Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-17 13:19:52 +01:00
Code Issues Projects Releases Wiki Activity

Ensure the use SecureRandom when creating authentication token

Browse Source
This commit is contained in:
Torsten Grote
2018-09-20 16:49:01 -03:00
parent 8d55911dab
commit 4b5e9bd64f
3 changed files with 20 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
briar-headless/README.md
View File

@@ -33,11 +33,11 @@ By default, Briar creates a folder `~/.briar` where it stores its database and o
There you also find the authentication token which is required to interact with the API: There you also find the authentication token which is required to interact with the API:
$ cat ~/.briar/auth_token $ cat ~/.briar/auth_token
e175b010-e647-4440-ae8a-638d92ecfc8a DZbfoUie8sjap7CSDR9y6cgJCojV+xUITTIFbgtAgqk=
You can test that things work as expected by running: You can test that things work as expected by running:
$ curl -H "Authorization: Bearer e175b010-e647-4440-ae8a-638d92ecfc8a" http://127.0.0.1:7000/v1/contacts $ curl -H "Authorization: Bearer DZbfoUie8sjap7CSDR9y6cgJCojV+xUITTIFbgtAgqk=" http://127.0.0.1:7000/v1/contacts
[] []
The answer is an empty JSON array, because you don't have any contacts. The answer is an empty JSON array, because you don't have any contacts.
@@ -150,7 +150,7 @@ You can test connecting to the websocket with curl:
--header "Upgrade: websocket" \ --header "Upgrade: websocket" \
--header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \ --header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
--header "Sec-WebSocket-Version: 13" \ --header "Sec-WebSocket-Version: 13" \
http://e175b010-e647-4440-ae8a-638d92ecfc8a@127.0.0.1:7000/v1/ws http://DZbfoUie8sjap7CSDR9y6cgJCojV+xUITTIFbgtAgqk=@127.0.0.1:7000/v1/ws
### Receiving new private messages ### Receiving new private messages

5
briar-headless/src/main/java/org/briarproject/briar/headless/BriarHeadlessApp.kt
View File

@@ -7,6 +7,7 @@ import org.briarproject.bramble.account.AccountModule
import org.briarproject.bramble.system.DesktopSecureRandomModule import org.briarproject.bramble.system.DesktopSecureRandomModule
import org.briarproject.briar.BriarCoreEagerSingletons import org.briarproject.briar.BriarCoreEagerSingletons
import org.briarproject.briar.BriarCoreModule import org.briarproject.briar.BriarCoreModule
import java.security.SecureRandom
import javax.inject.Singleton import javax.inject.Singleton
@Component( @Component(
@@ -20,5 +21,7 @@ import javax.inject.Singleton
) )
@Singleton @Singleton
internal interface BriarHeadlessApp : BrambleCoreEagerSingletons, BriarCoreEagerSingletons { internal interface BriarHeadlessApp : BrambleCoreEagerSingletons, BriarCoreEagerSingletons {
fun router(): Router fun getRouter(): Router
fun getSecureRandom(): SecureRandom
} }

20
briar-headless/src/main/java/org/briarproject/briar/headless/Main.kt
View File

@@ -9,6 +9,7 @@ import com.github.ajalt.clikt.parameters.types.int
import org.briarproject.bramble.BrambleCoreModule import org.briarproject.bramble.BrambleCoreModule
import org.briarproject.briar.BriarCoreModule import org.briarproject.briar.BriarCoreModule
import org.slf4j.impl.SimpleLogger.DEFAULT_LOG_LEVEL_KEY import org.slf4j.impl.SimpleLogger.DEFAULT_LOG_LEVEL_KEY
import org.spongycastle.util.encoders.Base64.toBase64String
import java.io.File import java.io.File
import java.io.File.separator import java.io.File.separator
import java.io.IOException import java.io.IOException
@@ -17,7 +18,7 @@ import java.lang.System.setProperty
import java.nio.file.Files.setPosixFilePermissions import java.nio.file.Files.setPosixFilePermissions
import java.nio.file.attribute.PosixFilePermission import java.nio.file.attribute.PosixFilePermission
import java.nio.file.attribute.PosixFilePermission.* import java.nio.file.attribute.PosixFilePermission.*
import java.util.UUID.randomUUID import java.security.SecureRandom
import java.util.logging.Level.* import java.util.logging.Level.*
import java.util.logging.LogManager import java.util.logging.LogManager
@@ -65,8 +66,6 @@ private class Main : CliktCommand(
LogManager.getLogManager().getLogger("").level = level LogManager.getLogManager().getLogger("").level = level
val dataDir = getDataDir() val dataDir = getDataDir()
val authToken = getOrCreateAuthToken(dataDir)
val app = val app =
DaggerBriarHeadlessApp.builder().headlessModule(HeadlessModule(dataDir)).build() DaggerBriarHeadlessApp.builder().headlessModule(HeadlessModule(dataDir)).build()
// We need to load the eager singletons directly after making the // We need to load the eager singletons directly after making the
@@ -74,7 +73,9 @@ private class Main : CliktCommand(
BrambleCoreModule.initEagerSingletons(app) BrambleCoreModule.initEagerSingletons(app)
BriarCoreModule.initEagerSingletons(app) BriarCoreModule.initEagerSingletons(app)
app.router().start(authToken, port, debug) val authToken = getOrCreateAuthToken(dataDir, app.getSecureRandom())
app.getRouter().start(authToken, port, debug)
} }
private fun getDataDir(): File { private fun getDataDir(): File {
@@ -92,18 +93,23 @@ private class Main : CliktCommand(
return file return file
} }
private fun getOrCreateAuthToken(dataDir: File): String { private fun getOrCreateAuthToken(dataDir: File, secureRandom: SecureRandom): String {
val tokenFile = File(dataDir, "auth_token") val tokenFile = File(dataDir, "auth_token")
return if (tokenFile.isFile) { return if (tokenFile.isFile) {
tokenFile.readText() tokenFile.readText()
} else { } else {
// TODO use better way of getting random token? val authToken = createAuthToken(secureRandom)
val authToken = randomUUID().toString()
tokenFile.writeText(authToken) tokenFile.writeText(authToken)
authToken authToken
} }
} }
private fun createAuthToken(secureRandom: SecureRandom): String {
val bytes = ByteArray(32)
secureRandom.nextBytes(bytes)
return toBase64String(bytes)
}
} }
fun main(args: Array<String>) = Main().main(args) fun main(args: Array<String>) = Main().main(args)