com.ibm.tspaces.ac
Class AuthChecker

java.lang.Object
  |
  +--com.ibm.tspaces.ac.AuthChecker

public class AuthChecker
extends java.lang.Object

This class will handle the authentication of a User/Password pair without sending the Password over the network. The class contains both the code that runs at the server and at the Client. The "database" of userid/passwordkeys is a Hashtable that is provided initially by the server via the setUsers() method. At the Client side, AuthChecker is called with the following method calls

   try {
     AuthChecker authck = new AuthChecker();
     authck.clientLogin(ObjectOutputStream s, String user, String password);
   } catch (Exception e) {
   }
 
At the Server side, AuthChecker is used as follows.
   try {
     AuthChecker authck = TSServer.getAuthChecker();
     authck.authenticate(ObjectInputStream s);
   } catch (Exception ae) {
   }
 
Additional notes. Currently the Hashtable that is contains the Userid and Password keys is stored in the Admin space. It is also saved in a backup file that is specified by the configuration file. The backup file is so that the server can be reinitialized without losing the userid and password information.
When we write a GUI client that will update this table, we are going to need to have an interface for updating the Hashtable without having to give the Hashtable itself to the Gui app.

The authentication is pretty lame. Basically all this does is remove the exposure of having the user password in clear text be sprayed over the net and hard drive. The next step would be to authenticate using a challenge protocol (or some other protocol.) This is left as an exercise for future T Spaces developers. The book Java Network Programming by Hughes etal, has a good section on how to do this in theory but in practice, one needs to use the facilities that will be available in Java 1.2 JCE.

Author:
John Thomas

Field Summary
static java.lang.String USERS_TUPLE
          Tuple Identifier (Field[0])
 
Constructor Summary
AuthChecker()
          Default constructor This will obtain an implementation of SHA (SecureHashAlgorithm) Sun provides this implementation.
 
Method Summary
 boolean authenticate(java.io.ObjectInputStream objectIn_)
          This is the authentication method that is invoked by the server at the start of a session.
 boolean authenticate(java.lang.String user_, java.lang.Object password_)
          This is the authentication method that is invoked by the server when it has the userid and password in hand (instead of an ObjectStream) It will then validate the user/key combination by checking the Hashtable where we have stored all the user/key combinations.
 void clientLogin(java.io.ObjectOutputStream oos_, java.lang.String user_, java.lang.String password_)
          This is the method that the client issues when it makes the connection to the server and only has the cleartext password.
 boolean contains(java.lang.String user)
          Return true if the specified user exists in the HashTable
 java.math.BigInteger getKeyFromPassword(java.lang.String password)
          This will take a Password in cleartext and convert it to a key based on the SHA MessageDigest algoritms
 java.lang.String getUser()
          Return the Userid that has been validated.
 java.util.Enumeration getUserElements()
          Return an enumeration of Userid Elements in the Hashtable Each element in the Enumeration will be a Userid String.
 java.util.Hashtable getUsers()
          Get a reference to the Hashtable
static java.util.Hashtable readUserFile(java.lang.String filename)
          readUserFile will read a file that contains the user and password Key info
static java.util.Hashtable readUserFileTuple(TupleSpace ts)
          readUserFileTuple will read the UserFile object from the Admin space
 void setSeed(java.lang.String seed)
          Set the Encryption seed.
 void setUsers(java.util.Hashtable users)
          Set the Hashtable that contains the user/key combinations
 void storePassword(java.lang.String user, java.lang.String password)
          StorePassword will update the list of passwords that are maintained
 boolean verifyUser(java.lang.String user, java.lang.String password)
          Method that verififies a user
static void writeUserFile(java.lang.String filename, java.util.Hashtable hashtable)
          writeUserFile will write a file that contains the user and password Key info
static void writeUserFileTuple(TupleSpace ts, java.util.Hashtable userTable)
          writeUserFileTuple will write the UserFile to the Admin space
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

USERS_TUPLE

public static final java.lang.String USERS_TUPLE
Tuple Identifier (Field[0])
Constructor Detail

AuthChecker

public AuthChecker()
            throws TupleSpaceCommunicationException
Default constructor This will obtain an implementation of SHA (SecureHashAlgorithm) Sun provides this implementation.
Method Detail

clientLogin

public void clientLogin(java.io.ObjectOutputStream oos_,
                        java.lang.String user_,
                        java.lang.String password_)
                 throws java.io.IOException
This is the method that the client issues when it makes the connection to the server and only has the cleartext password. e.g. in TupleSpace.connectionToServer() Currently the caller just obtains the password from the user and then invokes clientLogin(Socket s, String user, BigInteger pwKey) Eventually (using Java 1.2 services) it could authenticate to the server by sending only the userid. The server would then return a session key that has been encrypted by the server using servers version of the password key. The client would decrypt the session key using the client version of the password key, Then it would add 1 to the session key and encrypt the result and return it to the server. The server decrypt it and verify it equals the session key+1. If this all succeeds, then we are really authenticated.
Parameters:
oos_ - The stream that we're talking on
user_ - The user that is to be authenticated
password_ - The password (clear text) that is to be checked.

authenticate

public boolean authenticate(java.io.ObjectInputStream objectIn_)
                     throws TupleSpaceServerException
This is the authentication method that is invoked by the server at the start of a session. The connection from the Client has just been established and the next expected data to arrive is the userid and PasswordKey It will read the User and Key (Password converted to digest to BigInteger) from the ObjectStream that is passed in. It will then validate the user/key combination by checking the Hashtable where we have stored all the user/key combinations. The Hashtable that is used is referenced via the _Users variable that is provided at startup by the setUsers() method. The server is responsible for updating this Hashtable as users are added or deleted.
Parameters:
objectln_ - Inputstream from which to read authentication objects
Returns:
true if Validated userid.

authenticate

public boolean authenticate(java.lang.String user_,
                            java.lang.Object password_)
                     throws TupleSpaceServerException
This is the authentication method that is invoked by the server when it has the userid and password in hand (instead of an ObjectStream) It will then validate the user/key combination by checking the Hashtable where we have stored all the user/key combinations. The Hashtable that is used is referenced via the _Users variable that is provided at startup by the setUsers() method. The server is responsible for updating this Hashtable as users are added or deleted.
Parameters:
user_ - Userid
password_ - Password
Returns:
true if user/password is valid.

getUser

public java.lang.String getUser()
Return the Userid that has been validated.
Returns:
the user that was verified by the authenticate method.

verifyUser

public boolean verifyUser(java.lang.String user,
                          java.lang.String password)
Method that verififies a user
Parameters:
user - Verify this user
Returns:
"yay" or "nay"

setSeed

public void setSeed(java.lang.String seed)
Set the Encryption seed. Not currently used!

setUsers

public void setUsers(java.util.Hashtable users)
Set the Hashtable that contains the user/key combinations
Parameters:
users - hash these guys

getUsers

public java.util.Hashtable getUsers()
Get a reference to the Hashtable
Returns:
give back the reference to the hashtable

getUserElements

public java.util.Enumeration getUserElements()
Return an enumeration of Userid Elements in the Hashtable Each element in the Enumeration will be a Userid String.

contains

public boolean contains(java.lang.String user)
Return true if the specified user exists in the HashTable
Returns:
true if user exists.

storePassword

public void storePassword(java.lang.String user,
                          java.lang.String password)
StorePassword will update the list of passwords that are maintained
Parameters:
user - Store the password for this user
password - Store this password for above user

readUserFile

public static java.util.Hashtable readUserFile(java.lang.String filename)
readUserFile will read a file that contains the user and password Key info
Parameters:
filename - Read this file and return the hashtable
Returns:
Return the hashtable found in the file; null if not found.

writeUserFile

public static void writeUserFile(java.lang.String filename,
                                 java.util.Hashtable hashtable)
writeUserFile will write a file that contains the user and password Key info
Parameters:
filename - Write into this filename
hashtable - Write this hashtable into the specified filename

readUserFileTuple

public static java.util.Hashtable readUserFileTuple(TupleSpace ts)
readUserFileTuple will read the UserFile object from the Admin space
Parameters:
ts - The admin TS?

writeUserFileTuple

public static void writeUserFileTuple(TupleSpace ts,
                                      java.util.Hashtable userTable)
writeUserFileTuple will write the UserFile to the Admin space
Parameters:
ts - write to this space
userTable - Write this hashtable

getKeyFromPassword

public java.math.BigInteger getKeyFromPassword(java.lang.String password)
This will take a Password in cleartext and convert it to a key based on the SHA MessageDigest algoritms
Parameters:
password - Turn this password into glorp
Returns:
the Glorp