverConnectionHandler.channelAuthenticated(clientCert);
}

Also used : PublicIdentityCertificate(org.terasology.engine.identity.PublicIdentityCertificate)

Example 2 with PublicIdentityCertificate

use of org.terasology.engine.identity.PublicIdentityCertificate in project Terasology by MovingBlocks.

the class ConfigurationSubsystem method validateServerIdentity.

private boolean validateServerIdentity() {
    PrivateIdentityCertificate privateCert = config.getSecurity().getServerPrivateCertificate();
    PublicIdentityCertificate publicCert = config.getSecurity().getServerPublicCertificate();
    if (privateCert == null || publicCert == null) {
        return false;
    }
    // Validate the signature
    if (!publicCert.verifySelfSigned()) {
        logger.error("Server signature is not self signed! Generating new server identity.");
        return false;
    }
    return true;
}

Also used : PrivateIdentityCertificate(org.terasology.engine.identity.PrivateIdentityCertificate) PublicIdentityCertificate(org.terasology.engine.identity.PublicIdentityCertificate)

Example 3 with PublicIdentityCertificate

use of org.terasology.engine.identity.PublicIdentityCertificate in project Terasology by MovingBlocks.

the class ClientHandshakeHandler method sendCertificate.

/**
 * Generates a client hello from clientRandom file, time, and the public client certificate.
 * Sends the clients hello and certificate back to the server via network channel.
 * @param helloMessage Message from server to client.
 * @param ctx Channel Handler Context.
 */
private void sendCertificate(NetData.HandshakeHello helloMessage, ChannelHandlerContext ctx) {
    logger.info("Sending client certificate");
    PublicIdentityCertificate pubClientCert = identity.getPlayerPublicCertificate();
    clientHello = NetData.HandshakeHello.newBuilder().setRandom(ByteString.copyFrom(clientRandom)).setCertificate(NetMessageUtil.convert(pubClientCert)).setTimestamp(System.currentTimeMillis()).build();
    byte[] dataToSign = Bytes.concat(helloMessage.toByteArray(), clientHello.toByteArray());
    byte[] signature = identity.getPlayerPrivateCertificate().sign(dataToSign);
    ctx.channel().writeAndFlush(NetData.NetMessage.newBuilder().setHandshakeHello(clientHello).setHandshakeVerification(NetData.HandshakeVerification.newBuilder().setSignature(ByteString.copyFrom(signature))).build());
}

Also used : PublicIdentityCertificate(org.terasology.engine.identity.PublicIdentityCertificate)

Example 4 with PublicIdentityCertificate

use of org.terasology.engine.identity.PublicIdentityCertificate in project Terasology by MovingBlocks.

the class IdentityIOHelper method importIdentities.

public void importIdentities() {
    FilePickerPopup filePicker = nuiManager.pushScreen(FilePickerPopup.ASSET_URI, FilePickerPopup.class);
    filePicker.setTitle(importPopupTitle);
    filePicker.setOkHandler(path -> {
        Map<PublicIdentityCertificate, ClientIdentity> newIdentities;
        try (BufferedReader reader = Files.newBufferedReader(path)) {
            newIdentities = GSON.fromJson(reader, MAP_TYPE);
        } catch (IOException | JsonIOException | JsonSyntaxException ex) {
            nuiManager.pushScreen(MessagePopup.ASSET_URI, MessagePopup.class).setMessage(translationSystem.translate("${engine:menu#identity-import-failed}"), ex.toString());
            return;
        }
        checkNextConflict(newIdentities.entrySet().iterator(), () -> {
            newIdentities.forEach(securityConfig::addIdentity);
            nuiManager.pushScreen(MessagePopup.ASSET_URI, MessagePopup.class).setMessage(importPopupTitle, newIdentities.isEmpty() ? translationSystem.translate("${engine:menu#identity-import-no-new}") : String.format(translationSystem.translate("${engine:menu#identity-import-ok}"), newIdentities.size()));
        });
    });
}

Also used : JsonSyntaxException(com.google.gson.JsonSyntaxException) ClientIdentity(org.terasology.engine.identity.ClientIdentity) JsonIOException(com.google.gson.JsonIOException) BufferedReader(java.io.BufferedReader) MessagePopup(org.terasology.engine.rendering.nui.layers.mainMenu.MessagePopup) FilePickerPopup(org.terasology.engine.rendering.nui.layers.mainMenu.FilePickerPopup) IOException(java.io.IOException) JsonIOException(com.google.gson.JsonIOException) PublicIdentityCertificate(org.terasology.engine.identity.PublicIdentityCertificate)

Example 5 with PublicIdentityCertificate

use of org.terasology.engine.identity.PublicIdentityCertificate in project Terasology by MovingBlocks.

the class IdentityIOHelper method checkNextConflict.

private void checkNextConflict(Iterator<Map.Entry<PublicIdentityCertificate, ClientIdentity>> newIdentities, Runnable onCompletion) {
    Runnable next = () -> checkNextConflict(newIdentities, onCompletion);
    if (newIdentities.hasNext()) {
        Map.Entry<PublicIdentityCertificate, ClientIdentity> entry = newIdentities.next();
        PublicIdentityCertificate server = entry.getKey();
        ClientIdentity newClient = entry.getValue();
        ClientIdentity oldClient = securityConfig.getIdentity(server);
        if (oldClient != null) {
            Runnable skip = () -> {
                newIdentities.remove();
                next.run();
            };
            if (newClient.getPlayerPublicCertificate().equals(oldClient.getPlayerPublicCertificate())) {
                skip.run();
            } else {
                ThreeButtonPopup popup = nuiManager.pushScreen(ThreeButtonPopup.ASSET_URI, ThreeButtonPopup.class);
                popup.setMessage(importPopupTitle, String.format(translationSystem.translate("${engine:menu#identity-import-conflict}"), server.getId(), oldClient.getPlayerPublicCertificate().getId(), newClient.getPlayerPublicCertificate().getId()));
                popup.setLeftButton(translationSystem.translate("${engine:menu#identity-import-overwrite}"), next);
                popup.setCenterButton(translationSystem.translate("${engine:menu#identity-import-skip}"), skip);
                popup.setRightButton(translationSystem.translate("${engine:menu#identity-import-cancel}"), () -> nuiManager.pushScreen(MessagePopup.ASSET_URI, MessagePopup.class).setMessage(importPopupTitle, translationSystem.translate("${engine:menu#identity-import-cancelled}")));
            }
        } else {
            next.run();
        }
    } else {
        onCompletion.run();
    }
}

Also used : ClientIdentity(org.terasology.engine.identity.ClientIdentity) Map(java.util.Map) ThreeButtonPopup(org.terasology.engine.rendering.nui.layers.mainMenu.ThreeButtonPopup) PublicIdentityCertificate(org.terasology.engine.identity.PublicIdentityCertificate)

Aggregations

PublicIdentityCertificate (org.terasology.engine.identity.PublicIdentityCertificate)8 ClientIdentity (org.terasology.engine.identity.ClientIdentity)4 PrivateIdentityCertificate (org.terasology.engine.identity.PrivateIdentityCertificate)2 JsonIOException (com.google.gson.JsonIOException)1 JsonSyntaxException (com.google.gson.JsonSyntaxException)1 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 BufferedReader (java.io.BufferedReader)1 IOException (java.io.IOException)1 BigInteger (java.math.BigInteger)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 SecureRandom (java.security.SecureRandom)1 Map (java.util.Map)1 BadPaddingException (javax.crypto.BadPaddingException)1 Cipher (javax.crypto.Cipher)1 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)1 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1 StorageServiceWorker (org.terasology.engine.identity.storageServiceClient.StorageServiceWorker)1 FilePickerPopup (org.terasology.engine.rendering.nui.layers.mainMenu.FilePickerPopup)1