- Save the aes key generated during secure authentication in Client and ClientLocal (for the
server). It can then be used to encrypt further data during the session. git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@6492 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
@@ -51,6 +51,7 @@ import com.threerings.io.UnreliableObjectOutputStream;
|
||||
import com.threerings.presents.net.AESAuthRequest;
|
||||
import com.threerings.presents.net.AuthResponse;
|
||||
import com.threerings.presents.net.AuthResponseData;
|
||||
import com.threerings.presents.net.AuthRequest;
|
||||
import com.threerings.presents.net.DownstreamMessage;
|
||||
import com.threerings.presents.net.LogoffRequest;
|
||||
import com.threerings.presents.net.PingRequest;
|
||||
@@ -630,10 +631,12 @@ public class BlockingCommunicator extends Communicator
|
||||
response = (AuthResponse)receiveMessage();
|
||||
// If we've received a secure response, proceed with authentication
|
||||
if (response instanceof SecureResponse) {
|
||||
sendMessage(AESAuthRequest.createAuthRequest(
|
||||
AuthRequest areq = AESAuthRequest.createAuthRequest(
|
||||
_client.getCredentials(), _client.getVersion(),
|
||||
_client.getBootGroups(), _client.requireSecureAuth(),
|
||||
pkcreds, (SecureResponse)response));
|
||||
pkcreds, (SecureResponse)response);
|
||||
sendMessage(areq);
|
||||
_client.setSecret(areq.getSecret());
|
||||
|
||||
// now wait for the auth response
|
||||
log.debug("Waiting for auth response.");
|
||||
|
||||
@@ -254,6 +254,22 @@ public class Client
|
||||
return _requireSecureAuth;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the secret key to use with a session.
|
||||
*/
|
||||
public void setSecret (byte[] secret)
|
||||
{
|
||||
_secret = secret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the secret key to use with a session.
|
||||
*/
|
||||
public byte[] getSecret ()
|
||||
{
|
||||
return _secret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the version string configured for this client.
|
||||
*/
|
||||
@@ -1045,6 +1061,9 @@ public class Client
|
||||
/** Our public key. */
|
||||
protected PublicKey _publicKey;
|
||||
|
||||
/** Our session secret key. */
|
||||
protected byte[] _secret;
|
||||
|
||||
/** If we require a secure connection to send our credentials. */
|
||||
protected boolean _requireSecureAuth = false;
|
||||
|
||||
|
||||
@@ -87,6 +87,12 @@ public class AESAuthRequest extends AuthRequest
|
||||
return _clearCreds;
|
||||
}
|
||||
|
||||
@Override // documentation inherited
|
||||
public byte[] getSecret ()
|
||||
{
|
||||
return _key;
|
||||
}
|
||||
|
||||
@Override // documentation inherited
|
||||
public String toString ()
|
||||
{
|
||||
|
||||
@@ -83,6 +83,14 @@ public class AuthRequest extends UpstreamMessage
|
||||
return _bootGroups;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a shared secret key used for sending encrypted data to the client.
|
||||
*/
|
||||
public byte[] getSecret ()
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString ()
|
||||
{
|
||||
|
||||
@@ -34,5 +34,6 @@ import com.threerings.presents.data.ClientObject;
|
||||
*/
|
||||
public class ClientLocal extends SimpleStreamableObject
|
||||
{
|
||||
// nothing to track at this level
|
||||
/** A shared secret key used for encrypting data. */
|
||||
public byte[] secret;
|
||||
}
|
||||
|
||||
@@ -390,6 +390,12 @@ public class ClientManager
|
||||
// immediately
|
||||
clobj.release();
|
||||
|
||||
// Grab the shared secret from the session and stick it into the client local
|
||||
PresentsSession session = getClient(username);
|
||||
if (session != null) {
|
||||
clobj.getLocal(ClientLocal.class).secret = session.getSecret();
|
||||
}
|
||||
|
||||
// stuff the object into the mapping table
|
||||
_objmap.put(username, clobj);
|
||||
|
||||
|
||||
@@ -126,6 +126,14 @@ public class PresentsSession
|
||||
return _areq.getTimeZone();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the shared secret for this session.
|
||||
*/
|
||||
public byte[] getSecret ()
|
||||
{
|
||||
return _areq.getSecret();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if this session has been disconnected for sufficiently long that it should be
|
||||
* forcibly ended.
|
||||
@@ -1197,6 +1205,7 @@ public class PresentsSession
|
||||
protected AuthRequest _areq;
|
||||
protected Object _authdata;
|
||||
protected Name _authname;
|
||||
protected byte[] _secret;
|
||||
protected PresentsConnection _conn;
|
||||
protected ClientObject _clobj;
|
||||
protected IntMap<ClientProxy> _subscrips = IntMaps.newHashIntMap();
|
||||
|
||||
Reference in New Issue
Block a user