[libeufin] branch master updated: String manipulators for HTTP basic aut

gnunet-svn
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libeufin] branch master updated: String manipulators for HTTP basic aut

From:	gnunet
Subject:	[libeufin] branch master updated: String manipulators for HTTP basic auth.
Date:	Tue, 07 Apr 2020 20:22:32 +0200
This is an automated email from the git hooks/post-receive script.

marcello pushed a commit to branch master
in repository libeufin.

The following commit(s) were added to refs/heads/master by this push:
     new aa91f30  String manipulators for HTTP basic auth.
aa91f30 is described below

commit aa91f30becd9fe2bff2e15c31d0fc592aa70cba3
Author: Marcello Stanisci <address@hidden>
AuthorDate: Tue Apr 7 20:21:38 2020 +0200

    String manipulators for HTTP basic auth.
---
 nexus/build.gradle                                 |  1 +
 nexus/src/main/kotlin/tech/libeufin/nexus/DB.kt    |  2 +
 nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt  | 12 +++++
 nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt | 22 ++++++++-
 nexus/src/test/kotlin/authentication.kt            | 54 ++++++++++++++++++++++
 .../tech/libeufin/sandbox/EbicsProtocolBackend.kt  |  2 +-
 util/src/main/kotlin/CryptoUtil.kt                 |  5 +-
 7 files changed, 94 insertions(+), 4 deletions(-)

diff --git a/nexus/build.gradle b/nexus/build.gradle
index 849283d..8a7dacc 100644
--- a/nexus/build.gradle
+++ b/nexus/build.gradle
@@ -28,6 +28,7 @@ dependencies {
     implementation group: 'io.ktor', name: 'ktor-gson', version: '0.9.0'
     implementation "org.jetbrains.exposed:exposed:0.17.6"
     implementation "io.ktor:ktor-server-netty:1.2.4"
+    implementation "io.ktor:ktor-auth:1.2.4"
     implementation "ch.qos.logback:logback-classic:1.2.3"
     implementation group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1'
     implementation "javax.xml.bind:jaxb-api:2.3.0"
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/DB.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/DB.kt
index 7db1461..61922cc 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/DB.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/DB.kt
@@ -119,6 +119,7 @@ class EbicsAccountInfoEntity(id: EntityID<String>) : 
Entity<String>(id) {
 
 object EbicsSubscribersTable : IdTable<String>() {
     override val id = varchar("id", ID_MAX_LENGTH).entityId().primaryKey()
+    val password = blob("password").nullable()
     val ebicsURL = text("ebicsURL")
     val hostID = text("hostID")
     val partnerID = text("partnerID")
@@ -133,6 +134,7 @@ object EbicsSubscribersTable : IdTable<String>() {
 
 class EbicsSubscriberEntity(id: EntityID<String>) : Entity<String>(id) {
     companion object : EntityClass<String, 
EbicsSubscriberEntity>(EbicsSubscribersTable)
+    var password by EbicsSubscribersTable.password
     var ebicsURL by EbicsSubscribersTable.ebicsURL
     var hostID by EbicsSubscribersTable.hostID
     var partnerID by EbicsSubscribersTable.partnerID
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
index b9b0f19..da637cf 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt
@@ -22,6 +22,8 @@ package tech.libeufin.nexus
 import io.ktor.application.ApplicationCallPipeline
 import io.ktor.application.call
 import io.ktor.application.install
+import io.ktor.auth.Authentication
+import io.ktor.auth.basic
 import io.ktor.client.HttpClient
 import io.ktor.features.CallLogging
 import io.ktor.features.ContentNegotiation
@@ -323,6 +325,16 @@ fun main() {
             this.level = Level.DEBUG
             this.logger = tech.libeufin.nexus.logger
         }
+        /*
+        install(Authentication) {
+            basic("taler") {
+                validate {credentials ->
+
+
+                }
+            }
+        }*/
+
         install(ContentNegotiation) {
             gson {
                 setDateFormat(DateFormat.LONG)
diff --git a/nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt 
b/nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt
index 52d163b..3437b73 100644
--- a/nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt
+++ b/nexus/src/main/kotlin/tech/libeufin/nexus/taler.kt
@@ -1,6 +1,5 @@
 package tech.libeufin.nexus
 
-import io.ktor.application.Application
 import io.ktor.application.call
 import io.ktor.http.ContentType
 import io.ktor.http.HttpStatusCode
@@ -9,8 +8,27 @@ import io.ktor.routing.Route
 import io.ktor.routing.post
 import org.jetbrains.exposed.sql.and
 import org.jetbrains.exposed.sql.transactions.transaction
-import tech.libeufin.util.Amount
 import tech.libeufin.util.CryptoUtil
+import tech.libeufin.util.base64ToBytes
+import java.lang.Exception
+
+/**
+ * This helper function parses a Authorization:-header line, decode the 
credentials
+ * and returns a pair made of username and hashed (sha256) password.  The 
hashed value
+ * will then be compared with the one kept into the database.
+ */
+fun extractUserAndHashedPassword(authorizationHeader: String): Pair<String, 
ByteArray> {
+    val (username, password) = try {
+        val split = authorizationHeader.split(" ")
+        val valueUtf8 = String(base64ToBytes(split[1]), Charsets.UTF_8) // 
newline introduced here: BUG!
+        valueUtf8.split(":")
+    } catch (e: Exception) {
+        throw NexusError(
+            HttpStatusCode.BadRequest, "invalid Authorization:-header received"
+        )
+    }
+    return Pair(username, CryptoUtil.hashStringSHA256(password))
+}
 
 class Taler(app: Route) {
 
diff --git a/nexus/src/test/kotlin/authentication.kt 
b/nexus/src/test/kotlin/authentication.kt
new file mode 100644
index 0000000..60a88e3
--- /dev/null
+++ b/nexus/src/test/kotlin/authentication.kt
@@ -0,0 +1,54 @@
+package tech.libeufin.nexus
+
+import org.apache.commons.compress.utils.IOUtils
+import org.jetbrains.exposed.sql.Database
+import org.jetbrains.exposed.sql.SchemaUtils
+import org.jetbrains.exposed.sql.and
+import org.jetbrains.exposed.sql.transactions.transaction
+import org.junit.Before
+import org.junit.Test
+import tech.libeufin.util.CryptoUtil
+import tech.libeufin.util.toByteArray
+import tech.libeufin.util.toHexString
+import java.sql.Blob
+import javax.sql.rowset.serial.SerialBlob
+
+class AuthenticationTest {
+
+    @Before
+    fun connectAndMakeTables() {
+        Database.connect("jdbc:h2:mem:test;DB_CLOSE_DELAY=-1", driver = 
"org.h2.Driver")
+        transaction {
+            SchemaUtils.create(EbicsSubscribersTable)
+            EbicsSubscriberEntity.new(id = "username") {
+                password = SerialBlob(CryptoUtil.hashStringSHA256("password"))
+                ebicsURL = "ebics url"
+                hostID = "host"
+                partnerID = "partner"
+                userID = "user"
+                systemID = "system"
+                signaturePrivateKey = 
SerialBlob("signturePrivateKey".toByteArray())
+                authenticationPrivateKey = 
SerialBlob("authenticationPrivateKey".toByteArray())
+                encryptionPrivateKey = 
SerialBlob("encryptionPrivateKey".toByteArray())
+            }
+        }
+    }
+
+    @Test
+    fun manualMethod() {
+        // base64 of "username:password" == "dXNlcm5hbWU6cGFzc3dvcmQ="
+        val (username: String, hashedPass: ByteArray) = 
extractUserAndHashedPassword("Basic dXNlcm5hbWU6cGFzc3dvcmQ=")
+        val result = transaction {
+            val row = EbicsSubscriberEntity.find {
+                EbicsSubscribersTable.id eq username and 
(EbicsSubscribersTable.password eq SerialBlob(hashedPass))
+            }.firstOrNull()
+            assert(row != null)
+        }
+    }
+
+    @Test
+    fun testExtractor() {
+        val (username: String, hashedPass: ByteArray) = 
extractUserAndHashedPassword("Basic dXNlcm5hbWU6cGFzc3dvcmQ=")
+        
assert(CryptoUtil.hashStringSHA256("password").contentEquals(hashedPass))
+    }
+}
\ No newline at end of file
diff --git 
a/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt 
b/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
index 367e271..0113413 100644
--- a/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
+++ b/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
@@ -815,7 +815,7 @@ private fun 
handleEbicsDownloadTransactionInitialization(requestContext: Request
         "HKD" -> handleEbicsHkd()
         /* Temporarily handling C52/C53 with same logic */
         "C52" -> handleEbicsC52(requestContext)
-        "C53" -> handleEbicsC53(requestContext) 
+        "C53" -> handleEbicsC53(requestContext)
         "TSD" -> handleEbicsTSD(requestContext)
         "PTK" -> handleEbicsPTK(requestContext)
         else -> throw EbicsInvalidXmlError()
diff --git a/util/src/main/kotlin/CryptoUtil.kt 
b/util/src/main/kotlin/CryptoUtil.kt
index 413ce4a..fe578a3 100644
--- a/util/src/main/kotlin/CryptoUtil.kt
+++ b/util/src/main/kotlin/CryptoUtil.kt
@@ -147,7 +147,6 @@ object CryptoUtil {
             transactionKey
         )
     }
-
     /**
      * Encrypt data according to the EBICS E002 encryption process.
      */
@@ -297,4 +296,8 @@ object CryptoUtil {
         }
         return true
     }
+
+    fun hashStringSHA256(input: String): ByteArray {
+        return 
MessageDigest.getInstance("SHA-256").digest(input.toByteArray(Charsets.UTF_8))
+    }
 }

-- 
To stop receiving notification emails like this one, please contact
address@hidden.
[Prev in Thread]
Current Thread
[Next in Thread]
[libeufin] branch master updated: String manipulators for HTTP basic auth., gnunet <=
Prev by Date: [libmicrohttpd] branch master updated: Added example for how to provide a tiny threaded websocket server. (#5501)
Next by Date: [libeufin] branch master updated: receive subscriber password upon registration.
Previous by thread: [libmicrohttpd] branch master updated: Added example for how to provide a tiny threaded websocket server. (#5501)
Next by thread: [libeufin] branch master updated: receive subscriber password upon registration.
Index(es):
- Date
- Thread