server/filter/KeyManager.java

/* 
 * i-scream central monitoring system
 * http://www.i-scream.org.uk
 * Copyright (C) 2000-2002 i-scream
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */

//---PACKAGE DECLARATION---
package uk.org.iscream.cms.server.filter;

//---IMPORTS---
import uk.org.iscream.cms.util.*;
import uk.org.iscream.cms.server.core.*;
import uk.org.iscream.cms.server.componentmanager.*;
import java.util.Random;
import java.util.HashMap;

/**
 * Acts as a store and checking mechanism for host keys.
 *
 * @author  $Author: tdb $
 * @version $Id: KeyManager.java,v 1.5 2003/02/05 16:43:47 tdb Exp $
 */
public class KeyManager {

//---FINAL ATTRIBUTES---

    /**
     * The current CVS revision of this class
     */
    public final String REVISION = "$Revision: 1.5 $";
    
    /**
     * The set of characters to be used for our keys
     */
    private final char[] KEYSET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray();
    
    /**
     * Default key length
     */
    public static final int DEFKEYLEN = 15;
    
//---STATIC METHODS---

    /**
     * Return a reference to the single class.
     * Construct it if it does not already exist, otherwise just return the reference.
     */
    public synchronized static KeyManager getInstance() {
        if (_instance == null){
            _instance = new KeyManager();
        }
        return _instance;
    }

//---CONSTRUCTORS---
    
    /**
     * Private constructor to avoid external construction.
     */
    private KeyManager() {
        try {
            String keylen = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.KeyLength");
            _keylen = Integer.parseInt(keylen);
        }
        catch (PropertyNotFoundException e) {
            _keylen = DEFKEYLEN;
            _logger.write(toString(), Logger.WARNING, "No key length found, using default of " +_keylen+ " : " + e);
        }
        catch (NumberFormatException e) {
            _keylen = DEFKEYLEN;
            _logger.write(toString(), Logger.WARNING, "Malformed key length found, using default of " +_keylen+ " : " + e);
        }
    }

//---PUBLIC METHODS---
    
    /**
     * Add or replace a key.
     *
     * @param host the hostname to add a key for
     * @param key the key to add
     */
    public synchronized void addKey(String host, String key) {
        _keys.put(host, key);
    }
    
    /**
     * Check if a given key is currently valid.
     * Will respond negatively if the key doesn't match,
     * or if no key is found (and EnforceHostAuth is on).
     *
     * @param host the hostname to check the key for
     * @param key the key to check
     * @return whether the check was successful
     */
    public synchronized boolean checkKey(String host, String key) {
        Object o = _keys.get(host);
        if(o != null) {
            // if our key isn't null, we want to make
            // sure it matches that given
            String ourKey = (String) o;
            return ourKey.equals(key);
        }
        else {
            // default to enforcing host auth
            boolean enforceHostAuth = true;
            try {
                // try to get see what's in the config
                String enforce = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.EnforceHostAuth");
                enforceHostAuth = (Integer.parseInt(enforce) == 1);
            }
            catch(PropertyNotFoundException e) {
                // if it's not set, not enforced
                _logger.write(toString(), Logger.WARNING, "EnforceHostAuth property not found: " + e);
                enforceHostAuth = false;
            }
            catch(NumberFormatException e) {
                // if it's not a number, not enforced
                _logger.write(toString(), Logger.WARNING, "EnforceHostAuth property malformed: " + e);
                enforceHostAuth = false;
            }
            // if enforceHostAuth is true we want to fail the check
            // and vice-versa
            return !enforceHostAuth;
        }
    }
    
    /**
     * Generate a random key with length KEYLEN.
     *
     * @return a random key as a String
     */
    public String genKey() {
        Random r = new Random();
        StringBuffer s = new StringBuffer();
        for(int i=0; i < _keylen; i++) {
            s.append(KEYSET[r.nextInt(KEYSET.length)]);
        }
        return s.toString();
    }
    
    /**
     * Overrides the {@link java.lang.Object#toString() Object.toString()}
     * method to provide clean logging (every class should have this).
     *
     * This uses the uk.org.iscream.cms.util.NameFormat class
     * to format the toString()
     *
     * @return the name of this class and its CVS revision
     */
    public String toString() {
        return FormatName.getName(
            _name,
            getClass().getName(),
            REVISION);
    }

//---PRIVATE METHODS---
    
//---ACCESSOR/MUTATOR METHODS---

//---ATTRIBUTES---
    
    /**
     * This holds the current keys for
     * the hosts we're authenticating
     */
    private HashMap _keys = new HashMap();

    /**
     * The length of our keys
     */
    private int _keylen;
    
    /**
     * This holds a reference to the
     * system logger that is being used.
     */
    private Logger _logger = ReferenceManager.getInstance().getLogger();
    
    /**
     * This is the friendly identifier of the
     * component this class is running in.
     * eg, a Filter may be called "filter1",
     * If this class does not have an owning
     * component,  a name from the configuration
     * can be placed here.  This name could also
     * be changed to null for utility classes.
     */
    private String _name = FilterMain.NAME;

//---STATIC ATTRIBUTES---

    /**
     * A reference to the single instance of this class
     */
    private static KeyManager _instance;

}
Revision:	1.6
Committed:	Mon Feb 24 20:18:49 2003 UTC (21 years, 2 months ago) by tdb
Branch:	MAIN
CVS Tags:	HEAD
Changes since 1.5:	+2 -2 lines
State:	*FILE REMOVED*
Error occurred while calculating annotation data.
Log Message:	Fairly major commit. This will break the current version of ihost, but this had to be done really to give Pete something to test the new ihost against. The main change here is removal of the TCP Heartbeat functionality from the filter. This meant the following features stopped working :- - Heartbeat testing - Configuration checking - Service checks The heartbeat testing, specifically the monitor, now looks at the presence of UDP packets instead. Before it just looked for the presence of a TCP heartbeat packet, so the change their is fairly negligible. Of course this means heartbeat testing now relies on the UDP working... but I don't see this as a problem. Configuration checking has been repositioned in to the filtermanager. This is a backwards compatible change - the filtermanager should still perform as it should for older hosts. But now there's an extra command to check the configuration is up-to-date, with a similar format to the old TCP protocol in the filter. (although we may optimise this soon) The service checks are broken. This isn't a major issue for us as they were pretty useless in the first place. The concept is good, but the checks are just far too primitive. I expect at some point I'll work on a seperate component that just monitors services, which will replace this function. Further changes in the server include removal of the key checking code, as this relied on a bolt on to the TCP heartbeat protocol to ship the key. This got more akward than originally planned, so I'm happy to drop the idea. In the long term we hope to replace this with a public key systems for signing and even encryption. Finally, general tidy up to remove other bits of code that check for TCP heartbeat packets when they don't need to any more.
#	Content
1	/*
2	* i-scream central monitoring system
3	* http://www.i-scream.org.uk
4	* Copyright (C) 2000-2002 i-scream
5	*
6	* This program is free software; you can redistribute it and/or
7	* modify it under the terms of the GNU General Public License
8	* as published by the Free Software Foundation; either version 2
9	* of the License, or (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License
17	* along with this program; if not, write to the Free Software
18	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19	*/
20
21	//---PACKAGE DECLARATION---
22	package uk.org.iscream.cms.server.filter;
23
24	//---IMPORTS---
25	import uk.org.iscream.cms.util.*;
26	import uk.org.iscream.cms.server.core.*;
27	import uk.org.iscream.cms.server.componentmanager.*;
28	import java.util.Random;
29	import java.util.HashMap;
30
31	/**
32	* Acts as a store and checking mechanism for host keys.
33	*
34	* @author $Author: tdb $
35	* @version $Id: KeyManager.java,v 1.5 2003/02/05 16:43:47 tdb Exp $
36	*/
37	public class KeyManager {
38
39	//---FINAL ATTRIBUTES---
40
41	/**
42	* The current CVS revision of this class
43	*/
44	public final String REVISION = "$Revision: 1.5 $";
45
46	/**
47	* The set of characters to be used for our keys
48	*/
49	private final char[] KEYSET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray();
50
51	/**
52	* Default key length
53	*/
54	public static final int DEFKEYLEN = 15;
55
56	//---STATIC METHODS---
57
58	/**
59	* Return a reference to the single class.
60	* Construct it if it does not already exist, otherwise just return the reference.
61	*/
62	public synchronized static KeyManager getInstance() {
63	if (_instance == null){
64	_instance = new KeyManager();
65	}
66	return _instance;
67	}
68
69	//---CONSTRUCTORS---
70
71	/**
72	* Private constructor to avoid external construction.
73	*/
74	private KeyManager() {
75	try {
76	String keylen = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.KeyLength");
77	_keylen = Integer.parseInt(keylen);
78	}
79	catch (PropertyNotFoundException e) {
80	_keylen = DEFKEYLEN;
81	_logger.write(toString(), Logger.WARNING, "No key length found, using default of " +_keylen+ " : " + e);
82	}
83	catch (NumberFormatException e) {
84	_keylen = DEFKEYLEN;
85	_logger.write(toString(), Logger.WARNING, "Malformed key length found, using default of " +_keylen+ " : " + e);
86	}
87	}
88
89	//---PUBLIC METHODS---
90
91	/**
92	* Add or replace a key.
93	*
94	* @param host the hostname to add a key for
95	* @param key the key to add
96	*/
97	public synchronized void addKey(String host, String key) {
98	_keys.put(host, key);
99	}
100
101	/**
102	* Check if a given key is currently valid.
103	* Will respond negatively if the key doesn't match,
104	* or if no key is found (and EnforceHostAuth is on).
105	*
106	* @param host the hostname to check the key for
107	* @param key the key to check
108	* @return whether the check was successful
109	*/
110	public synchronized boolean checkKey(String host, String key) {
111	Object o = _keys.get(host);
112	if(o != null) {
113	// if our key isn't null, we want to make
114	// sure it matches that given
115	String ourKey = (String) o;
116	return ourKey.equals(key);
117	}
118	else {
119	// default to enforcing host auth
120	boolean enforceHostAuth = true;
121	try {
122	// try to get see what's in the config
123	String enforce = ConfigurationProxy.getInstance().getProperty("Filter." + FilterMain.NAME, "Filter.EnforceHostAuth");
124	enforceHostAuth = (Integer.parseInt(enforce) == 1);
125	}
126	catch(PropertyNotFoundException e) {
127	// if it's not set, not enforced
128	_logger.write(toString(), Logger.WARNING, "EnforceHostAuth property not found: " + e);
129	enforceHostAuth = false;
130	}
131	catch(NumberFormatException e) {
132	// if it's not a number, not enforced
133	_logger.write(toString(), Logger.WARNING, "EnforceHostAuth property malformed: " + e);
134	enforceHostAuth = false;
135	}
136	// if enforceHostAuth is true we want to fail the check
137	// and vice-versa
138	return !enforceHostAuth;
139	}
140	}
141
142	/**
143	* Generate a random key with length KEYLEN.
144	*
145	* @return a random key as a String
146	*/
147	public String genKey() {
148	Random r = new Random();
149	StringBuffer s = new StringBuffer();
150	for(int i=0; i < _keylen; i++) {
151	s.append(KEYSET[r.nextInt(KEYSET.length)]);
152	}
153	return s.toString();
154	}
155
156	/**
157	* Overrides the {@link java.lang.Object#toString() Object.toString()}
158	* method to provide clean logging (every class should have this).
159	*
160	* This uses the uk.org.iscream.cms.util.NameFormat class
161	* to format the toString()
162	*
163	* @return the name of this class and its CVS revision
164	*/
165	public String toString() {
166	return FormatName.getName(
167	_name,
168	getClass().getName(),
169	REVISION);
170	}
171
172	//---PRIVATE METHODS---
173
174	//---ACCESSOR/MUTATOR METHODS---
175
176	//---ATTRIBUTES---
177
178	/**
179	* This holds the current keys for
180	* the hosts we're authenticating
181	*/
182	private HashMap _keys = new HashMap();
183
184	/**
185	* The length of our keys
186	*/
187	private int _keylen;
188
189	/**
190	* This holds a reference to the
191	* system logger that is being used.
192	*/
193	private Logger _logger = ReferenceManager.getInstance().getLogger();
194
195	/**
196	* This is the friendly identifier of the
197	* component this class is running in.
198	* eg, a Filter may be called "filter1",
199	* If this class does not have an owning
200	* component, a name from the configuration
201	* can be placed here. This name could also
202	* be changed to null for utility classes.
203	*/
204	private String _name = FilterMain.NAME;
205
206	//---STATIC ATTRIBUTES---
207
208	/**
209	* A reference to the single instance of this class
210	*/
211	private static KeyManager _instance;
212
213	}