org.openbase.bco.authentication.lib

Class AuthenticationClientHandler

java.lang.Object

org.openbase.bco.authentication.lib.AuthenticationClientHandler

public class AuthenticationClientHandler
extends Object

Author:

Sebastian Fast

Constructor Summary

Constructors

Constructor and Description
AuthenticationClientHandler()

Method Summary

Modifier and Type	Method and Description
static List<Object>	handleKeyDistributionCenterResponse(String id, byte[] key, boolean isUser, rst.domotic.authentication.TicketSessionKeyWrapperType.TicketSessionKeyWrapper wrapper) Handles a KeyDistributionCenter (KDC) response Decrypts the TicketGrantingServer (TGS) session key with client's hashed password Creates an Authenticator containing the clientID and current timestamp encrypted with the TGS session key
static List<Object>	handleKeyDistributionCenterResponse(String id, byte[] userKey, byte[] clientKey, rst.domotic.authentication.TicketSessionKeyWrapperType.TicketSessionKeyWrapper wrapper) Handles a KeyDistributionCenter (KDC) response Decrypts the TicketGrantingServer (TGS) session key with client's hashed password Creates an Authenticator containing the clientID and current timestamp encrypted with the TGS session key
static rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper	handleServiceServerResponse(byte[] serviceServerSessionKey, rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper lastWrapper, rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper currentWrapper) Handles a ServiceServer response Decrypts Authenticator of both last- and currentWrapper with ServiceServerSessionKey Compares timestamps of both Authenticators with each other
static List<Object>	handleTicketGrantingServiceResponse(String clientID, byte[] ticketGrantingServiceSessionKey, rst.domotic.authentication.TicketSessionKeyWrapperType.TicketSessionKeyWrapper wrapper) Handles a TicketGrantingService response Decrypts the ServiceServer (SS) session key with TGS session key Creates an Authenticator containing the clientID and empty timestamp encrypted with the SS session key
static rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper	initServiceServerRequest(byte[] serviceServerSessionKey, rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper wrapper) Initializes a ServiceServer request by setting the current timestamp in the authenticator.
static void	validateTimestamp(rst.timing.TimestampType.Timestamp now, rst.timing.TimestampType.Timestamp then) Validate if the timestamps are equal.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthenticationClientHandler

public AuthenticationClientHandler()

Method Detail

handleKeyDistributionCenterResponse

public static List<Object> handleKeyDistributionCenterResponse(String id,
                                                               byte[] userKey,
                                                               byte[] clientKey,
                                                               rst.domotic.authentication.TicketSessionKeyWrapperType.TicketSessionKeyWrapper wrapper)
                                                        throws IOException,
                                                               BadPaddingException

Handles a KeyDistributionCenter (KDC) response Decrypts the TicketGrantingServer (TGS) session key with client's hashed password Creates an Authenticator containing the clientID and current timestamp encrypted with the TGS session key

Parameters:

id - Identifier of the client or user

userKey - hashed password or private key of user

clientKey - private key of the client

wrapper - TicketSessionKeyWrapper containing the TicketGrantingTicket and TGS session key

Returns:

Returns a list of objects containing: 1. An TicketAuthenticatorWrapperWrapper containing both the TicketGrantingTicket and Authenticator 2. A SessionKey representing the TGS session key

Throws:

BadPaddingException - If the decryption of the session key fails, probably because the entered key was wrong.

IOException - If de- or encryption fail because of a general I/O error.

handleKeyDistributionCenterResponse

public static List<Object> handleKeyDistributionCenterResponse(String id,
                                                               byte[] key,
                                                               boolean isUser,
                                                               rst.domotic.authentication.TicketSessionKeyWrapperType.TicketSessionKeyWrapper wrapper)
                                                        throws IOException,
                                                               BadPaddingException

Handles a KeyDistributionCenter (KDC) response Decrypts the TicketGrantingServer (TGS) session key with client's hashed password Creates an Authenticator containing the clientID and current timestamp encrypted with the TGS session key

Parameters:

id - Identifier of the client or user

key - hashed password or private key of user respectively

isUser - true if ticket was requested for a user. This is important for the decryption method to be chosen.

wrapper - TicketSessionKeyWrapper containing the TicketGrantingTicket and TGS session key

Returns:

Returns a list of objects containing: 1. An TicketAuthenticatorWrapperWrapper containing both the TicketGrantingTicket and Authenticator 2. A SessionKey representing the TGS session key

Throws:

BadPaddingException - If the decryption of the session key fails, probably because the entered key was wrong.

IOException - If de- or encryption fail because of a general I/O error.

handleTicketGrantingServiceResponse

public static List<Object> handleTicketGrantingServiceResponse(String clientID,
                                                               byte[] ticketGrantingServiceSessionKey,
                                                               rst.domotic.authentication.TicketSessionKeyWrapperType.TicketSessionKeyWrapper wrapper)
                                                        throws IOException,
                                                               BadPaddingException

Handles a TicketGrantingService response Decrypts the ServiceServer (SS) session key with TGS session key Creates an Authenticator containing the clientID and empty timestamp encrypted with the SS session key

Parameters:

clientID - Identifier of the client - must be present in client database

ticketGrantingServiceSessionKey - TGS session key provided by handleKDCResponse()

wrapper - TicketSessionKeyWrapper containing the ClientServerTicket and SS session key

Returns:

Returns a list of objects containing: 1. An TicketAuthenticatorWrapperWrapper containing both the ClientServerTicket and Authenticator 2. A SessionKey representing the SS session key

Throws:

IOException - If de- or encryption fail because of a general I/O error.

BadPaddingException - If the decryption of the service server session key fails because of an incorrect key.

initServiceServerRequest

public static rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper initServiceServerRequest(byte[] serviceServerSessionKey,
                                                                                                                            rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper wrapper)
                                                                                                                     throws IOException,
                                                                                                                            BadPaddingException

Initializes a ServiceServer request by setting the current timestamp in the authenticator.

Parameters:

serviceServerSessionKey - SS session key provided by handleTGSResponse()

wrapper - TicketAuthenticatorWrapper wrapper that contains both encrypted Authenticator and CST

Returns:

Returns a wrapper class containing both the CST and modified Authenticator

Throws:

BadPaddingException - If the decryption of the Authenticator fails.

IOException - If de- or encryption fail because of a general I/O error.

handleServiceServerResponse

public static rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper handleServiceServerResponse(byte[] serviceServerSessionKey,
                                                                                                                               rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper lastWrapper,
                                                                                                                               rst.domotic.authentication.TicketAuthenticatorWrapperType.TicketAuthenticatorWrapper currentWrapper)
                                                                                                                        throws org.openbase.jul.exception.RejectedException,
                                                                                                                               IOException,
                                                                                                                               BadPaddingException

Handles a ServiceServer response Decrypts Authenticator of both last- and currentWrapper with ServiceServerSessionKey Compares timestamps of both Authenticators with each other

Parameters:

serviceServerSessionKey - SS session key provided by handleTGSResponse()

lastWrapper - Last TicketAuthenticatorWrapper provided by either handleTGSResponse() or handleSSResponse()

currentWrapper - Current TicketAuthenticatorWrapper provided by (Remote?)

Returns:

Returns an TicketAuthenticatorWrapperWrapper containing both the CST and Authenticator

Throws:

org.openbase.jul.exception.RejectedException - If the timestamps do not match.

IOException - If the decryption of the Authenticators using the SSSessionKey fails.

BadPaddingException - if an incorrect key is used

validateTimestamp

public static void validateTimestamp(rst.timing.TimestampType.Timestamp now,
                                     rst.timing.TimestampType.Timestamp then)
                              throws org.openbase.jul.exception.RejectedException

Validate if the timestamps are equal. Compares now + 1 == then, because server adds +1 to authenticator's timestamp.

Parameters:

now - the first timestamp

then - the second timestamp

Throws:

org.openbase.jul.exception.RejectedException - thrown if the timestamps have a different time