SEBSERV-335 encrypted ASK with no added salt expected
This commit is contained in:
anhefti
parent
a078d1d421
commit
715c28d835
3 changed files with 39 additions and 7 deletions
|
|
@ -66,7 +66,10 @@ public interface SecurityKeyService {
|
|||
* @param appSignatureKey The encrypted App Signature Key sent by a SEB client
|
||||
* @param connectionToken The connection token of the SEB client connection
|
||||
* @return Result refer to the App Signature Key hash for given App Signature Key or to an error when happened */
|
||||
Result<String> getAppSignatureKeyHash(String appSignatureKey, String connectionToken);
|
||||
Result<String> getAppSignatureKeyHash(
|
||||
String appSignatureKey,
|
||||
String connectionToken,
|
||||
CharSequence salt);
|
||||
|
||||
/** Use this to update an App Signature Key grant for a particular SEB connection. This will
|
||||
* apply the security check again and mark the connection regarding to the security check.
|
||||
|
|
|
|||
|
|
@ -167,14 +167,25 @@ public class SecurityKeyServiceImpl implements SecurityKeyService {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Result<String> getAppSignatureKeyHash(final String appSignatureKey, final String connectionToken) {
|
||||
public Result<String> getAppSignatureKeyHash(
|
||||
final String appSignatureKey,
|
||||
final String connectionToken,
|
||||
final CharSequence salt) {
|
||||
|
||||
if (StringUtils.isBlank(appSignatureKey)) {
|
||||
return Result.ofEmpty();
|
||||
}
|
||||
|
||||
// TODO if certificate encryption is available check if exam has defined certificate for decryption
|
||||
|
||||
return Cryptor.decrypt(appSignatureKey, connectionToken)
|
||||
return Cryptor
|
||||
.decrypt(appSignatureKey + salt, connectionToken)
|
||||
.onErrorDo(error -> {
|
||||
log.warn(
|
||||
"Failed to decrypt ASK with added salt value. Try to decrypt without added salt. Error: {}",
|
||||
error.getMessage());
|
||||
return Cryptor.decrypt(appSignatureKey, connectionToken).get();
|
||||
})
|
||||
.map(signature -> createSignatureHash(signature));
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -278,7 +278,10 @@ public class SEBClientConnectionServiceImpl implements SEBClientConnectionServic
|
|||
null,
|
||||
null,
|
||||
null,
|
||||
getSignatureHash(appSignatureKey, connectionToken)))
|
||||
getSignatureHash(
|
||||
appSignatureKey,
|
||||
connectionToken,
|
||||
clientConnection.examId != null ? clientConnection.examId : examId)))
|
||||
.getOrThrow();
|
||||
|
||||
// initialize distributed indicator value caches if possible and needed
|
||||
|
|
@ -400,7 +403,10 @@ public class SEBClientConnectionServiceImpl implements SEBClientConnectionServic
|
|||
null,
|
||||
proctoringEnabled,
|
||||
null,
|
||||
getSignatureHash(appSignatureKey, connectionToken));
|
||||
getSignatureHash(
|
||||
appSignatureKey,
|
||||
connectionToken,
|
||||
clientConnection.examId != null ? clientConnection.examId : examId));
|
||||
|
||||
// ClientConnection integrity check
|
||||
// institutionId, connectionToken and clientAddress must be set
|
||||
|
|
@ -813,9 +819,21 @@ public class SEBClientConnectionServiceImpl implements SEBClientConnectionServic
|
|||
return this.examSessionService.getConnectionDataInternal(connectionToken);
|
||||
}
|
||||
|
||||
private String getSignatureHash(final String appSignatureKey, final String connectionToken) {
|
||||
private String getSignatureHash(
|
||||
final String appSignatureKey,
|
||||
final String connectionToken,
|
||||
final Long examId) {
|
||||
|
||||
if (examId == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
final String salt = this.examSessionService
|
||||
.getAppSignatureKeySalt(examId)
|
||||
.getOr(null);
|
||||
|
||||
return this.securityKeyService
|
||||
.getAppSignatureKeyHash(appSignatureKey, connectionToken)
|
||||
.getAppSignatureKeyHash(appSignatureKey, connectionToken, salt)
|
||||
.onError(error -> log.error("Failed to get hash signature from sent app signature key: ", error))
|
||||
.getOr(null);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue