Commit 570b8c74 authored by chiaming2000's avatar chiaming2000
Browse files

Java API/Simulator: 

A pin operation is authenticated with PINAuth authentication method.  No
user identity/Hmac information (HMACAuth) is set to the protocol
message.

A pin operation MUST be performed in a TLS connection.  Otherwise,
INVALID_REQUEST is set to the response message and the service request
is not performed in the simulator.
parent 6d9667c2

kinetic-client/src/main/java/com/seagate/kinetic/client/internal/ClientProxy.java

+17 −12
Original line number Diff line number Diff line
@@ -469,10 +469,12 @@ public class ClientProxy { 
                throwLcException("Timeout - unable to receive response message within " + config.getRequestTimeoutMillis() + " ms");

            }



            // hmac check

            // check hmac if this is a hmac auth type

            if (kmreq.getMessage().getAuthType() == AuthType.HMACAUTH) {

                if (!Hmac.check(kmresp, myKey)) {

                    throwLcException("Hmac failed compare");

                }

            }



        } catch (LCException lce) {

            // re-throw
@@ -610,16 +612,19 @@ public class ClientProxy { 
        

        // calculate HMAC

        try {



            if (messageBuilder.getAuthType() == AuthType.HMACAUTH) {

                // calculate hmac

                ByteString hmac = Hmac.calc(commandBytes, myKey);

            

            // set command bytes to message

            messageBuilder.setCommandBytes(ByteString.copyFrom(commandBytes));

            

                // set identity

                messageBuilder.getHmacAuthBuilder().setIdentity(user);

                // set hmac

                messageBuilder.getHmacAuthBuilder().setHmac(hmac);

            }



            // set command bytes to message

            messageBuilder.setCommandBytes(ByteString.copyFrom(commandBytes));



        } catch (HmacException e) {

            logger.log(Level.WARNING, e.getMessage(), e);

        }

kinetic-client/src/main/java/com/seagate/kinetic/client/io/MessageHandler.java

+8 −3
Original line number Diff line number Diff line
@@ -441,10 +441,15 @@ public class MessageHandler implements ClientMessageService, Runnable { 


		AsyncKineticException asyncException = null;



		/**

		 * Pin Auth does not require Hmac calculation.

		 */

		if (response.getMessage().getAuthType() == AuthType.HMACAUTH) {

		    if (this.client.checkHmac(response) == false) {

		        asyncException = new AsyncKineticException(

		                "Hmac did not compare");

		    }

		}



		return asyncException;

	}

kinetic-simulator/src/main/java/com/seagate/kinetic/simulator/internal/SecurityHandler.java

+2 −2
Original line number Diff line number Diff line
@@ -23,7 +23,7 @@ import java.io.File; 
import java.io.FileInputStream;

import java.io.FileOutputStream;

import java.io.IOException;

import java.security.Key;



import java.util.HashMap;

import java.util.List;

import java.util.Map;
@@ -36,7 +36,7 @@ import com.seagate.kinetic.common.lib.HMACAlgorithmUtil; 
import com.seagate.kinetic.common.lib.KineticMessage;

import com.seagate.kinetic.common.lib.RoleUtil;

import com.seagate.kinetic.proto.Kinetic.Command;

import com.seagate.kinetic.proto.Kinetic.Message;



import com.seagate.kinetic.proto.Kinetic.Command.MessageType;

import com.seagate.kinetic.proto.Kinetic.Command.Security;

import com.seagate.kinetic.proto.Kinetic.Command.Security.ACL;

kinetic-simulator/src/main/java/com/seagate/kinetic/simulator/internal/SetupHandler.java

+3 −37
Original line number Diff line number Diff line
@@ -24,14 +24,14 @@ import java.io.FileInputStream; 
import java.io.FileOutputStream;

import java.io.IOException;

import java.sql.Timestamp;

import java.util.Arrays;



import java.util.Date;

import java.util.Map;

import java.util.logging.Logger;



import com.seagate.kinetic.common.lib.KineticMessage;

import com.seagate.kinetic.proto.Kinetic.Command;

import com.seagate.kinetic.proto.Kinetic.Message;



import com.seagate.kinetic.proto.Kinetic.Command.MessageType;

import com.seagate.kinetic.proto.Kinetic.Command.Security.ACL;

import com.seagate.kinetic.proto.Kinetic.Command.Security.ACL.Permission;
@@ -86,40 +86,6 @@ public abstract class SetupHandler { 
        return hasPermission;

    }



    @SuppressWarnings("rawtypes")

    private static synchronized SetupInfo _handleSetup(KineticMessage request,

            KineticMessage respond, Store store,

            String kineticHome) throws KVStoreException, IOException {

        

        SetupInfo setupInfo = null;

        

        Command.Builder commandBuilder = (Command.Builder) respond.getCommand();

        

        /**

         * XXX protocol-3.0.0

         */

        //byte[] newPin = request.getMessage().getCommand().getBody().getSetup()

        //        .getPin()

        //        .toByteArray();



//        logger.info("parameterPin=" + new String(newPin) + ", internalPin="

//                + new String(myPin));

//

//        if (null == myPin || 0 == myPin.length) {

//            setupInfo = handleSetup(request, respond, myPin, newPin, store,

//                    kineticHome);

//        } else if (Arrays.equals(newPin, myPin)) {

//            setupInfo = handleSetup(request, respond, myPin, newPin, store,

//                    kineticHome);

//        } else {

//            commandBuilder.getStatusBuilder()

//            .setCode(StatusCode.INTERNAL_ERROR);

//            commandBuilder.getStatusBuilder()

//            .setStatusMessage("Pin not match");

//        }



        return setupInfo;

    }

   

    @SuppressWarnings("rawtypes")

    public static SetupInfo handleSetup(KineticMessage request,

kinetic-simulator/src/main/java/com/seagate/kinetic/simulator/internal/SimulatorEngine.java

+19 −15
Original line number Diff line number Diff line
@@ -25,7 +25,7 @@ import java.io.File; 
import java.net.UnknownHostException;

import java.security.Key;

import java.util.ArrayList;

import java.util.HashMap;



import java.util.Map;

import java.util.concurrent.ConcurrentHashMap;

import java.util.logging.Level;
@@ -41,7 +41,7 @@ import com.seagate.kinetic.heartbeat.message.OperationCounter; 
import com.seagate.kinetic.proto.Kinetic.Command;

import com.seagate.kinetic.proto.Kinetic.Command.GetLog.Configuration;

import com.seagate.kinetic.proto.Kinetic.Command.GetLog.Limits;

import com.seagate.kinetic.proto.Kinetic.Command.Security;



import com.seagate.kinetic.proto.Kinetic.Command.Status.StatusCode;

import com.seagate.kinetic.proto.Kinetic.Local;

import com.seagate.kinetic.proto.Kinetic.Message;
@@ -456,7 +456,8 @@ public class SimulatorEngine implements MessageService { 
            

            HeaderOp.checkHeader(kmreq, kmresp, key, clusterVersion);

            

            if (kmreq.getCommand().getHeader().getMessageType() == MessageType.PINOP) {

            if (kmreq.getMessage().getAuthType() == AuthType.PINAUTH) {

                //perform pin op

                PinOperationHandler.handleOperation(kmreq, kmresp, this); 

            } else if (kmreq.getCommand().getHeader().getMessageType() == MessageType.FLUSHALLDATA) {

                commandBuilder.getHeaderBuilder()
@@ -527,22 +528,25 @@ public class SimulatorEngine implements MessageService { 


            try {

                // get command byte stirng

                ByteString commandByteString = commandBuilder.build().toByteString();

                ByteString commandByteString = commandBuilder.build()

                        .toByteString();



                // get command byte[]

                byte[] commandByte = commandByteString.toByteArray();



                // require Hmac calculation ?

                if (key != null) {

                if (kmreq.getMessage().getAuthType() == AuthType.HMACAUTH) {

                    

                    // calculate hmac

                    ByteString hmac = Hmac.calc(commandByte, key);

                    //set hmac

                    messageBuilder.getHmacAuthBuilder().setHmac(hmac);

                }



                    // set identity

                    messageBuilder.getHmacAuthBuilder().setIdentity(userId);



                    // set hmac

                    messageBuilder.getHmacAuthBuilder().setHmac(hmac);

                }



                // set command bytes

                messageBuilder.setCommandBytes(commandByteString);

            } catch (Exception e2) {