Skip to main content

Remote service interaction with Versile and Groovy - Part 2

In the previous post I showed you how to connect two peers using Versile. In this post I'll show how to authenticate the party requesting the connection.

Authentication in Versile is done by checking the public key received from the other party. Both sides can check the identity of the other side. Identity key pairs can be generated using Versile Decentral Identity (VDI), which in many ways is similar to SSH-keygen. Using VDI is as simple as usernames and passwords, but not having to share this with the other party increase security - and the keys can be exchanged privately between the two parties, no certificate authority needs to be involved.

A Versile Decentral Identity can be generated from Groovy/Java as simple as this:


VPrivateCredentials key = new VPrivateCredentials(VDecentralIdentity.dia(1024, 'versilegroovy', 'peter', 'asdfghjkl12345'))

And we can print the public key:

print new String(key.getKeyPair().exportPublicArmoredPkcs())

Resulting in the following: 

-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALJSfQufrjoA3CwQ+xxAc3oYtobAjCFaGFf1b/JnBzYavzvuAQRO5VhtIXQu4MtuYGXS
J0Uv26h79JwGR1RwlzR75adviWrBsNhI6bER7Un64YWzb+ZyqsVAbQppvlUUjB0D9yrM5ktSSxmu
NQDS/clV3Datn6YKMiFwqI5KqtehAgMBAAE=
-----END RSA PUBLIC KEY-----

This key we'll give to the other party so that it will recognize the identity trying to connect:

final RSAPublicKey authorizedKey = VRSAKeyPair.importPublicArmored(authorizedKeyString.getBytes());

(where authorizedKeyString is the public key string above)

Then we'll set up the Versile service to check the received credentials:

service = new VOPService(new GW(),credentials,new VLinkAuth(new VAuth(true,false) {
   
   // Check client credentials
   public synchronized boolean acceptCredentials(VCredentials credentials) {
if(authorizedKey.equals(credentials.getPublicKey())) {
   println "Accepted key"
   return true
} else {
   println "Rejected key"
   return false
}
   }
}));

When connecting to the service from the other side we'll have to provide the key:

proxy = VUrl.resolve("vop://localhost/",key)

The full server code then looks like this:

import org.versile.Versile
import org.versile.reactor.service.VOPService
import org.versile.orb.service.VGatewayFactory
import org.versile.orb.entity.VObject
import org.versile.orb.external.VExternal
import org.versile.orb.external.Publish
import org.versile.common.auth.VPrivateCredentials;
import org.versile.crypto.VDecentralIdentity;
import org.versile.common.auth.VAuth
import org.versile.orb.link.VLinkAuth
import org.versile.common.auth.VCredentials
import java.security.interfaces.RSAPublicKey
import org.versile.crypto.VRSAKeyPair

Versile.setInternalUseAGPL() // Use AGPL License

// Business service
class Svc extends VExternal {
    @Publish(show=true, ctx=false) public String hello(String name) {
return "hello "+name
    }    
}
// A service gateway to be connected to a VOPService listener
class GW implements VGatewayFactory {    
    public VObject build() {
return new Svc()
    }
}
// Create server identification credentials
key = VDecentralIdentity.dia(1024, "", "", "someServerPwd");
credentials = new VPrivateCredentials(key);

// This is the key we will accept from the client
String authorizedKeyString =   "-----BEGIN RSA PUBLIC KEY-----\n"+
   "MIGJAoGBALJSfQufrjoA3CwQ+xxAc3oYtobAjCFaGFf1b/JnBzYavzvuAQRO5VhtIXQu4MtuYGXS\n"+
   "J0Uv26h79JwGR1RwlzR75adviWrBsNhI6bER7Un64YWzb+ZyqsVAbQppvlUUjB0D9yrM5ktSSxmu\n"+
   "NQDS/clV3Datn6YKMiFwqI5KqtehAgMBAAE=\n"+
   "-----END RSA PUBLIC KEY-----";

final RSAPublicKey authorizedKey = VRSAKeyPair.importPublicArmored(authorizedKeyString.getBytes());

// Create the service using the gateway and credentials, and require key authentication
service = new VOPService(new GW(),credentials,new VLinkAuth(new VAuth(true,false) {
   
   // Check client credentials
   public synchronized boolean acceptCredentials(VCredentials credentials) {
if(authorizedKey.equals(credentials.getPublicKey())) {
   println "Accepted key"
   return true
} else {
   println "Rejected key"
   return false
}
   }
}));

// Start the service
service.start()

And the client:

import org.versile.Versile
import org.versile.reactor.url.VUrl
import org.versile.orb.entity.VProxy
import org.versile.common.auth.VPrivateCredentials
import org.versile.crypto.VDecentralIdentity
import org.versile.crypto.VRSAKeyPair

// Select license
Versile.setInternalUseAGPL()

// Let's be able to call methods directly on the VProxy object, rather than using call method
VProxy.metaClass.methodMissing = {String name,args -> 
    return delegate.call(name,args)    
}

// Create credentials
VPrivateCredentials key = new VPrivateCredentials(VDecentralIdentity.dia(1024, 'versilegroovy', 'peter', 'asdfghjkl12345'))
// Print public key, this we have inserted on the server side as the authorized key
print new String(key.getKeyPair().exportPublicArmoredPkcs())

// Get remote object, and pass the key
proxy = VUrl.resolve("vop://localhost/",key)

// Call method on remote object
print proxy.hello("Peter")
Labels:

Comments

Post a Comment

Popular posts from this blog

My VNC based development environment with Visual Studio Code running on Ubuntu

I've used this setup for my development environment for several years - giving me a developer desktop I can access anywhere. Even from my mobile phone. I've been fixing bugs, writing code and deployed emergency fixes from the bus, train and mountain tops. The setup is based on a lightweight desktop environment. There are lot of alternatives, but I've chosen fluxbox. From a plain AWS Amazon Ubuntu 16.04 ec2 instance I've started like this: sudo apt-get update sudo apt-get install fluxbox Download and extract tigervnc from https://github.com/TigerVNC/tigervnc/releases (I downloaded the binary file from https://bintray.com/tigervnc/stable/tigervnc/1.7.0 named tigervnc-1.7.0.x86_64.tar.gz ) then extract: tar -xvzf tigervnc-1.7.0.x86_64.tar.gz You need to install: sudo apt-get install x11-xkb-utils You need to edit .vnc/xstartup: nano .vnc/xstartup last line replace "twm &" with: fluxbox & Then you can start the
2 comments
Read more

Angular components not reloading on route change

Spent a long time wondering why route changes caused strange effects on my component, and found out that it was because my component wasn't reloading at all. I had this assumption that when a route parameter changed (e.g. /projects/1 changed to /projects/2 ) the component for the route would be reloaded. But this is not the default behaviour of the Angular router. The default behaviour of the Angular router is to reuse the route if the configuration is the same (and not reload the component). But we can override this by providing a RouteReuseStrategy to our @NgModule: providers: [ { provide: RouteReuseStrategy, useClass: AARouteReuseStrategy } ] The full custom implementation of the RouteReuseStrategy will then be like this (and it's the shouldReuseRoute method that changes the behaviour so that the component is reloaded on route parameter change): export class AARouteReuseStrategy extends RouteReuseStrategy { shouldDetach(route: ActivatedRou
1 comment
Read more

Intercepting and adjusting SQL generated by Eclipselink JPA

In some cases it might be useful to intercept and adjust the SQL generated by EclipseLink JPA. E.g. if you want to force an index in mysql you need to append force index (myindex) to the table name. If you create a query on the entitymanager: Query q = em.createQuery("select e from MyEntity"); you can cast it to the EclipseLink JpaQuery: JpaQuery jq = (JpaQuery)q; and the JpaQuery gives you access to the EclipseLink DataBaseQuery where you can prepare it before executing it: DatabaseQuery dbQuery = q.getDatabaseQuery(); dbQuery.prepareCall(((org.eclipse.persistence.jpa.JpaEntityManager)em).getActiveSession(),new DatabaseRecord()); You can now get the sql string and add the forced index: dbQuery.setSQLString(dbQuery.getSQLString()+" force index (myindex)"); and finally you can get the resultset using q.getResultList(). If you have parameters in the sql it's a bit more to it. Currently I've only found one option - probably not optimal since the query is transl
Post a Comment
Read more