From 2ff000976785228e92441e25fd168cdaa73e5c57 Mon Sep 17 00:00:00 2001 From: Daniel Collin Date: Mon, 12 Oct 2015 07:26:16 +0000 Subject: [PATCH] stability fixes for Session.java --- src/com/coder/client/Session.java | 187 ++++++++++++++---------------- 1 file changed, 84 insertions(+), 103 deletions(-) diff --git a/src/com/coder/client/Session.java b/src/com/coder/client/Session.java index 393e473..079fe7f 100644 --- a/src/com/coder/client/Session.java +++ b/src/com/coder/client/Session.java @@ -1,21 +1,28 @@ package com.coder.client; +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; import java.io.IOException; import java.lang.reflect.Field; import java.net.Socket; import java.net.UnknownHostException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.spec.InvalidKeySpecException; import java.util.HashSet; import java.util.logging.Level; import java.util.logging.Logger; +import javax.crypto.NoSuchPaddingException; + +import zutil.Encrypter; +import zutil.Hasher; import zutil.log.LogUtil; import zutil.parser.json.JSONObjectInputStream; import zutil.parser.json.JSONObjectOutputStream; -import com.coder.server.message.AuthenticationChallengeMsg; import com.coder.server.message.AuthenticationReqMsg; import com.coder.server.message.AuthenticationRspMsg; -import com.coder.server.message.AuthenticationSuccessMsg; import com.coder.server.message.CoderMessage; public class Session extends Thread { @@ -72,7 +79,7 @@ public class Session extends Thread { while(true){ CoderMessage msg; try { - msg = readMsg(); + msg = in.readGenericObject(); } catch (IOException e) { close(); return; @@ -109,8 +116,7 @@ public class Session extends Thread { return new String[]{}; } - public boolean authenticate(String username, String clearTextPassword) { - + public boolean authenticate(String username, String clearTextPassword) { logger.info("Authenticating session"); if(socket == null){ @@ -118,108 +124,83 @@ public class Session extends Thread { return false; } - ///////////// CLEARTEXT CONNECTION ////////////////////// - - // We dont create any buffers here as these streams might be replaced by encrypted ones - try { + if(authenticated){ + logger.info("this session is already athenticated and cannot be reauthenticated."); + return true; + } + + try{ + + ///////////// CLEARTEXT CONNECTION ////////////////////// + + // We dont create any buffers here as these streams might be replaced by encrypted ones in = new JSONObjectInputStream(socket.getInputStream()); - } catch (IOException e) { - logger.log(Level.SEVERE, null, e); - close(); - return false; - } - in.registerRootClass(CoderMessage.class); - in.registerClass("AuthenticationChallenge", AuthenticationChallengeMsg.class); - in.registerClass("AuthenticationSuccess", AuthenticationSuccessMsg.class); - try { + in.registerRootClass(CoderMessage.class); out = new JSONObjectOutputStream(socket.getOutputStream()); - } catch (IOException e) { - logger.log(Level.SEVERE, null, e); - close(); - return false; - } - out.enableMetaData(false); - - //Send AuthenticationReq - CoderMessage authReq = new CoderMessage(); - authReq.AuthenticationReq = new AuthenticationReqMsg(); - authReq.AuthenticationReq.username = username; - logger.info("Sending AuthenticationReq"); - try { + out.enableMetaData(false); + + //Send AuthenticationReq + CoderMessage authReq = new CoderMessage(); + authReq.AuthenticationReq = new AuthenticationReqMsg(); + authReq.AuthenticationReq.username = username; + logger.info("Sending AuthenticationReq"); send(authReq); - } catch (IOException e) { - logger.log(Level.SEVERE, null, e); - close(); - return false; - } - - //Receive AuthenticationChallenge - logger.info("Waiting for AuthenticationChallenge"); - CoderMessage msg; - try { - msg = readMsg(); - } catch (IOException e) { - logger.log(Level.SEVERE, null, e); - close(); - return false; - } - if(msg == null || msg.AuthenticationChallenge == null){ - logger.severe("Expected message AuthenticationChallenge"); - close(); - return false; - } - logger.log(Level.INFO, "Received AuthenticationChallenge"); - - // Setting up encryption - logger.info("Setting up encryption"); - /* - String hashedPassword = Hasher.PBKDF2(clearTextPassword, "BYTESUT", AUTH_HASH_ITERATIONS); - String key = Hasher.PBKDF2(hashedPassword, msg.AuthenticationChallenge.salt, AUTH_HASH_ITERATIONS); - Encrypter crypto = new Encrypter(key, Encrypter.AES_ALGO); - in = new JSONObjectInputStream(new BufferedInputStream(crypto.decrypt(socket.getInputStream()))); - in.registerRootClass(CoderMessage.class); - out = new JSONObjectOutputStream(new BufferedOutputStream(crypto.encrypt(socket.getOutputStream()))); - out.enableMetaData(false); - */ - - ///////////// ENCRYPTED CONNECTION ////////////////////// - - //Send AuthenticationRsp - CoderMessage authRsp = new CoderMessage(); - authRsp.AuthenticationRsp = new AuthenticationRspMsg(); - authRsp.AuthenticationRsp.timestamp = System.currentTimeMillis(); - logger.info("Sending AuthenticationRsp"); - try { - send(authRsp); - } catch (IOException e) { - logger.log(Level.SEVERE, null, e); - close(); - return false; - } - - logger.info("Waiting for AuthenticationSuccess"); - try { - msg = readMsg(); - } catch (IOException e) { - logger.log(Level.SEVERE, null, e); - close(); - return false; - } - if(msg == null || msg.AuthenticationSuccess == null){ - logger.severe("Authentication failure"); - close(); - return false; - } - logger.info("Received AuthenticationSuccess"); - - logger.info("Session authenticated"); - - this.authenticated = true; - return true; - } - private CoderMessage readMsg() throws IOException { - return (CoderMessage) in.readObject(); + //Receive AuthenticationChallenge + logger.info("Waiting for AuthenticationChallenge"); + CoderMessage msg; + msg = in.readGenericObject(); + if(msg == null || msg.AuthenticationChallenge == null){ + logger.severe("Expected message AuthenticationChallenge"); + close(); + return false; + } + logger.log(Level.INFO, "Received AuthenticationChallenge"); + + // Setting up encryption + logger.info("Setting up encryption"); + String hashedPassword = Hasher.PBKDF2(clearTextPassword, username, AUTH_HASH_ITERATIONS); + String key = Hasher.PBKDF2(hashedPassword, msg.AuthenticationChallenge.salt, AUTH_HASH_ITERATIONS); + Encrypter crypto; + try { + crypto = new Encrypter(key, Encrypter.Algorithm.AES); + } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeySpecException e) { + logger.log(Level.SEVERE, null, e); + close(); + return false; + } + in = new JSONObjectInputStream(new BufferedInputStream(crypto.decrypt(socket.getInputStream()))); + in.registerRootClass(CoderMessage.class); + out = new JSONObjectOutputStream(new BufferedOutputStream(crypto.encrypt(socket.getOutputStream()))); + out.enableMetaData(false); + + ///////////// ENCRYPTED CONNECTION ////////////////////// + + //Send AuthenticationRsp + CoderMessage authRsp = new CoderMessage(); + authRsp.AuthenticationRsp = new AuthenticationRspMsg(); + authRsp.AuthenticationRsp.timestamp = System.currentTimeMillis(); + logger.info("Sending AuthenticationRsp"); + send(authRsp); + + logger.info("Waiting for AuthenticationSuccess"); + msg = in.readGenericObject(); + if(msg == null || msg.AuthenticationSuccess == null){ + logger.severe("Authentication failure"); + close(); + return false; + } + logger.info("Received AuthenticationSuccess"); + + logger.info("Session authenticated"); + + this.authenticated = true; + return true; + }catch(IOException e){ + logger.log(Level.SEVERE, null, e); + close(); + return false; + } } private void handleMessage(CoderMessage msg){