Repository: incubator-guacamole-client Updated Branches: refs/heads/master 16b0c6441 -> 868af6a81
GUACAMOLE-5: Add randomly-generated connection sharing keys. Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/e1f4e657 Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/e1f4e657 Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/e1f4e657 Branch: refs/heads/master Commit: e1f4e6574e89bacb9adac60036676939fc18e779 Parents: 16b0c64 Author: Michael Jumper <[email protected]> Authored: Wed Jul 20 13:33:51 2016 -0700 Committer: Michael Jumper <[email protected]> Committed: Wed Jul 20 13:35:24 2016 -0700 ---------------------------------------------------------------------- .../jdbc/JDBCAuthenticationProviderModule.java | 4 ++ .../sharing/SecureRandomShareKeyGenerator.java | 45 ++++++++++++++++++++ .../auth/jdbc/sharing/ShareKeyGenerator.java | 39 +++++++++++++++++ 3 files changed, 88 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/e1f4e657/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java index 71d784a..e7f0a2a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java @@ -19,6 +19,7 @@ package org.apache.guacamole.auth.jdbc; +import com.google.inject.Scopes; import org.apache.guacamole.auth.jdbc.user.UserContext; import org.apache.guacamole.auth.jdbc.connectiongroup.RootConnectionGroup; import org.apache.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup; @@ -62,6 +63,8 @@ import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper; import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper; import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionService; import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionSet; +import org.apache.guacamole.auth.jdbc.sharing.SecureRandomShareKeyGenerator; +import org.apache.guacamole.auth.jdbc.sharing.ShareKeyGenerator; import org.apache.guacamole.auth.jdbc.sharingprofile.ModeledSharingProfile; import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory; import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper; @@ -167,6 +170,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule { bind(GuacamoleTunnelService.class).to(RestrictedGuacamoleTunnelService.class); bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class); bind(SaltService.class).to(SecureRandomSaltService.class); + bind(ShareKeyGenerator.class).to(SecureRandomShareKeyGenerator.class).in(Scopes.SINGLETON); bind(SharingProfilePermissionService.class); bind(SharingProfileService.class); bind(SystemPermissionService.class); http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/e1f4e657/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SecureRandomShareKeyGenerator.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SecureRandomShareKeyGenerator.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SecureRandomShareKeyGenerator.java new file mode 100644 index 0000000..7cc1823 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SecureRandomShareKeyGenerator.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.sharing; + +import java.security.SecureRandom; +import javax.xml.bind.DatatypeConverter; + +/** + * An implementation of the ShareKeyGenerator which uses SecureRandom to + * generate cryptographically-secure random sharing keys. + * + * @author Michael Jumper + */ +public class SecureRandomShareKeyGenerator implements ShareKeyGenerator { + + /** + * Instance of SecureRandom for generating sharing keys. + */ + private final SecureRandom secureRandom = new SecureRandom(); + + @Override + public String getShareKey() { + byte[] bytes = new byte[33]; + secureRandom.nextBytes(bytes); + return DatatypeConverter.printBase64Binary(bytes); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/e1f4e657/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ShareKeyGenerator.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ShareKeyGenerator.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ShareKeyGenerator.java new file mode 100644 index 0000000..1cf97e1 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ShareKeyGenerator.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.sharing; + +/** + * Produces unique keys that can be safely used for the automatically-generated + * "sharing credentials" associated with a shared connection. + * + * @author Michael Jumper + */ +public interface ShareKeyGenerator { + + /** + * Returns a new share key, guaranteed to be unique from all previously- + * returned share keys. + * + * @return + * The new share key. + */ + public String getShareKey(); + +}
