use of org.terasology.engine.identity.PublicIdentityCertificate in project Terasology by MovingBlocks.
the class StorageServiceWorker method solveNextConflict.
/**
* @param solution the strategy to resolve the conflict returned by the latest call to {@link
* #getNextConflict()}. If there are no more conflicts and some of the solved conflicts must keep the local
* version, the uploads are performed asynchronously.
*/
public void solveNextConflict(IdentityConflictSolution solution) {
IdentityBundle entry = conflictingRemoteIdentities.removeFirst();
PublicIdentityCertificate server = entry.getServer();
ClientIdentity remote = entry.getClient();
ClientIdentity local = securityConfig.getIdentity(server);
switch(solution) {
case // save for upload (remote will be overwritten)
KEEP_LOCAL:
conflictSolutionsToUpload.put(server, local);
break;
case // store the remote identity locally, overwriting the local version
KEEP_REMOTE:
securityConfig.addIdentity(server, remote);
break;
case IGNORE:
}
// if there are no more conflicts, perform the uploads and reset
if (!hasConflictingIdentities()) {
putIdentities(conflictSolutionsToUpload);
resetConflicts();
}
}
use of org.terasology.engine.identity.PublicIdentityCertificate in project Terasology by MovingBlocks.
the class ClientHandshakeHandler method processNewIdentity.
/**
* Generates a new secret key for a user and then decrypts the certificate into a byte array. Storing the certificate to the user ID.
* @param provisionIdentity
* @param ctx Channel Handler Context.
*/
private void processNewIdentity(NetData.ProvisionIdentity provisionIdentity, ChannelHandlerContext ctx) {
logger.info("Received identity from server");
if (!requestedCertificate) {
logger.error("Received identity without requesting it: cancelling authentication");
joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
ctx.channel().close();
return;
}
try {
byte[] decryptedCert = null;
try {
SecretKeySpec key = HandshakeCommon.generateSymmetricKey(masterSecret, clientRandom, serverRandom);
Cipher cipher = Cipher.getInstance(IdentityConstants.SYMMETRIC_ENCRYPTION_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, key);
decryptedCert = cipher.doFinal(provisionIdentity.getEncryptedCertificates().toByteArray());
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
logger.error("Unexpected error decrypting received certificate, ending connection attempt", e);
joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
ctx.channel().close();
return;
}
NetData.CertificateSet certificateSet = NetData.CertificateSet.parseFrom(decryptedCert);
NetData.Certificate publicCertData = certificateSet.getPublicCertificate();
PublicIdentityCertificate publicCert = NetMessageUtil.convert(publicCertData);
if (!publicCert.verifySignedBy(serverCertificate)) {
logger.error("Received invalid certificate, not signed by server: cancelling authentication");
joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
ctx.channel().close();
return;
}
BigInteger exponent = new BigInteger(certificateSet.getPrivateExponent().toByteArray());
PrivateIdentityCertificate privateCert = new PrivateIdentityCertificate(publicCert.getModulus(), exponent);
// Store identity for later use
identity = new ClientIdentity(publicCert, privateCert);
config.getSecurity().addIdentity(serverCertificate, identity);
config.save();
// Try to upload the new identity to the identity storage service (if user is logged in)
StorageServiceWorker storageServiceWorker = CoreRegistry.get(StorageServiceWorker.class);
if (storageServiceWorker != null && storageServiceWorker.getStatus() == StorageServiceWorkerStatus.LOGGED_IN) {
storageServiceWorker.putIdentity(serverCertificate, identity);
}
// And we're authenticated.
ctx.pipeline().remove(this);
channelAuthenticated(ctx);
} catch (InvalidProtocolBufferException e) {
logger.error("Received invalid certificate data: cancelling authentication", e);
joinStatus.setErrorMessage(AUTHENTICATION_FAILURE);
ctx.channel().close();
}
}
use of org.terasology.engine.identity.PublicIdentityCertificate in project Terasology by MovingBlocks.
the class ServerHandshakeHandler method channelActive.
@Override
public void channelActive(ChannelHandlerContext ctx) throws Exception {
super.channelActive(ctx);
serverConnectionHandler = ctx.pipeline().get(ServerConnectionHandler.class);
PublicIdentityCertificate serverPublicCert = config.getSecurity().getServerPublicCertificate();
new SecureRandom().nextBytes(serverRandom);
serverHello = NetData.HandshakeHello.newBuilder().setRandom(ByteString.copyFrom(serverRandom)).setCertificate(NetMessageUtil.convert(serverPublicCert)).setTimestamp(System.currentTimeMillis()).build();
ctx.channel().writeAndFlush(NetData.NetMessage.newBuilder().setHandshakeHello(serverHello).build());
}
Aggregations