List of usage examples for org.bouncycastle.crypto.agreement.srp SRP6Server generateServerCredentials
public BigInteger generateServerCredentials()
From source file:com.aelitis.azureus.core.pairing.impl.PairingManagerTunnelHandler.java
License:Open Source License
private void start() { synchronized (this) { if (started) { return; }/*from www . jav a 2s .c o m*/ started = true; } N_3072 = fromHex("FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08" + "8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B" + "302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9" + "A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6" + "49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8" + "FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D" + "670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B E39E772C" + "180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9 DE2BCBF6 95581718" + "3995497C EA956AE5 15D22618 98FA0510 15728E5A 8AAAC42D AD33170D" + "04507A33 A85521AB DF1CBA64 ECFB8504 58DBEF0A 8AEA7157 5D060C7D" + "B3970F85 A6E1E4C7 ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226" + "1AD2EE6B F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C" + "BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC" + "E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF"); G_3072 = BigInteger.valueOf(5); try { PluginInterface dht_pi = core.getPluginManager().getPluginInterfaceByClass(DHTPlugin.class); if (dht_pi == null) { throw (new Exception("DHT Plugin not found")); } DHTPlugin dht_plugin = (DHTPlugin) dht_pi.getPlugin(); if (!dht_plugin.isEnabled()) { throw (new Exception("DHT Plugin is disabled")); } DHT[] dhts = dht_plugin.getDHTs(); List<DHTNATPuncher> punchers = new ArrayList<DHTNATPuncher>(); for (DHT dht : dhts) { int net = dht.getTransport().getNetwork(); if (net == DHT.NW_MAIN) { DHTNATPuncher primary_puncher = dht.getNATPuncher(); if (primary_puncher != null) { punchers.add(primary_puncher); nat_punchers_ipv4.add(primary_puncher); for (int i = 1; i <= 2; i++) { DHTNATPuncher puncher = primary_puncher.getSecondaryPuncher(); punchers.add(puncher); nat_punchers_ipv4.add(puncher); } } } else if (net == DHT.NW_MAIN_V6) { /* * no point in this atm as we don't support v6 tunnels DHTNATPuncher puncher = dht.getNATPuncher(); if ( puncher != null ){ punchers.add( puncher ); nat_punchers_ipv6.add( puncher ); puncher = puncher.getSecondaryPuncher(); punchers.add( puncher ); nat_punchers_ipv6.add( puncher ); } */ } } if (punchers.size() == 0) { throw (new Exception("No suitable DHT instances available")); } for (DHTNATPuncher p : punchers) { p.forceActive(true); p.addListener(new DHTNATPuncherListener() { public void rendezvousChanged(DHTTransportContact rendezvous) { System.out.println("active: " + rendezvous.getString()); synchronized (PairingManagerTunnelHandler.this) { if (update_event == null) { update_event = SimpleTimer.addEvent("PMT:defer", SystemTime.getOffsetTime(15 * 1000), new TimerEventPerformer() { public void perform(TimerEvent event) { synchronized (PairingManagerTunnelHandler.this) { update_event = null; } System.out.println(" updating"); manager.updateNeeded(); }; }); } } } }); } core.getNATTraverser().registerHandler(new NATTraversalHandler() { private Map<Long, Object[]> server_map = new LinkedHashMap<Long, Object[]>(10, 0.75f, true) { protected boolean removeEldestEntry(Map.Entry<Long, Object[]> eldest) { return size() > 10; } }; public int getType() { return (NATTraverser.TRAVERSE_REASON_PAIR_TUNNEL); } public String getName() { return ("Pairing Tunnel"); } public Map process(InetSocketAddress originator, Map data) { if (SRP_VERIFIER == null || !active) { return (null); } boolean good_request = false; try { Map result = new HashMap(); Long session = (Long) data.get("sid"); if (session == null) { return (null); } InetAddress tunnel_originator; try { tunnel_originator = InetAddress.getByAddress((byte[]) data.get("origin")); } catch (Throwable e) { Debug.out("originator decode failed: " + data); return (null); } System.out.println("PairManagerTunnelHander: incoming message - session=" + session + ", payload=" + data + " from " + tunnel_originator + " via " + originator); SRP6Server server; BigInteger B; synchronized (server_map) { Object[] entry = server_map.get(session); if (entry == null) { long diff = SystemTime.getMonotonousTime() - last_server_create_time; if (diff < 5000) { try { long sleep = 5000 - diff; System.out.println("Sleeping for " + sleep + " before starting srp"); Thread.sleep(sleep); } catch (Throwable e) { } } server = new SRP6Server(); server.init(N_3072, G_3072, SRP_VERIFIER, new SHA256Digest(), RandomUtils.SECURE_RANDOM); B = server.generateServerCredentials(); server_map.put(session, new Object[] { server, B }); last_server_create_time = SystemTime.getMonotonousTime(); total_servers++; } else { server = (SRP6Server) entry[0]; B = (BigInteger) entry[1]; } } Long op = (Long) data.get("op"); if (op == 1) { result.put("op", 2); result.put("s", SRP_SALT); result.put("b", B.toByteArray()); good_request = true; if (data.containsKey("test")) { manager.recordRequest("SRP Test", originator.getAddress().getHostAddress(), true); } } else if (op == 3) { boolean log_error = true; try { long diff = SystemTime.getMonotonousTime() - last_server_agree_time; if (diff < 5000) { try { long sleep = 5000 - diff; System.out.println("Sleeping for " + sleep + " before completing srp"); Thread.sleep(sleep); } catch (Throwable e) { } } BigInteger A = new BigInteger((byte[]) data.get("a")); BigInteger serverS = server.calculateSecret(A); byte[] shared_secret = serverS.toByteArray(); Cipher decipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); byte[] key = new byte[16]; System.arraycopy(shared_secret, 0, key, 0, 16); SecretKeySpec secret = new SecretKeySpec(key, "AES"); decipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec((byte[]) data.get("enc_iv"))); byte[] dec = decipher.doFinal((byte[]) data.get("enc_data")); String json_str = new String(dec, "UTF-8"); if (!json_str.startsWith("{")) { log_error = false; throw (new Exception("decode failed")); } JSONObject dec_json = (JSONObject) JSONUtils.decodeJSON(json_str); String tunnel_url = (String) dec_json.get("url"); String service_id = new String((byte[]) data.get("service"), "UTF-8"); String endpoint_url = (String) dec_json.get("endpoint"); boolean ok = createTunnel(tunnel_originator, session, service_id, secret, tunnel_url, endpoint_url); result.put("op", 4); result.put("status", ok ? "ok" : "failed"); good_request = true; } catch (Throwable e) { result.put("op", 4); result.put("status", "failed"); // filter usual errors on bad agreement if (e instanceof BadPaddingException || e instanceof IllegalBlockSizeException) { log_error = false; } if (log_error) { e.printStackTrace(); } } finally { last_server_agree_time = SystemTime.getMonotonousTime(); } } return (result); } finally { if (!good_request) { manager.recordRequest("SRP", originator.getAddress().getHostAddress(), false); } } } }); SimpleTimer.addPeriodicEvent("pm:tunnel:stats", 30 * 1000, new TimerEventPerformer() { public void perform(TimerEvent event) { synchronized (tunnels) { if (tunnels.size() > 0) { System.out.println("PairTunnels: " + tunnels.size()); for (PairManagerTunnel t : tunnels.values()) { System.out.println("\t" + t.getString()); } } } } }); } catch (Throwable e) { Debug.out(e); init_fail = Debug.getNestedExceptionMessage(e); manager.updateSRPState(); } }
From source file:com.aelitis.azureus.core.pairing.impl.PairingManagerTunnelHandler.java
License:Open Source License
protected boolean handleLocalTunnel(TrackerWebPageRequest request, TrackerWebPageResponse response) throws IOException { start();/*from w w w .ja va 2 s . c o m*/ if (SRP_VERIFIER == null || !active) { throw (new IOException("Secure pairing is not enabled")); } boolean good_request = false; try { // remove /pairing/tunnel/ String url = request.getURL().substring(16); int q_pos = url.indexOf('?'); Map<String, String> args = new HashMap<String, String>(); if (q_pos != -1) { String args_str = url.substring(q_pos + 1); String[] bits = args_str.split("&"); for (String arg : bits) { String[] x = arg.split("="); if (x.length == 2) { args.put(x[0].toLowerCase(), x[1]); } } url = url.substring(0, q_pos); } if (url.startsWith("create")) { String ac = args.get("ac"); String sid = args.get("sid"); if (ac == null || sid == null) { throw (new IOException("Access code or service id missing")); } if (!ac.equals(manager.peekAccessCode())) { throw (new IOException("Invalid access code")); } PairedServiceImpl ps = manager.getService(sid); if (ps == null) { good_request = true; throw (new IOException("Service '" + sid + "' not registered")); } PairedServiceRequestHandler handler = ps.getHandler(); if (handler == null) { good_request = true; throw (new IOException("Service '" + sid + "' has no handler registered")); } JSONObject json = new JSONObject(); JSONObject result = new JSONObject(); json.put("result", result); byte[] ss = new byte[] { SRP_SALT[0], SRP_SALT[1], SRP_SALT[2], SRP_SALT[3] }; long tunnel_id = RandomUtils.nextSecureAbsoluteLong(); String tunnel_name = Base32.encode(ss) + "_" + tunnel_id; synchronized (local_server_map) { long diff = SystemTime.getMonotonousTime() - last_local_server_create_time; if (diff < 5000) { try { long sleep = 5000 - diff; System.out.println("Sleeping for " + sleep + " before starting srp"); Thread.sleep(sleep); } catch (Throwable e) { } } SRP6Server server = new SRP6Server(); server.init(N_3072, G_3072, SRP_VERIFIER, new SHA256Digest(), RandomUtils.SECURE_RANDOM); BigInteger B = server.generateServerCredentials(); local_server_map.put(tunnel_name, new Object[] { server, handler, null, null }); last_local_server_create_time = SystemTime.getMonotonousTime(); total_local_servers++; result.put("srp_salt", Base32.encode(SRP_SALT)); result.put("srp_b", Base32.encode(B.toByteArray())); Map<String, String> headers = request.getHeaders(); String host = headers.get("host"); // remove port number int pos = host.lastIndexOf("]"); if (pos != -1) { // ipv6 literal host = host.substring(0, pos + 1); } else { pos = host.indexOf(':'); if (pos != -1) { host = host.substring(0, pos); } } String abs_url = request.getAbsoluteURL().toString(); // unfortunately there is some nasty code that uses a configured tracker // address as the default host abs_url = UrlUtils.setHost(new URL(abs_url), host).toExternalForm(); pos = abs_url.indexOf("/create"); String tunnel_url = abs_url.substring(0, pos) + "/id/" + tunnel_name; result.put("url", tunnel_url); } response.getOutputStream().write(JSONUtils.encodeToJSON(json).getBytes("UTF-8")); response.setContentType("application/json; charset=UTF-8"); response.setGZIP(true); good_request = true; return (true); } else if (url.startsWith("id/")) { String tunnel_name = url.substring(3); Object[] entry; synchronized (local_server_map) { entry = local_server_map.get(tunnel_name); if (entry == null) { good_request = true; throw (new IOException("Unknown tunnel id")); } } String srp_a = args.get("srp_a"); String enc_data = args.get("enc_data"); String enc_iv = args.get("enc_iv"); if (srp_a != null && enc_data != null && enc_iv != null) { try { synchronized (local_server_map) { long diff = SystemTime.getMonotonousTime() - last_local_server_agree_time; if (diff < 5000) { try { long sleep = 5000 - diff; System.out.println("Sleeping for " + sleep + " before completing srp"); Thread.sleep(sleep); } catch (Throwable e) { } } } JSONObject json = new JSONObject(); JSONObject result = new JSONObject(); json.put("result", result); SRP6Server server = (SRP6Server) entry[0]; BigInteger A = new BigInteger(Base32.decode(srp_a)); BigInteger serverS = server.calculateSecret(A); byte[] shared_secret = serverS.toByteArray(); Cipher decipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); byte[] key = new byte[16]; System.arraycopy(shared_secret, 0, key, 0, 16); SecretKeySpec secret = new SecretKeySpec(key, "AES"); decipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(Base32.decode(enc_iv))); byte[] dec = decipher.doFinal(Base32.decode(enc_data)); JSONObject dec_json = (JSONObject) JSONUtils.decodeJSON(new String(dec, "UTF-8")); String tunnel_url = (String) dec_json.get("url"); if (!tunnel_url.contains(tunnel_name)) { throw (new IOException("Invalid tunnel url")); } String endpoint_url = (String) dec_json.get("endpoint"); entry[2] = secret; entry[3] = endpoint_url; result.put("state", "activated"); response.getOutputStream().write(JSONUtils.encodeToJSON(json).getBytes("UTF-8")); response.setContentType("application/json; charset=UTF-8"); response.setGZIP(true); good_request = true; return (true); } catch (Throwable e) { throw (new IOException(Debug.getNestedExceptionMessage(e))); } finally { last_local_server_agree_time = SystemTime.getMonotonousTime(); } } else if (args.containsKey("close")) { synchronized (local_server_map) { local_server_map.remove(tunnel_name); } good_request = true; return (true); } else { PairedServiceRequestHandler request_handler = (PairedServiceRequestHandler) entry[1]; SecretKeySpec secret = (SecretKeySpec) entry[2]; String endpoint_url = (String) entry[3]; if (secret == null) { throw (new IOException("auth not completed")); } byte[] request_data = FileUtil.readInputStreamAsByteArray(request.getInputStream()); try { byte[] decrypted; { byte[] IV = new byte[16]; System.arraycopy(request_data, 0, IV, 0, IV.length); Cipher decipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); decipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(IV)); decrypted = decipher.doFinal(request_data, 16, request_data.length - 16); } byte[] reply_bytes = request_handler.handleRequest(request.getClientAddress2().getAddress(), endpoint_url, decrypted); { Cipher encipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); encipher.init(Cipher.ENCRYPT_MODE, secret); AlgorithmParameters params = encipher.getParameters(); byte[] IV = params.getParameterSpec(IvParameterSpec.class).getIV(); byte[] enc = encipher.doFinal(reply_bytes); byte[] rep_bytes = new byte[IV.length + enc.length]; System.arraycopy(IV, 0, rep_bytes, 0, IV.length); System.arraycopy(enc, 0, rep_bytes, IV.length, enc.length); response.getOutputStream().write(rep_bytes); response.setContentType("application/octet-stream"); good_request = true; return (true); } } catch (Throwable e) { throw (new IOException(Debug.getNestedExceptionMessage(e))); } } } throw (new IOException("Unknown tunnel operation")); } finally { if (!good_request) { manager.recordRequest("SRP", request.getClientAddress2().getAddress().getHostAddress(), false); } } }
From source file:org.forgerock.openicf.framework.remote.SecurityUtil.java
License:CDDL license
/** * Verifies the client and server secret. * * @param username user name (aka "identity") * @param password password//from w w w . j a v a2s .co m * @param verification * @param random the source of randomness for this generator * @param params group parameters (prime, generator) * @return true if client and server secret is equals * @throws CryptoException If client or server's credentials are invalid */ public static boolean checkMutualVerification(String username, String password, Pair<String, byte[]> verification, SecureRandom random, SRPGroupParameter params) throws CryptoException { byte[] I = username.getBytes(); byte[] P = password.getBytes(); byte[] s = verification.second; BigInteger v = new BigInteger(verification.first, 16); SRP6Client client = new SRP6Client(); client.init(params.N, params.g, new SHA256Digest(), random); SRP6Server server = new SRP6Server(); server.init(params.N, params.g, v, new SHA256Digest(), random); BigInteger A = client.generateClientCredentials(s, I, P); BigInteger B = server.generateServerCredentials(); BigInteger clientS = client.calculateSecret(B); BigInteger serverS = server.calculateSecret(A); return clientS.equals(serverS); }