You can now specify a client must require a secure channel to authenticate. If this is set,
{Client.setRequireSecureAuth} then if the client fails to create a secure channel with the server,
an auth request with no credentials will be sent. The supplied Authenticator will need to handle
this situation to send the appropriate response back to the client (ie: tell it to download the
latest version).
git-svn-id: svn+ssh://src.earth.threerings.net/narya/trunk@6480 542714f4-19e9-0310-aa3c-eee0fc999fb1
This commit is contained in:
@@ -635,9 +635,10 @@ public class BlockingCommunicator extends Communicator
|
|||||||
response = (AuthResponse)receiveMessage();
|
response = (AuthResponse)receiveMessage();
|
||||||
// If we've recieved a secure response, proceed with authentication
|
// If we've recieved a secure response, proceed with authentication
|
||||||
if (response instanceof SecureResponse) {
|
if (response instanceof SecureResponse) {
|
||||||
sendMessage(((SecureResponse)response).createAuthRequest(
|
sendMessage(AESAuthRequest.createAuthRequest(
|
||||||
pkcreds, _client.getCredentials(),
|
_client.getCredentials(), _client.getVersion(),
|
||||||
_client.getVersion(), _client.getBootGroups()));
|
_client.getBootGroups(), _client.requireSecureAuth(),
|
||||||
|
pkcreds, (SecureResponse)response));
|
||||||
|
|
||||||
// now wait for the auth response
|
// now wait for the auth response
|
||||||
log.debug("Waiting for auth response.");
|
log.debug("Waiting for auth response.");
|
||||||
@@ -646,8 +647,10 @@ public class BlockingCommunicator extends Communicator
|
|||||||
|
|
||||||
} else {
|
} else {
|
||||||
// construct an auth request and send it
|
// construct an auth request and send it
|
||||||
sendMessage(new AuthRequest(
|
sendMessage(AESAuthRequest.createAuthRequest(
|
||||||
_client.getCredentials(), _client.getVersion(), _client.getBootGroups()));
|
_client.getCredentials(), _client.getVersion(),
|
||||||
|
_client.getBootGroups(), _client.requireSecureAuth()));
|
||||||
|
|
||||||
|
|
||||||
// now wait for the auth response
|
// now wait for the auth response
|
||||||
log.debug("Waiting for auth response.");
|
log.debug("Waiting for auth response.");
|
||||||
|
|||||||
@@ -238,6 +238,22 @@ public class Client
|
|||||||
return key == null ? false : setPublicKey(SecureUtil.stringToRSAPublicKey(key));
|
return key == null ? false : setPublicKey(SecureUtil.stringToRSAPublicKey(key));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets if we require a secure authentication.
|
||||||
|
*/
|
||||||
|
public void setRequireSecureAuth (boolean requireSecureAuth)
|
||||||
|
{
|
||||||
|
_requireSecureAuth = requireSecureAuth;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if we require secure authentication.
|
||||||
|
*/
|
||||||
|
public boolean requireSecureAuth ()
|
||||||
|
{
|
||||||
|
return _requireSecureAuth;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the version string configured for this client.
|
* Returns the version string configured for this client.
|
||||||
*/
|
*/
|
||||||
@@ -1029,6 +1045,9 @@ public class Client
|
|||||||
/** Our public key. */
|
/** Our public key. */
|
||||||
protected PublicKey _publicKey;
|
protected PublicKey _publicKey;
|
||||||
|
|
||||||
|
/** If we require a secure connection to send our credentials. */
|
||||||
|
protected boolean _requireSecureAuth = false;
|
||||||
|
|
||||||
/** The unique id of our connection. */
|
/** The unique id of our connection. */
|
||||||
protected int _connectionId = -1;
|
protected int _connectionId = -1;
|
||||||
|
|
||||||
|
|||||||
@@ -40,6 +40,29 @@ import com.threerings.presents.util.SecureUtil;
|
|||||||
*/
|
*/
|
||||||
public class AESAuthRequest extends AuthRequest
|
public class AESAuthRequest extends AuthRequest
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* Creates an auth request, secured if able, unsecured if not.
|
||||||
|
*/
|
||||||
|
public static AuthRequest createAuthRequest (
|
||||||
|
Credentials creds, String version, String[] bootGroups, boolean requireSecureAuth)
|
||||||
|
{
|
||||||
|
return createAuthRequest(creds, version, bootGroups, requireSecureAuth, null, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates an auth request, secured if able, unsecured if not.
|
||||||
|
*/
|
||||||
|
public static AuthRequest createAuthRequest (
|
||||||
|
Credentials creds, String version, String[] bootGroups, boolean requireSecureAuth,
|
||||||
|
PublicKeyCredentials pkcreds, SecureResponse resp)
|
||||||
|
{
|
||||||
|
byte[] secret = resp == null ? null : resp.getCodeBytes(pkcreds);
|
||||||
|
if (pkcreds == null || secret == null) {
|
||||||
|
return new AuthRequest(requireSecureAuth ? null : creds, version, bootGroups);
|
||||||
|
}
|
||||||
|
return new AESAuthRequest(secret, creds, version, bootGroups);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Zero argument constructor used when unserializing an instance.
|
* Zero argument constructor used when unserializing an instance.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -70,15 +70,11 @@ public class SecureResponse extends AuthResponse
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a request based on the secure response.
|
* Returns the code bytes or null for a failed state.
|
||||||
*/
|
*/
|
||||||
public AuthRequest createAuthRequest (
|
public byte[] getCodeBytes (PublicKeyCredentials pkcreds)
|
||||||
PublicKeyCredentials pkcreds, Credentials creds, String version, String[] bootGroups)
|
|
||||||
{
|
{
|
||||||
if (_data.code.equals(FAILED_TO_SECURE)) {
|
return pkcreds == null || _data.code == null || _data.code.equals(FAILED_TO_SECURE) ?
|
||||||
return new AuthRequest(creds, version, bootGroups);
|
null : SecureUtil.xorBytes(StringUtil.unhexlate(_data.code), pkcreds.getSecret());
|
||||||
}
|
|
||||||
byte[] secret = SecureUtil.xorBytes(StringUtil.unhexlate(_data.code), pkcreds.getSecret());
|
|
||||||
return new AESAuthRequest(secret, creds, version, bootGroups);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -252,7 +252,7 @@ public class SecureUtil
|
|||||||
}
|
}
|
||||||
return secret;
|
return secret;
|
||||||
} catch (GeneralSecurityException gse) {
|
} catch (GeneralSecurityException gse) {
|
||||||
log.warning("Failed to dencrypt bytes", gse);
|
log.warning("Failed to decrypt bytes", gse);
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user