You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ie...@apache.org on 2013/10/11 10:30:07 UTC
svn commit: r1531227 - in
/sling/trunk/bundles/extensions/discovery/impl/src/main:
java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
resources/OSGI-INF/metatype/metatype.properties
Author: ieb
Date: Fri Oct 11 08:30:07 2013
New Revision: 1531227
URL: http://svn.apache.org/r1531227
Log:
SLING-3154 Add Topology Message Verification to the Discovery service.
metatype was missing, as was enforcing signature key expiry.
Modified:
sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties
Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java?rev=1531227&r1=1531226&r2=1531227&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java (original)
+++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java Fri Oct 11 08:30:07 2013
@@ -324,7 +324,7 @@ public class TopologyRequestValidator {
*/
private String createTrustHeader(String bodyHash) {
try {
- int keyNo = (int) (System.currentTimeMillis() / interval);
+ int keyNo = getCurrentKey();
return keyNo + "/" + hmac(keyNo, bodyHash);
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e.getMessage(), e);
@@ -351,6 +351,8 @@ public class TopologyRequestValidator {
return hmac(keyNo, bodyHash).equals(parts[1]);
} catch (ArrayIndexOutOfBoundsException e) {
return false;
+ } catch (IllegalArgumentException e) {
+ return false;
} catch (InvalidKeyException e) {
throw new RuntimeException(e.getMessage(), e);
} catch (UnsupportedEncodingException e) {
@@ -471,6 +473,9 @@ public class TopologyRequestValidator {
* @throws UnsupportedEncodingException
*/
private Key getKey(int keyNo) throws UnsupportedEncodingException {
+ if(Math.abs(keyNo - getCurrentKey()) > 1 ) {
+ throw new IllegalArgumentException("Key has expired");
+ }
if (keys.containsKey(keyNo)) {
return keys.get(keyNo);
}
@@ -481,6 +486,10 @@ public class TopologyRequestValidator {
return key;
}
+ private int getCurrentKey() {
+ return (int) (System.currentTimeMillis() / interval);
+ }
+
/**
* dump olf keys.
*/
Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1531227&r1=1531226&r2=1531227&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties (original)
+++ sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties Fri Oct 11 08:30:07 2013
@@ -53,4 +53,28 @@ discoveryResourcePath.description = Path
leaderElectionRepositoryDescriptor.name = Repository Descriptor Name
leaderElectionRepositoryDescriptor.description = Name of the repository descriptor to be taken \
into account for leader election: those instances have preference to become leader which have \
- the corresponding descriptor value of 'false'.
\ No newline at end of file
+ the corresponding descriptor value of 'false'.
+
+hmacEnabled.name = Enable Hmac message signatures
+hmacEnabled.description = If true, and the Shared Key is set to the same value on all members of the \
+ topology, the messages will be validated using a HMAC of a digest of the body of the message. \
+ The hmac and message digest are in the HTTP request and response headers. Both requests and responses \
+ are signed.
+
+enableEncryption.name = Enable Message encryption
+enableEncryption.description = If Message HMACs are enabled and there is a shared key set, setting this to \
+ true will encrypt the body of the message using 128 bit AES encryption. Once encrypted you will not be able \
+ debug the messages at the http level.
+
+sharedKey.name = Message shared key.
+sharedKey.description = If message signing and encryption is used, this should be set to the same value \
+ on all members of the same topology. If any member of the topology has a different key it will effectively \
+ be excluded from the topology even if it attempts to send messages to other members of the topology.
+
+hmacSharedKeyTTL.name = Shared Key TTL
+hmacSharedKeyTTL.description = Shared keys for message signatures are derived from the configured shared key. \
+ Each derived key has a lifetime (TTL). Once that time has expired a new key is derived and used for hmac signatures. \
+ This setting, sets the TTL in ms. Keys that are 2 lifetimes old are ignored. Set according to you level of paranoia, \
+ but don't set to less than the greatest possible clock drift between members of the topology. The default is 4 hours. Setting \
+ to a ridiculously low value will increase the turnover of keys. Generating a key takes about 2ms. There is no risk of \
+ memory consumption with low values, only a risk of the topology falling apart due to incorrectly set clocks.
\ No newline at end of file