User: starksm
Date: 02/03/14 11:11:57
Modified: src/main/org/jboss/security/srp SRPRemoteServer.java
SRPServerInterface.java SRPService.java
Added: src/main/org/jboss/security/srp SRPServerListener.java
Log:
Add a session close method and initialize a random cipher initialization
vector at the start of a new session
Revision Changes Path
1.5 +28 -6 jbosssx/src/main/org/jboss/security/srp/SRPRemoteServer.java
Index: SRPRemoteServer.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPRemoteServer.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SRPRemoteServer.java 8 Mar 2002 05:32:16 -0000 1.4
+++ SRPRemoteServer.java 14 Mar 2002 19:11:57 -0000 1.5
@@ -12,10 +12,12 @@
import java.rmi.server.RMIServerSocketFactory;
import java.rmi.server.UnicastRemoteObject;
import java.security.KeyException;
+import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
+import javax.crypto.Cipher;
import org.jboss.logging.Logger;
import org.jboss.security.Util;
@@ -25,7 +27,7 @@
/** An implementation of the RMI SRPRemoteServerInterface interface.
@author [EMAIL PROTECTED]
-@version $Revision: 1.4 $
+@version $Revision: 1.5 $
*/
public class SRPRemoteServer extends UnicastRemoteObject implements
SRPRemoteServerInterface
{
@@ -46,11 +48,6 @@
* @label created by getSRPParameters()*/
/*#SRPServerSession lnkSRPServerSession;*/
- public interface SRPServerListener
- {
- public void verifiedUser(String username, SRPServerSession session);
- }
-
public SRPRemoteServer(SRPVerifierStore verifierStore) throws RemoteException
{
setVerifierStore(verifierStore);
@@ -108,6 +105,15 @@
byte[] hg = Util.newDigest().digest(params.g);
log.trace("H(g): "+Util.tob64(hg));
}
+ // Initialize the cipher IV
+ if( params.cipherAlgorithm != null )
+ {
+ Cipher cipher = Cipher.getInstance(params.cipherAlgorithm);
+ int size = cipher.getBlockSize();
+ params.cipherIV = new byte[size];
+ Util.nextBytes(params.cipherIV);
+ }
+
// Create an SRP session
SRPServerSession session = new SRPServerSession(username, info.verifier,
params);
@@ -121,6 +127,10 @@
{
throw e;
}
+ catch(GeneralSecurityException e)
+ {
+ throw new RemoteException("Failed to init cipherIV", e);
+ }
catch(Throwable t)
{
log.error("Unexpected exception in getSRPParameters", t);
@@ -154,6 +164,18 @@
if( listener != null )
listener.verifiedUser(username, session);
return session.getServerResponse();
+ }
+
+ /** Close the SRP session for the given username.
+ */
+ public void close(String username) throws SecurityException, RemoteException
+ {
+ log.trace("close, "+username);
+ SRPServerSession session = (SRPServerSession) sessionMap.remove(username);
+ if( session == null )
+ throw new SecurityException("Failed to find active session for
username: "+username);
+ if( listener != null )
+ listener.closedUserSession(username);
}
}
1.5 +10 -3 jbosssx/src/main/org/jboss/security/srp/SRPServerInterface.java
Index: SRPServerInterface.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPServerInterface.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SRPServerInterface.java 8 Mar 2002 05:32:16 -0000 1.4
+++ SRPServerInterface.java 14 Mar 2002 19:11:57 -0000 1.5
@@ -20,7 +20,7 @@
@see org.jboss.security.srp.SRPRemoteServerInterface
@author [EMAIL PROTECTED]
-@version $Revision: 1.4 $
+@version $Revision: 1.5 $
*/
public interface SRPServerInterface
{
@@ -28,7 +28,8 @@
*/
public SRPParameters getSRPParameters(String username) throws KeyException,
RemoteException;
- /** Initiate the SRP algorithm. The client sends their username and
+ /** Initiate the SRP algorithm. The client sends their username and the
+ public key A to begin the SRP handshake.
@param username, the user ID by which the client is known.
@param A, the client public key = (g ^ a) % N
@return byte[], ephemeral server public key B = (v + g ^ b) % N
@@ -38,7 +39,9 @@
public byte[] init(String username, byte[] A) throws SecurityException,
NoSuchAlgorithmException, RemoteException;
- /** Initiate the SRP algorithm. The client sends their username and
+ /** Verify the session key hash. The client sends their username and M1
+ hash to validate completion of the SRP handshake.
+
@param username, the user ID by which the client is known. This is repeated to
simplify
the server session management.
@param M1, the client hash of the session key; M1 = H(H(N) xor H(g) | H(U) | A
| B | K)
@@ -47,4 +50,8 @@
@throws RemoteException, thrown by remote implementations
*/
public byte[] verify(String username, byte[] M1) throws SecurityException,
RemoteException;
+
+ /** Close the SRP session for the given username.
+ */
+ public void close(String username) throws SecurityException, RemoteException;
}
1.9 +22 -2 jbosssx/src/main/org/jboss/security/srp/SRPService.java
Index: SRPService.java
===================================================================
RCS file: /cvsroot/jboss/jbosssx/src/main/org/jboss/security/srp/SRPService.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- SRPService.java 12 Mar 2002 01:41:49 -0000 1.8
+++ SRPService.java 14 Mar 2002 19:11:57 -0000 1.9
@@ -17,7 +17,7 @@
import org.jboss.naming.NonSerializableFactory;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.srp.SRPRemoteServer;
-import org.jboss.security.srp.SRPRemoteServer.SRPServerListener;
+import org.jboss.security.srp.SRPServerListener;
import org.jboss.security.srp.SRPServerInterface;
import org.jboss.security.srp.SRPServerSession;
import org.jboss.security.srp.SRPVerifierStore;
@@ -29,7 +29,7 @@
system described in RFC2945.
@author [EMAIL PROTECTED]
- @version $Revision: 1.8 $
+ @version $Revision: 1.9 $
*/
public class SRPService extends ServiceMBeanSupport
implements SRPServiceMBean, SRPServerListener
@@ -199,6 +199,26 @@
{
log.debug("Ignoring SRP session due to existing session for
username="+username);
}
+ }
+ }
+ catch(Exception e)
+ {
+ log.error("Failed to update SRP cache for username="+username, e);
+ }
+ }
+ public void closedUserSession(String username)
+ {
+ try
+ {
+ SimplePrincipal principal = new SimplePrincipal(username);
+ synchronized( cachePolicy )
+ {
+ // We only insert a principal if there is no current entry.
+ if( cachePolicy.peek(principal) == null )
+ {
+ log.warn("No SRP session found for username="+username);
+ }
+ cachePolicy.remove(principal);
}
}
catch(Exception e)
1.1 jbosssx/src/main/org/jboss/security/srp/SRPServerListener.java
Index: SRPServerListener.java
===================================================================
package org.jboss.security.srp;
/** A callback interface for SRP session events.
@author [EMAIL PROTECTED]
@version $Revision: 1.1 $
*/
public interface SRPServerListener
{
public void verifiedUser(String username, SRPServerSession session);
public void closedUserSession(String username);
}
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
