1 | package org.expeditee.auth;
|
---|
2 |
|
---|
3 | import java.io.File;
|
---|
4 | import java.io.FileInputStream;
|
---|
5 | import java.io.FileNotFoundException;
|
---|
6 | import java.io.FileOutputStream;
|
---|
7 | import java.io.IOException;
|
---|
8 | import java.io.InputStream;
|
---|
9 | import java.nio.file.Paths;
|
---|
10 | import java.security.KeyFactory;
|
---|
11 | import java.security.KeyStore;
|
---|
12 | import java.security.KeyStore.SecretKeyEntry;
|
---|
13 | import java.security.KeyStoreException;
|
---|
14 | import java.security.NoSuchAlgorithmException;
|
---|
15 | import java.security.PublicKey;
|
---|
16 | import java.security.SecureRandom;
|
---|
17 | import java.security.UnrecoverableEntryException;
|
---|
18 | import java.security.cert.CertificateException;
|
---|
19 | import java.security.spec.InvalidKeySpecException;
|
---|
20 | import java.security.spec.X509EncodedKeySpec;
|
---|
21 | import java.sql.SQLException;
|
---|
22 | import java.util.Arrays;
|
---|
23 | import java.util.Base64;
|
---|
24 | import java.util.Collection;
|
---|
25 | import java.util.Scanner;
|
---|
26 | import java.util.stream.Stream;
|
---|
27 |
|
---|
28 | import javax.crypto.SecretKey;
|
---|
29 | import javax.crypto.spec.SecretKeySpec;
|
---|
30 |
|
---|
31 | import org.expeditee.actions.Actions;
|
---|
32 | import org.expeditee.core.Dimension;
|
---|
33 | import org.expeditee.core.Point;
|
---|
34 | import org.expeditee.encryption.CryptographyConstants;
|
---|
35 | import org.expeditee.gio.EcosystemManager;
|
---|
36 | import org.expeditee.gio.GraphicsManager;
|
---|
37 | import org.expeditee.gio.InputManager;
|
---|
38 | import org.expeditee.gio.InputManager.WindowEventListener;
|
---|
39 | import org.expeditee.gio.InputManager.WindowEventType;
|
---|
40 | import org.expeditee.gio.gesture.StandardGestureActions;
|
---|
41 | import org.expeditee.gui.Browser;
|
---|
42 | import org.expeditee.gui.DisplayController;
|
---|
43 | import org.expeditee.gui.Frame;
|
---|
44 | import org.expeditee.gui.FrameIO;
|
---|
45 | import org.expeditee.gui.FrameUtils;
|
---|
46 | import org.expeditee.gui.MessageBay;
|
---|
47 | import org.expeditee.io.ExpReader;
|
---|
48 | import org.expeditee.items.Item;
|
---|
49 | import org.expeditee.items.ItemUtils;
|
---|
50 | import org.expeditee.items.Text;
|
---|
51 | import org.expeditee.settings.Settings;
|
---|
52 | import org.expeditee.settings.UserSettings;
|
---|
53 | import org.expeditee.settings.identity.secrets.KeyList;
|
---|
54 |
|
---|
55 | public final class AuthenticatorBrowser extends Browser implements CryptographyConstants {
|
---|
56 |
|
---|
57 | // The frame number of the frame containing the current authenticated users public key.
|
---|
58 | public static int CREDENTIALS_FRAME = -1;
|
---|
59 | public static int PASSWORD_RECOVERY_FRAME = -1;
|
---|
60 | public static int SECRETS_FRAME = -1;
|
---|
61 | public static final String ADMINACCOUNT = "authadmin";
|
---|
62 | public static final String PROFILEENCRYPTIONLABEL = "Profile";
|
---|
63 |
|
---|
64 | public static boolean Authenticated = false;
|
---|
65 |
|
---|
66 | private KeyStore keyStore = KeyStore.getInstance(KeystoreType);
|
---|
67 | public static String USER_NOBODY = "nobody";
|
---|
68 |
|
---|
69 | private static final byte[] TRUE = "yes".getBytes();
|
---|
70 | private static final byte[] FALSE = "no".getBytes();
|
---|
71 | private static final String KEYSTOREFILENAME = "keystore.ks" + File.separator;
|
---|
72 |
|
---|
73 | private static AuthenticatorBrowser instance;
|
---|
74 |
|
---|
75 | public static AuthenticatorBrowser getInstance() throws KeyStoreException, FileNotFoundException, NoSuchAlgorithmException, CertificateException, IOException, ClassNotFoundException, SQLException {
|
---|
76 | if (instance == null) { instance = new AuthenticatorBrowser(); }
|
---|
77 | return instance;
|
---|
78 | }
|
---|
79 |
|
---|
80 | public static boolean isAuthenticationRequired() {
|
---|
81 | return Boolean.getBoolean("expeditee.authentication");
|
---|
82 | }
|
---|
83 |
|
---|
84 | public static boolean isAuthenticated() {
|
---|
85 | //return isAuthenticationRequired() && !UserSettings.UserName.get().equals(AuthenticatorBrowser.USER_NOBODY);
|
---|
86 | return isAuthenticationRequired() && !Browser.getExpediteeUserName().equals(AuthenticatorBrowser.USER_NOBODY);
|
---|
87 | }
|
---|
88 |
|
---|
89 | private AuthenticatorBrowser() throws KeyStoreException, FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException, ClassNotFoundException, SQLException {
|
---|
90 | super("Authentication");
|
---|
91 | UserSettings.setupDefaultFolders();
|
---|
92 |
|
---|
93 | // initialise keystore and actions
|
---|
94 | loadKeystore();
|
---|
95 | Actions.LoadMethods(org.expeditee.auth.Actions.class);
|
---|
96 | Actions.LoadMethods(org.expeditee.encryption.Actions.class);
|
---|
97 |
|
---|
98 | // Does the account Authentication.ADMINACCOUNT exist?
|
---|
99 | // If not then we have get the user to assign a password to it.
|
---|
100 | if (!keyStore.containsAlias(AuthenticatorBrowser.ADMINACCOUNT)) {
|
---|
101 | new File(FrameIO.PARENT_FOLDER).mkdirs();
|
---|
102 | protectAdmin();
|
---|
103 | }
|
---|
104 |
|
---|
105 | // draw the window
|
---|
106 | GraphicsManager g = EcosystemManager.getGraphicsManager();
|
---|
107 | g.setWindowLocation(new Point(50, 50));
|
---|
108 | DisplayController.Init();
|
---|
109 | g.setWindowSize(new Dimension(UserSettings.InitialWidth.get(), UserSettings.InitialHeight.get()));
|
---|
110 | setInputManagerWindowRoutines();
|
---|
111 |
|
---|
112 | // Load documentation and start pages
|
---|
113 | FrameUtils.extractResources(false);
|
---|
114 |
|
---|
115 | // Load fonts before loading any frames so the items on the frames will be able to access their fonts
|
---|
116 | Text.InitFonts();
|
---|
117 |
|
---|
118 | // initialing settings does not require a user profile established
|
---|
119 | Settings.Init();
|
---|
120 |
|
---|
121 | // Ensure messages go to public directory whilst we are not logged into an account.
|
---|
122 | FrameIO.MESSAGES_PATH = Paths.get(FrameIO.PARENT_FOLDER).resolve("resources-public").resolve("messages").toString() + File.separator;
|
---|
123 |
|
---|
124 | // navigate to authentication frame
|
---|
125 | Frame authFrame = FrameIO.LoadFrame("authentication1");
|
---|
126 | DisplayController.setCurrentFrame(authFrame, true);
|
---|
127 |
|
---|
128 | // set initial values
|
---|
129 | Stream<Text> usernameItemsStream = authFrame.getTextItems().stream().filter(t -> t.getData() != null && t.getData().contains("txtUsername"));
|
---|
130 | Stream<Text> passwordItemsStream = authFrame.getTextItems().stream().filter(t -> t.getData() != null && t.getData().contains("txtPassword"));
|
---|
131 | usernameItemsStream.forEach(txtUsername -> txtUsername.setText(System.getProperty("startinguser.name", "")));
|
---|
132 | passwordItemsStream.forEach(txtPassword -> { txtPassword.setText(""); txtPassword.invalidateAll(); });
|
---|
133 |
|
---|
134 | MessageBay.warningMessages(org.expeditee.actions.Actions.Init());
|
---|
135 |
|
---|
136 | // class load database classes
|
---|
137 | Class.forName("org.sqlite.JDBC");
|
---|
138 | }
|
---|
139 |
|
---|
140 | private void protectAdmin() throws KeyStoreException, NoSuchAlgorithmException, CertificateException,
|
---|
141 | FileNotFoundException, IOException {
|
---|
142 | // Fetch desired password
|
---|
143 | @SuppressWarnings("resource")
|
---|
144 | Scanner in = new Scanner(System.in);
|
---|
145 | System.out.println("No administrative password set.");
|
---|
146 | boolean passwordIsSet = false;
|
---|
147 |
|
---|
148 | for (int i = 0; i < 3; i++) {
|
---|
149 | System.out.print("Please enter it now: ");
|
---|
150 | System.out.flush();
|
---|
151 | String password = in.nextLine();
|
---|
152 | System.out.print("And again: ");
|
---|
153 | System.out.flush();
|
---|
154 | if (in.nextLine().equals(password)) {
|
---|
155 | // Register account.
|
---|
156 | putKey(ADMINACCOUNT, password, new SecretKeySpec("null".getBytes(), AsymmetricAlgorithm));
|
---|
157 | //in.close();
|
---|
158 | passwordIsSet = true;
|
---|
159 | break;
|
---|
160 | } else {
|
---|
161 | System.out.println("Mismatched passwords, let's try that again.");
|
---|
162 | }
|
---|
163 | }
|
---|
164 |
|
---|
165 | if (!passwordIsSet) {
|
---|
166 | System.out.println("Failed to set an admin password. Exiting Expeditee.");
|
---|
167 | System.exit(1);
|
---|
168 | }
|
---|
169 | }
|
---|
170 |
|
---|
171 | private void loadKeystore()
|
---|
172 | throws IOException, NoSuchAlgorithmException, CertificateException, FileNotFoundException {
|
---|
173 | final File keyStoreFile = new File(FrameIO.PARENT_FOLDER + KEYSTOREFILENAME);
|
---|
174 | if (!keyStoreFile.exists()) {
|
---|
175 | keyStore.load(null, "ExpediteeAuthPassword".toCharArray());
|
---|
176 | } else {
|
---|
177 | try (final InputStream in = new FileInputStream(FrameIO.PARENT_FOLDER + KEYSTOREFILENAME)) {
|
---|
178 | keyStore.load(in, "ExpediteeAuthPassword".toCharArray());
|
---|
179 | }
|
---|
180 | }
|
---|
181 | }
|
---|
182 |
|
---|
183 | public final SecretKey getSecretKey(final String label, final String password) throws NoSuchAlgorithmException, KeyStoreException {
|
---|
184 |
|
---|
185 | char[] password_ca = password.toCharArray();
|
---|
186 |
|
---|
187 | SecretKey secret_key;
|
---|
188 | try {
|
---|
189 | secret_key = (SecretKey) keyStore.getKey(label, password_ca);
|
---|
190 | } catch (final UnrecoverableEntryException e) {
|
---|
191 | return null;
|
---|
192 | }
|
---|
193 |
|
---|
194 | return secret_key;
|
---|
195 | }
|
---|
196 |
|
---|
197 | public final void putKey(final String label, final String password, final SecretKey key) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
|
---|
198 | final KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(key);
|
---|
199 | final KeyStore.ProtectionParameter entryPassword = new KeyStore.PasswordProtection(password.toCharArray());
|
---|
200 | keyStore.setEntry(label, entry, entryPassword);
|
---|
201 | keyStore.store(new FileOutputStream(FrameIO.PARENT_FOLDER + KEYSTOREFILENAME), "ExpediteeAuthPassword".toCharArray());
|
---|
202 | }
|
---|
203 |
|
---|
204 | public final boolean confirmIntergalaticNumber(final String username, final String intergalacticNumber) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException {
|
---|
205 | try {
|
---|
206 | KeyStore.ProtectionParameter entryPassword = new KeyStore.PasswordProtection(intergalacticNumber.toCharArray());
|
---|
207 | KeyStore.SecretKeyEntry entry = (SecretKeyEntry) keyStore.getEntry(username + "_IntergalacticNumber", entryPassword);
|
---|
208 | if (entry == null) {
|
---|
209 | return false;
|
---|
210 | } else if (Arrays.equals(entry.getSecretKey().getEncoded(), TRUE)) {
|
---|
211 | keyStore.deleteEntry(username + "_IntergalacticNumber");
|
---|
212 | keyStore.store(new FileOutputStream(FrameIO.PARENT_FOLDER + KEYSTOREFILENAME), "ExpediteeAuthPassword".toCharArray());
|
---|
213 | return true;
|
---|
214 | } else {
|
---|
215 | return false;
|
---|
216 | }
|
---|
217 | } catch (final UnrecoverableEntryException e) {
|
---|
218 | return false;
|
---|
219 | }
|
---|
220 | }
|
---|
221 |
|
---|
222 | public final String newIntergalacticNumber(final String username, final String email) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
|
---|
223 | // generate intergalactic number
|
---|
224 | SecureRandom rand = new SecureRandom();
|
---|
225 | byte[] intergalacticNumberBytes = new byte[16];
|
---|
226 | rand.nextBytes(intergalacticNumberBytes);
|
---|
227 | String intergalacticNumber = Base64.getEncoder().encodeToString(intergalacticNumberBytes);
|
---|
228 |
|
---|
229 | // store intergalactic number
|
---|
230 | KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(TRUE, SymmetricAlgorithm));
|
---|
231 | KeyStore.ProtectionParameter entryPassword = new KeyStore.PasswordProtection(intergalacticNumber.toCharArray());
|
---|
232 | keyStore.setEntry(username + "_IntergalacticNumber", entry, entryPassword);
|
---|
233 | keyStore.store(new FileOutputStream(FrameIO.PARENT_FOLDER + KEYSTOREFILENAME), "ExpediteeAuthPassword".toCharArray());
|
---|
234 |
|
---|
235 | return intergalacticNumber;
|
---|
236 | }
|
---|
237 |
|
---|
238 | public final PublicKey getPublicKey(String username) throws InvalidKeySpecException, NoSuchAlgorithmException, FileNotFoundException {
|
---|
239 | // load in frame with public key on it.
|
---|
240 | String credentialsFramesetPath = FrameIO.CONTACTS_PATH + username + "-credentials" + File.separator;
|
---|
241 | if (!new File(credentialsFramesetPath).exists()) {
|
---|
242 | return null;
|
---|
243 | }
|
---|
244 | Scanner in = new Scanner(new File(credentialsFramesetPath + "credentials.inf"));
|
---|
245 | String credentialsFrameNumber = in.nextLine().replace(ExpReader.EXTENTION, "");
|
---|
246 | in.close();
|
---|
247 | Frame frame = FrameIO.LoadFrame(username + "-credentials" + credentialsFrameNumber, FrameIO.CONTACTS_PATH);
|
---|
248 | if (frame == null) {
|
---|
249 | return null;
|
---|
250 | }
|
---|
251 |
|
---|
252 | // obtain public key from frame
|
---|
253 | Collection<Item> canditates = org.expeditee.auth.Actions.getByContent(frame, "PublicKey");
|
---|
254 | String keyEncoded = "";
|
---|
255 | for (Item i: canditates) {
|
---|
256 | if (i.getData() != null) {
|
---|
257 | keyEncoded = i.getData().get(0);
|
---|
258 | }
|
---|
259 | }
|
---|
260 | if (keyEncoded.isEmpty()) {
|
---|
261 | return null;
|
---|
262 | }
|
---|
263 | byte[] keyBytes = Base64.getDecoder().decode(keyEncoded);
|
---|
264 | return KeyFactory.getInstance(AsymmetricAlgorithm).generatePublic(new X509EncodedKeySpec(keyBytes));
|
---|
265 | }
|
---|
266 |
|
---|
267 | public final void markRequestedColleagues(String username) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
|
---|
268 | KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(TRUE, SymmetricAlgorithm));
|
---|
269 | KeyStore.ProtectionParameter entryPassword = new KeyStore.PasswordProtection(KeyList.PersonalKey.get().getText().toCharArray());
|
---|
270 | keyStore.setEntry(username + "colleaguesRequested", entry, entryPassword);
|
---|
271 | keyStore.store(new FileOutputStream(FrameIO.PARENT_FOLDER + KEYSTOREFILENAME), "ExpediteeAuthPassword".toCharArray());
|
---|
272 | }
|
---|
273 |
|
---|
274 | public final void clearRequestedColleagues(String username) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
|
---|
275 | KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(FALSE, SymmetricAlgorithm));
|
---|
276 | KeyStore.ProtectionParameter entryPassword = new KeyStore.PasswordProtection(KeyList.PersonalKey.get().getText().toCharArray());
|
---|
277 | keyStore.setEntry(username + "colleaguesRequested", entry, entryPassword);
|
---|
278 | keyStore.store(new FileOutputStream(FrameIO.PARENT_FOLDER + KEYSTOREFILENAME), "ExpediteeAuthPassword".toCharArray());
|
---|
279 | }
|
---|
280 |
|
---|
281 | public final boolean hasRequestedColleagues(String username) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
|
---|
282 | String alias = username + "colleaguesRequested";
|
---|
283 | if (!keyStore.containsAlias(alias)) {
|
---|
284 | return false;
|
---|
285 | } else {
|
---|
286 | KeyStore.ProtectionParameter entryPassword = new KeyStore.PasswordProtection(KeyList.PersonalKey.get().getText().toCharArray());
|
---|
287 | KeyStore.SecretKeyEntry entry = (SecretKeyEntry) keyStore.getEntry(alias, entryPassword);
|
---|
288 | return Arrays.equals(entry.getSecretKey().getEncoded(), TRUE);
|
---|
289 | }
|
---|
290 | }
|
---|
291 |
|
---|
292 | // final void putColleagues(String username, String[] colleagues) throws KeyStoreException {
|
---|
293 | // String alias = username + "colleagues";
|
---|
294 | // final SecretKeySpec secretKeySpec = new SecretKeySpec((colleagues[0] + System.getProperty("line.separator") + colleagues[1]).getBytes(), SymmetricAlgorithm);
|
---|
295 | // KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(secretKeySpec);
|
---|
296 | // KeyStore.ProtectionParameter entryPassword = new KeyStore.PasswordProtection(KeyList.PersonalKey.get().getText().toCharArray());
|
---|
297 | // keyStore.setEntry(alias, entry, entryPassword);
|
---|
298 | // }
|
---|
299 | //
|
---|
300 | // final String[] getColleagues(String username) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
|
---|
301 | // String alias = username + "colleagues";
|
---|
302 | // if (!keyStore.containsAlias(alias)) {
|
---|
303 | // return null;
|
---|
304 | // } else {
|
---|
305 | // KeyStore.ProtectionParameter entryPassword = new KeyStore.PasswordProtection(KeyList.PersonalKey.get().getText().toCharArray());
|
---|
306 | // KeyStore.SecretKeyEntry entry = (SecretKeyEntry) keyStore.getEntry(alias, entryPassword);
|
---|
307 | // byte[] colleaguesEncoded = entry.getSecretKey().getEncoded();
|
---|
308 | // String colleagues = new String(colleaguesEncoded);
|
---|
309 | // return colleagues.split(System.getProperty("line.separator"));
|
---|
310 | // }
|
---|
311 | // }
|
---|
312 |
|
---|
313 | private static void setInputManagerWindowRoutines() {
|
---|
314 | InputManager manager = EcosystemManager.getInputManager();
|
---|
315 |
|
---|
316 | // Refresh the layout when the window resizes
|
---|
317 | manager.addWindowEventListener(new WindowEventListener() {
|
---|
318 | @Override
|
---|
319 | public void onWindowEvent(WindowEventType type)
|
---|
320 | {
|
---|
321 | if (type != WindowEventType.WINDOW_RESIZED) {
|
---|
322 | return;
|
---|
323 | }
|
---|
324 | DisplayController.refreshWindowSize();
|
---|
325 | FrameIO.RefreshCacheImages();
|
---|
326 | for (Frame frame : DisplayController.getFrames()) {
|
---|
327 | if (frame != null) {
|
---|
328 | ItemUtils.Justify(frame);
|
---|
329 | frame.refreshSize();
|
---|
330 | }
|
---|
331 | }
|
---|
332 | DisplayController.requestRefresh(false);
|
---|
333 | }
|
---|
334 | });
|
---|
335 |
|
---|
336 | manager.addWindowEventListener(new WindowEventListener() {
|
---|
337 | @Override
|
---|
338 | public void onWindowEvent(WindowEventType type)
|
---|
339 | {
|
---|
340 | if (type != WindowEventType.MOUSE_EXITED_WINDOW) {
|
---|
341 | return;
|
---|
342 | }
|
---|
343 | StandardGestureActions.mouseExitedWindow();
|
---|
344 | }
|
---|
345 | });
|
---|
346 |
|
---|
347 | manager.addWindowEventListener(new WindowEventListener() {
|
---|
348 | @Override
|
---|
349 | public void onWindowEvent(WindowEventType type)
|
---|
350 | {
|
---|
351 | if (type != WindowEventType.MOUSE_ENTERED_WINDOW) {
|
---|
352 | return;
|
---|
353 | }
|
---|
354 | StandardGestureActions.mouseEnteredWindow();
|
---|
355 | }
|
---|
356 | });
|
---|
357 |
|
---|
358 | manager.addWindowEventListener(new WindowEventListener() {
|
---|
359 | @Override
|
---|
360 | public void onWindowEvent(WindowEventType type)
|
---|
361 | {
|
---|
362 | if (type != WindowEventType.WINDOW_CLOSED) {
|
---|
363 | return;
|
---|
364 | }
|
---|
365 | if (Browser._theBrowser != null) {
|
---|
366 | Browser._theBrowser.exit();
|
---|
367 | }
|
---|
368 | }
|
---|
369 | });
|
---|
370 | }
|
---|
371 | }
|
---|