certs impl
This commit is contained in:
parent
1a67ec773d
commit
6bf1551028
45 changed files with 810 additions and 311 deletions
|
@ -45,6 +45,7 @@ import org.springframework.stereotype.Service;
|
||||||
import org.springframework.util.CollectionUtils;
|
import org.springframework.util.CollectionUtils;
|
||||||
import org.springframework.util.ResourceUtils;
|
import org.springframework.util.ResourceUtils;
|
||||||
|
|
||||||
|
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||||
import ch.ethz.seb.sebserver.gbl.client.ClientCredentialService;
|
import ch.ethz.seb.sebserver.gbl.client.ClientCredentialService;
|
||||||
import ch.ethz.seb.sebserver.gbl.client.ProxyData;
|
import ch.ethz.seb.sebserver.gbl.client.ProxyData;
|
||||||
import ch.ethz.seb.sebserver.gbl.profile.GuiProfile;
|
import ch.ethz.seb.sebserver.gbl.profile.GuiProfile;
|
||||||
|
@ -200,7 +201,7 @@ public class ClientHttpRequestFactoryService {
|
||||||
.loadTrustMaterial(trustStoreFile, password)
|
.loadTrustMaterial(trustStoreFile, password)
|
||||||
.setKeyStoreType(this.environment.getProperty(
|
.setKeyStoreType(this.environment.getProperty(
|
||||||
"server.ssl.key-store-type",
|
"server.ssl.key-store-type",
|
||||||
"pkcs12"))
|
Constants.PKCS_12))
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -218,9 +219,11 @@ public class ClientHttpRequestFactoryService {
|
||||||
.setSSLContext(sslContext)
|
.setSSLContext(sslContext)
|
||||||
.build();
|
.build();
|
||||||
final HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(client);
|
final HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(client);
|
||||||
|
|
||||||
factory.setConnectionRequestTimeout(this.connectionRequestTimeout);
|
factory.setConnectionRequestTimeout(this.connectionRequestTimeout);
|
||||||
factory.setConnectTimeout(this.connectTimeout);
|
factory.setConnectTimeout(this.connectTimeout);
|
||||||
factory.setReadTimeout(this.readTimeout);
|
factory.setReadTimeout(this.readTimeout);
|
||||||
|
|
||||||
return factory;
|
return factory;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -246,8 +249,10 @@ public class ClientHttpRequestFactoryService {
|
||||||
if (proxy.clientCredentials != null && StringUtils.isNotBlank(proxy.clientCredentials.clientId)) {
|
if (proxy.clientCredentials != null && StringUtils.isNotBlank(proxy.clientCredentials.clientId)) {
|
||||||
final CredentialsProvider credsProvider = new BasicCredentialsProvider();
|
final CredentialsProvider credsProvider = new BasicCredentialsProvider();
|
||||||
final String plainClientId = proxy.clientCredentials.clientIdAsString();
|
final String plainClientId = proxy.clientCredentials.clientIdAsString();
|
||||||
final String plainClientSecret = Utils.toString(this.clientCredentialService
|
final CharSequence secret = this.clientCredentialService
|
||||||
.getPlainClientSecret(proxy.clientCredentials));
|
.getPlainClientSecret(proxy.clientCredentials)
|
||||||
|
.getOrThrow();
|
||||||
|
final String plainClientSecret = Utils.toString(secret);
|
||||||
|
|
||||||
credsProvider.setCredentials(
|
credsProvider.setCredentials(
|
||||||
AuthScope.ANY,
|
AuthScope.ANY,
|
||||||
|
|
|
@ -130,6 +130,13 @@ public final class Constants {
|
||||||
public static final int GZIP_CM = 8;
|
public static final int GZIP_CM = 8;
|
||||||
|
|
||||||
public static final String SHA_256 = "SHA-256";
|
public static final String SHA_256 = "SHA-256";
|
||||||
|
public static final String X_509 = "X.509";
|
||||||
|
public static final String PKCS_12 = "pkcs12";
|
||||||
|
public static final String SHA_1 = "SHA-1";
|
||||||
|
public static final String AES = "AES";
|
||||||
|
public static final String AES_CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
|
||||||
|
public static final String HMAC_ALGORITHM = "HmacSHA256";
|
||||||
|
public static final String KEY_DERIVATION_ALGORITHM = "PBKDF2WithHmacSHA1";
|
||||||
|
|
||||||
public static final RGB WHITE_RGB = new RGB(255, 255, 255);
|
public static final RGB WHITE_RGB = new RGB(255, 255, 255);
|
||||||
public static final RGB BLACK_RGB = new RGB(0, 0, 0);
|
public static final RGB BLACK_RGB = new RGB(0, 0, 0);
|
||||||
|
|
|
@ -37,7 +37,7 @@ public interface ClientCredentialService {
|
||||||
* @param secretPlaintext the plain secret text
|
* @param secretPlaintext the plain secret text
|
||||||
* @param accessTokenPlaintext the plain accessToken text
|
* @param accessTokenPlaintext the plain accessToken text
|
||||||
* @return encrypted client credentials */
|
* @return encrypted client credentials */
|
||||||
ClientCredentials encryptClientCredentials(
|
Result<ClientCredentials> encryptClientCredentials(
|
||||||
CharSequence clientIdPlaintext,
|
CharSequence clientIdPlaintext,
|
||||||
CharSequence secretPlaintext,
|
CharSequence secretPlaintext,
|
||||||
CharSequence accessTokenPlaintext);
|
CharSequence accessTokenPlaintext);
|
||||||
|
@ -48,7 +48,7 @@ public interface ClientCredentialService {
|
||||||
* @param clientIdPlaintext the plain clientId text
|
* @param clientIdPlaintext the plain clientId text
|
||||||
* @param secretPlaintext the plain secret text
|
* @param secretPlaintext the plain secret text
|
||||||
* @return encrypted client credentials */
|
* @return encrypted client credentials */
|
||||||
default ClientCredentials encryptClientCredentials(
|
default Result<ClientCredentials> encryptClientCredentials(
|
||||||
final CharSequence clientIdPlaintext,
|
final CharSequence clientIdPlaintext,
|
||||||
final CharSequence secretPlaintext) {
|
final CharSequence secretPlaintext) {
|
||||||
|
|
||||||
|
@ -59,13 +59,13 @@ public interface ClientCredentialService {
|
||||||
*
|
*
|
||||||
* @param credentials ClientCredentials containing the secret to decrypt
|
* @param credentials ClientCredentials containing the secret to decrypt
|
||||||
* @return decrypted plain text secret */
|
* @return decrypted plain text secret */
|
||||||
CharSequence getPlainClientSecret(ClientCredentials credentials);
|
Result<CharSequence> getPlainClientSecret(ClientCredentials credentials);
|
||||||
|
|
||||||
/** Use this to get a decrypted plain text accessToken form given ClientCredentials
|
/** Use this to get a decrypted plain text accessToken form given ClientCredentials
|
||||||
*
|
*
|
||||||
* @param credentials ClientCredentials containing the accessToken to decrypt
|
* @param credentials ClientCredentials containing the accessToken to decrypt
|
||||||
* @return decrypted plain text accessToken */
|
* @return decrypted plain text accessToken */
|
||||||
CharSequence getPlainAccessToken(ClientCredentials credentials);
|
Result<CharSequence> getPlainAccessToken(ClientCredentials credentials);
|
||||||
|
|
||||||
/** Encrypts a given plain text that uses {@link org.springframework.security.crypto.encrypt.Encryptors#stronger}
|
/** Encrypts a given plain text that uses {@link org.springframework.security.crypto.encrypt.Encryptors#stronger}
|
||||||
* and a randomly generated salt that is added to the cipher text.
|
* and a randomly generated salt that is added to the cipher text.
|
||||||
|
@ -73,12 +73,12 @@ public interface ClientCredentialService {
|
||||||
*
|
*
|
||||||
* @param text the plain text to encrypt
|
* @param text the plain text to encrypt
|
||||||
* @return encrypted cipher text with additional salt */
|
* @return encrypted cipher text with additional salt */
|
||||||
CharSequence encrypt(final CharSequence text);
|
Result<CharSequence> encrypt(final CharSequence text);
|
||||||
|
|
||||||
/** Decrypt a given cipher that was encrypted with the method used by this services encrypt method.
|
/** Decrypt a given cipher that was encrypted with the method used by this services encrypt method.
|
||||||
*
|
*
|
||||||
* @param cipher the cipher text with additional salt
|
* @param cipher the cipher text with additional salt
|
||||||
* @return plain text decrypt from the given cipher */
|
* @return plain text decrypt from the given cipher */
|
||||||
CharSequence decrypt(final CharSequence cipher);
|
Result<CharSequence> decrypt(final CharSequence cipher);
|
||||||
|
|
||||||
}
|
}
|
|
@ -13,8 +13,6 @@ import java.security.SecureRandom;
|
||||||
|
|
||||||
import org.apache.commons.lang3.RandomStringUtils;
|
import org.apache.commons.lang3.RandomStringUtils;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
import org.springframework.context.annotation.Lazy;
|
import org.springframework.context.annotation.Lazy;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
|
@ -25,8 +23,6 @@ import ch.ethz.seb.sebserver.gbl.util.Result;
|
||||||
@Service
|
@Service
|
||||||
public class ClientCredentialServiceImpl implements ClientCredentialService {
|
public class ClientCredentialServiceImpl implements ClientCredentialService {
|
||||||
|
|
||||||
private static final Logger log = LoggerFactory.getLogger(ClientCredentialServiceImpl.class);
|
|
||||||
|
|
||||||
private final Cryptor cryptor;
|
private final Cryptor cryptor;
|
||||||
|
|
||||||
protected ClientCredentialServiceImpl(final Cryptor cryptor) {
|
protected ClientCredentialServiceImpl(final Cryptor cryptor) {
|
||||||
|
@ -35,38 +31,35 @@ public class ClientCredentialServiceImpl implements ClientCredentialService {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Result<ClientCredentials> generatedClientCredentials() {
|
public Result<ClientCredentials> generatedClientCredentials() {
|
||||||
return Result.tryCatch(() -> {
|
|
||||||
try {
|
|
||||||
|
|
||||||
return encryptClientCredentials(
|
return encryptClientCredentials(
|
||||||
generateClientId(),
|
generateClientId(),
|
||||||
generateClientSecret());
|
generateClientSecret());
|
||||||
|
|
||||||
} catch (final Exception e) {
|
|
||||||
log.error("Error while trying to generate client credentials: ", e);
|
|
||||||
throw new RuntimeException("cause: ", e);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public ClientCredentials encryptClientCredentials(
|
public Result<ClientCredentials> encryptClientCredentials(
|
||||||
final CharSequence clientIdPlaintext,
|
final CharSequence clientIdPlaintext,
|
||||||
final CharSequence secretPlaintext,
|
final CharSequence secretPlaintext,
|
||||||
final CharSequence accessTokenPlaintext) {
|
final CharSequence accessTokenPlaintext) {
|
||||||
|
|
||||||
|
return Result.tryCatch(() -> {
|
||||||
return new ClientCredentials(
|
return new ClientCredentials(
|
||||||
clientIdPlaintext,
|
clientIdPlaintext,
|
||||||
(StringUtils.isNoneBlank(secretPlaintext))
|
(StringUtils.isNoneBlank(secretPlaintext))
|
||||||
? this.cryptor.encrypt(secretPlaintext).toString()
|
? this.cryptor.encrypt(secretPlaintext)
|
||||||
|
.getOrThrow()
|
||||||
|
.toString()
|
||||||
: null,
|
: null,
|
||||||
(StringUtils.isNoneBlank(accessTokenPlaintext))
|
(StringUtils.isNoneBlank(accessTokenPlaintext))
|
||||||
? this.cryptor.encrypt(accessTokenPlaintext).toString()
|
? this.cryptor.encrypt(accessTokenPlaintext)
|
||||||
|
.getOrThrow()
|
||||||
|
.toString()
|
||||||
: null);
|
: null);
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CharSequence getPlainClientSecret(final ClientCredentials credentials) {
|
public Result<CharSequence> getPlainClientSecret(final ClientCredentials credentials) {
|
||||||
if (credentials == null || !credentials.hasSecret()) {
|
if (credentials == null || !credentials.hasSecret()) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -75,21 +68,21 @@ public class ClientCredentialServiceImpl implements ClientCredentialService {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CharSequence getPlainAccessToken(final ClientCredentials credentials) {
|
public Result<CharSequence> getPlainAccessToken(final ClientCredentials credentials) {
|
||||||
if (credentials == null || !credentials.hasAccessToken()) {
|
if (credentials == null || !credentials.hasAccessToken()) {
|
||||||
return null;
|
return Result.ofRuntimeError("No token available");
|
||||||
}
|
}
|
||||||
|
|
||||||
return this.cryptor.decrypt(credentials.accessToken);
|
return this.cryptor.decrypt(credentials.accessToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CharSequence encrypt(final CharSequence text) {
|
public Result<CharSequence> encrypt(final CharSequence text) {
|
||||||
return this.cryptor.encrypt(text);
|
return this.cryptor.encrypt(text);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CharSequence decrypt(final CharSequence text) {
|
public Result<CharSequence> decrypt(final CharSequence text) {
|
||||||
return this.cryptor.decrypt(text);
|
return this.cryptor.decrypt(text);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -104,7 +97,6 @@ public class ClientCredentialServiceImpl implements ClientCredentialService {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static CharSequence generateClientSecret() {
|
public static CharSequence generateClientSecret() {
|
||||||
// TODO find a better way to generate a random char array instead of using RandomStringUtils.random which uses a String
|
|
||||||
return RandomStringUtils.random(
|
return RandomStringUtils.random(
|
||||||
64, 0, possibleCharacters.length - 1, false, false,
|
64, 0, possibleCharacters.length - 1, false, false,
|
||||||
possibleCharacters, new SecureRandom());
|
possibleCharacters, new SecureRandom());
|
||||||
|
|
|
@ -47,6 +47,7 @@ public final class SEBClientConfig implements GrantEntity, Activatable {
|
||||||
public static final String ATTR_QUIT_PASSWORD = "hashedQuitPassword";
|
public static final String ATTR_QUIT_PASSWORD = "hashedQuitPassword";
|
||||||
public static final String ATTR_QUIT_PASSWORD_CONFIRM = "hashedQuitPasswordConfirm";
|
public static final String ATTR_QUIT_PASSWORD_CONFIRM = "hashedQuitPasswordConfirm";
|
||||||
public static final String ATTR_ENCRYPT_SECRET_CONFIRM = "confirm_encrypt_secret";
|
public static final String ATTR_ENCRYPT_SECRET_CONFIRM = "confirm_encrypt_secret";
|
||||||
|
public static final String ATTR_ENCRYPT_CERTIFICATE_ALIAS = "cert_alias";
|
||||||
|
|
||||||
public static final String FILTER_ATTR_CREATION_DATE = "creation_date";
|
public static final String FILTER_ATTR_CREATION_DATE = "creation_date";
|
||||||
|
|
||||||
|
@ -157,6 +158,9 @@ public final class SEBClientConfig implements GrantEntity, Activatable {
|
||||||
@JsonProperty(ATTR_ENCRYPT_SECRET_CONFIRM)
|
@JsonProperty(ATTR_ENCRYPT_SECRET_CONFIRM)
|
||||||
public final CharSequence encryptSecretConfirm;
|
public final CharSequence encryptSecretConfirm;
|
||||||
|
|
||||||
|
@JsonProperty(ATTR_ENCRYPT_CERTIFICATE_ALIAS)
|
||||||
|
public final String encryptCertificateAlias;
|
||||||
|
|
||||||
@JsonProperty(SEB_CLIENT_CONFIGURATION.ATTR_ACTIVE)
|
@JsonProperty(SEB_CLIENT_CONFIGURATION.ATTR_ACTIVE)
|
||||||
public final Boolean active;
|
public final Boolean active;
|
||||||
|
|
||||||
|
@ -185,6 +189,7 @@ public final class SEBClientConfig implements GrantEntity, Activatable {
|
||||||
@JsonProperty(SEB_CLIENT_CONFIGURATION.ATTR_DATE) final DateTime date,
|
@JsonProperty(SEB_CLIENT_CONFIGURATION.ATTR_DATE) final DateTime date,
|
||||||
@JsonProperty(SEB_CLIENT_CONFIGURATION.ATTR_ENCRYPT_SECRET) final CharSequence encryptSecret,
|
@JsonProperty(SEB_CLIENT_CONFIGURATION.ATTR_ENCRYPT_SECRET) final CharSequence encryptSecret,
|
||||||
@JsonProperty(ATTR_ENCRYPT_SECRET_CONFIRM) final CharSequence encryptSecretConfirm,
|
@JsonProperty(ATTR_ENCRYPT_SECRET_CONFIRM) final CharSequence encryptSecretConfirm,
|
||||||
|
@JsonProperty(ATTR_ENCRYPT_CERTIFICATE_ALIAS) final String encryptCertificateAlias,
|
||||||
@JsonProperty(SEB_CLIENT_CONFIGURATION.ATTR_ACTIVE) final Boolean active) {
|
@JsonProperty(SEB_CLIENT_CONFIGURATION.ATTR_ACTIVE) final Boolean active) {
|
||||||
|
|
||||||
this.id = id;
|
this.id = id;
|
||||||
|
@ -210,6 +215,7 @@ public final class SEBClientConfig implements GrantEntity, Activatable {
|
||||||
this.date = date;
|
this.date = date;
|
||||||
this.encryptSecret = encryptSecret;
|
this.encryptSecret = encryptSecret;
|
||||||
this.encryptSecretConfirm = encryptSecretConfirm;
|
this.encryptSecretConfirm = encryptSecretConfirm;
|
||||||
|
this.encryptCertificateAlias = encryptCertificateAlias;
|
||||||
this.active = active;
|
this.active = active;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -247,6 +253,7 @@ public final class SEBClientConfig implements GrantEntity, Activatable {
|
||||||
this.date = postParams.getDateTime(Domain.SEB_CLIENT_CONFIGURATION.ATTR_DATE);
|
this.date = postParams.getDateTime(Domain.SEB_CLIENT_CONFIGURATION.ATTR_DATE);
|
||||||
this.encryptSecret = postParams.getCharSequence(Domain.SEB_CLIENT_CONFIGURATION.ATTR_ENCRYPT_SECRET);
|
this.encryptSecret = postParams.getCharSequence(Domain.SEB_CLIENT_CONFIGURATION.ATTR_ENCRYPT_SECRET);
|
||||||
this.encryptSecretConfirm = postParams.getCharSequence(ATTR_ENCRYPT_SECRET_CONFIRM);
|
this.encryptSecretConfirm = postParams.getCharSequence(ATTR_ENCRYPT_SECRET_CONFIRM);
|
||||||
|
this.encryptCertificateAlias = postParams.getString(ATTR_ENCRYPT_CERTIFICATE_ALIAS);
|
||||||
this.active = false;
|
this.active = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -331,6 +338,10 @@ public final class SEBClientConfig implements GrantEntity, Activatable {
|
||||||
return this.encryptSecret;
|
return this.encryptSecret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getEncryptCertificateAlias() {
|
||||||
|
return this.encryptCertificateAlias;
|
||||||
|
}
|
||||||
|
|
||||||
@JsonIgnore
|
@JsonIgnore
|
||||||
public CharSequence getEncryptSecretConfirm() {
|
public CharSequence getEncryptSecretConfirm() {
|
||||||
return this.encryptSecretConfirm;
|
return this.encryptSecretConfirm;
|
||||||
|
@ -430,6 +441,7 @@ public final class SEBClientConfig implements GrantEntity, Activatable {
|
||||||
this.date,
|
this.date,
|
||||||
Constants.EMPTY_NOTE,
|
Constants.EMPTY_NOTE,
|
||||||
Constants.EMPTY_NOTE,
|
Constants.EMPTY_NOTE,
|
||||||
|
Constants.EMPTY_NOTE,
|
||||||
this.active);
|
this.active);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -456,6 +468,7 @@ public final class SEBClientConfig implements GrantEntity, Activatable {
|
||||||
DateTime.now(DateTimeZone.UTC),
|
DateTime.now(DateTimeZone.UTC),
|
||||||
null,
|
null,
|
||||||
null,
|
null,
|
||||||
|
null,
|
||||||
false);
|
false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,8 @@ package ch.ethz.seb.sebserver.gbl.util;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
import java.security.PrivateKey;
|
||||||
|
import java.security.cert.Certificate;
|
||||||
|
|
||||||
import org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;
|
import org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi;
|
||||||
import org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.BCPKCS12KeyStore;
|
import org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.BCPKCS12KeyStore;
|
||||||
|
@ -22,6 +24,7 @@ import org.springframework.security.crypto.encrypt.Encryptors;
|
||||||
import org.springframework.security.crypto.keygen.KeyGenerators;
|
import org.springframework.security.crypto.keygen.KeyGenerators;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
|
/** Cryptor dealing with internal encryption and decryption. */
|
||||||
@Lazy
|
@Lazy
|
||||||
@Service
|
@Service
|
||||||
public class Cryptor {
|
public class Cryptor {
|
||||||
|
@ -34,11 +37,19 @@ public class Cryptor {
|
||||||
this.internalPWD = environment.getProperty("sebserver.webservice.internalSecret");
|
this.internalPWD = environment.getProperty("sebserver.webservice.internalSecret");
|
||||||
}
|
}
|
||||||
|
|
||||||
public CharSequence encrypt(final CharSequence text) {
|
/** Use this to encrypt a text with the internal password
|
||||||
|
*
|
||||||
|
* @param text The text to encrypt with the internal password
|
||||||
|
* @return the encrypted text cipher */
|
||||||
|
public Result<CharSequence> encrypt(final CharSequence text) {
|
||||||
return encrypt(text, this.internalPWD);
|
return encrypt(text, this.internalPWD);
|
||||||
}
|
}
|
||||||
|
|
||||||
public CharSequence decrypt(final CharSequence text) {
|
/** Use this to decrypt a cipher text with the internal password
|
||||||
|
*
|
||||||
|
* @param text The cipher text to decrypt with the internal password
|
||||||
|
* @return the plain text */
|
||||||
|
public Result<CharSequence> decrypt(final CharSequence text) {
|
||||||
return decrypt(text, this.internalPWD);
|
return decrypt(text, this.internalPWD);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,7 +75,32 @@ public class Cryptor {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static CharSequence encrypt(final CharSequence text, final CharSequence secret) {
|
public Result<PKCS12KeyStoreSpi> addPrivateKey(
|
||||||
|
final PKCS12KeyStoreSpi keyStore,
|
||||||
|
final PrivateKey privateKey,
|
||||||
|
final String alias,
|
||||||
|
final Certificate certificate) {
|
||||||
|
|
||||||
|
return Result.tryCatch(() -> {
|
||||||
|
|
||||||
|
keyStore.engineSetKeyEntry(
|
||||||
|
alias,
|
||||||
|
privateKey,
|
||||||
|
Utils.toCharArray(this.internalPWD),
|
||||||
|
new Certificate[] { certificate });
|
||||||
|
|
||||||
|
return keyStore;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
public Result<PrivateKey> getPrivateKey(final PKCS12KeyStoreSpi store, final String alias) {
|
||||||
|
return Result.tryCatch(() -> {
|
||||||
|
return (PrivateKey) store.engineGetKey(alias, Utils.toCharArray(this.internalPWD));
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
static Result<CharSequence> encrypt(final CharSequence text, final CharSequence secret) {
|
||||||
|
return Result.tryCatch(() -> {
|
||||||
if (text == null) {
|
if (text == null) {
|
||||||
throw new IllegalArgumentException("Text has null reference");
|
throw new IllegalArgumentException("Text has null reference");
|
||||||
}
|
}
|
||||||
|
@ -74,8 +110,6 @@ public class Cryptor {
|
||||||
return text;
|
return text;
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
|
||||||
|
|
||||||
final CharSequence salt = KeyGenerators.string().generateKey();
|
final CharSequence salt = KeyGenerators.string().generateKey();
|
||||||
final CharSequence cipher = Encryptors
|
final CharSequence cipher = Encryptors
|
||||||
.delux(secret, salt)
|
.delux(secret, salt)
|
||||||
|
@ -84,13 +118,11 @@ public class Cryptor {
|
||||||
return new StringBuilder(cipher)
|
return new StringBuilder(cipher)
|
||||||
.append(salt);
|
.append(salt);
|
||||||
|
|
||||||
} catch (final Exception e) {
|
});
|
||||||
log.error("Failed to encrypt text: {}", e.getMessage());
|
|
||||||
throw e;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static CharSequence decrypt(final CharSequence cipher, final CharSequence secret) {
|
static Result<CharSequence> decrypt(final CharSequence cipher, final CharSequence secret) {
|
||||||
|
return Result.tryCatch(() -> {
|
||||||
if (cipher == null) {
|
if (cipher == null) {
|
||||||
throw new IllegalArgumentException("Cipher has null reference");
|
throw new IllegalArgumentException("Cipher has null reference");
|
||||||
}
|
}
|
||||||
|
@ -100,8 +132,6 @@ public class Cryptor {
|
||||||
return cipher;
|
return cipher;
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
|
||||||
|
|
||||||
final int length = cipher.length();
|
final int length = cipher.length();
|
||||||
final int cipherTextLength = length - 16;
|
final int cipherTextLength = length - 16;
|
||||||
final CharSequence salt = cipher.subSequence(cipherTextLength, length);
|
final CharSequence salt = cipher.subSequence(cipherTextLength, length);
|
||||||
|
@ -111,9 +141,7 @@ public class Cryptor {
|
||||||
.delux(secret, salt)
|
.delux(secret, salt)
|
||||||
.decrypt(cipherText.toString());
|
.decrypt(cipherText.toString());
|
||||||
|
|
||||||
} catch (final Exception e) {
|
});
|
||||||
log.error("Failed to decrypt text: {}", e.getMessage());
|
|
||||||
throw e;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -382,7 +382,8 @@ public final class Result<T> {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String toString() {
|
public String toString() {
|
||||||
return "Result [value=" + this.value + ", error=" + this.error + "]";
|
throw new RuntimeException("!!!!!!!!!!!!!");
|
||||||
|
//return "Result [value=" + this.value + ", error=" + this.error + "]";
|
||||||
}
|
}
|
||||||
|
|
||||||
public interface TryCatchSupplier<T> {
|
public interface TryCatchSupplier<T> {
|
||||||
|
|
|
@ -15,8 +15,6 @@ import java.util.function.Supplier;
|
||||||
|
|
||||||
import org.eclipse.swt.widgets.Composite;
|
import org.eclipse.swt.widgets.Composite;
|
||||||
import org.eclipse.swt.widgets.Control;
|
import org.eclipse.swt.widgets.Control;
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
import org.springframework.context.annotation.Lazy;
|
import org.springframework.context.annotation.Lazy;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
@ -48,8 +46,6 @@ import ch.ethz.seb.sebserver.gui.widget.FileUploadSelection;
|
||||||
@GuiProfile
|
@GuiProfile
|
||||||
public class CertificateImportPopup {
|
public class CertificateImportPopup {
|
||||||
|
|
||||||
private static final Logger log = LoggerFactory.getLogger(SEBExamConfigImportPopup.class);
|
|
||||||
|
|
||||||
private final static PageMessageException MISSING_PASSWORD = new PageMessageException(
|
private final static PageMessageException MISSING_PASSWORD = new PageMessageException(
|
||||||
new LocTextKey("sebserver.certificate.action.import.missing-password"));
|
new LocTextKey("sebserver.certificate.action.import.missing-password"));
|
||||||
|
|
||||||
|
|
|
@ -242,6 +242,11 @@ public class SEBClientConfigForm implements TemplateComposer {
|
||||||
final boolean showVDIAttrs = clientConfig.vdiType == VDIType.VM_WARE;
|
final boolean showVDIAttrs = clientConfig.vdiType == VDIType.VM_WARE;
|
||||||
final boolean showFallbackAttrs = BooleanUtils.isTrue(clientConfig.fallback);
|
final boolean showFallbackAttrs = BooleanUtils.isTrue(clientConfig.fallback);
|
||||||
|
|
||||||
|
final CharSequence pwd = (formHandleAnchor.formHandle == null)
|
||||||
|
? clientConfig.getEncryptSecret()
|
||||||
|
: this.cryptor.encrypt(clientConfig.getEncryptSecret())
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
PageService.clearComposite(formContent);
|
PageService.clearComposite(formContent);
|
||||||
|
|
||||||
final FormBuilder formBuilder = this.pageService.formBuilder(
|
final FormBuilder formBuilder = this.pageService.formBuilder(
|
||||||
|
@ -282,9 +287,7 @@ public class SEBClientConfigForm implements TemplateComposer {
|
||||||
.addField(FormBuilder.password(
|
.addField(FormBuilder.password(
|
||||||
Domain.SEB_CLIENT_CONFIGURATION.ATTR_ENCRYPT_SECRET,
|
Domain.SEB_CLIENT_CONFIGURATION.ATTR_ENCRYPT_SECRET,
|
||||||
FORM_ENCRYPT_SECRET_TEXT_KEY,
|
FORM_ENCRYPT_SECRET_TEXT_KEY,
|
||||||
(formHandleAnchor.formHandle == null)
|
pwd))
|
||||||
? clientConfig.getEncryptSecret()
|
|
||||||
: this.cryptor.encrypt(clientConfig.getEncryptSecret())))
|
|
||||||
|
|
||||||
.withDefaultSpanEmptyCell(3)
|
.withDefaultSpanEmptyCell(3)
|
||||||
.addFieldIf(
|
.addFieldIf(
|
||||||
|
@ -292,9 +295,7 @@ public class SEBClientConfigForm implements TemplateComposer {
|
||||||
() -> FormBuilder.password(
|
() -> FormBuilder.password(
|
||||||
SEBClientConfig.ATTR_ENCRYPT_SECRET_CONFIRM,
|
SEBClientConfig.ATTR_ENCRYPT_SECRET_CONFIRM,
|
||||||
FORM_CONFIRM_ENCRYPT_SECRET_TEXT_KEY,
|
FORM_CONFIRM_ENCRYPT_SECRET_TEXT_KEY,
|
||||||
(formHandleAnchor.formHandle == null)
|
pwd))
|
||||||
? clientConfig.getEncryptSecret()
|
|
||||||
: this.cryptor.encrypt(clientConfig.getEncryptSecretConfirm())))
|
|
||||||
|
|
||||||
.withDefaultSpanInput(2)
|
.withDefaultSpanInput(2)
|
||||||
.addField(FormBuilder.text(
|
.addField(FormBuilder.text(
|
||||||
|
|
|
@ -320,7 +320,9 @@ public final class Form implements FormBinding {
|
||||||
@Override public String getStringValue() {return pwdInput.getValue() != null ? pwdInput.getValue().toString() : null;}
|
@Override public String getStringValue() {return pwdInput.getValue() != null ? pwdInput.getValue().toString() : null;}
|
||||||
@Override public void setStringValue(final String value) {
|
@Override public void setStringValue(final String value) {
|
||||||
if (StringUtils.isNotBlank(value)) {
|
if (StringUtils.isNotBlank(value)) {
|
||||||
pwdInput.setValue(Form.this.cryptor.decrypt(value));
|
final CharSequence pwd = Form.this.cryptor.decrypt(value)
|
||||||
|
.getOrThrow();
|
||||||
|
pwdInput.setValue(pwd);
|
||||||
} else {
|
} else {
|
||||||
pwdInput.setValue(value);
|
pwdInput.setValue(value);
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,22 +8,27 @@
|
||||||
|
|
||||||
package ch.ethz.seb.sebserver.gui.form;
|
package ch.ethz.seb.sebserver.gui.form;
|
||||||
|
|
||||||
import ch.ethz.seb.sebserver.gui.service.i18n.LocTextKey;
|
|
||||||
import ch.ethz.seb.sebserver.gui.service.page.PageService;
|
|
||||||
import ch.ethz.seb.sebserver.gui.widget.PasswordInput;
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.eclipse.swt.widgets.Composite;
|
import org.eclipse.swt.widgets.Composite;
|
||||||
import org.eclipse.swt.widgets.Control;
|
import org.eclipse.swt.widgets.Control;
|
||||||
import org.eclipse.swt.widgets.Label;
|
import org.eclipse.swt.widgets.Label;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
import ch.ethz.seb.sebserver.gui.service.i18n.LocTextKey;
|
||||||
|
import ch.ethz.seb.sebserver.gui.service.page.PageService;
|
||||||
|
import ch.ethz.seb.sebserver.gui.widget.PasswordInput;
|
||||||
|
|
||||||
public class PasswordFieldBuilder extends FieldBuilder<CharSequence> {
|
public class PasswordFieldBuilder extends FieldBuilder<CharSequence> {
|
||||||
|
|
||||||
|
private static final Logger log = LoggerFactory.getLogger(PasswordFieldBuilder.class);
|
||||||
|
|
||||||
PasswordFieldBuilder(final String name, final LocTextKey label, final CharSequence value) {
|
PasswordFieldBuilder(final String name, final LocTextKey label, final CharSequence value) {
|
||||||
super(name, label, value);
|
super(name, label, value);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
void build(FormBuilder builder) {
|
void build(final FormBuilder builder) {
|
||||||
final boolean readonly = builder.readonly || this.readonly;
|
final boolean readonly = builder.readonly || this.readonly;
|
||||||
final Control titleLabel = createTitleLabel(builder.formParent, builder, this);
|
final Control titleLabel = createTitleLabel(builder.formParent, builder, this);
|
||||||
final Composite fieldGrid = createFieldGrid(builder.formParent, this.spanInput);
|
final Composite fieldGrid = createFieldGrid(builder.formParent, this.spanInput);
|
||||||
|
@ -32,6 +37,8 @@ public class PasswordFieldBuilder extends FieldBuilder<CharSequence> {
|
||||||
input.setEditable(!readonly);
|
input.setEditable(!readonly);
|
||||||
input.setValue((StringUtils.isNotBlank(this.value))
|
input.setValue((StringUtils.isNotBlank(this.value))
|
||||||
? builder.cryptor.decrypt(this.value)
|
? builder.cryptor.decrypt(this.value)
|
||||||
|
.onError(error -> log.error("Failed to internally decrypt password: {}", error.getMessage()))
|
||||||
|
.getOr(this.value)
|
||||||
: this.value);
|
: this.value);
|
||||||
|
|
||||||
if (builder.pageService.getFormTooltipMode() == PageService.FormTooltipMode.INPUT) {
|
if (builder.pageService.getFormTooltipMode() == PageService.FormTooltipMode.INPUT) {
|
||||||
|
|
|
@ -154,7 +154,9 @@ public class PasswordFieldBuilder implements InputFieldBuilder {
|
||||||
@Override
|
@Override
|
||||||
protected void setValueToControl(final String value) {
|
protected void setValueToControl(final String value) {
|
||||||
if (StringUtils.isNotBlank(value)) {
|
if (StringUtils.isNotBlank(value)) {
|
||||||
final CharSequence pwd = this.cryptor.decrypt(value);
|
final CharSequence pwd = this.cryptor
|
||||||
|
.decrypt(value)
|
||||||
|
.getOrThrow();
|
||||||
this.control.setValue(pwd.toString());
|
this.control.setValue(pwd.toString());
|
||||||
this.confirm.setValue(pwd.toString());
|
this.confirm.setValue(pwd.toString());
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -36,7 +36,7 @@ public class RemoveCertificate extends RestCall<Collection<EntityKey>> {
|
||||||
}),
|
}),
|
||||||
HttpMethod.DELETE,
|
HttpMethod.DELETE,
|
||||||
MediaType.APPLICATION_FORM_URLENCODED,
|
MediaType.APPLICATION_FORM_URLENCODED,
|
||||||
API.CERTIFICATE_ENDPOINT + API.CERTIFICATE_ALIAS_VAR_PATH_SEGMENT);
|
API.CERTIFICATE_ENDPOINT);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,9 +8,11 @@
|
||||||
|
|
||||||
package ch.ethz.seb.sebserver.webservice.servicelayer.dao;
|
package ch.ethz.seb.sebserver.webservice.servicelayer.dao;
|
||||||
|
|
||||||
|
import java.security.PrivateKey;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.security.cert.CertificateEncodingException;
|
import java.security.cert.CertificateEncodingException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.EnumSet;
|
import java.util.EnumSet;
|
||||||
import java.util.NoSuchElementException;
|
import java.util.NoSuchElementException;
|
||||||
|
|
||||||
|
@ -31,12 +33,25 @@ import ch.ethz.seb.sebserver.gbl.util.Result;
|
||||||
/** Concrete EntityDAO interface of Certificate entities */
|
/** Concrete EntityDAO interface of Certificate entities */
|
||||||
public interface CertificateDAO {
|
public interface CertificateDAO {
|
||||||
|
|
||||||
|
Result<Certificate> getCertificate(final Long institutionId, String alias);
|
||||||
|
|
||||||
Result<Certificates> getCertificates(Long institutionId);
|
Result<Certificates> getCertificates(Long institutionId);
|
||||||
|
|
||||||
Result<CertificateInfo> addCertificate(Long institutionId, String alias, Certificate certificate);
|
Result<CertificateInfo> addCertificate(
|
||||||
|
Long institutionId,
|
||||||
|
String alias,
|
||||||
|
Certificate certificate);
|
||||||
|
|
||||||
|
Result<CertificateInfo> addCertificate(
|
||||||
|
Long institutionId,
|
||||||
|
String alias,
|
||||||
|
Certificate certificate,
|
||||||
|
PrivateKey privateKey);
|
||||||
|
|
||||||
Result<EntityKey> removeCertificate(Long institutionId, String alias);
|
Result<EntityKey> removeCertificate(Long institutionId, String alias);
|
||||||
|
|
||||||
|
Result<Collection<String>> getAllIdentityAlias(Long institutionId);
|
||||||
|
|
||||||
static Result<CertificateInfo> getDataFromCertificate(final Certificates certificates, final String alias) {
|
static Result<CertificateInfo> getDataFromCertificate(final Certificates certificates, final String alias) {
|
||||||
return Result.tryCatch(() -> {
|
return Result.tryCatch(() -> {
|
||||||
final X509Certificate certificate = (X509Certificate) certificates.keyStore.engineGetCertificate(alias);
|
final X509Certificate certificate = (X509Certificate) certificates.keyStore.engineGetCertificate(alias);
|
||||||
|
|
|
@ -10,12 +10,14 @@ package ch.ethz.seb.sebserver.webservice.servicelayer.dao.impl;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.security.KeyStoreException;
|
import java.security.KeyStoreException;
|
||||||
|
import java.security.PrivateKey;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import org.apache.commons.io.IOUtils;
|
import org.apache.commons.io.IOUtils;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
@ -64,7 +66,19 @@ public class CertificateDAOImpl implements CertificateDAO {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional
|
@Transactional(readOnly = true)
|
||||||
|
public Result<Certificate> getCertificate(final Long institutionId, final String alias) {
|
||||||
|
return getCertificates(institutionId)
|
||||||
|
.map(certs -> {
|
||||||
|
if (!certs.aliases.contains(alias)) {
|
||||||
|
throw new ResourceNotFoundException(EntityType.CERTIFICATE, alias);
|
||||||
|
}
|
||||||
|
return certs.keyStore.engineGetCertificate(alias);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@Transactional(readOnly = true)
|
||||||
public Result<Certificates> getCertificates(final Long institutionId) {
|
public Result<Certificates> getCertificates(final Long institutionId) {
|
||||||
|
|
||||||
return getCertificatesFromPersistent(institutionId)
|
return getCertificatesFromPersistent(institutionId)
|
||||||
|
@ -81,8 +95,19 @@ public class CertificateDAOImpl implements CertificateDAO {
|
||||||
final String alias,
|
final String alias,
|
||||||
final Certificate certificate) {
|
final Certificate certificate) {
|
||||||
|
|
||||||
|
return this.addCertificate(institutionId, alias, certificate, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@Transactional
|
||||||
|
public Result<CertificateInfo> addCertificate(
|
||||||
|
final Long institutionId,
|
||||||
|
final String alias,
|
||||||
|
final Certificate certificate,
|
||||||
|
final PrivateKey privateKey) {
|
||||||
|
|
||||||
return getCertificatesFromPersistent(institutionId)
|
return getCertificatesFromPersistent(institutionId)
|
||||||
.flatMap(record -> addCertificate(record, alias, certificate))
|
.flatMap(record -> addCertificate(record, alias, certificate, privateKey))
|
||||||
.flatMap(this::storeUpdate)
|
.flatMap(this::storeUpdate)
|
||||||
.flatMap(certs -> CertificateDAO.getDataFromCertificate(certs, alias))
|
.flatMap(certs -> CertificateDAO.getDataFromCertificate(certs, alias))
|
||||||
.onError(TransactionHandler::rollback);
|
.onError(TransactionHandler::rollback);
|
||||||
|
@ -99,6 +124,18 @@ public class CertificateDAOImpl implements CertificateDAO {
|
||||||
.onError(TransactionHandler::rollback);
|
.onError(TransactionHandler::rollback);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@Transactional(readOnly = true)
|
||||||
|
public Result<Collection<String>> getAllIdentityAlias(final Long institutionId) {
|
||||||
|
return getCertificates(institutionId)
|
||||||
|
.map(certs -> certs.aliases
|
||||||
|
.stream()
|
||||||
|
.filter(alias -> this.cryptor
|
||||||
|
.getPrivateKey(certs.keyStore, alias)
|
||||||
|
.hasValue())
|
||||||
|
.collect(Collectors.toList()));
|
||||||
|
}
|
||||||
|
|
||||||
private Certificates createNewCertificateStore(final Long institutionId) {
|
private Certificates createNewCertificateStore(final Long institutionId) {
|
||||||
return this.cryptor.createNewEmptyKeyStore()
|
return this.cryptor.createNewEmptyKeyStore()
|
||||||
.map(store -> new CertificateRecord(
|
.map(store -> new CertificateRecord(
|
||||||
|
@ -121,12 +158,13 @@ public class CertificateDAOImpl implements CertificateDAO {
|
||||||
private Result<Certificates> addCertificate(
|
private Result<Certificates> addCertificate(
|
||||||
final CertificateRecord record,
|
final CertificateRecord record,
|
||||||
final String alias,
|
final String alias,
|
||||||
final Certificate certificate) {
|
final Certificate certificate,
|
||||||
|
final PrivateKey privateKey) {
|
||||||
|
|
||||||
return loadCertificateStore(record.getCertStore())
|
return loadCertificateStore(record.getCertStore())
|
||||||
.map(store -> checkPresent(alias, store, certificate))
|
.map(store -> checkPresent(alias, store, certificate))
|
||||||
.map(store -> {
|
.map(store -> {
|
||||||
addToStore(alias, certificate, store);
|
addToStore(alias, certificate, privateKey, store);
|
||||||
return new Certificates(
|
return new Certificates(
|
||||||
record.getId(),
|
record.getId(),
|
||||||
record.getInstitutionId(),
|
record.getInstitutionId(),
|
||||||
|
@ -138,10 +176,18 @@ public class CertificateDAOImpl implements CertificateDAO {
|
||||||
private void addToStore(
|
private void addToStore(
|
||||||
final String alias,
|
final String alias,
|
||||||
final Certificate certificate,
|
final Certificate certificate,
|
||||||
|
final PrivateKey privateKey,
|
||||||
final PKCS12KeyStoreSpi store) {
|
final PKCS12KeyStoreSpi store) {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
// Add the certificate to the key store
|
||||||
store.engineSetCertificateEntry(alias, certificate);
|
store.engineSetCertificateEntry(alias, certificate);
|
||||||
|
// Add the private key to the key store with internal password protection
|
||||||
|
if (privateKey != null) {
|
||||||
|
this.cryptor.addPrivateKey(store, privateKey, alias, certificate)
|
||||||
|
.onError(error -> log.error("Failed to add private key for certificate: {}", alias, error));
|
||||||
|
}
|
||||||
|
|
||||||
} catch (final KeyStoreException e) {
|
} catch (final KeyStoreException e) {
|
||||||
throw new RuntimeException("Failed to add certificate to keystore. Cause: ", e);
|
throw new RuntimeException("Failed to add certificate to keystore. Cause: ", e);
|
||||||
}
|
}
|
||||||
|
@ -188,7 +234,7 @@ public class CertificateDAOImpl implements CertificateDAO {
|
||||||
return new Certificates(
|
return new Certificates(
|
||||||
record.getId(),
|
record.getId(),
|
||||||
record.getInstitutionId(),
|
record.getInstitutionId(),
|
||||||
joinAliases(record.getAliases(), alias),
|
removeAlias(record.getAliases(), alias),
|
||||||
store);
|
store);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
@ -203,6 +249,12 @@ public class CertificateDAOImpl implements CertificateDAO {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private Collection<String> removeAlias(final String aliases, final String alias) {
|
||||||
|
final Collection<String> listFromString = new ArrayList<>(Utils.getListFromString(aliases));
|
||||||
|
listFromString.remove(alias);
|
||||||
|
return listFromString;
|
||||||
|
}
|
||||||
|
|
||||||
private Result<Certificates> storeUpdate(final Certificates certificates) {
|
private Result<Certificates> storeUpdate(final Certificates certificates) {
|
||||||
|
|
||||||
return Result.tryCatch(() -> {
|
return Result.tryCatch(() -> {
|
||||||
|
|
|
@ -546,6 +546,7 @@ public class ExamConfigurationMapDAOImpl implements ExamConfigurationMapDAO {
|
||||||
|
|
||||||
final CharSequence encrypted_encrypt_secret = examConfigurationMap.hasEncryptionSecret()
|
final CharSequence encrypted_encrypt_secret = examConfigurationMap.hasEncryptionSecret()
|
||||||
? this.clientCredentialService.encrypt(examConfigurationMap.encryptSecret)
|
? this.clientCredentialService.encrypt(examConfigurationMap.encryptSecret)
|
||||||
|
.getOrThrow()
|
||||||
: null;
|
: null;
|
||||||
return (encrypted_encrypt_secret != null) ? encrypted_encrypt_secret.toString() : null;
|
return (encrypted_encrypt_secret != null) ? encrypted_encrypt_secret.toString() : null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -349,7 +349,6 @@ public class LmsSetupDAOImpl implements LmsSetupDAO {
|
||||||
record.getLmsProxyAuthUsername(),
|
record.getLmsProxyAuthUsername(),
|
||||||
record.getLmsProxyAuthSecret());
|
record.getLmsProxyAuthSecret());
|
||||||
|
|
||||||
final CharSequence plainAccessToken = this.clientCredentialService.getPlainAccessToken(clientCredentials);
|
|
||||||
return Result.tryCatch(() -> new LmsSetup(
|
return Result.tryCatch(() -> new LmsSetup(
|
||||||
record.getId(),
|
record.getId(),
|
||||||
record.getInstitutionId(),
|
record.getInstitutionId(),
|
||||||
|
@ -358,7 +357,10 @@ public class LmsSetupDAOImpl implements LmsSetupDAO {
|
||||||
Utils.toString(clientCredentials.clientId),
|
Utils.toString(clientCredentials.clientId),
|
||||||
null,
|
null,
|
||||||
record.getLmsUrl(),
|
record.getLmsUrl(),
|
||||||
Utils.toString(plainAccessToken),
|
Utils.toString(
|
||||||
|
this.clientCredentialService
|
||||||
|
.getPlainAccessToken(clientCredentials)
|
||||||
|
.getOr(null)),
|
||||||
record.getLmsProxyHost(),
|
record.getLmsProxyHost(),
|
||||||
record.getLmsProxyPort(),
|
record.getLmsProxyPort(),
|
||||||
Utils.toString(proxyCredentials.clientId),
|
Utils.toString(proxyCredentials.clientId),
|
||||||
|
@ -390,14 +392,16 @@ public class LmsSetupDAOImpl implements LmsSetupDAO {
|
||||||
? new ClientCredentials(null, null)
|
? new ClientCredentials(null, null)
|
||||||
: this.clientCredentialService.encryptClientCredentials(
|
: this.clientCredentialService.encryptClientCredentials(
|
||||||
lmsSetup.proxyAuthUsername,
|
lmsSetup.proxyAuthUsername,
|
||||||
lmsSetup.proxyAuthSecret);
|
lmsSetup.proxyAuthSecret)
|
||||||
|
.getOrThrow();
|
||||||
}
|
}
|
||||||
|
|
||||||
private ClientCredentials createAPIClientCredentials(final LmsSetup lmsSetup) {
|
private ClientCredentials createAPIClientCredentials(final LmsSetup lmsSetup) {
|
||||||
return this.clientCredentialService.encryptClientCredentials(
|
return this.clientCredentialService.encryptClientCredentials(
|
||||||
lmsSetup.lmsAuthName,
|
lmsSetup.lmsAuthName,
|
||||||
lmsSetup.lmsAuthSecret,
|
lmsSetup.lmsAuthSecret,
|
||||||
lmsSetup.lmsRestApiToken);
|
lmsSetup.lmsRestApiToken)
|
||||||
|
.getOrThrow();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -428,6 +428,9 @@ public class SEBClientConfigDAOImpl implements SEBClientConfigDAO {
|
||||||
record.getDate(),
|
record.getDate(),
|
||||||
record.getEncryptSecret(),
|
record.getEncryptSecret(),
|
||||||
null,
|
null,
|
||||||
|
additionalAttributes.containsKey(SEBClientConfig.ATTR_ENCRYPT_CERTIFICATE_ALIAS)
|
||||||
|
? additionalAttributes.get(SEBClientConfig.ATTR_ENCRYPT_CERTIFICATE_ALIAS).getValue()
|
||||||
|
: null,
|
||||||
BooleanUtils.toBooleanObject(record.getActive())));
|
BooleanUtils.toBooleanObject(record.getActive())));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -438,7 +441,9 @@ public class SEBClientConfigDAOImpl implements SEBClientConfigDAO {
|
||||||
}
|
}
|
||||||
|
|
||||||
final CharSequence encrypted_encrypt_secret = sebClientConfig.hasEncryptionSecret()
|
final CharSequence encrypted_encrypt_secret = sebClientConfig.hasEncryptionSecret()
|
||||||
? this.clientCredentialService.encrypt(sebClientConfig.encryptSecret)
|
? this.clientCredentialService
|
||||||
|
.encrypt(sebClientConfig.encryptSecret)
|
||||||
|
.getOrThrow()
|
||||||
: null;
|
: null;
|
||||||
return (encrypted_encrypt_secret != null) ? encrypted_encrypt_secret.toString() : null;
|
return (encrypted_encrypt_secret != null) ? encrypted_encrypt_secret.toString() : null;
|
||||||
}
|
}
|
||||||
|
@ -590,6 +595,19 @@ public class SEBClientConfigDAOImpl implements SEBClientConfigDAO {
|
||||||
configId,
|
configId,
|
||||||
SEBClientConfig.ATTR_QUIT_PASSWORD);
|
SEBClientConfig.ATTR_QUIT_PASSWORD);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (StringUtils.isNotBlank(sebClientConfig.encryptCertificateAlias)) {
|
||||||
|
this.additionalAttributesDAO.saveAdditionalAttribute(
|
||||||
|
EntityType.SEB_CLIENT_CONFIGURATION,
|
||||||
|
configId,
|
||||||
|
SEBClientConfig.ATTR_ENCRYPT_CERTIFICATE_ALIAS,
|
||||||
|
sebClientConfig.encryptCertificateAlias);
|
||||||
|
} else {
|
||||||
|
this.additionalAttributesDAO.delete(
|
||||||
|
EntityType.SEB_CLIENT_CONFIGURATION,
|
||||||
|
configId,
|
||||||
|
SEBClientConfig.ATTR_ENCRYPT_CERTIFICATE_ALIAS);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -132,7 +132,8 @@ public class LmsAPIServiceImpl implements LmsAPIService {
|
||||||
final ClientCredentials lmsCredentials = this.clientCredentialService.encryptClientCredentials(
|
final ClientCredentials lmsCredentials = this.clientCredentialService.encryptClientCredentials(
|
||||||
lmsSetup.lmsAuthName,
|
lmsSetup.lmsAuthName,
|
||||||
lmsSetup.lmsAuthSecret,
|
lmsSetup.lmsAuthSecret,
|
||||||
lmsSetup.lmsRestApiToken);
|
lmsSetup.lmsRestApiToken)
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
final ProxyData proxyData = (StringUtils.isNoneBlank(lmsSetup.proxyHost))
|
final ProxyData proxyData = (StringUtils.isNoneBlank(lmsSetup.proxyHost))
|
||||||
? new ProxyData(
|
? new ProxyData(
|
||||||
|
@ -140,7 +141,8 @@ public class LmsAPIServiceImpl implements LmsAPIService {
|
||||||
lmsSetup.proxyPort,
|
lmsSetup.proxyPort,
|
||||||
this.clientCredentialService.encryptClientCredentials(
|
this.clientCredentialService.encryptClientCredentials(
|
||||||
lmsSetup.proxyAuthUsername,
|
lmsSetup.proxyAuthUsername,
|
||||||
lmsSetup.proxyAuthSecret))
|
lmsSetup.proxyAuthSecret)
|
||||||
|
.getOrThrow())
|
||||||
: null;
|
: null;
|
||||||
|
|
||||||
return test(createLmsSetupTemplate(lmsSetup, lmsCredentials, proxyData));
|
return test(createLmsSetupTemplate(lmsSetup, lmsCredentials, proxyData));
|
||||||
|
|
|
@ -140,7 +140,9 @@ final class OpenEdxRestTemplateFactory {
|
||||||
final String accessTokenRequestPath) throws URISyntaxException {
|
final String accessTokenRequestPath) throws URISyntaxException {
|
||||||
|
|
||||||
final CharSequence plainClientId = credentials.clientId;
|
final CharSequence plainClientId = credentials.clientId;
|
||||||
final CharSequence plainClientSecret = this.clientCredentialService.getPlainClientSecret(credentials);
|
final CharSequence plainClientSecret = this.clientCredentialService
|
||||||
|
.getPlainClientSecret(credentials)
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
final ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
|
final ClientCredentialsResourceDetails details = new ClientCredentialsResourceDetails();
|
||||||
details.setAccessTokenUri(lmsSetup.lmsApiUrl + accessTokenRequestPath);
|
details.setAccessTokenUri(lmsSetup.lmsApiUrl + accessTokenRequestPath);
|
||||||
|
|
|
@ -164,7 +164,9 @@ class MoodleRestTemplateFactory {
|
||||||
final String accessTokenRequestPath) {
|
final String accessTokenRequestPath) {
|
||||||
|
|
||||||
final CharSequence plainClientId = credentials.clientId;
|
final CharSequence plainClientId = credentials.clientId;
|
||||||
final CharSequence plainClientSecret = this.clientCredentialService.getPlainClientSecret(credentials);
|
final CharSequence plainClientSecret = this.clientCredentialService
|
||||||
|
.getPlainClientSecret(credentials)
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
final MoodleAPIRestTemplate restTemplate = new MoodleAPIRestTemplate(
|
final MoodleAPIRestTemplate restTemplate = new MoodleAPIRestTemplate(
|
||||||
this.jsonMapper,
|
this.jsonMapper,
|
||||||
|
|
|
@ -34,6 +34,7 @@ public interface CertificateService {
|
||||||
Long institutionId,
|
Long institutionId,
|
||||||
CertificateFileType certificateFileType,
|
CertificateFileType certificateFileType,
|
||||||
String alias,
|
String alias,
|
||||||
|
CharSequence password,
|
||||||
InputStream in);
|
InputStream in);
|
||||||
|
|
||||||
Result<EntityKey> removeCertificate(Long institutionId, String alias);
|
Result<EntityKey> removeCertificate(Long institutionId, String alias);
|
||||||
|
|
|
@ -29,9 +29,8 @@ public interface SEBConfigEncryptionContext {
|
||||||
|
|
||||||
/** Get a defined Certificate if supported.
|
/** Get a defined Certificate if supported.
|
||||||
*
|
*
|
||||||
* @param key The key of the Certificate to get
|
|
||||||
* @return a defined Certificate
|
* @return a defined Certificate
|
||||||
* @throws UnsupportedOperationException if not supported */
|
* @throws UnsupportedOperationException if not supported */
|
||||||
Certificate getCertificate(CharSequence key);
|
Certificate getCertificate();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,12 +38,11 @@ public interface SEBConfigEncryptionService {
|
||||||
PASSWORD_PSWD(Type.PASSWORD, "pswd"),
|
PASSWORD_PSWD(Type.PASSWORD, "pswd"),
|
||||||
/** Password encryption with 'pwcc' header */
|
/** Password encryption with 'pwcc' header */
|
||||||
PASSWORD_PWCC(Type.PASSWORD, "pwcc"),
|
PASSWORD_PWCC(Type.PASSWORD, "pwcc"),
|
||||||
|
/** Encryption with public/private asymmetric keys and symmetric key */
|
||||||
|
PUBLIC_KEY_HASH_SYMMETRIC_KEY(Type.CERTIFICATE, "phsk"),
|
||||||
// NOTE not supported yet but eventually needed for SEB config import.
|
// NOTE not supported yet but eventually needed for SEB config import.
|
||||||
// PUBLIC_KEY_HASH(Type.CERTIFICATE, "pkhs"),
|
/** Encryption with public/private key */
|
||||||
// PUBLIC_KEY_HASH_SYMMETRIC_KEY(Type.CERTIFICATE, "phsk")
|
PUBLIC_KEY_HASH(Type.CERTIFICATE, "pkhs");
|
||||||
|
|
||||||
;
|
|
||||||
|
|
||||||
public final Type type;
|
public final Type type;
|
||||||
public final byte[] header;
|
public final byte[] header;
|
||||||
|
|
|
@ -19,11 +19,11 @@ import javax.crypto.spec.SecretKeySpec;
|
||||||
import org.cryptonode.jncryptor.AES256JNCryptor;
|
import org.cryptonode.jncryptor.AES256JNCryptor;
|
||||||
import org.cryptonode.jncryptor.CryptorException;
|
import org.cryptonode.jncryptor.CryptorException;
|
||||||
|
|
||||||
|
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||||
|
|
||||||
class AES256JNCryptorEmptyPwdSupport extends AES256JNCryptor {
|
class AES256JNCryptorEmptyPwdSupport extends AES256JNCryptor {
|
||||||
|
|
||||||
static final String KEY_DERIVATION_ALGORITHM = "PBKDF2WithHmacSHA1";
|
|
||||||
static final int AES_256_KEY_SIZE = 256 / 8;
|
static final int AES_256_KEY_SIZE = 256 / 8;
|
||||||
static final String AES_NAME = "AES";
|
|
||||||
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
|
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
|
||||||
|
|
||||||
protected AES256JNCryptorEmptyPwdSupport() {
|
protected AES256JNCryptorEmptyPwdSupport() {
|
||||||
|
@ -44,14 +44,14 @@ class AES256JNCryptorEmptyPwdSupport extends AES256JNCryptor {
|
||||||
public SecretKey keyForPassword(final char[] password, final byte[] salt) throws CryptorException {
|
public SecretKey keyForPassword(final char[] password, final byte[] salt) throws CryptorException {
|
||||||
try {
|
try {
|
||||||
final SecretKeyFactory factory = SecretKeyFactory
|
final SecretKeyFactory factory = SecretKeyFactory
|
||||||
.getInstance(KEY_DERIVATION_ALGORITHM);
|
.getInstance(Constants.KEY_DERIVATION_ALGORITHM);
|
||||||
final SecretKey tmp = factory.generateSecret(new PBEKeySpec(password, salt,
|
final SecretKey tmp = factory.generateSecret(new PBEKeySpec(password, salt,
|
||||||
getPBKDFIterations(), AES_256_KEY_SIZE * 8));
|
getPBKDFIterations(), AES_256_KEY_SIZE * 8));
|
||||||
return new SecretKeySpec(tmp.getEncoded(), AES_NAME);
|
return new SecretKeySpec(tmp.getEncoded(), Constants.AES);
|
||||||
} catch (final GeneralSecurityException e) {
|
} catch (final GeneralSecurityException e) {
|
||||||
throw new CryptorException(String.format(
|
throw new CryptorException(String.format(
|
||||||
"Failed to generate key from password using %s.",
|
"Failed to generate key from password using %s.",
|
||||||
KEY_DERIVATION_ALGORITHM), e);
|
Constants.KEY_DERIVATION_ALGORITHM), e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -22,12 +22,12 @@ import javax.crypto.spec.IvParameterSpec;
|
||||||
import org.apache.commons.lang3.Validate;
|
import org.apache.commons.lang3.Validate;
|
||||||
import org.cryptonode.jncryptor.CryptorException;
|
import org.cryptonode.jncryptor.CryptorException;
|
||||||
|
|
||||||
|
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||||
|
|
||||||
class AES256JNCryptorOutputStreamEmptyPwdSupport extends OutputStream {
|
class AES256JNCryptorOutputStreamEmptyPwdSupport extends OutputStream {
|
||||||
|
|
||||||
static final int SALT_LENGTH = 8;
|
static final int SALT_LENGTH = 8;
|
||||||
static final int AES_BLOCK_SIZE = 16;
|
static final int AES_BLOCK_SIZE = 16;
|
||||||
static final String AES_CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
|
|
||||||
static final String HMAC_ALGORITHM = "HmacSHA256";
|
|
||||||
static final int VERSION = 3;
|
static final int VERSION = 3;
|
||||||
static final int FLAG_PASSWORD = 0x01;
|
static final int FLAG_PASSWORD = 0x01;
|
||||||
|
|
||||||
|
@ -86,11 +86,11 @@ class AES256JNCryptorOutputStreamEmptyPwdSupport extends OutputStream {
|
||||||
this.iv = iv;
|
this.iv = iv;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
final Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM);
|
final Cipher cipher = Cipher.getInstance(Constants.AES_CIPHER_ALGORITHM);
|
||||||
cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new IvParameterSpec(iv));
|
cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new IvParameterSpec(iv));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
final Mac mac = Mac.getInstance(HMAC_ALGORITHM);
|
final Mac mac = Mac.getInstance(Constants.HMAC_ALGORITHM);
|
||||||
mac.init(hmacKey);
|
mac.init(hmacKey);
|
||||||
|
|
||||||
this.macOutputStream = new MacOutputStream(out, mac);
|
this.macOutputStream = new MacOutputStream(out, mac);
|
||||||
|
|
|
@ -9,24 +9,30 @@
|
||||||
package ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl;
|
package ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl;
|
||||||
|
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
|
import java.security.KeyStore;
|
||||||
|
import java.security.PrivateKey;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.security.cert.CertificateEncodingException;
|
import java.security.cert.CertificateEncodingException;
|
||||||
import java.security.cert.CertificateFactory;
|
import java.security.cert.CertificateFactory;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
import java.util.Enumeration;
|
||||||
import java.util.function.Predicate;
|
import java.util.function.Predicate;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import org.springframework.context.annotation.Lazy;
|
import org.springframework.context.annotation.Lazy;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
|
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.EntityKey;
|
import ch.ethz.seb.sebserver.gbl.model.EntityKey;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.sebconfig.CertificateInfo;
|
import ch.ethz.seb.sebserver.gbl.model.sebconfig.CertificateInfo;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.sebconfig.CertificateInfo.CertificateFileType;
|
import ch.ethz.seb.sebserver.gbl.model.sebconfig.CertificateInfo.CertificateFileType;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.sebconfig.Certificates;
|
import ch.ethz.seb.sebserver.gbl.model.sebconfig.Certificates;
|
||||||
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.util.Pair;
|
||||||
import ch.ethz.seb.sebserver.gbl.util.Result;
|
import ch.ethz.seb.sebserver.gbl.util.Result;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.CertificateDAO;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.CertificateDAO;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.FilterMap;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.FilterMap;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.CertificateService;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.CertificateService;
|
||||||
|
@ -72,13 +78,27 @@ public class CertificateServiceImpl implements CertificateService {
|
||||||
final Long institutionId,
|
final Long institutionId,
|
||||||
final CertificateFileType certificateFileType,
|
final CertificateFileType certificateFileType,
|
||||||
final String alias,
|
final String alias,
|
||||||
|
final CharSequence password,
|
||||||
final InputStream in) {
|
final InputStream in) {
|
||||||
|
|
||||||
return loadCertFromInput(institutionId, certificateFileType, in)
|
switch (certificateFileType) {
|
||||||
|
case PEM:
|
||||||
|
return loadCertFromPEM(in)
|
||||||
.flatMap(cert -> this.certificateDAO.addCertificate(
|
.flatMap(cert -> this.certificateDAO.addCertificate(
|
||||||
institutionId,
|
institutionId,
|
||||||
CertificateDAO.extractAlias(cert, alias),
|
CertificateDAO.extractAlias(cert, alias),
|
||||||
cert));
|
cert));
|
||||||
|
|
||||||
|
case PKCS12:
|
||||||
|
return loadCertFromPKC(in, password)
|
||||||
|
.flatMap(pair -> this.certificateDAO.addCertificate(
|
||||||
|
institutionId,
|
||||||
|
CertificateDAO.extractAlias(pair.a, alias),
|
||||||
|
pair.a,
|
||||||
|
pair.b));
|
||||||
|
default:
|
||||||
|
return Result.ofRuntimeError("Unsupported certificate type");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -123,26 +143,26 @@ public class CertificateServiceImpl implements CertificateService {
|
||||||
return getDataFromCertificates(certificates, data -> true);
|
return getDataFromCertificates(certificates, data -> true);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Result<X509Certificate> loadCertFromInput(
|
private Result<X509Certificate> loadCertFromPEM(final InputStream in) {
|
||||||
final Long institutionId,
|
|
||||||
final CertificateFileType certificateFileType,
|
|
||||||
final InputStream in) {
|
|
||||||
|
|
||||||
switch (certificateFileType) {
|
|
||||||
case PEM:
|
|
||||||
return loadCertFromPEM(institutionId, in);
|
|
||||||
case PKCS12:
|
|
||||||
return Result.ofRuntimeError("Not supported yet");
|
|
||||||
default:
|
|
||||||
return Result.ofRuntimeError("Unsupported certificate type");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private Result<X509Certificate> loadCertFromPEM(final Long institutionId, final InputStream in) {
|
|
||||||
return Result.tryCatch(() -> {
|
return Result.tryCatch(() -> {
|
||||||
final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
|
final CertificateFactory certFactory = CertificateFactory.getInstance(Constants.X_509);
|
||||||
return (X509Certificate) certFactory.generateCertificate(in);
|
return (X509Certificate) certFactory.generateCertificate(in);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private Result<Pair<X509Certificate, PrivateKey>> loadCertFromPKC(
|
||||||
|
final InputStream in,
|
||||||
|
final CharSequence password) {
|
||||||
|
|
||||||
|
return Result.tryCatch(() -> {
|
||||||
|
final KeyStore ks = KeyStore.getInstance(Constants.PKCS_12);
|
||||||
|
ks.load(in, Utils.toCharArray(password));
|
||||||
|
final Enumeration<String> aliases = ks.aliases();
|
||||||
|
final String alias = aliases.nextElement();
|
||||||
|
final X509Certificate certificate = (X509Certificate) ks.getCertificate(alias);
|
||||||
|
final PrivateKey pKey = (PrivateKey) ks.getKey(alias, Utils.toCharArray(password));
|
||||||
|
return new Pair<>(certificate, pKey);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,156 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2021 ETH Zürich, Educational Development and Technology (LET)
|
||||||
|
*
|
||||||
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||||
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.io.OutputStream;
|
||||||
|
import java.nio.ByteBuffer;
|
||||||
|
import java.security.MessageDigest;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.cert.Certificate;
|
||||||
|
import java.util.Base64;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import javax.crypto.Cipher;
|
||||||
|
import javax.crypto.KeyGenerator;
|
||||||
|
|
||||||
|
import org.apache.tomcat.util.http.fileupload.ByteArrayOutputStream;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.context.annotation.Lazy;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
||||||
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigCryptor;
|
||||||
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigEncryptionContext;
|
||||||
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigEncryptionService.Strategy;
|
||||||
|
|
||||||
|
@Lazy
|
||||||
|
@Component
|
||||||
|
@WebServiceProfile
|
||||||
|
public class CertificateSymetricKeyCryptor implements SEBConfigCryptor {
|
||||||
|
|
||||||
|
private static final Logger log = LoggerFactory.getLogger(CertificateSymetricKeyCryptor.class);
|
||||||
|
|
||||||
|
private static final Set<Strategy> STRATEGIES = Utils.immutableSetOf(
|
||||||
|
Strategy.PUBLIC_KEY_HASH_SYMMETRIC_KEY);
|
||||||
|
private static final int PUBLIC_KEY_HASH_SIZE = 20;
|
||||||
|
private static final int ENCRYPTION_KEY_LENGTH = 32;
|
||||||
|
private static final int KEY_LENGTH_SIZE = 4;
|
||||||
|
|
||||||
|
private final PasswordEncryptor passwordEncryptor;
|
||||||
|
private final PasswordDecryptor passwordDecryptor;
|
||||||
|
|
||||||
|
public CertificateSymetricKeyCryptor(
|
||||||
|
final PasswordEncryptor passwordEncryptor,
|
||||||
|
final PasswordDecryptor passwordDecryptor) {
|
||||||
|
|
||||||
|
this.passwordEncryptor = passwordEncryptor;
|
||||||
|
this.passwordDecryptor = passwordDecryptor;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Set<Strategy> strategies() {
|
||||||
|
return STRATEGIES;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void encrypt(
|
||||||
|
final OutputStream output,
|
||||||
|
final InputStream input,
|
||||||
|
final SEBConfigEncryptionContext context) {
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("*** Start streaming asynchronous certificate encryption");
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
|
||||||
|
final Certificate certificate = context.getCertificate();
|
||||||
|
final byte[] publicKeyHash = generatePublicKeyHash(certificate);
|
||||||
|
final byte[] symetricKey = generateSymetricKey();
|
||||||
|
final CharSequence symetricKeyBase64 = Base64.getEncoder().encodeToString(symetricKey);
|
||||||
|
final byte[] generateParameter = generateParameter(certificate, publicKeyHash, symetricKey);
|
||||||
|
|
||||||
|
output.write(generateParameter, 0, generateParameter.length);
|
||||||
|
this.passwordEncryptor.encrypt(output, input, symetricKeyBase64);
|
||||||
|
|
||||||
|
} catch (final Exception e) {
|
||||||
|
log.error("Error while trying to stream and encrypt data: ", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void decrypt(
|
||||||
|
final OutputStream output,
|
||||||
|
final InputStream input,
|
||||||
|
final SEBConfigEncryptionContext context) {
|
||||||
|
|
||||||
|
// TODO Auto-generated method stub
|
||||||
|
try {
|
||||||
|
final Certificate certificate = context.getCertificate();
|
||||||
|
final byte[] publicKeyHash = parsePublicKeyHash(input);
|
||||||
|
|
||||||
|
} catch (final Exception e) {
|
||||||
|
log.error("Error while trying to stream and decrypt data: ", e);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private byte[] generatePublicKeyHash(final Certificate cert) throws NoSuchAlgorithmException {
|
||||||
|
final byte[] publicKey = cert.getPublicKey().getEncoded();
|
||||||
|
final MessageDigest md = MessageDigest.getInstance(Constants.SHA_1);
|
||||||
|
final byte[] hash = md.digest(publicKey);
|
||||||
|
return hash;
|
||||||
|
}
|
||||||
|
|
||||||
|
private byte[] generateSymetricKey() throws NoSuchAlgorithmException {
|
||||||
|
final KeyGenerator keyGenerator = KeyGenerator.getInstance(Constants.AES);
|
||||||
|
keyGenerator.init(ENCRYPTION_KEY_LENGTH);
|
||||||
|
return keyGenerator.generateKey().getEncoded();
|
||||||
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("resource")
|
||||||
|
private byte[] generateParameter(
|
||||||
|
final Certificate cert,
|
||||||
|
final byte[] publicKeyHash,
|
||||||
|
final byte[] symetricKey) throws Exception {
|
||||||
|
|
||||||
|
final ByteArrayOutputStream data = new ByteArrayOutputStream();
|
||||||
|
final byte[] encryptedKey = generateEncryptedKey(cert, symetricKey);
|
||||||
|
final byte[] encryptedKeyLength = ByteBuffer
|
||||||
|
.allocate(KEY_LENGTH_SIZE)
|
||||||
|
.putInt(encryptedKey.length)
|
||||||
|
.array();
|
||||||
|
|
||||||
|
data.write(publicKeyHash, 0, publicKeyHash.length);
|
||||||
|
data.write(encryptedKeyLength, 0, encryptedKeyLength.length);
|
||||||
|
data.write(encryptedKey, 0, encryptedKey.length);
|
||||||
|
|
||||||
|
return data.toByteArray();
|
||||||
|
}
|
||||||
|
|
||||||
|
private byte[] generateEncryptedKey(final Certificate cert, final byte[] symetricKey) throws Exception {
|
||||||
|
final String algorithm = cert.getPublicKey().getAlgorithm();
|
||||||
|
final Cipher encryptCipher = Cipher.getInstance(algorithm);
|
||||||
|
encryptCipher.init(Cipher.ENCRYPT_MODE, cert);
|
||||||
|
final byte[] cipherText = encryptCipher.doFinal(symetricKey);
|
||||||
|
return cipherText;
|
||||||
|
}
|
||||||
|
|
||||||
|
private byte[] parsePublicKeyHash(final InputStream input) throws IOException {
|
||||||
|
final byte[] publicKeyHash = new byte[PUBLIC_KEY_HASH_SIZE];
|
||||||
|
input.read(publicKeyHash, 0, publicKeyHash.length);
|
||||||
|
return publicKeyHash;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -8,6 +8,7 @@
|
||||||
|
|
||||||
package ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl;
|
package ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
import java.io.PipedInputStream;
|
import java.io.PipedInputStream;
|
||||||
|
@ -15,6 +16,7 @@ import java.io.PipedOutputStream;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.security.MessageDigest;
|
import java.security.MessageDigest;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.cert.Certificate;
|
||||||
import java.util.Base64;
|
import java.util.Base64;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
@ -54,10 +56,11 @@ import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||||
import ch.ethz.seb.sebserver.gbl.util.Result;
|
import ch.ethz.seb.sebserver.gbl.util.Result;
|
||||||
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
||||||
import ch.ethz.seb.sebserver.webservice.WebserviceInfo;
|
import ch.ethz.seb.sebserver.webservice.WebserviceInfo;
|
||||||
|
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.CertificateDAO;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.SEBClientConfigDAO;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.SEBClientConfigDAO;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.ClientConfigService;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.ClientConfigService;
|
||||||
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigEncryptionContext;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigEncryptionService;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigEncryptionService;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigEncryptionService.Strategy;
|
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.ZipService;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.ZipService;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.SEBConfigEncryptionServiceImpl.EncryptionContext;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.SEBConfigEncryptionServiceImpl.EncryptionContext;
|
||||||
import ch.ethz.seb.sebserver.webservice.weblayer.oauth.WebserviceResourceConfiguration;
|
import ch.ethz.seb.sebserver.webservice.weblayer.oauth.WebserviceResourceConfiguration;
|
||||||
|
@ -165,6 +168,7 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
private final PasswordEncoder clientPasswordEncoder;
|
private final PasswordEncoder clientPasswordEncoder;
|
||||||
private final ZipService zipService;
|
private final ZipService zipService;
|
||||||
private final WebserviceInfo webserviceInfo;
|
private final WebserviceInfo webserviceInfo;
|
||||||
|
private final CertificateDAO certificateDAO;
|
||||||
private final long defaultPingInterval;
|
private final long defaultPingInterval;
|
||||||
|
|
||||||
protected ClientConfigServiceImpl(
|
protected ClientConfigServiceImpl(
|
||||||
|
@ -172,8 +176,9 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
final ClientCredentialService clientCredentialService,
|
final ClientCredentialService clientCredentialService,
|
||||||
final SEBConfigEncryptionService sebConfigEncryptionService,
|
final SEBConfigEncryptionService sebConfigEncryptionService,
|
||||||
final ZipService zipService,
|
final ZipService zipService,
|
||||||
@Qualifier(WebSecurityConfig.CLIENT_PASSWORD_ENCODER_BEAN_NAME) final PasswordEncoder clientPasswordEncoder,
|
|
||||||
final WebserviceInfo webserviceInfo,
|
final WebserviceInfo webserviceInfo,
|
||||||
|
final CertificateDAO certificateDAO,
|
||||||
|
@Qualifier(WebSecurityConfig.CLIENT_PASSWORD_ENCODER_BEAN_NAME) final PasswordEncoder clientPasswordEncoder,
|
||||||
@Value("${sebserver.webservice.api.exam.defaultPingInterval:1000}") final long defaultPingInterval) {
|
@Value("${sebserver.webservice.api.exam.defaultPingInterval:1000}") final long defaultPingInterval) {
|
||||||
|
|
||||||
this.sebClientConfigDAO = sebClientConfigDAO;
|
this.sebClientConfigDAO = sebClientConfigDAO;
|
||||||
|
@ -182,6 +187,7 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
this.zipService = zipService;
|
this.zipService = zipService;
|
||||||
this.clientPasswordEncoder = clientPasswordEncoder;
|
this.clientPasswordEncoder = clientPasswordEncoder;
|
||||||
this.webserviceInfo = webserviceInfo;
|
this.webserviceInfo = webserviceInfo;
|
||||||
|
this.certificateDAO = certificateDAO;
|
||||||
this.defaultPingInterval = defaultPingInterval;
|
this.defaultPingInterval = defaultPingInterval;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -224,18 +230,13 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
final SEBClientConfig config = this.sebClientConfigDAO
|
final SEBClientConfig config = this.sebClientConfigDAO
|
||||||
.byModelId(modelId).getOrThrow();
|
.byModelId(modelId).getOrThrow();
|
||||||
|
|
||||||
final CharSequence encryptionPassword = this.sebClientConfigDAO
|
exportSEBClientConfiguration(output, examId, config);
|
||||||
.getConfigPasswordCipher(config.getModelId())
|
|
||||||
.getOr((config.getConfigPurpose() == ConfigPurpose.START_EXAM) ? null : StringUtils.EMPTY);
|
|
||||||
|
|
||||||
exportSEBClientConfiguration(output, examId, config, encryptionPassword);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void exportSEBClientConfiguration(
|
protected void exportSEBClientConfiguration(
|
||||||
final OutputStream output,
|
final OutputStream output,
|
||||||
final Long examId,
|
final Long examId,
|
||||||
final SEBClientConfig config,
|
final SEBClientConfig config) {
|
||||||
final CharSequence encryptionPassword) {
|
|
||||||
|
|
||||||
final String plainTextXMLContent = extractXMLContent(config, examId);
|
final String plainTextXMLContent = extractXMLContent(config, examId);
|
||||||
|
|
||||||
|
@ -263,9 +264,10 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
// ZIP plain text
|
// ZIP plain text
|
||||||
this.zipService.write(pOut, plainIn);
|
this.zipService.write(pOut, plainIn);
|
||||||
|
|
||||||
if (encryptionPassword != null) {
|
if (StringUtils.isNotBlank(config.encryptCertificateAlias)) {
|
||||||
// encrypt zipped plain text and add header
|
certificateEncryption(zipOut, config, pIn);
|
||||||
passwordEncryption(zipOut, encryptionPassword, config.getConfigPurpose(), pIn);
|
} else if (config.hasEncryptionSecret()) {
|
||||||
|
passwordEncryption(zipOut, config, pIn);
|
||||||
} else {
|
} else {
|
||||||
// just add plain text header
|
// just add plain text header
|
||||||
this.sebConfigEncryptionService.streamEncrypted(
|
this.sebConfigEncryptionService.streamEncrypted(
|
||||||
|
@ -290,6 +292,34 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private SEBConfigEncryptionContext buildCertificateEncryptionContext(final SEBClientConfig config) {
|
||||||
|
|
||||||
|
final Certificate certificate = this.certificateDAO.getCertificate(
|
||||||
|
config.institutionId,
|
||||||
|
String.valueOf(config.getEncryptCertificateAlias()))
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
|
return EncryptionContext.contextOf(
|
||||||
|
SEBConfigEncryptionService.Strategy.PUBLIC_KEY_HASH_SYMMETRIC_KEY,
|
||||||
|
certificate);
|
||||||
|
}
|
||||||
|
|
||||||
|
private SEBConfigEncryptionContext buildPasswordEncryptionContext(final SEBClientConfig config) {
|
||||||
|
final CharSequence encryptionPassword = this.sebClientConfigDAO
|
||||||
|
.getConfigPasswordCipher(config.getModelId())
|
||||||
|
.getOr((config.getConfigPurpose() == ConfigPurpose.START_EXAM) ? null : StringUtils.EMPTY);
|
||||||
|
final CharSequence plainTextPassword = (StringUtils.isNotBlank(encryptionPassword))
|
||||||
|
? getPlainTextPassword(
|
||||||
|
encryptionPassword,
|
||||||
|
config.configPurpose)
|
||||||
|
: null;
|
||||||
|
return EncryptionContext.contextOf(
|
||||||
|
(config.configPurpose == ConfigPurpose.CONFIGURE_CLIENT)
|
||||||
|
? SEBConfigEncryptionService.Strategy.PASSWORD_PWCC
|
||||||
|
: SEBConfigEncryptionService.Strategy.PASSWORD_PSWD,
|
||||||
|
plainTextPassword);
|
||||||
|
}
|
||||||
|
|
||||||
private String extractXMLContent(final SEBClientConfig config, final Long examId) {
|
private String extractXMLContent(final SEBClientConfig config, final Long examId) {
|
||||||
|
|
||||||
final String fallbackAddition = getFallbackAddition(config);
|
final String fallbackAddition = getFallbackAddition(config);
|
||||||
|
@ -309,7 +339,8 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
.getOrThrow();
|
.getOrThrow();
|
||||||
final CharSequence plainClientId = sebClientCredentials.clientId;
|
final CharSequence plainClientId = sebClientCredentials.clientId;
|
||||||
final CharSequence plainClientSecret = this.clientCredentialService
|
final CharSequence plainClientSecret = this.clientCredentialService
|
||||||
.getPlainClientSecret(sebClientCredentials);
|
.getPlainClientSecret(sebClientCredentials)
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
final String plainTextConfig = String.format(
|
final String plainTextConfig = String.format(
|
||||||
SEB_CLIENT_CONFIG_TEMPLATE_XML,
|
SEB_CLIENT_CONFIG_TEMPLATE_XML,
|
||||||
|
@ -389,7 +420,9 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
config.fallbackAttemptInterval);
|
config.fallbackAttemptInterval);
|
||||||
|
|
||||||
if (StringUtils.isNotBlank(config.fallbackPassword)) {
|
if (StringUtils.isNotBlank(config.fallbackPassword)) {
|
||||||
final CharSequence decrypt = this.clientCredentialService.decrypt(config.fallbackPassword);
|
final CharSequence decrypt = this.clientCredentialService
|
||||||
|
.decrypt(config.fallbackPassword)
|
||||||
|
.getOrThrow();
|
||||||
fallbackAddition += String.format(
|
fallbackAddition += String.format(
|
||||||
SEB_CLIENT_CONFIG_STRING_TEMPLATE,
|
SEB_CLIENT_CONFIG_STRING_TEMPLATE,
|
||||||
SEBClientConfig.ATTR_FALLBACK_PASSWORD,
|
SEBClientConfig.ATTR_FALLBACK_PASSWORD,
|
||||||
|
@ -397,7 +430,9 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (StringUtils.isNotBlank(config.quitPassword)) {
|
if (StringUtils.isNotBlank(config.quitPassword)) {
|
||||||
final CharSequence decrypt = this.clientCredentialService.decrypt(config.quitPassword);
|
final CharSequence decrypt = this.clientCredentialService
|
||||||
|
.decrypt(config.quitPassword)
|
||||||
|
.getOrThrow();
|
||||||
fallbackAddition += String.format(
|
fallbackAddition += String.format(
|
||||||
SEB_CLIENT_CONFIG_STRING_TEMPLATE,
|
SEB_CLIENT_CONFIG_STRING_TEMPLATE,
|
||||||
SEBClientConfig.ATTR_QUIT_PASSWORD,
|
SEBClientConfig.ATTR_QUIT_PASSWORD,
|
||||||
|
@ -428,7 +463,9 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
final ClientCredentials credentials = this.sebClientConfigDAO
|
final ClientCredentials credentials = this.sebClientConfigDAO
|
||||||
.getSEBClientCredentials(config.getModelId())
|
.getSEBClientCredentials(config.getModelId())
|
||||||
.getOrThrow();
|
.getOrThrow();
|
||||||
final CharSequence plainClientSecret = this.clientCredentialService.getPlainClientSecret(credentials);
|
final CharSequence plainClientSecret = this.clientCredentialService
|
||||||
|
.getPlainClientSecret(credentials)
|
||||||
|
.getOrThrow();
|
||||||
final String basicAuth = credentials.clientId +
|
final String basicAuth = credentials.clientId +
|
||||||
String.valueOf(Constants.COLON) +
|
String.valueOf(Constants.COLON) +
|
||||||
plainClientSecret;
|
plainClientSecret;
|
||||||
|
@ -463,28 +500,46 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
checkAccess(config);
|
checkAccess(config);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void certificateEncryption(
|
||||||
|
final OutputStream out,
|
||||||
|
final SEBClientConfig config,
|
||||||
|
final InputStream in) throws IOException {
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("*** SEB client configuration with certificate based encryption");
|
||||||
|
}
|
||||||
|
|
||||||
|
final boolean withPasswordEncryption = config.hasEncryptionSecret();
|
||||||
|
|
||||||
|
PipedOutputStream passEncryptionOut = null;
|
||||||
|
PipedInputStream passEncryptionIn = null;
|
||||||
|
|
||||||
|
if (withPasswordEncryption) {
|
||||||
|
// encrypt with password first
|
||||||
|
passEncryptionOut = new PipedOutputStream();
|
||||||
|
passEncryptionIn = new PipedInputStream(passEncryptionOut);
|
||||||
|
passwordEncryption(passEncryptionOut, config, in);
|
||||||
|
}
|
||||||
|
|
||||||
|
this.sebConfigEncryptionService.streamEncrypted(
|
||||||
|
out,
|
||||||
|
(withPasswordEncryption) ? in : passEncryptionIn,
|
||||||
|
buildCertificateEncryptionContext(config));
|
||||||
|
}
|
||||||
|
|
||||||
private void passwordEncryption(
|
private void passwordEncryption(
|
||||||
final OutputStream output,
|
final OutputStream output,
|
||||||
final CharSequence encryptionPassword,
|
final SEBClientConfig config,
|
||||||
final ConfigPurpose configPurpose,
|
|
||||||
final InputStream input) {
|
final InputStream input) {
|
||||||
|
|
||||||
if (log.isDebugEnabled()) {
|
if (log.isDebugEnabled()) {
|
||||||
log.debug("*** SEB client configuration with password based encryption");
|
log.debug("*** SEB client configuration with password based encryption");
|
||||||
}
|
}
|
||||||
|
|
||||||
final CharSequence plainTextPassword = getPlainTextPassword(
|
|
||||||
encryptionPassword,
|
|
||||||
configPurpose);
|
|
||||||
|
|
||||||
this.sebConfigEncryptionService.streamEncrypted(
|
this.sebConfigEncryptionService.streamEncrypted(
|
||||||
output,
|
output,
|
||||||
input,
|
input,
|
||||||
EncryptionContext.contextOf(
|
buildPasswordEncryptionContext(config));
|
||||||
(configPurpose == ConfigPurpose.CONFIGURE_CLIENT)
|
|
||||||
? Strategy.PASSWORD_PWCC
|
|
||||||
: Strategy.PASSWORD_PSWD,
|
|
||||||
plainTextPassword));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private CharSequence getPlainTextPassword(
|
private CharSequence getPlainTextPassword(
|
||||||
|
@ -493,7 +548,9 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
|
|
||||||
CharSequence plainTextPassword = (encryptionPassword == StringUtils.EMPTY)
|
CharSequence plainTextPassword = (encryptionPassword == StringUtils.EMPTY)
|
||||||
? StringUtils.EMPTY
|
? StringUtils.EMPTY
|
||||||
: this.clientCredentialService.decrypt(encryptionPassword);
|
: this.clientCredentialService
|
||||||
|
.decrypt(encryptionPassword)
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
if (configPurpose == ConfigPurpose.CONFIGURE_CLIENT && plainTextPassword != StringUtils.EMPTY) {
|
if (configPurpose == ConfigPurpose.CONFIGURE_CLIENT && plainTextPassword != StringUtils.EMPTY) {
|
||||||
MessageDigest digest;
|
MessageDigest digest;
|
||||||
|
@ -518,7 +575,10 @@ public class ClientConfigServiceImpl implements ClientConfigService {
|
||||||
* @return encoded clientSecret for that SEBClientConfiguration with clientId or null of not existing */
|
* @return encoded clientSecret for that SEBClientConfiguration with clientId or null of not existing */
|
||||||
private Result<CharSequence> getEncodedClientConfigSecret(final String clientId) {
|
private Result<CharSequence> getEncodedClientConfigSecret(final String clientId) {
|
||||||
return this.sebClientConfigDAO.getConfigPasswordCipherByClientName(clientId)
|
return this.sebClientConfigDAO.getConfigPasswordCipherByClientName(clientId)
|
||||||
.map(cipher -> this.clientPasswordEncoder.encode(this.clientCredentialService.decrypt(cipher)));
|
.map(cipher -> this.clientPasswordEncoder
|
||||||
|
.encode(this.clientCredentialService
|
||||||
|
.decrypt(cipher)
|
||||||
|
.getOrThrow()));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -188,7 +188,8 @@ public class ExamConfigServiceImpl implements ExamConfigService {
|
||||||
}
|
}
|
||||||
|
|
||||||
final CharSequence encryptionPasswordPlaintext = this.clientCredentialService
|
final CharSequence encryptionPasswordPlaintext = this.clientCredentialService
|
||||||
.decrypt(passwordCipher);
|
.decrypt(passwordCipher)
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
PipedOutputStream plainOut = null;
|
PipedOutputStream plainOut = null;
|
||||||
PipedInputStream zipIn = null;
|
PipedInputStream zipIn = null;
|
||||||
|
|
|
@ -0,0 +1,64 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2019 ETH Zürich, Educational Development and Technology (LET)
|
||||||
|
*
|
||||||
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||||
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl;
|
||||||
|
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.io.OutputStream;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.springframework.context.annotation.Lazy;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
||||||
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigCryptor;
|
||||||
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigEncryptionContext;
|
||||||
|
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigEncryptionService.Strategy;
|
||||||
|
|
||||||
|
@Lazy
|
||||||
|
@Component
|
||||||
|
@WebServiceProfile
|
||||||
|
public class PasswordCryptor implements SEBConfigCryptor {
|
||||||
|
|
||||||
|
private static final Set<Strategy> STRATEGIES = Utils.immutableSetOf(
|
||||||
|
Strategy.PASSWORD_PSWD,
|
||||||
|
Strategy.PASSWORD_PWCC);
|
||||||
|
|
||||||
|
private final PasswordEncryptor passwordEncryptor;
|
||||||
|
private final PasswordDecryptor passwordDecryptor;
|
||||||
|
|
||||||
|
public PasswordCryptor(final PasswordEncryptor passwordEncryptor, final PasswordDecryptor passwordDecryptor) {
|
||||||
|
this.passwordEncryptor = passwordEncryptor;
|
||||||
|
this.passwordDecryptor = passwordDecryptor;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Set<Strategy> strategies() {
|
||||||
|
return STRATEGIES;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void encrypt(
|
||||||
|
final OutputStream output,
|
||||||
|
final InputStream input,
|
||||||
|
final SEBConfigEncryptionContext context) {
|
||||||
|
|
||||||
|
this.passwordEncryptor.encrypt(output, input, context.getPassword());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void decrypt(
|
||||||
|
final OutputStream output,
|
||||||
|
final InputStream input,
|
||||||
|
final SEBConfigEncryptionContext context) {
|
||||||
|
|
||||||
|
this.passwordDecryptor.decrypt(output, input, context.getPassword());
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,115 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2021 ETH Zürich, Educational Development and Technology (LET)
|
||||||
|
*
|
||||||
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||||
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
|
import java.io.ByteArrayOutputStream;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.io.OutputStream;
|
||||||
|
import java.io.SequenceInputStream;
|
||||||
|
|
||||||
|
import org.apache.commons.io.IOUtils;
|
||||||
|
import org.cryptonode.jncryptor.AES256JNCryptorInputStream;
|
||||||
|
import org.cryptonode.jncryptor.CryptorException;
|
||||||
|
import org.cryptonode.jncryptor.JNCryptor;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.context.annotation.Lazy;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
||||||
|
|
||||||
|
@Lazy
|
||||||
|
@Component
|
||||||
|
@WebServiceProfile
|
||||||
|
public class PasswordDecryptor {
|
||||||
|
|
||||||
|
private static final Logger log = LoggerFactory.getLogger(PasswordDecryptor.class);
|
||||||
|
|
||||||
|
private final JNCryptor cryptor;
|
||||||
|
|
||||||
|
public PasswordDecryptor(final JNCryptor cryptor) {
|
||||||
|
this.cryptor = cryptor;
|
||||||
|
}
|
||||||
|
|
||||||
|
void decrypt(
|
||||||
|
final OutputStream output,
|
||||||
|
final InputStream input,
|
||||||
|
final CharSequence password) {
|
||||||
|
|
||||||
|
try {
|
||||||
|
final byte[] version = new byte[Constants.JN_CRYPTOR_VERSION_HEADER_SIZE];
|
||||||
|
final int read = input.read(version);
|
||||||
|
if (read != Constants.JN_CRYPTOR_VERSION_HEADER_SIZE) {
|
||||||
|
throw new IllegalArgumentException("Failed to verify RNCrypt version from input stream file header.");
|
||||||
|
}
|
||||||
|
|
||||||
|
final SequenceInputStream sequenceInputStream = new SequenceInputStream(
|
||||||
|
new ByteArrayInputStream(version),
|
||||||
|
input);
|
||||||
|
|
||||||
|
if (version[0] == 3) {
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("*** Start streaming asynchronous password decryption");
|
||||||
|
}
|
||||||
|
|
||||||
|
AES256JNCryptorInputStream encryptInput = null;
|
||||||
|
try {
|
||||||
|
|
||||||
|
encryptInput = new AES256JNCryptorInputStream(
|
||||||
|
sequenceInputStream,
|
||||||
|
Utils.toCharArray(password));
|
||||||
|
|
||||||
|
IOUtils.copyLarge(encryptInput, output);
|
||||||
|
|
||||||
|
} catch (final IOException e) {
|
||||||
|
log.error("Error while trying to read/write form/to streams: ", e);
|
||||||
|
} finally {
|
||||||
|
IOUtils.closeQuietly(encryptInput);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// AES256JNCryptorInputStream supports only decryption of AES256 version 3 encrypted data
|
||||||
|
// Workaround: stop streaming and use AES256JNCryptor which supports both, version 2 and 3
|
||||||
|
log.info("Trying to decrypt with AES256JNCryptor by load all data into memory...");
|
||||||
|
|
||||||
|
try {
|
||||||
|
|
||||||
|
final ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||||
|
IOUtils.copy(sequenceInputStream, out);
|
||||||
|
final byte[] ciphertext = out.toByteArray();
|
||||||
|
|
||||||
|
final byte[] decryptData = this.cryptor.decryptData(ciphertext, Utils.toCharArray(password));
|
||||||
|
final ByteArrayInputStream decryptedIn = new ByteArrayInputStream(decryptData);
|
||||||
|
IOUtils.copyLarge(decryptedIn, output);
|
||||||
|
|
||||||
|
} catch (final IOException | CryptorException e) {
|
||||||
|
log.error("Error while trying to none-streaming decrypt: ", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} catch (final IOException e) {
|
||||||
|
log.error("Unexpected error while decryption: ", e);
|
||||||
|
} finally {
|
||||||
|
try {
|
||||||
|
output.flush();
|
||||||
|
output.close();
|
||||||
|
} catch (final IOException e) {
|
||||||
|
log.error("Failed to close streams");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("*** Finish streaming asynchronous decryption");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2019 ETH Zürich, Educational Development and Technology (LET)
|
* Copyright (c) 2021 ETH Zürich, Educational Development and Technology (LET)
|
||||||
*
|
*
|
||||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||||
|
@ -8,19 +8,13 @@
|
||||||
|
|
||||||
package ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl;
|
package ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
|
||||||
import java.io.ByteArrayOutputStream;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
import java.io.SequenceInputStream;
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import org.apache.commons.io.IOUtils;
|
import org.apache.commons.io.IOUtils;
|
||||||
import org.cryptonode.jncryptor.AES256JNCryptorInputStream;
|
|
||||||
import org.cryptonode.jncryptor.AES256JNCryptorOutputStream;
|
import org.cryptonode.jncryptor.AES256JNCryptorOutputStream;
|
||||||
import org.cryptonode.jncryptor.CryptorException;
|
import org.cryptonode.jncryptor.CryptorException;
|
||||||
import org.cryptonode.jncryptor.JNCryptor;
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.context.annotation.Lazy;
|
import org.springframework.context.annotation.Lazy;
|
||||||
|
@ -29,47 +23,26 @@ import org.springframework.stereotype.Component;
|
||||||
import ch.ethz.seb.sebserver.gbl.Constants;
|
import ch.ethz.seb.sebserver.gbl.Constants;
|
||||||
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||||
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
import ch.ethz.seb.sebserver.gbl.util.Utils;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigCryptor;
|
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigEncryptionContext;
|
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.SEBConfigEncryptionService.Strategy;
|
|
||||||
|
|
||||||
@Lazy
|
@Lazy
|
||||||
@Component
|
@Component
|
||||||
@WebServiceProfile
|
@WebServiceProfile
|
||||||
public class PasswordEncryptor implements SEBConfigCryptor {
|
public class PasswordEncryptor {
|
||||||
|
|
||||||
private static final Logger log = LoggerFactory.getLogger(PasswordEncryptor.class);
|
private static final Logger log = LoggerFactory.getLogger(PasswordEncryptor.class);
|
||||||
|
|
||||||
private static final Set<Strategy> STRATEGIES = Utils.immutableSetOf(
|
|
||||||
Strategy.PASSWORD_PSWD,
|
|
||||||
Strategy.PASSWORD_PWCC);
|
|
||||||
|
|
||||||
private final JNCryptor cryptor;
|
|
||||||
|
|
||||||
protected PasswordEncryptor(final JNCryptor cryptor) {
|
|
||||||
this.cryptor = cryptor;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Set<Strategy> strategies() {
|
|
||||||
return STRATEGIES;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void encrypt(
|
public void encrypt(
|
||||||
final OutputStream output,
|
final OutputStream output,
|
||||||
final InputStream input,
|
final InputStream input,
|
||||||
final SEBConfigEncryptionContext context) {
|
final CharSequence password) {
|
||||||
|
|
||||||
if (log.isDebugEnabled()) {
|
if (log.isDebugEnabled()) {
|
||||||
log.debug("*** Start streaming asynchronous encryption");
|
log.debug("*** Start streaming asynchronous password encryption");
|
||||||
}
|
}
|
||||||
|
|
||||||
OutputStream encryptOutput = null;
|
OutputStream encryptOutput = null;
|
||||||
try {
|
try {
|
||||||
|
|
||||||
final CharSequence password = context.getPassword();
|
|
||||||
|
|
||||||
if (password.length() == 0) {
|
if (password.length() == 0) {
|
||||||
encryptOutput = new AES256JNCryptorOutputStreamEmptyPwdSupport(
|
encryptOutput = new AES256JNCryptorOutputStreamEmptyPwdSupport(
|
||||||
output,
|
output,
|
||||||
|
@ -105,79 +78,4 @@ public class PasswordEncryptor implements SEBConfigCryptor {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
|
||||||
public void decrypt(
|
|
||||||
final OutputStream output,
|
|
||||||
final InputStream input,
|
|
||||||
final SEBConfigEncryptionContext context) {
|
|
||||||
|
|
||||||
final CharSequence password = context.getPassword();
|
|
||||||
|
|
||||||
try {
|
|
||||||
final byte[] version = new byte[Constants.JN_CRYPTOR_VERSION_HEADER_SIZE];
|
|
||||||
final int read = input.read(version);
|
|
||||||
if (read != Constants.JN_CRYPTOR_VERSION_HEADER_SIZE) {
|
|
||||||
throw new IllegalArgumentException("Failed to verify RNCrypt version from input stream file header.");
|
|
||||||
}
|
|
||||||
|
|
||||||
final SequenceInputStream sequenceInputStream = new SequenceInputStream(
|
|
||||||
new ByteArrayInputStream(version),
|
|
||||||
input);
|
|
||||||
|
|
||||||
if (version[0] == 3) {
|
|
||||||
|
|
||||||
if (log.isDebugEnabled()) {
|
|
||||||
log.debug("*** Start streaming asynchronous decryption");
|
|
||||||
}
|
|
||||||
|
|
||||||
AES256JNCryptorInputStream encryptInput = null;
|
|
||||||
try {
|
|
||||||
|
|
||||||
encryptInput = new AES256JNCryptorInputStream(
|
|
||||||
sequenceInputStream,
|
|
||||||
Utils.toCharArray(password));
|
|
||||||
|
|
||||||
IOUtils.copyLarge(encryptInput, output);
|
|
||||||
|
|
||||||
} catch (final IOException e) {
|
|
||||||
log.error("Error while trying to read/write form/to streams: ", e);
|
|
||||||
} finally {
|
|
||||||
IOUtils.closeQuietly(encryptInput);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// AES256JNCryptorInputStream supports only decryption of AES256 version 3 encrypted data
|
|
||||||
// Workaround: stop streaming and use AES256JNCryptor which supports both, version 2 and 3
|
|
||||||
log.info("Trying to decrypt with AES256JNCryptor by load all data into memory...");
|
|
||||||
|
|
||||||
try {
|
|
||||||
|
|
||||||
final ByteArrayOutputStream out = new ByteArrayOutputStream();
|
|
||||||
IOUtils.copy(sequenceInputStream, out);
|
|
||||||
final byte[] ciphertext = out.toByteArray();
|
|
||||||
|
|
||||||
//cryptor.setPBKDFIterations(Constants.JN_CRYPTOR_ITERATIONS);
|
|
||||||
final byte[] decryptData = this.cryptor.decryptData(ciphertext, Utils.toCharArray(password));
|
|
||||||
final ByteArrayInputStream decryptedIn = new ByteArrayInputStream(decryptData);
|
|
||||||
IOUtils.copyLarge(decryptedIn, output);
|
|
||||||
|
|
||||||
} catch (final IOException | CryptorException e) {
|
|
||||||
log.error("Error while trying to none-streaming decrypt: ", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (final IOException e) {
|
|
||||||
log.error("Unexpected error while decryption: ", e);
|
|
||||||
} finally {
|
|
||||||
try {
|
|
||||||
output.flush();
|
|
||||||
output.close();
|
|
||||||
} catch (final IOException e) {
|
|
||||||
log.error("Failed to close streams");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (log.isDebugEnabled()) {
|
|
||||||
log.debug("*** Finish streaming asynchronous decryption");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,6 @@ import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.concurrent.Future;
|
import java.util.concurrent.Future;
|
||||||
import java.util.function.Function;
|
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import org.apache.commons.io.IOUtils;
|
import org.apache.commons.io.IOUtils;
|
||||||
|
@ -74,7 +73,7 @@ public final class SEBConfigEncryptionServiceImpl implements SEBConfigEncryption
|
||||||
pin = new PipedInputStream(pout);
|
pin = new PipedInputStream(pout);
|
||||||
|
|
||||||
if (log.isDebugEnabled()) {
|
if (log.isDebugEnabled()) {
|
||||||
log.debug("Password encryption with strategy: {}", strategy);
|
log.debug("Encryption with strategy: {}", strategy);
|
||||||
}
|
}
|
||||||
|
|
||||||
output.write(strategy.header);
|
output.write(strategy.header);
|
||||||
|
@ -193,16 +192,16 @@ public final class SEBConfigEncryptionServiceImpl implements SEBConfigEncryption
|
||||||
|
|
||||||
public final Strategy strategy;
|
public final Strategy strategy;
|
||||||
public final CharSequence password;
|
public final CharSequence password;
|
||||||
public final Function<CharSequence, Certificate> certificateStore;
|
public final Certificate certificate;
|
||||||
|
|
||||||
private EncryptionContext(
|
private EncryptionContext(
|
||||||
final Strategy strategy,
|
final Strategy strategy,
|
||||||
final CharSequence password,
|
final CharSequence password,
|
||||||
final Function<CharSequence, Certificate> certificateStore) {
|
final Certificate certificate) {
|
||||||
|
|
||||||
this.strategy = strategy;
|
this.strategy = strategy;
|
||||||
this.password = password;
|
this.password = password;
|
||||||
this.certificateStore = certificateStore;
|
this.certificate = certificate;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -216,24 +215,24 @@ public final class SEBConfigEncryptionServiceImpl implements SEBConfigEncryption
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Certificate getCertificate(final CharSequence key) {
|
public Certificate getCertificate() {
|
||||||
if (this.certificateStore == null) {
|
return this.certificate;
|
||||||
throw new UnsupportedOperationException();
|
|
||||||
}
|
|
||||||
return this.certificateStore.apply(key);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static SEBConfigEncryptionContext contextOf(final Strategy strategy, final CharSequence password) {
|
static SEBConfigEncryptionContext contextOf(
|
||||||
|
final Strategy strategy,
|
||||||
|
final CharSequence password) {
|
||||||
|
|
||||||
checkPasswordBased(strategy);
|
checkPasswordBased(strategy);
|
||||||
return new EncryptionContext(strategy, password, null);
|
return new EncryptionContext(strategy, password, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
static SEBConfigEncryptionContext contextOf(
|
static SEBConfigEncryptionContext contextOf(
|
||||||
final Strategy strategy,
|
final Strategy strategy,
|
||||||
final Function<CharSequence, Certificate> certificateStore) {
|
final Certificate certificate) {
|
||||||
|
|
||||||
checkCertificateBased(strategy);
|
checkCertificateBased(strategy);
|
||||||
return new EncryptionContext(strategy, null, certificateStore);
|
return new EncryptionContext(strategy, null, certificate);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void checkPasswordBased(final Strategy strategy) {
|
static void checkPasswordBased(final Strategy strategy) {
|
||||||
|
|
|
@ -307,7 +307,10 @@ public class JitsiProctoringService implements ExamProctoringService {
|
||||||
.build()
|
.build()
|
||||||
.getHost();
|
.getHost();
|
||||||
|
|
||||||
final CharSequence decryptedSecret = this.cryptor.decrypt(appSecret);
|
final CharSequence decryptedSecret = this.cryptor
|
||||||
|
.decrypt(appSecret)
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
final String token = internalCreateAccessToken(
|
final String token = internalCreateAccessToken(
|
||||||
appKey,
|
appKey,
|
||||||
decryptedSecret,
|
decryptedSecret,
|
||||||
|
|
|
@ -159,7 +159,9 @@ public class ZoomProctoringService implements ExamProctoringService {
|
||||||
|
|
||||||
final ClientCredentials credentials = new ClientCredentials(
|
final ClientCredentials credentials = new ClientCredentials(
|
||||||
proctoringSettings.appKey,
|
proctoringSettings.appKey,
|
||||||
this.cryptor.encrypt(proctoringSettings.appSecret));
|
this.cryptor
|
||||||
|
.encrypt(proctoringSettings.appSecret)
|
||||||
|
.getOrThrow());
|
||||||
|
|
||||||
final ResponseEntity<String> result = this.zoomRestTemplate
|
final ResponseEntity<String> result = this.zoomRestTemplate
|
||||||
.testServiceConnection(
|
.testServiceConnection(
|
||||||
|
@ -182,7 +184,9 @@ public class ZoomProctoringService implements ExamProctoringService {
|
||||||
proctoringSettings.serverURL,
|
proctoringSettings.serverURL,
|
||||||
proctoringSettings.collectingRoomSize,
|
proctoringSettings.collectingRoomSize,
|
||||||
proctoringSettings.appKey,
|
proctoringSettings.appKey,
|
||||||
this.cryptor.encrypt(proctoringSettings.appSecret));
|
this.cryptor
|
||||||
|
.encrypt(proctoringSettings.appSecret)
|
||||||
|
.getOrThrow());
|
||||||
|
|
||||||
disposeServiceRoomsForExam(
|
disposeServiceRoomsForExam(
|
||||||
proctoringSettings.examId,
|
proctoringSettings.examId,
|
||||||
|
@ -511,7 +515,10 @@ public class ZoomProctoringService implements ExamProctoringService {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
||||||
final CharSequence decryptedSecret = this.cryptor.decrypt(credentials.secret);
|
final CharSequence decryptedSecret = this.cryptor
|
||||||
|
.decrypt(credentials.secret)
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
final StringBuilder builder = new StringBuilder();
|
final StringBuilder builder = new StringBuilder();
|
||||||
final Encoder urlEncoder = Base64.getUrlEncoder().withoutPadding();
|
final Encoder urlEncoder = Base64.getUrlEncoder().withoutPadding();
|
||||||
|
|
||||||
|
@ -551,7 +558,9 @@ public class ZoomProctoringService implements ExamProctoringService {
|
||||||
try {
|
try {
|
||||||
final String apiKey = credentials.clientIdAsString();
|
final String apiKey = credentials.clientIdAsString();
|
||||||
final int status = host ? 1 : 0;
|
final int status = host ? 1 : 0;
|
||||||
final CharSequence decryptedSecret = this.cryptor.decrypt(credentials.secret);
|
final CharSequence decryptedSecret = this.cryptor
|
||||||
|
.decrypt(credentials.secret)
|
||||||
|
.getOrThrow();
|
||||||
|
|
||||||
final Mac hasher = Mac.getInstance("HmacSHA256");
|
final Mac hasher = Mac.getInstance("HmacSHA256");
|
||||||
final String ts = Long.toString(System.currentTimeMillis() - 30000);
|
final String ts = Long.toString(System.currentTimeMillis() - 30000);
|
||||||
|
|
|
@ -215,7 +215,12 @@ public class CertificateController {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
inputStream = new BufferedInputStream(request.getInputStream());
|
inputStream = new BufferedInputStream(request.getInputStream());
|
||||||
return this.certificateService.addCertificate(institutionId, certificateFileType, alias, inputStream)
|
return this.certificateService.addCertificate(
|
||||||
|
institutionId,
|
||||||
|
certificateFileType,
|
||||||
|
alias,
|
||||||
|
password,
|
||||||
|
inputStream)
|
||||||
.flatMap(certData -> this.userActivityLogDAO.log(UserLogActivityType.IMPORT, certData))
|
.flatMap(certData -> this.userActivityLogDAO.log(UserLogActivityType.IMPORT, certData))
|
||||||
.getOrThrow();
|
.getOrThrow();
|
||||||
|
|
||||||
|
@ -229,7 +234,6 @@ public class CertificateController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@RequestMapping(
|
@RequestMapping(
|
||||||
path = API.CERTIFICATE_ALIAS_VAR_PATH_SEGMENT,
|
|
||||||
method = RequestMethod.DELETE,
|
method = RequestMethod.DELETE,
|
||||||
consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
|
consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
|
||||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||||
|
|
|
@ -39,6 +39,7 @@ import ch.ethz.seb.sebserver.gbl.api.APIMessage;
|
||||||
import ch.ethz.seb.sebserver.gbl.api.POSTMapper;
|
import ch.ethz.seb.sebserver.gbl.api.POSTMapper;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.Domain;
|
import ch.ethz.seb.sebserver.gbl.model.Domain;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.Domain.EXAM;
|
import ch.ethz.seb.sebserver.gbl.model.Domain.EXAM;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.model.Entity;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.sebconfig.SEBClientConfig;
|
import ch.ethz.seb.sebserver.gbl.model.sebconfig.SEBClientConfig;
|
||||||
import ch.ethz.seb.sebserver.gbl.model.user.PasswordChange;
|
import ch.ethz.seb.sebserver.gbl.model.user.PasswordChange;
|
||||||
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
|
||||||
|
@ -46,6 +47,7 @@ import ch.ethz.seb.sebserver.gbl.util.Result;
|
||||||
import ch.ethz.seb.sebserver.webservice.datalayer.batis.mapper.SebClientConfigRecordDynamicSqlSupport;
|
import ch.ethz.seb.sebserver.webservice.datalayer.batis.mapper.SebClientConfigRecordDynamicSqlSupport;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.PaginationService;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.PaginationService;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.AuthorizationService;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.AuthorizationService;
|
||||||
|
import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.UserService;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.bulkaction.BulkActionService;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.bulkaction.BulkActionService;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.SEBClientConfigDAO;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.SEBClientConfigDAO;
|
||||||
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.UserActivityLogDAO;
|
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.UserActivityLogDAO;
|
||||||
|
@ -85,9 +87,15 @@ public class SEBClientConfigController extends ActivatableEntityController<SEBCl
|
||||||
produces = MediaType.APPLICATION_OCTET_STREAM_VALUE)
|
produces = MediaType.APPLICATION_OCTET_STREAM_VALUE)
|
||||||
public void downloadSEBConfig(
|
public void downloadSEBConfig(
|
||||||
@PathVariable final String modelId,
|
@PathVariable final String modelId,
|
||||||
|
@RequestParam(
|
||||||
|
name = Entity.FILTER_ATTR_INSTITUTION,
|
||||||
|
required = true,
|
||||||
|
defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId,
|
||||||
@RequestParam(name = EXAM.ATTR_ID, required = false) final Long examId,
|
@RequestParam(name = EXAM.ATTR_ID, required = false) final Long examId,
|
||||||
final HttpServletResponse response) throws IOException {
|
final HttpServletResponse response) throws IOException {
|
||||||
|
|
||||||
|
checkReadPrivilege(institutionId);
|
||||||
|
|
||||||
this.entityDAO.byModelId(modelId)
|
this.entityDAO.byModelId(modelId)
|
||||||
.flatMap(this.authorization::checkWrite)
|
.flatMap(this.authorization::checkWrite)
|
||||||
.map(this.userActivityLogDAO::logExport);
|
.map(this.userActivityLogDAO::logExport);
|
||||||
|
|
|
@ -119,7 +119,13 @@ public class ModelObjectJSONGenerator {
|
||||||
VDIType.NO, null, null, null,
|
VDIType.NO, null, null, null,
|
||||||
true, "fallbackStartURL", 20000L, (short) 3, (short) 1000, "fallbackPassword",
|
true, "fallbackStartURL", 20000L, (short) 3, (short) 1000, "fallbackPassword",
|
||||||
"fallbackPasswordConfirm",
|
"fallbackPasswordConfirm",
|
||||||
"quitPassword", "quitPasswordConfirm", DateTime.now(), "encryptSecret", "encryptSecretConfirm", true);
|
"quitPassword",
|
||||||
|
"quitPasswordConfirm",
|
||||||
|
DateTime.now(),
|
||||||
|
"encryptSecret",
|
||||||
|
"encryptSecretConfirm",
|
||||||
|
"certAlias",
|
||||||
|
true);
|
||||||
System.out.println(domainObject.getClass().getSimpleName() + ":");
|
System.out.println(domainObject.getClass().getSimpleName() + ":");
|
||||||
System.out.println(writerWithDefaultPrettyPrinter.writeValueAsString(domainObject));
|
System.out.println(writerWithDefaultPrettyPrinter.writeValueAsString(domainObject));
|
||||||
|
|
||||||
|
|
|
@ -21,16 +21,16 @@ public class CryptorTest {
|
||||||
public void testEncryptDecrypt() {
|
public void testEncryptDecrypt() {
|
||||||
final String clientName = "simpleClientName";
|
final String clientName = "simpleClientName";
|
||||||
String encrypted =
|
String encrypted =
|
||||||
Cryptor.encrypt(clientName, "secret1").toString();
|
Cryptor.encrypt(clientName, "secret1").getOrThrow().toString();
|
||||||
String decrypted = Cryptor.decrypt(encrypted, "secret1").toString();
|
String decrypted = Cryptor.decrypt(encrypted, "secret1").getOrThrow().toString();
|
||||||
|
|
||||||
assertEquals(clientName, decrypted);
|
assertEquals(clientName, decrypted);
|
||||||
|
|
||||||
final String clientSecret = "fbjreij39ru29305ruࣣàèLöäöäü65%(/%(ç87";
|
final String clientSecret = "fbjreij39ru29305ruࣣàèLöäöäü65%(/%(ç87";
|
||||||
|
|
||||||
encrypted =
|
encrypted =
|
||||||
Cryptor.encrypt(clientSecret, "secret1").toString();
|
Cryptor.encrypt(clientSecret, "secret1").getOrThrow().toString();
|
||||||
decrypted = Cryptor.decrypt(encrypted, "secret1").toString();
|
decrypted = Cryptor.decrypt(encrypted, "secret1").getOrThrow().toString();
|
||||||
|
|
||||||
assertEquals(clientSecret, decrypted);
|
assertEquals(clientSecret, decrypted);
|
||||||
}
|
}
|
||||||
|
@ -45,16 +45,16 @@ public class CryptorTest {
|
||||||
final String clientName = "simpleClientName";
|
final String clientName = "simpleClientName";
|
||||||
|
|
||||||
String encrypted =
|
String encrypted =
|
||||||
cryptor.encrypt(clientName).toString();
|
cryptor.encrypt(clientName).getOrThrow().toString();
|
||||||
String decrypted = cryptor.decrypt(encrypted).toString();
|
String decrypted = cryptor.decrypt(encrypted).getOrThrow().toString();
|
||||||
|
|
||||||
assertEquals(clientName, decrypted);
|
assertEquals(clientName, decrypted);
|
||||||
|
|
||||||
final String clientSecret = "fbjreij39ru29305ruࣣàèLöäöäü65%(/%(ç87";
|
final String clientSecret = "fbjreij39ru29305ruࣣàèLöäöäü65%(/%(ç87";
|
||||||
|
|
||||||
encrypted =
|
encrypted =
|
||||||
cryptor.encrypt(clientSecret).toString();
|
cryptor.encrypt(clientSecret).getOrThrow().toString();
|
||||||
decrypted = cryptor.decrypt(encrypted).toString();
|
decrypted = cryptor.decrypt(encrypted).getOrThrow().toString();
|
||||||
|
|
||||||
assertEquals(clientSecret, decrypted);
|
assertEquals(clientSecret, decrypted);
|
||||||
}
|
}
|
||||||
|
|
|
@ -124,6 +124,7 @@ public class ClientConfigTest extends GuiIntegrationTest {
|
||||||
null,
|
null,
|
||||||
"password",
|
"password",
|
||||||
null,
|
null,
|
||||||
|
"certAlias",
|
||||||
null))
|
null))
|
||||||
.call();
|
.call();
|
||||||
|
|
||||||
|
@ -153,6 +154,7 @@ public class ClientConfigTest extends GuiIntegrationTest {
|
||||||
null,
|
null,
|
||||||
"password",
|
"password",
|
||||||
"password",
|
"password",
|
||||||
|
"certAlias",
|
||||||
null))
|
null))
|
||||||
.call()
|
.call()
|
||||||
.getOrThrow();
|
.getOrThrow();
|
||||||
|
|
|
@ -2124,7 +2124,7 @@ public class UseCasesIntegrationTest extends GuiIntegrationTest {
|
||||||
try {
|
try {
|
||||||
new SEBClientBot(
|
new SEBClientBot(
|
||||||
credentials.clientIdAsString(),
|
credentials.clientIdAsString(),
|
||||||
this.cryptor.decrypt(credentials.secret).toString(),
|
this.cryptor.decrypt(credentials.secret).getOrThrow().toString(),
|
||||||
exam.getModelId(),
|
exam.getModelId(),
|
||||||
String.valueOf(exam.institutionId));
|
String.valueOf(exam.institutionId));
|
||||||
Thread.sleep(1000);
|
Thread.sleep(1000);
|
||||||
|
|
|
@ -65,7 +65,9 @@ public class PasswordEncryptorTest {
|
||||||
@Test
|
@Test
|
||||||
public void test2() throws IOException {
|
public void test2() throws IOException {
|
||||||
final JNCryptor cryptor = new AES256JNCryptor();
|
final JNCryptor cryptor = new AES256JNCryptor();
|
||||||
final PasswordEncryptor encryptor = new PasswordEncryptor(cryptor);
|
final PasswordCryptor encryptor = new PasswordCryptor(
|
||||||
|
new PasswordEncryptor(),
|
||||||
|
new PasswordDecryptor(cryptor));
|
||||||
|
|
||||||
final String config = "<TestConfig></TestConfig>";
|
final String config = "<TestConfig></TestConfig>";
|
||||||
final String pwd = "password";
|
final String pwd = "password";
|
||||||
|
|
|
@ -99,7 +99,9 @@ public class SebConfigEncryptionServiceImplTest {
|
||||||
private SEBConfigEncryptionServiceImpl sebConfigEncryptionServiceImpl() {
|
private SEBConfigEncryptionServiceImpl sebConfigEncryptionServiceImpl() {
|
||||||
final JNCryptor cryptor = new AES256JNCryptor();
|
final JNCryptor cryptor = new AES256JNCryptor();
|
||||||
final List<SEBConfigCryptor> encryptors = Arrays.asList(
|
final List<SEBConfigCryptor> encryptors = Arrays.asList(
|
||||||
new PasswordEncryptor(cryptor),
|
new PasswordCryptor(
|
||||||
|
new PasswordEncryptor(),
|
||||||
|
new PasswordDecryptor(cryptor)),
|
||||||
new NoneEncryptor());
|
new NoneEncryptor());
|
||||||
return new SEBConfigEncryptionServiceImpl(encryptors);
|
return new SEBConfigEncryptionServiceImpl(encryptors);
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,13 +19,14 @@ import org.mockito.Mockito;
|
||||||
|
|
||||||
import ch.ethz.seb.sebserver.gbl.model.exam.ProctoringRoomConnection;
|
import ch.ethz.seb.sebserver.gbl.model.exam.ProctoringRoomConnection;
|
||||||
import ch.ethz.seb.sebserver.gbl.util.Cryptor;
|
import ch.ethz.seb.sebserver.gbl.util.Cryptor;
|
||||||
|
import ch.ethz.seb.sebserver.gbl.util.Result;
|
||||||
|
|
||||||
public class ExamJITSIProctoringServiceTest {
|
public class ExamJITSIProctoringServiceTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testTokenPayload() throws InvalidKeyException, NoSuchAlgorithmException {
|
public void testTokenPayload() throws InvalidKeyException, NoSuchAlgorithmException {
|
||||||
final Cryptor cryptorMock = Mockito.mock(Cryptor.class);
|
final Cryptor cryptorMock = Mockito.mock(Cryptor.class);
|
||||||
Mockito.when(cryptorMock.decrypt(Mockito.any())).thenReturn("fbvgeghergrgrthrehreg123");
|
Mockito.when(cryptorMock.decrypt(Mockito.any())).thenReturn(Result.of("fbvgeghergrgrthrehreg123"));
|
||||||
final JitsiProctoringService examJITSIProctoringService =
|
final JitsiProctoringService examJITSIProctoringService =
|
||||||
new JitsiProctoringService(null, null, cryptorMock, null);
|
new JitsiProctoringService(null, null, cryptorMock, null);
|
||||||
|
|
||||||
|
@ -59,7 +60,7 @@ public class ExamJITSIProctoringServiceTest {
|
||||||
@Test
|
@Test
|
||||||
public void testCreateProctoringURL() {
|
public void testCreateProctoringURL() {
|
||||||
final Cryptor cryptorMock = Mockito.mock(Cryptor.class);
|
final Cryptor cryptorMock = Mockito.mock(Cryptor.class);
|
||||||
Mockito.when(cryptorMock.decrypt(Mockito.any())).thenReturn("fbvgeghergrgrthrehreg123");
|
Mockito.when(cryptorMock.decrypt(Mockito.any())).thenReturn(Result.of("fbvgeghergrgrthrehreg123"));
|
||||||
final JitsiProctoringService examJITSIProctoringService =
|
final JitsiProctoringService examJITSIProctoringService =
|
||||||
new JitsiProctoringService(null, null, cryptorMock, null);
|
new JitsiProctoringService(null, null, cryptorMock, null);
|
||||||
final ProctoringRoomConnection data = examJITSIProctoringService.createProctoringConnection(
|
final ProctoringRoomConnection data = examJITSIProctoringService.createProctoringConnection(
|
||||||
|
|
Loading…
Reference in a new issue