📄 authentication.java
字号:
verboseOut("packet received."); _status = packet.getStatus(); verboseOut("Authentication : status=" + _status); if (_status == STATUS_AUTHENTICATION_FAILED) { // Opponent did not authenticate me _authenticatedMyself = false; return; // # } else { // Opponent authenticated me _authenticatedMyself = true; } if (packet.getStep() != STEP_END) { // something wrong verboseOut("Authentication : step=" + packet.getStep()); _status = STATUS_ILLEGAL_STEP; return; // # } if (!_selectedDomainname.equals(packet.getSecurityDomain())) { // something wrong verboseOut("Authentication : unexpected domain=" + packet.getSecurityDomain()); _status = STATUS_UNKNOWN_DOMAIN; return; // # } if (challenge != null) { // need to authenticate remote verboseOut("Authentication : 1st turn : step=END : response of challenge is requested."); manner = packet.getAuthManner(); if (manner != _manner) { // something wrong _status = STATUS_INCONSISTENT_MANNER; return; // # } response = packet.getResponse(); if (manner == AtpConstants.AUTHENTICATION_MANNER_DIGEST || manner == AtpConstants.AUTHENTICATION_MANNER_SIGNATURE) { // authentication procedure with shared secret, or // authentication procedure with digital signature try { if (auth != null && response != null && auth.verify(Auth.SECOND_TURN, challenge, response)) { // verified verboseOut("Authentication : 1st turn : step=END : verified."); // ! AuthenticationManager.register(packet.getServerID()); AuthenticationManager.register(_serverIdentifier, _selectedDomainname); verboseOut("Authentication : 1st turn : step=END : authenticated."); _authenticatedOpponent = true; _status = STATUS_NORMAL; } else { // not verified verboseOut("Authentication : 1st turn : step=END : NOT verified."); _authenticatedOpponent = false; _status = STATUS_AUTHENTICATION_FAILED; return; // # } } catch (AuthenticationException excpt) { // Authentication is failed System.err.println(excpt); _authenticatedOpponent = false; _status = STATUS_AUTHENTICATION_FAILED; return; // # } } else { // something wrong _status = STATUS_UNKNOWN_MANNER; return; // # } } else { // not need to authenticate remote verboseOut("Authentication : 1st turn : step=END : response of challenge is NOT requested."); _authenticatedOpponent = true; _status = STATUS_NORMAL; } // _status = STATUS_NORMAL; } /** * Process authentication protocol for second turn individual. * @exception IOException */ private final synchronized void authenticateSecondTurn() throws IOException { if (_turn != Auth.SECOND_TURN) { System.err.println("Not 2nd turn."); _status = STATUS_ERROR; return; } verboseOut("Authentication : 2nd turn."); int manner = AtpConstants.NO_AUTHENTICATION_MANNER; Auth auth = null; Challenge challenge = null; Response response = null; AuthPacket packet = null; // 1 : STEP_START // receive packet verboseOut("Authentication : 2nd turn : step=START"); verboseOut("Authentication : 2nd turn : step=START : receiving packet ... "); // packet = new AuthPacket(_inputStream); packet = new AuthPacket(_dataInput); verboseOut("packet received."); _status = packet.getStatus(); verboseOut("Authentication : status=" + _status); if (_status != STATUS_NORMAL) { // something wrong // do nothing ? return; // # } if (packet.getStep() != STEP_START) { // something wrong verboseOut("Authentication : step=" + packet.getStep()); _status = STATUS_ILLEGAL_STEP; return; // # } SharedSecrets secrets = SharedSecrets.getSharedSecrets(); _selectedSecret = secrets.selectSharedSecret(packet.getSecurityDomains()); if (_selectedSecret == null) { // selected security domain is unknown verboseOut("Authentication : unknown domain=" + packet.getSecurityDomain()); _status = STATUS_UNKNOWN_DOMAIN; return; // # } else { // selected security domain _selectedDomainname = _selectedSecret.getDomainName(); verboseOut("Authentication : selected domain=" + _selectedDomainname); } if (_manner == AtpConstants.AUTHENTICATION_MANNER_DIGEST) { // authentication procedure with shared secret auth = new AuthByDigest(_selectedSecret); } else if (_manner == AtpConstants.AUTHENTICATION_MANNER_SIGNATURE) { // authentication procedure with digital signature // ? auth = new AuthBySignature(_privateKey, _publicKeyOpponent); } else { // something wrong _status = STATUS_UNKNOWN_MANNER; return; // # } if (auth != null) { auth.setFirstTurnIdentifier(_remoteAddr.getHostAddress()); auth.setSecondTurnIdentifier(_localAddr.getHostAddress()); } // _status = STATUS_NORMAL; // 2 : STEP_FIRST_TURN // send packet verboseOut("Authentication : 2nd turn : step=FIRST_TURN"); _step = STEP_FIRST_TURN; manner = _manner; // ! if(AuthenticationManager.isAuthenticated(packet.getServerID())) { // ! // already authenticated; need no more authentication // ! verboseOut("Authentication : 2nd turn : step=FIRST_TURN : NOT request response of challenge."); // ! _authenticatedOpponent = true; // ! challenge = null; // ! } else { // ! // not authenticated; need authentication // ! verboseOut("Authentication : 2nd turn : step=FIRST_TURN : request response of challenge."); _authenticatedOpponent = false; challenge = new Challenge(); if (manner == AtpConstants.AUTHENTICATION_MANNER_DIGEST || manner == AtpConstants.AUTHENTICATION_MANNER_SIGNATURE) { // authentication procedure with shared secret, or // authentication procedure with digital signature } else { // something wrong _status = STATUS_UNKNOWN_MANNER; return; // # } // ! } packet = new AuthPacket(_step, _status, _selectedDomainname, manner, challenge, null); verboseOut("Authentication : 2nd turn : step=FIRST_TURN : sending packet ... "); packet.writeTo(_outputStream); verboseOut("packet sent."); _status = STATUS_NORMAL; // 3 : STEP_SECOND_TURN // receive packet verboseOut("Authentication : 2nd turn : step=SECOND_TURN"); verboseOut("Authentication : 2nd turn : step=SECOND_TURN : receiving packet ... "); // packet = new AuthPacket(_inputStream); packet = new AuthPacket(_dataInput); verboseOut("packet received."); _status = packet.getStatus(); verboseOut("Authentication : status=" + _status); if (_status == STATUS_AUTHENTICATION_FAILED) { // Opponent did not authenticate me _authenticatedMyself = false; return; // # } else { // Opponent authenticated me _authenticatedMyself = true; } if (packet.getStep() != STEP_SECOND_TURN) { // something wrong verboseOut("Authentication : step=" + packet.getStep()); _status = STATUS_ILLEGAL_STEP; return; // # } if (!_selectedDomainname.equals(packet.getSecurityDomain())) { // something wrong verboseOut("Authentication : unexpected domain=" + packet.getSecurityDomain()); _status = STATUS_UNKNOWN_DOMAIN; return; // # } if (challenge != null) { // need to authenticate remote manner = packet.getAuthManner(); if (manner != _manner) { // something wrong _status = STATUS_INCONSISTENT_MANNER; return; // # } response = packet.getResponse(); if (manner == AtpConstants.AUTHENTICATION_MANNER_DIGEST || manner == AtpConstants.AUTHENTICATION_MANNER_SIGNATURE) { // authentication procedure with shared secret // authentication procedure with digital signature try { if (auth != null && response != null && auth.verify(Auth.FIRST_TURN, challenge, response)) { // verified verboseOut("Authentication : 2nd turn : step=SECOND_TURN : verified."); // ! AuthenticationManager.register(packet.getServerID()); AuthenticationManager.register(_serverIdentifier, _selectedDomainname); _authenticatedOpponent = true; _status = STATUS_NORMAL; } else { // not verified verboseOut("Authentication : 2nd turn : step=SECOND_TURN : NOT verified."); _authenticatedOpponent = false; _status = STATUS_AUTHENTICATION_FAILED; return; // # } } catch (AuthenticationException excpt) { // Authentication is failed System.err.println(excpt); _authenticatedOpponent = false; _status = STATUS_AUTHENTICATION_FAILED; return; // # } } else { // something wrong _status = STATUS_UNKNOWN_MANNER; return; // # } } else { // not need to authenticate remote _authenticatedOpponent = true; _status = STATUS_NORMAL; } // _status = STATUS_NORMAL; // 4 : STEP_END // send packet verboseOut("Authentication : 2nd turn : step=END"); _step = STEP_END; if (_status == STATUS_AUTHENTICATION_FAILED) { // authentication failed, send no response manner = _manner; response = null; } else { manner = packet.getAuthManner(); if (manner != _manner) { // something wrong _status = STATUS_INCONSISTENT_MANNER; return; // # } challenge = packet.getChallenge(); if (challenge != null) { // challenge is given; to be authenticated verboseOut("Authentication : 2nd turn : step=END : response of challenge is requested."); if (manner == AtpConstants.AUTHENTICATION_MANNER_DIGEST || manner == AtpConstants.AUTHENTICATION_MANNER_SIGNATURE) { // authentication procedure with shared secret // authentication procedure with digital signature try { response = new Response(auth .calculateResponse(Auth.SECOND_TURN, challenge)); } catch (AuthenticationException excpt) { // authentication is failed System.err.println(excpt); response = null; _status = STATUS_ERROR; return; // # } } else { // something wrong _status = STATUS_UNKNOWN_MANNER; return; // # } } else { // challenge is not given; not need to send response verboseOut("Authentication : 2nd turn : step=END : response of challenge is NOT requested."); response = null; _status = STATUS_NORMAL; } } packet = new AuthPacket(_step, _status, _selectedDomainname, manner, null, response); verboseOut("Authentication : 2nd turn : step=END : sending packet ... "); packet.writeTo(_outputStream); verboseOut("packet sent."); _status = STATUS_NORMAL; } /** * Returns authentication manner * @return authentication manner */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -