Commit d2bd2838 authored by Drahomír Karchňák's avatar Drahomír Karchňák

Fixed server secret handling and fallback variants.

parent d1dc1e7b
......@@ -16,6 +16,7 @@
package at.alladin.rmbt.controlServer;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.text.MessageFormat;
import java.util.Arrays;
......@@ -52,10 +53,7 @@ public class QualityOfServiceResultResource extends ServerResource
final static int UNKNOWN = Integer.MIN_VALUE;
@Post("json")
public String request(final String entity)
{
final String secret = getContext().getParameters().getFirstValue("RMBT_SECRETKEY");
public String request(final String entity) {
addAllowOrigin();
JSONObject request = null;
......@@ -96,8 +94,9 @@ public class QualityOfServiceResultResource extends ServerResource
if (request.optString("test_token").length() > 0)
{
final String[] token = request.getString("test_token").split("_");
final String fullToken = request.getString("test_token");
final String[] token = fullToken.split("_");
try
{
......@@ -105,6 +104,11 @@ public class QualityOfServiceResultResource extends ServerResource
final UUID testUuid = UUID.fromString(token[0]);
final String data = token[0] + "_" + token[1];
String secret = selectSecretKeyByServerToken(fullToken);
if(secret == null || secret.isEmpty()) {
secret = getContext().getParameters().getFirstValue("RMBT_SECRETKEY");
}
final String hmac = Helperfunctions.calculateHMAC(secret, data);
if (hmac.length() == 0)
......@@ -255,7 +259,34 @@ public class QualityOfServiceResultResource extends ServerResource
return answer.toString();
}
private String selectSecretKeyByServerToken(String serverToken) {
final String sql =
"SELECT ts.secret FROM test_server ts, test t " +
"WHERE t.server_id = ts.uid " +
"and t.token = ?";
try (PreparedStatement ps = conn.prepareStatement(sql))
{
ps.setString(1,serverToken);
try (ResultSet rs = ps.executeQuery()) {
if(!rs.next()) {
System.out.println("Couldn't find secret for serverToken: " + serverToken);
return null;
}
String secret = rs.getString("secret");
return secret;
}
}
catch (SQLException e)
{
e.printStackTrace();
return null;
}
}
@Get("json")
public String retrieve(final String entity)
{
......
......@@ -619,7 +619,7 @@ public class RegistrationResource extends ServerResource
}
}
private static TestServer toTestServer(final ResultSet rs, final boolean ssl, final Boolean ipv6) throws SQLException {
private TestServer toTestServer(final ResultSet rs, final boolean ssl, final Boolean ipv6) throws SQLException {
final String address;
if (ipv6 == null)
address = rs.getString("web_address");
......@@ -634,9 +634,16 @@ public class RegistrationResource extends ServerResource
result.address = address;
result.port = rs.getInt(ssl ? "port_ssl" : "port");
result.name = rs.getString("name") + " (" + rs.getString("city") + ")";
result.secret = rs.getString("secret");
result.type = rs.getString("server_type");
String secret = rs.getString("secret");
//Fallback secret key
if(secret == null || secret.isEmpty()) {
secret = getContext().getParameters().getFirstValue("RMBT_SECRETKEY");
}
result.secret = secret;
return result;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment