mirror of https://github.com/perkeep/perkeep.git
Attempt at writing a camli object signing/verify server for app engine (in java); foiled by security manager restrictions preventing bouncycastle from working in App Engine
This commit is contained in:
parent
2521ed5f9e
commit
b909bc32c3
|
@ -0,0 +1,62 @@
|
|||
<project>
|
||||
<property name="sdk.dir" location="/tmp/appengine-java-sdk" />
|
||||
|
||||
<import file="${sdk.dir}/config/user/ant-macros.xml" />
|
||||
|
||||
<path id="project.classpath">
|
||||
<pathelement path="war/WEB-INF/classes" />
|
||||
<fileset dir="war/WEB-INF/lib">
|
||||
<include name="**/*.jar" />
|
||||
</fileset>
|
||||
<fileset dir="${sdk.dir}/lib">
|
||||
<include name="shared/**/*.jar" />
|
||||
</fileset>
|
||||
</path>
|
||||
|
||||
<target name="copyjars"
|
||||
description="Copies the App Engine JARs to the WAR.">
|
||||
<copy
|
||||
todir="war/WEB-INF/lib"
|
||||
flatten="true">
|
||||
<fileset dir="${sdk.dir}/lib/user">
|
||||
<include name="**/*.jar" />
|
||||
</fileset>
|
||||
</copy>
|
||||
</target>
|
||||
|
||||
<target name="copylibs"
|
||||
description="Copies the app-specific libs to the WAR.">
|
||||
<copy
|
||||
todir="war/WEB-INF/lib"
|
||||
flatten="true">
|
||||
<fileset dir="lib">
|
||||
<include name="**/*.jar" />
|
||||
</fileset>
|
||||
</copy>
|
||||
</target>
|
||||
|
||||
<target name="compile" depends="copylibs,copyjars"
|
||||
description="Compiles Java source and copies other source files to the WAR.">
|
||||
<mkdir dir="war/WEB-INF/classes" />
|
||||
<copy todir="war/WEB-INF/classes">
|
||||
<fileset dir="src">
|
||||
<exclude name="**/*.java" />
|
||||
</fileset>
|
||||
</copy>
|
||||
<javac
|
||||
srcdir="src"
|
||||
destdir="war/WEB-INF/classes"
|
||||
classpathref="project.classpath"
|
||||
debug="on" />
|
||||
</target>
|
||||
|
||||
<target name="runserver" depends="compile"
|
||||
description="Starts the development server.">
|
||||
<dev_appserver war="war" port="8080" >
|
||||
<options>
|
||||
<arg value="--jvm_flag=-Xdebug"/>
|
||||
</options>
|
||||
</dev_appserver>
|
||||
</target>
|
||||
|
||||
</project>
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,12 @@
|
|||
package org.camlistore.sigserver;
|
||||
|
||||
import java.io.IOException;
|
||||
import javax.servlet.http.*;
|
||||
|
||||
public class SignServlet extends HttpServlet {
|
||||
public void doGet(HttpServletRequest req, HttpServletResponse resp)
|
||||
throws IOException {
|
||||
resp.setContentType("text/plain");
|
||||
resp.getWriter().println("Hello, world");
|
||||
}
|
||||
}
|
|
@ -0,0 +1,138 @@
|
|||
package org.camlistore.sigserver;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.security.SignatureException;
|
||||
import java.util.Enumeration;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
import javax.servlet.http.*;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
import com.google.gson.JsonParseException;
|
||||
import com.google.gson.JsonPrimitive;
|
||||
import com.google.gson.JsonParser;
|
||||
import org.bouncycastle.bcpg.ArmoredInputStream;
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPObjectFactory;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
||||
import org.bouncycastle.openpgp.PGPSignature;
|
||||
import org.bouncycastle.openpgp.PGPSignatureList;
|
||||
import org.bouncycastle.openpgp.PGPUtil;
|
||||
|
||||
public class VerifyServlet extends HttpServlet {
|
||||
private Logger log = Logger.getLogger(VerifyServlet.class.getName());
|
||||
|
||||
public void doPost(HttpServletRequest req, HttpServletResponse resp)
|
||||
throws IOException {
|
||||
|
||||
String sjson = req.getParameter("sjson");
|
||||
String keyArmored = req.getParameter("keyarmored"); // Non-standard
|
||||
|
||||
resp.setContentType("text/plain");
|
||||
|
||||
// Validate the signed JSON object and extract the signature and signer.
|
||||
int sigIndex = sjson.lastIndexOf(",\"camliSig\":\"");
|
||||
if (sigIndex == -1) {
|
||||
resp.getWriter().println("Missing camli object signature");
|
||||
return;
|
||||
}
|
||||
|
||||
String sigJson = "{" + sjson.substring(sigIndex + 1);
|
||||
JsonObject sigObj;
|
||||
try {
|
||||
sigObj = (new JsonParser()).parse(sigJson).getAsJsonObject();
|
||||
} catch (JsonParseException e) {
|
||||
e.printStackTrace();
|
||||
resp.getWriter().println("Invalid JSON signature object: " + e);
|
||||
return;
|
||||
} catch (IllegalStateException e) {
|
||||
e.printStackTrace();
|
||||
resp.getWriter().println("Invalid JSON signature object: " + e);
|
||||
return;
|
||||
}
|
||||
if (sigObj.entrySet().size() > 1) {
|
||||
resp.getWriter().println(
|
||||
"Signature object contains more than 'camliSig':\n" + sigJson);
|
||||
return;
|
||||
}
|
||||
JsonPrimitive sigPrimative = sigObj.getAsJsonPrimitive("camliSig");
|
||||
if (sigPrimative == null) {
|
||||
resp.getWriter().println("'camliSig' missing from top-level");
|
||||
return;
|
||||
}
|
||||
String camliSig;
|
||||
try {
|
||||
camliSig = sigPrimative.getAsString();
|
||||
} catch (ClassCastException e) {
|
||||
e.printStackTrace();
|
||||
resp.getWriter().println("Invalid 'camliSig' value: " + e);
|
||||
return;
|
||||
}
|
||||
|
||||
String camliJson = sjson.substring(0, sigIndex) + "}";
|
||||
JsonObject camliObj;
|
||||
try {
|
||||
camliObj = (new JsonParser()).parse(sjson).getAsJsonObject();
|
||||
} catch (JsonParseException e) {
|
||||
e.printStackTrace();
|
||||
resp.getWriter().println("Invalid JSON object: " + e);
|
||||
return;
|
||||
} catch (IllegalStateException e) {
|
||||
e.printStackTrace();
|
||||
resp.getWriter().println("Invalid JSON object: " + e);
|
||||
return;
|
||||
}
|
||||
JsonPrimitive signerPrimative = camliObj.getAsJsonPrimitive("camliSigner");
|
||||
if (signerPrimative == null) {
|
||||
resp.getWriter().println("'camliSigner' missing from top-level");
|
||||
return;
|
||||
}
|
||||
String camliSigner;
|
||||
try {
|
||||
camliSigner = signerPrimative.getAsString();
|
||||
} catch (ClassCastException e) {
|
||||
resp.getWriter().println("Invalid 'camliSigner' value: " + e);
|
||||
return;
|
||||
}
|
||||
|
||||
log.info("camliSig='" + camliSig + "', " +
|
||||
"camliSigner='" + camliSigner + "', " +
|
||||
"keyArmored='" + keyArmored + "'");
|
||||
|
||||
// Most of this code originally from the Bouncy Castle PGP example app.
|
||||
try {
|
||||
PGPObjectFactory pgpFactory = new PGPObjectFactory(
|
||||
new ArmoredInputStream(
|
||||
new ByteArrayInputStream(camliSig.getBytes("UTF-8")),
|
||||
false));
|
||||
PGPSignatureList signatureList = (PGPSignatureList) pgpFactory.nextObject();
|
||||
PGPSignature sig = signatureList.get(0);
|
||||
log.info("Signature found: " + sig);
|
||||
|
||||
PGPPublicKeyRingCollection pubKeyRing =
|
||||
new PGPPublicKeyRingCollection(
|
||||
new ArmoredInputStream(
|
||||
new ByteArrayInputStream(keyArmored.getBytes("UTF-8"))));
|
||||
PGPPublicKey key = pubKeyRing.getPublicKey(sig.getKeyID());
|
||||
|
||||
// NOTE(bslatkin): Can't use BouncyCastle's security provider for crypto
|
||||
// operations because of App Engine bug. Doh.
|
||||
// http://code.google.com/p/googleappengine/issues/detail?id=1612
|
||||
sig.initVerify(key, new BouncyCastleProvider());
|
||||
sig.update(camliJson.getBytes("UTF-8"));
|
||||
resp.getWriter().println(sig.verify() ? "YES" : "NO");
|
||||
} catch (IOException e) {
|
||||
log.log(Level.SEVERE, "Input problem", e);
|
||||
resp.getWriter().println("Input problem: " + e);
|
||||
} catch (PGPException e) {
|
||||
log.log(Level.SEVERE, "PGP problem", e);
|
||||
resp.getWriter().println("PGP problem: " + e);
|
||||
} catch (SignatureException e) {
|
||||
log.log(Level.SEVERE, "Signature problem", e);
|
||||
resp.getWriter().println("Signature problem: " + e);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
test
|
|
@ -0,0 +1,35 @@
|
|||
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
|
||||
|
||||
lQH+BE07cOIBBADTiCllLdf8M8hOQlIRq5lyQdhX558hFIb38uciWXp5AfunqEAb
|
||||
xXiM2Enk87EJTEzItUtv7ID3E7kKSqB38XJQqQzL14VDW6Nid5nya5GcHYx49wYe
|
||||
hSo9ktIUOplkWrPH4D+Ty6KXkieMQZ18xdk1fl7nQDZJaeNXIJQHiKNxEQARAQAB
|
||||
/gMDAiuPXA+l3ORRYBgyD6g2k6ootIBSvOG41aMS256sgkkMm2gRDqEhTvgocEHY
|
||||
I+2IXpiLfYVND3qbVp8Loxd0MF7cCEp8MQ81b0W9UIrUaevXmNjQsAmeEJj7r1yp
|
||||
R+BEG7kZxe+KZWJQWVNpKbE15XNEItBqLAfq9Az5ivgejm+uhn7oIYPkHH/8w7xK
|
||||
/JYfVRrB17fzIl7hR8UkvI/rFeyK8aFdl6X9jjb1m+4I9aa9XNc/QWBSIaCo8ffP
|
||||
H85RiFHeDAFanBi8r9sME5F3ZwH6l9JSiGBo3a7XLoM4mOmD6nLHX51MjNnggCjE
|
||||
mBYOdH6AJJanLBUjvFXliipX/6E4Ynodp/hk/IeolJtZyeooRCYk174eePYjVsUp
|
||||
zh7q/6yLuhSbsmaCndcftN/bYYjT6NStlmkY3FnRhs8Op8jKhDf+hLIwlm2aztUo
|
||||
O2rr9Pw71J6ZhRhjrMruFMqisp24DPQ6UoXo6OLIX+rWtClUZXN0IEtleSAoRm9y
|
||||
IHRlc3RpbmcpIDx0ZXN0QGV4YW1wbGUuY29tPoi4BBMBAgAiBQJNO3DiAhsDBgsJ
|
||||
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCLTbKtgJM85PJWA/9oPLLlhyn7uYCw
|
||||
8xlh8CbNANXyEiQJJLfL6xsaXI1lFcAm7Y/ET+Un7FOvEwUcNLtxPLxpQtD52Gmx
|
||||
8vQ2PI9evUUqdNWEK7E5ZoSx1BJAD2mlSjLl+rME+GJQXYnZj/3BVPTdJGFLT8Of
|
||||
3lEpmVtrB19omE4dhAYXNlExA7y8q50B/gRNO3DiAQQAzInHYdrRHC7i4e4wYLly
|
||||
0B/52adRQTyJ3RuC/hdBOdQBcTs3d20a3O/Y1pfzfoUcZCNeZbLSrpIT4Ljqubt4
|
||||
J9KF/Fds/HUXsHLAAio/g5p+i0v8luB48JuL+alPtYVG6UNjp/NcaDeHBcb2F/NY
|
||||
/9VBUa9dwkbnxhM9sMYgAEcAEQEAAf4DAwIrj1wPpdzkUWD9iXyvzQ6HCfMFdu6d
|
||||
7J3Qtl6U5oWDGseNczNBhP9Hw/Gj/rrmS2Q4ssfLCHEYmkSn6VojppolMO3cP7pH
|
||||
bxw1+NXKrtHnWF+AxrGjIal7vCAEHp8KcLjjFxnvHhPxfT5GX7NYu+HIP4a9EWlJ
|
||||
qXm8sjvq5EDDN4JZKNUhuYeKTBuZOba9XSAS0PblERueoOJuMX86FBe1NtIYZSj+
|
||||
Vprt0ZBmLmvSbXzh329eMJ7IlSOGva9siBMiUF1fEqKWw1tim2e5Ujw9xLeqhj0Z
|
||||
GeqVfaNWFXQsTooClxG4xal1ujX5N+l4cX4Q6Q3HPNFYPyj1MPv0IQmYtxrzJsdv
|
||||
yIyC91vZ3tUgMEvsOte8p1ixhmpzoksfGNpmmLVLSA5dn9U96zX7l/lBQddXD51t
|
||||
fHSA70Q42G/jU4W9JQOunrJRr12vKUufxuovIG8pU1BjXDzn8elArdnQjtJWhs8o
|
||||
BPoVwfgKloifBBgBAgAJBQJNO3DiAhsMAAoJEItNsq2AkzzkwE0D/0YC2OsJMWp8
|
||||
BJxdU5JI2F3c5ueXAT1FZJumfrebG50jE1CguziRxnXd1CxyZ8Lc/4g77qVKo8Vl
|
||||
IFyl9D2F7kK7AUUrKzagQfaPFMh7crqjySJcarz2YcKfCVvfJJNBhP3dDMGAsciu
|
||||
blbcSKSWFiohB1u1uaXuZAht+cuZ4YJs
|
||||
=JQkK
|
||||
-----END PGP PRIVATE KEY BLOCK-----
|
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
|
||||
|
||||
mI0ETTtw4gEEANOIKWUt1/wzyE5CUhGrmXJB2FfnnyEUhvfy5yJZenkB+6eoQBvF
|
||||
eIzYSeTzsQlMTMi1S2/sgPcTuQpKoHfxclCpDMvXhUNbo2J3mfJrkZwdjHj3Bh6F
|
||||
Kj2S0hQ6mWRas8fgP5PLopeSJ4xBnXzF2TV+XudANklp41cglAeIo3ERABEBAAG0
|
||||
KVRlc3QgS2V5IChGb3IgdGVzdGluZykgPHRlc3RAZXhhbXBsZS5jb20+iLgEEwEC
|
||||
ACIFAk07cOICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEItNsq2Akzzk
|
||||
8lYD/2g8suWHKfu5gLDzGWHwJs0A1fISJAkkt8vrGxpcjWUVwCbtj8RP5SfsU68T
|
||||
BRw0u3E8vGlC0PnYabHy9DY8j169RSp01YQrsTlmhLHUEkAPaaVKMuX6swT4YlBd
|
||||
idmP/cFU9N0kYUtPw5/eUSmZW2sHX2iYTh2EBhc2UTEDvLyruI0ETTtw4gEEAMyJ
|
||||
x2Ha0Rwu4uHuMGC5ctAf+dmnUUE8id0bgv4XQTnUAXE7N3dtGtzv2NaX836FHGQj
|
||||
XmWy0q6SE+C46rm7eCfShfxXbPx1F7BywAIqP4OafotL/JbgePCbi/mpT7WFRulD
|
||||
Y6fzXGg3hwXG9hfzWP/VQVGvXcJG58YTPbDGIABHABEBAAGInwQYAQIACQUCTTtw
|
||||
4gIbDAAKCRCLTbKtgJM85MBNA/9GAtjrCTFqfAScXVOSSNhd3ObnlwE9RWSbpn63
|
||||
mxudIxNQoLs4kcZ13dQscmfC3P+IO+6lSqPFZSBcpfQ9he5CuwFFKys2oEH2jxTI
|
||||
e3K6o8kiXGq89mHCnwlb3ySTQYT93QzBgLHIrm5W3EiklhYqIQdbtbml7mQIbfnL
|
||||
meGCbA==
|
||||
=5YOm
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -0,0 +1,5 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
|
||||
<application>camlisig</application>
|
||||
<version>1</version>
|
||||
</appengine-web-app>
|
|
@ -0,0 +1,25 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE web-app PUBLIC
|
||||
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
|
||||
"http://java.sun.com/dtd/web-app_2_3.dtd">
|
||||
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5">
|
||||
<servlet>
|
||||
<servlet-name>signservlet</servlet-name>
|
||||
<servlet-class>org.camlistore.sigserver.SignServlet</servlet-class>
|
||||
</servlet>
|
||||
<servlet>
|
||||
<servlet-name>verifyservlet</servlet-name>
|
||||
<servlet-class>org.camlistore.sigserver.VerifyServlet</servlet-class>
|
||||
</servlet>
|
||||
<servlet-mapping>
|
||||
<servlet-name>signservlet</servlet-name>
|
||||
<url-pattern>/camli/sig/sign</url-pattern>
|
||||
</servlet-mapping>
|
||||
<servlet-mapping>
|
||||
<servlet-name>verifyservlet</servlet-name>
|
||||
<url-pattern>/camli/sig/verify</url-pattern>
|
||||
</servlet-mapping>
|
||||
<welcome-file-list>
|
||||
<welcome-file>index.html</welcome-file>
|
||||
</welcome-file-list>
|
||||
</web-app>
|
|
@ -0,0 +1,25 @@
|
|||
<html>
|
||||
<head>
|
||||
<title>Test /camli/sig/*</title>
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<h1>Verify</h1>
|
||||
<form action="/camli/sig/verify" method="post" accept-charset="utf-8">
|
||||
|
||||
<p>
|
||||
<label for="sjson">Camli object (JSON with "camliSig" and "camliSigner"):</label>
|
||||
<p>
|
||||
<textarea id="sjson" name="sjson" rows="10" cols="70"></textarea>
|
||||
|
||||
<p>
|
||||
<label for="keyarmored">Optional armored public key (eg, "-----BEGIN PGP PUBLIC KEY BLOCK"):</label>
|
||||
<p>
|
||||
<textarea id="keyarmored" name="keyarmored" rows="10" cols="70"></textarea>
|
||||
|
||||
<p>
|
||||
<input type="submit" value="Verify">
|
||||
</form>
|
||||
|
||||
</body>
|
||||
</html>
|
|
@ -1,3 +1,5 @@
|
|||
Sign:
|
||||
|
||||
(https) POST /camli/sig/sign
|
||||
WWW-Authenticate: [user] [b64pass]
|
||||
|
||||
|
@ -8,5 +10,35 @@ On good response:
|
|||
HTTP 200 OK
|
||||
(signed blob)
|
||||
|
||||
else: (if verification fails)
|
||||
else: (if signing fails)
|
||||
HTTP 4xx/5xx
|
||||
|
||||
|
||||
TODO(bslatkin): Should the sign response be a more specific value, so
|
||||
we can tell the difference between a temporary server error and a signing
|
||||
failure? For verification purposes we need that characteristic anyways.
|
||||
|
||||
---
|
||||
|
||||
Verify:
|
||||
|
||||
(https) POST /camli/sig/verify
|
||||
|
||||
sjson=[signed json to verify]
|
||||
(proposed) keyarmored=[GnuPG armored key]
|
||||
|
||||
On good response:
|
||||
HTTP 200 OK
|
||||
|
||||
YES
|
||||
|
||||
else: (if verification fails)
|
||||
HTTP 200 OK
|
||||
|
||||
<any other message that describes the problem>
|
||||
|
||||
|
||||
Verify will look in the object to find the "camliSigner" key and use that
|
||||
blobref's contents (assumed to be a public key) to verify the signature on
|
||||
the object. Configuring the signing server to have the public key blobref
|
||||
is out of scope.
|
||||
|
|
Loading…
Reference in New Issue