Author: ieb Date: Fri Oct 11 08:30:07 2013 New Revision: 1531227 URL: http://svn.apache.org/r1531227 Log: SLING-3154 Add Topology Message Verification to the Discovery service.
metatype was missing, as was enforcing signature key expiry. Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java?rev=1531227&r1=1531226&r2=1531227&view=diff ============================================================================== --- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java (original) +++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java Fri Oct 11 08:30:07 2013 @@ -324,7 +324,7 @@ public class TopologyRequestValidator { */ private String createTrustHeader(String bodyHash) { try { - int keyNo = (int) (System.currentTimeMillis() / interval); + int keyNo = getCurrentKey(); return keyNo + "/" + hmac(keyNo, bodyHash); } catch (UnsupportedEncodingException e) { throw new RuntimeException(e.getMessage(), e); @@ -351,6 +351,8 @@ public class TopologyRequestValidator { return hmac(keyNo, bodyHash).equals(parts[1]); } catch (ArrayIndexOutOfBoundsException e) { return false; + } catch (IllegalArgumentException e) { + return false; } catch (InvalidKeyException e) { throw new RuntimeException(e.getMessage(), e); } catch (UnsupportedEncodingException e) { @@ -471,6 +473,9 @@ public class TopologyRequestValidator { * @throws UnsupportedEncodingException */ private Key getKey(int keyNo) throws UnsupportedEncodingException { + if(Math.abs(keyNo - getCurrentKey()) > 1 ) { + throw new IllegalArgumentException("Key has expired"); + } if (keys.containsKey(keyNo)) { return keys.get(keyNo); } @@ -481,6 +486,10 @@ public class TopologyRequestValidator { return key; } + private int getCurrentKey() { + return (int) (System.currentTimeMillis() / interval); + } + /** * dump olf keys. */ Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1531227&r1=1531226&r2=1531227&view=diff ============================================================================== --- sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties (original) +++ sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties Fri Oct 11 08:30:07 2013 @@ -53,4 +53,28 @@ discoveryResourcePath.description = Path leaderElectionRepositoryDescriptor.name = Repository Descriptor Name leaderElectionRepositoryDescriptor.description = Name of the repository descriptor to be taken \ into account for leader election: those instances have preference to become leader which have \ - the corresponding descriptor value of 'false'. \ No newline at end of file + the corresponding descriptor value of 'false'. + +hmacEnabled.name = Enable Hmac message signatures +hmacEnabled.description = If true, and the Shared Key is set to the same value on all members of the \ + topology, the messages will be validated using a HMAC of a digest of the body of the message. \ + The hmac and message digest are in the HTTP request and response headers. Both requests and responses \ + are signed. + +enableEncryption.name = Enable Message encryption +enableEncryption.description = If Message HMACs are enabled and there is a shared key set, setting this to \ + true will encrypt the body of the message using 128 bit AES encryption. Once encrypted you will not be able \ + debug the messages at the http level. + +sharedKey.name = Message shared key. +sharedKey.description = If message signing and encryption is used, this should be set to the same value \ + on all members of the same topology. If any member of the topology has a different key it will effectively \ + be excluded from the topology even if it attempts to send messages to other members of the topology. + +hmacSharedKeyTTL.name = Shared Key TTL +hmacSharedKeyTTL.description = Shared keys for message signatures are derived from the configured shared key. \ + Each derived key has a lifetime (TTL). Once that time has expired a new key is derived and used for hmac signatures. \ + This setting, sets the TTL in ms. Keys that are 2 lifetimes old are ignored. Set according to you level of paranoia, \ + but don't set to less than the greatest possible clock drift between members of the topology. The default is 4 hours. Setting \ + to a ridiculously low value will increase the turnover of keys. Generating a key takes about 2ms. There is no risk of \ + memory consumption with low values, only a risk of the topology falling apart due to incorrectly set clocks. \ No newline at end of file