You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ie...@apache.org on 2013/10/11 10:30:07 UTC
svn commit: r1531227 - in /sling/trunk/bundles/extensions/discovery/impl/src/main: java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java resources/OSGI-INF/metatype/metatype.properties

Author: ieb
Date: Fri Oct 11 08:30:07 2013
New Revision: 1531227

URL: http://svn.apache.org/r1531227
Log:
SLING-3154 Add Topology Message Verification to the Discovery service.

metatype was missing, as was enforcing signature key expiry.

Modified:
    sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
    sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties

Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java?rev=1531227&r1=1531226&r2=1531227&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java (original)
+++ sling/trunk/bundles/extensions/discovery/impl/src/main/java/org/apache/sling/discovery/impl/topology/connector/TopologyRequestValidator.java Fri Oct 11 08:30:07 2013
@@ -324,7 +324,7 @@ public class TopologyRequestValidator {
      */
     private String createTrustHeader(String bodyHash) {
         try {
-            int keyNo = (int) (System.currentTimeMillis() / interval);
+            int keyNo = getCurrentKey();
             return keyNo + "/" + hmac(keyNo, bodyHash);
         } catch (UnsupportedEncodingException e) {
             throw new RuntimeException(e.getMessage(), e);
@@ -351,6 +351,8 @@ public class TopologyRequestValidator {
             return hmac(keyNo, bodyHash).equals(parts[1]);
         } catch (ArrayIndexOutOfBoundsException e) {
             return false;
+        } catch (IllegalArgumentException e) {
+            return false;
         } catch (InvalidKeyException e) {
             throw new RuntimeException(e.getMessage(), e);
         } catch (UnsupportedEncodingException e) {
@@ -471,6 +473,9 @@ public class TopologyRequestValidator {
      * @throws UnsupportedEncodingException
      */
     private Key getKey(int keyNo) throws UnsupportedEncodingException {
+        if(Math.abs(keyNo - getCurrentKey()) > 1 ) {
+            throw new IllegalArgumentException("Key has expired");
+        }
         if (keys.containsKey(keyNo)) {
             return keys.get(keyNo);
         }
@@ -481,6 +486,10 @@ public class TopologyRequestValidator {
         return key;
     }
 
+    private int getCurrentKey() {
+        return (int) (System.currentTimeMillis() / interval);
+    }
+
     /**
      * dump olf keys.
      */

Modified: sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1531227&r1=1531226&r2=1531227&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties (original)
+++ sling/trunk/bundles/extensions/discovery/impl/src/main/resources/OSGI-INF/metatype/metatype.properties Fri Oct 11 08:30:07 2013
@@ -53,4 +53,28 @@ discoveryResourcePath.description = Path
 leaderElectionRepositoryDescriptor.name = Repository Descriptor Name
 leaderElectionRepositoryDescriptor.description = Name of the repository descriptor to be taken \
  into account for leader election: those instances have preference to become leader which have \
- the corresponding descriptor value of 'false'.
\ No newline at end of file
+ the corresponding descriptor value of 'false'.
+
+hmacEnabled.name = Enable Hmac message signatures
+hmacEnabled.description = If true, and the Shared Key is set to the same value on all members of the \
+ topology, the messages will be validated using a HMAC of a digest of the body of the message. \
+ The hmac and message digest are in the HTTP request and response headers. Both requests and responses \
+ are signed.
+
+enableEncryption.name = Enable Message encryption
+enableEncryption.description = If Message HMACs are enabled and there is a shared key set, setting this to \
+ true will encrypt the body of the message using 128 bit AES encryption. Once encrypted you will not be able \
+ debug the messages at the http level.
+
+sharedKey.name = Message shared key.
+sharedKey.description = If message signing and encryption is used, this should be set to the same value \
+ on all members of the same topology. If any member of the topology has a different key it will effectively \
+ be excluded from the topology even if it attempts to send messages to other members of the topology.
+
+hmacSharedKeyTTL.name = Shared Key TTL
+hmacSharedKeyTTL.description = Shared keys for message signatures are derived from the configured shared key. \
+ Each derived key has a lifetime (TTL). Once that time has expired a new key is derived and used for hmac signatures. \
+ This setting, sets the TTL in ms. Keys that are 2 lifetimes old are ignored. Set according to you level of paranoia, \
+ but don't set to less than the greatest possible clock drift between members of the topology. The default is 4 hours. Setting \
+ to a ridiculously low value will increase the turnover of keys. Generating a key takes about 2ms. There is no risk of \
+ memory consumption with low values, only a risk of the topology falling apart due to incorrectly set clocks.
\ No newline at end of file