- Save the aes key generated during secure authentication in Client and ClientLocal (for the

server).  It can then be used to encrypt further data during the session.


git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@6492 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
Mark Johnson
2011-02-15 01:20:34 +00:00
parent acc6cff7e5
commit 4a5fe35c2c
7 changed files with 55 additions and 3 deletions
@@ -51,6 +51,7 @@ import com.threerings.io.UnreliableObjectOutputStream;
import com.threerings.presents.net.AESAuthRequest;
import com.threerings.presents.net.AuthResponse;
import com.threerings.presents.net.AuthResponseData;
import com.threerings.presents.net.AuthRequest;
import com.threerings.presents.net.DownstreamMessage;
import com.threerings.presents.net.LogoffRequest;
import com.threerings.presents.net.PingRequest;
@@ -630,10 +631,12 @@ public class BlockingCommunicator extends Communicator
response = (AuthResponse)receiveMessage();
// If we've received a secure response, proceed with authentication
if (response instanceof SecureResponse) {
sendMessage(AESAuthRequest.createAuthRequest(
AuthRequest areq = AESAuthRequest.createAuthRequest(
_client.getCredentials(), _client.getVersion(),
_client.getBootGroups(), _client.requireSecureAuth(),
pkcreds, (SecureResponse)response));
pkcreds, (SecureResponse)response);
sendMessage(areq);
_client.setSecret(areq.getSecret());
// now wait for the auth response
log.debug("Waiting for auth response.");
@@ -254,6 +254,22 @@ public class Client
return _requireSecureAuth;
}
/**
* Sets the secret key to use with a session.
*/
public void setSecret (byte[] secret)
{
_secret = secret;
}
/**
* Gets the secret key to use with a session.
*/
public byte[] getSecret ()
{
return _secret;
}
/**
* Returns the version string configured for this client.
*/
@@ -1045,6 +1061,9 @@ public class Client
/** Our public key. */
protected PublicKey _publicKey;
/** Our session secret key. */
protected byte[] _secret;
/** If we require a secure connection to send our credentials. */
protected boolean _requireSecureAuth = false;
@@ -87,6 +87,12 @@ public class AESAuthRequest extends AuthRequest
return _clearCreds;
}
@Override // documentation inherited
public byte[] getSecret ()
{
return _key;
}
@Override // documentation inherited
public String toString ()
{
@@ -83,6 +83,14 @@ public class AuthRequest extends UpstreamMessage
return _bootGroups;
}
/**
* Returns a shared secret key used for sending encrypted data to the client.
*/
public byte[] getSecret ()
{
return null;
}
@Override
public String toString ()
{
@@ -34,5 +34,6 @@ import com.threerings.presents.data.ClientObject;
*/
public class ClientLocal extends SimpleStreamableObject
{
// nothing to track at this level
/** A shared secret key used for encrypting data. */
public byte[] secret;
}
@@ -390,6 +390,12 @@ public class ClientManager
// immediately
clobj.release();
// Grab the shared secret from the session and stick it into the client local
PresentsSession session = getClient(username);
if (session != null) {
clobj.getLocal(ClientLocal.class).secret = session.getSecret();
}
// stuff the object into the mapping table
_objmap.put(username, clobj);
@@ -126,6 +126,14 @@ public class PresentsSession
return _areq.getTimeZone();
}
/**
* Returns the shared secret for this session.
*/
public byte[] getSecret ()
{
return _areq.getSecret();
}
/**
* Returns true if this session has been disconnected for sufficiently long that it should be
* forcibly ended.
@@ -1197,6 +1205,7 @@ public class PresentsSession
protected AuthRequest _areq;
protected Object _authdata;
protected Name _authname;
protected byte[] _secret;
protected PresentsConnection _conn;
protected ClientObject _clobj;
protected IntMap<ClientProxy> _subscrips = IntMaps.newHashIntMap();