Wip
This commit is contained in:
Claude Brisson
@@ -16,7 +16,6 @@
|
||||
<description>PairGoth pairing system</description>
|
||||
<url>TODO</url>
|
||||
<properties>
|
||||
<pac4j.version>5.7.1</pac4j.version>
|
||||
</properties>
|
||||
<build>
|
||||
<defaultGoal>package</defaultGoal>
|
||||
@@ -166,9 +165,9 @@
|
||||
</dependency>
|
||||
<!-- auth -->
|
||||
<dependency>
|
||||
<groupId>org.pac4j</groupId>
|
||||
<artifactId>pac4j-oauth</artifactId>
|
||||
<version>${pac4j.version}</version>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<version>1.16.1</version>
|
||||
</dependency>
|
||||
<!-- logging -->
|
||||
<dependency>
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
package org.jeudego.pairgoth.api
|
||||
|
||||
import com.republicate.kson.Json
|
||||
import org.jeudego.pairgoth.util.AESCryptograph
|
||||
import org.jeudego.pairgoth.util.Cryptograph
|
||||
import javax.servlet.http.HttpServletRequest
|
||||
import javax.servlet.http.HttpServletResponse
|
||||
import javax.servlet.http.HttpSession
|
||||
@@ -9,11 +11,14 @@ class TokenHandler: ApiHandler {
|
||||
companion object {
|
||||
const val AUTH_KEY = "pairgoth-auth"
|
||||
const val CHALLENGE_KEY = "pairgoth-challenge"
|
||||
private val cryptograph: Cryptograph = AESCryptograph().apply {
|
||||
init("78659783ed8ccc0e")
|
||||
}
|
||||
}
|
||||
override fun get(request: HttpServletRequest, response: HttpServletResponse): Json? {
|
||||
val auth = request.session.getAttribute(AUTH_KEY) as String?
|
||||
if (auth == null) {
|
||||
failed(request.session, response)
|
||||
failed(request, response)
|
||||
return null
|
||||
} else {
|
||||
return Json.Object(
|
||||
@@ -25,19 +30,26 @@ class TokenHandler: ApiHandler {
|
||||
override fun post(request: HttpServletRequest, response: HttpServletResponse): Json {
|
||||
val auth = getObjectPayload(request)
|
||||
val answer = auth.getString("answer")
|
||||
if (answer == null) {
|
||||
failed(request.session, response)
|
||||
val challenge = request.session.getAttribute(CHALLENGE_KEY) as AuthChallenge?
|
||||
if (answer == null || challenge == null) {
|
||||
failed(request, response)
|
||||
} else {
|
||||
|
||||
|
||||
val parts = cryptograph.webDecrypt(answer).split(":")
|
||||
if (parts.size != 2)
|
||||
}
|
||||
}
|
||||
|
||||
private fun failed(session: HttpSession, response: HttpServletResponse) {
|
||||
override fun delete(request: HttpServletRequest, response: HttpServletResponse): Json {
|
||||
request.session.removeAttribute(AUTH_KEY)
|
||||
return Json.Object("success" to true)
|
||||
}
|
||||
|
||||
private fun failed(request: HttpServletRequest, response: HttpServletResponse) {
|
||||
val session = request.session
|
||||
val challenge = AuthChallenge()
|
||||
session.setAttribute(CHALLENGE_KEY, challenge)
|
||||
response.addHeader("WWW-Authenticate", challenge.value)
|
||||
response.status = HttpServletResponse.SC_UNAUTHORIZED
|
||||
response.writer.println(Json.Object("status" to "failed"))
|
||||
response.writer.println(Json.Object("status" to "failed", "message" to "unauthorized"))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,57 +0,0 @@
|
||||
package org.jeudego.pairgoth.server
|
||||
|
||||
import java.nio.charset.Charset
|
||||
import javax.crypto.Cipher
|
||||
import javax.crypto.Cipher.DECRYPT_MODE
|
||||
import javax.crypto.Cipher.ENCRYPT_MODE
|
||||
import javax.crypto.SecretKey
|
||||
import javax.crypto.spec.SecretKeySpec
|
||||
|
||||
|
||||
/**
|
||||
* Basic AES encryption. Please note that it uses the ECB block mode, which has the advantage
|
||||
* to not require random bytes, thus providing some *persistence* for the encrypted data, but
|
||||
* at the expense of some security weaknesses. The purpose here is just to encrypt temporary
|
||||
* session ids in URLs, not to protect state secrets.
|
||||
*/
|
||||
class AESCryptograph : Cryptograph {
|
||||
|
||||
override fun init(key: String) {
|
||||
val bytes = key.toByteArray(Charset.defaultCharset())
|
||||
if (bytes.size < 16) {
|
||||
throw Error("not enough secret bytes")
|
||||
}
|
||||
val secret: SecretKey = SecretKeySpec(bytes, 0, 16, ALGORITHM)
|
||||
try {
|
||||
encrypt.init(ENCRYPT_MODE, secret)
|
||||
decrypt.init(DECRYPT_MODE, secret)
|
||||
} catch (e: Exception) {
|
||||
throw RuntimeException("cyptograph initialization failed", e)
|
||||
}
|
||||
}
|
||||
|
||||
override fun encrypt(str: String): ByteArray {
|
||||
return try {
|
||||
encrypt.doFinal(str.toByteArray(Charset.defaultCharset()))
|
||||
} catch (e: Exception) {
|
||||
throw RuntimeException("encryption failed failed", e)
|
||||
}
|
||||
}
|
||||
|
||||
override fun decrypt(bytes: ByteArray): String {
|
||||
return try {
|
||||
String(decrypt.doFinal(bytes), Charset.defaultCharset())
|
||||
} catch (e: Exception) {
|
||||
throw RuntimeException("encryption failed failed", e)
|
||||
}
|
||||
}
|
||||
|
||||
private var encrypt = Cipher.getInstance(CIPHER)
|
||||
private var decrypt = Cipher.getInstance(CIPHER)
|
||||
|
||||
companion object {
|
||||
private val CIPHER = "AES/ECB/PKCS5Padding"
|
||||
private val ALGORITHM = "AES"
|
||||
|
||||
}
|
||||
}
|
||||
@@ -1,29 +0,0 @@
|
||||
package org.jeudego.pairgoth.server
|
||||
|
||||
import java.io.Serializable
|
||||
|
||||
/**
|
||||
* Cryptograph - used to encrypt and decrypt strings.
|
||||
*
|
||||
*/
|
||||
interface Cryptograph : Serializable {
|
||||
/**
|
||||
* init.
|
||||
* @param random random string
|
||||
*/
|
||||
fun init(random: String)
|
||||
|
||||
/**
|
||||
* encrypt.
|
||||
* @param str string to encrypt
|
||||
* @return encrypted string
|
||||
*/
|
||||
fun encrypt(str: String): ByteArray
|
||||
|
||||
/**
|
||||
* decrypt.
|
||||
* @param bytes to decrypt
|
||||
* @return decrypted string
|
||||
*/
|
||||
fun decrypt(bytes: ByteArray): String
|
||||
}
|
||||
Reference in New Issue
Block a user