SentriusLLC
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/ChatAgent.java‎
Lines changed: 16 additions & 8 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/agents/agents/ChatAgent.java‎
Lines changed: 16 additions & 8 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/BotController.java‎
Lines changed: 2 additions & 2 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/BotController.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java‎
Lines changed: 96 additions & 29 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/ChatWSHandler.java‎
Lines changed: 96 additions & 29 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/JwtHandshakeInterceptor.java‎
Lines changed: 71 additions & 0 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/JwtHandshakeInterceptor.java‎
Lines changed: 71 additions & 0 deletions
diff --git a/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/WebSocketConfig.java‎
Lines changed: 11 additions & 4 deletions b/‎ai-agent/src/main/java/io/sentrius/agent/analysis/api/websocket/WebSocketConfig.java‎
Lines changed: 11 additions & 4 deletions
@@ -46,8 +46,10 @@ llm-proxy/target/**
 llm-proxy/target/
 llm-dataplane/target/**
 sentrius-llm-dataplane/target/**
+sentrius-llm-core/target/**
 llm-dataplane/target/
 sentrius-llm-dataplane/target/
+sentrius-llm-core/target/
 node/*
 node_modules/*
 api/node_modules/*
 
@@ -1,5 +1,6 @@
 package io.sentrius.agent.analysis.agents.agents;
 
+import java.util.UUID;
 import java.util.concurrent.TimeUnit;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.node.ArrayNode;
@@ -45,6 +46,8 @@ public class ChatAgent implements ApplicationListener<ApplicationReadyEvent> {
     private volatile boolean running = true;
     private Thread workerThread;
 
+    private AgentExecution agentExecution;
+
     public ArrayNode promptAgent(AgentExecution execution) throws ZtatException {
         while(true){
             try {
@@ -79,14 +82,15 @@ public void onApplicationEvent(final ApplicationReadyEvent event) {
         var keyPair = agentKeyService.getKeyPair();
 
         try {
+            var agentName = agentConfigOptions.getNamePrefix() + "-" + UUID.randomUUID().toString();
             var base64PublicKey = agentKeyService.getBase64PublicKey(keyPair.getPublic());
-            var agentRegistrationDTO = agentClientService.bootstrap(agentConfigOptions.getName(), base64PublicKey
+            var agentRegistrationDTO = agentClientService.bootstrap(agentName, base64PublicKey
                 , keyPair.getPublic().getAlgorithm());
 
             var encryptedSecret = agentRegistrationDTO.getClientSecret();
             var decryptedSecret = agentKeyService.
                 decryptWithPrivateKey(encryptedSecret, keyPair.getPrivate());
-            keycloakService.createKeycloakClient(agentConfigOptions.getName(),
+            keycloakService.createKeycloakClient(agentName,
                 decryptedSecret);
 
 
@@ -100,22 +104,23 @@ public void onApplicationEvent(final ApplicationReadyEvent event) {
         final UserDTO user = UserDTO.builder()
             .username(zeroTrustClientService.getUsername())
             .build();
-        var execution = agentExecutionService.getAgentExecution(user);
+        agentExecution = agentExecutionService.getAgentExecution(user);
+
         try {
-            agentClientService.heartbeat(execution, execution.getUser().getUsername());
+            agentClientService.heartbeat(agentExecution, agentExecution.getUser().getUsername());
         } catch (ZtatException e) {
             throw new RuntimeException(e);
         }
 
         while(running) {
 
             try {
-                var register = zeroTrustClientService.registerAgent(execution);
+                var register = zeroTrustClientService.registerAgent(agentExecution);
                 log.info("Registered agent response: {}", register);
 
                 var ztat = JsonUtil.MAPPER.readValue(register, Ztat.class);
-                execution.setZtatToken(ztat.getZtatToken());
-                execution.setCommunicationId(ztat.getCommunicationId());
+                agentExecution.setZtatToken(ztat.getZtatToken());
+                agentExecution.setCommunicationId(ztat.getCommunicationId());
                 break;
             }catch (Exception | ZtatException e) {
 
@@ -135,7 +140,7 @@ public void onApplicationEvent(final ApplicationReadyEvent event) {
                 try {
 
                     Thread.sleep(5_000);
-                    agentClientService.heartbeat(execution, execution.getUser().getUsername());
+                    agentClientService.heartbeat(agentExecution, agentExecution.getUser().getUsername());
                 } catch (InterruptedException | ZtatException ex) {
                     throw new RuntimeException(ex);
                 }
@@ -153,4 +158,7 @@ public void shutdown() {
         }
     }
 
+    public AgentExecution getAgentExecution() {
+        return agentExecution;
+    }
 }
@@ -55,7 +55,7 @@ public ResponseEntity<AgentStatus> getStatus() {
     @GetMapping("/describe")
     public ResponseEntity<AgentRegistrationDTO> describeAgent() {
         AgentRegistrationDTO dto = AgentRegistrationDTO.builder()
-            .agentName(agentConfig.getName())
+            .agentName(agentConfig.getNamePrefix())
             .agentPublicKey(agentKeyService.getKeyPair().getPublic().toString())
             .agentPublicKeyAlgo(agentKeyService.getKeyPair().getPublic().getAlgorithm())
             .agentType(agentConfig.getType())
@@ -67,7 +67,7 @@ public ResponseEntity<AgentRegistrationDTO> describeAgent() {
     public ResponseEntity<AgentRegistrationDTO> getRegistration
         () {
         AgentRegistrationDTO dto = AgentRegistrationDTO.builder()
-            .agentName(agentConfig.getName())
+            .agentName(agentConfig.getNamePrefix())
             .agentPublicKey(agentKeyService.getKeyPair().getPublic().toString())
             .agentPublicKeyAlgo(agentKeyService.getKeyPair().getPublic().getAlgorithm())
             .build();
 
@@ -6,53 +6,88 @@
 import java.security.GeneralSecurityException;
 import java.util.Base64;
 import java.util.Map;
+import java.util.UUID;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.sentrius.agent.analysis.agents.agents.ChatAgent;
 import io.sentrius.agent.analysis.api.UserCommunicationService;
+import io.sentrius.sso.core.services.agents.ZeroTrustClientService;
 import io.sentrius.sso.protobuf.Session;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import org.springframework.web.socket.CloseStatus;
 import org.springframework.web.socket.TextMessage;
 import org.springframework.web.socket.WebSocketSession;
 import org.springframework.web.socket.handler.TextWebSocketHandler;
 
 @Slf4j
 @Component
-@RequiredArgsConstructor
 public class ChatWSHandler extends TextWebSocketHandler {
 
-    UserCommunicationService userCommunicationService;
+    final UserCommunicationService userCommunicationService;
+    final ZeroTrustClientService zeroTrustClientService;
     // Store active sessions, using session ID or a custom identifier
 
 
+    private final ChatAgent chatAgent;
+
+    @Autowired
+    public ChatWSHandler(UserCommunicationService userCommunicationService, ZeroTrustClientService zeroTrustClientService, ChatAgent chatAgent) {
+        this.userCommunicationService = userCommunicationService;
+        this.zeroTrustClientService = zeroTrustClientService;
+        this.chatAgent = chatAgent;
+    }
+
     @Override
     public void afterConnectionEstablished(WebSocketSession session) throws Exception {
-        // Extract query parameters from the URI
+        log.info("New connection established");
         URI uri = session.getUri();
-        if (uri != null) {
-            Map<String, String> queryParams = parseQueryParams(uri.getQuery());
-            String sessionId = queryParams.get("sessionId");
-
-
+        if (uri == null) {
+            session.close(CloseStatus.BAD_DATA);
+            return;
+        }
 
-            if (sessionId != null) {
-                // Store the WebSocket session using the session ID from the query parameter
-                userCommunicationService.createSession(sessionId,session);
-                log.info("New connection established, session ID: " + sessionId);
-                // until we have another human on the other side we don't need a thread for this.
-                //chatListenerService.startChatListener(sessionId, session);
+        Map<String, String> queryParams = parseQueryParams(uri.getQuery());
+        Long sessionId = Long.valueOf( queryParams.get("sessionId") );
+        String chatGroupId = queryParams.get("chatGroupId");
+        String ztatToken = queryParams.get("ztat");
 
-            } else {
-                log.info("Session ID not found in query parameters.");
-                session.close(); // Close the session if no valid session ID is provided
-            }
-        } else {
-            log.info("No URI available for this session.");
-            session.close(); // Close the session if URI is unavailable
+        if (sessionId == null || ztatToken == null) {
+            log.warn("Missing sessionId or ZTAT");
+            session.close(CloseStatus.BAD_DATA);
+            return;
         }
+
+        // Store session
+        userCommunicationService.createSession(queryParams.get("sessionId"), session);
+        log.info("Session {} created for incoming connection", sessionId);
+
+        // Generate and store nonce for this session
+        String nonce = UUID.randomUUID().toString();
+        session.getAttributes().put("ztatNonce", nonce);
+        session.getAttributes().put("ztatToken", ztatToken);
+        session.getAttributes().put("sessionId", sessionId);
+
+        // Send challenge to the client
+        log.info("Sending challenge to client: {}", nonce);
+        var challenge = Session.ChatMessage.newBuilder()
+            .setMessage(String.format("{\"type\":\"challenge\",\"nonce\":\"%s\"}", nonce))
+            .setSender("agent")
+            .setChatGroupId(chatGroupId)
+            .setSessionId(sessionId)
+            .setTimestamp(System.currentTimeMillis())
+            .build();
+        byte[] messageBytes = challenge.toByteArray();
+        String base64Message = Base64.getEncoder().encodeToString(messageBytes);
+        session.sendMessage(new TextMessage(
+            base64Message
+        ));
     }
 
+
     @Override
     protected void handleTextMessage(WebSocketSession session, TextMessage message)
         throws IOException, GeneralSecurityException {
@@ -70,16 +105,48 @@ protected void handleTextMessage(WebSocketSession session, TextMessage message)
                     // Handle the message (e.g., process or respond)
 
 
+                    var connection = userCommunicationService.getSession(sessionId);
                     // Deserialize the protobuf message
-                    byte[] messageBytes = Base64.getDecoder().decode(message.getPayload());
-                    Session.ChatMessage auditLog =
-                        Session.ChatMessage.parseFrom(messageBytes);
-                    if (auditLog.getMessage().equals("heartbeat")){
-                        log.info("heartbeat");
-                        return;
-                    }
 
-                    var connection = userCommunicationService.getSession(sessionId);
+                        byte[] messageBytes = Base64.getDecoder().decode(message.getPayload());
+                        Session.ChatMessage auditLog =
+                            Session.ChatMessage.parseFrom(messageBytes);
+
+                        if (auditLog.getMessage().equals("heartbeat")) {
+                            log.info("heartbeat");
+                            return;
+                        }
+                        var json = new ObjectMapper().readTree(auditLog.getMessage());
+                        if ("challenge-response".equals(json.get("type").asText())) {
+                            String signature = json.get("signature").asText();
+                            String publicKey = json.get("publicKey").asText();
+                            String nonce = (String) session.getAttributes().get("ztatNonce");
+                            String ztat = (String) session.getAttributes().get("ztatToken");
+
+                            boolean verified =
+                                zeroTrustClientService.verifyZtatChallenge(chatAgent.getAgentExecution(), ztat, nonce,
+                                    signature,
+                                    publicKey);
+
+                            if (verified) {
+                                session.getAttributes().put("verified", true);
+                                log.info("ZTAT challenge verified for session {}", session.getId());
+                            } else {
+                                log.warn("ZTAT challenge failed for session {}", session.getId());
+                                session.close();
+                            }
+                            return;
+                        } else if ("heartbeat".equals(auditLog.getMessage())) {
+                            log.info("Received heartbeat from session {}", sessionId);
+                            return; // Ignore heartbeat messages
+                        } else {
+                            log.info("Processing message: {}", auditLog.getMessage());
+                            // Process the message as needed
+                            //chatAgent.handleChatMessage(sessionId, auditLog);
+                        }
+
+
+
 
 
 
 
@@ -0,0 +1,71 @@
+package io.sentrius.agent.analysis.api.websocket;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.server.ServerHttpRequest;
+import org.springframework.http.server.ServerHttpResponse;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.jwt.JwtException;
+import org.springframework.stereotype.Component;
+import org.springframework.web.socket.server.HandshakeInterceptor;
+import org.springframework.web.socket.WebSocketHandler;
+
+import java.net.URI;
+import java.util.Arrays;
+import java.util.Map;
+
+@Slf4j
+@Component
+public class JwtHandshakeInterceptor implements HandshakeInterceptor {
+
+    private final JwtDecoder jwtDecoder;
+
+    @Autowired
+    public JwtHandshakeInterceptor(JwtDecoder jwtDecoder) {
+        this.jwtDecoder = jwtDecoder;
+    }
+
+    @Override
+    public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response,
+                                   WebSocketHandler wsHandler, Map<String, Object> attributes) throws Exception {
+        log.info("Handshake attempt: {}", request.getURI());
+
+        URI uri = request.getURI();
+        String query = uri.getQuery();
+        String token = null;
+
+        if (query != null && query.contains("ztat=")) {
+            token = Arrays.stream(query.split("&"))
+                .filter(s -> s.startsWith("ztat="))
+                .map(s -> s.substring("ztat=".length()))
+                .findFirst()
+                .orElse(null);
+        }
+
+        log.info("Token from query: {}", token);
+
+        if (token != null) {
+            try {
+                Jwt jwt = jwtDecoder.decode(token);
+                log.info("JWT decoded: {}", jwt.getClaims());
+                attributes.put("jwt", jwt);
+                return true;
+            } catch (JwtException e) {
+                log.warn("JWT validation failed: {}", e.getMessage());
+                return false;
+            }
+        }
+
+        log.warn("No token found in query string.");
+        return false;
+    }
+
+    @Override
+    public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response,
+                               WebSocketHandler wsHandler, Exception exception) {
+        log.info("After handshake.");
+    }
+}
@@ -1,28 +1,35 @@
 package io.sentrius.agent.analysis.api.websocket;
 
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.socket.config.annotation.EnableWebSocket;
 import org.springframework.web.socket.config.annotation.WebSocketConfigurer;
 import org.springframework.web.socket.config.annotation.WebSocketHandlerRegistry;
+import org.springframework.beans.factory.annotation.Autowired;
 
 @Configuration
 @EnableWebSocket
 @RequiredArgsConstructor
+@Slf4j
 public class WebSocketConfig implements WebSocketConfigurer {
 
     @Value("${agent.listen.websocket:false}") // Default is false
     private boolean listenWebSocket;
 
     private final ChatWSHandler chatWSHandler;
+
+    @Autowired
+    private JwtHandshakeInterceptor jwtHandshakeInterceptor;
+
     @Override
     public void registerWebSocketHandlers(WebSocketHandlerRegistry registry) {
         if (listenWebSocket) {
+            log.info("WebSocket is enabled, registering handlers.");
             registry.addHandler(chatWSHandler, "/api/v1/chat/attach/subscribe")
-                .setAllowedOriginPatterns("*")
-                .withSockJS();  // SockJS fallback if needed
-
+                .setAllowedOriginPatterns("*");
         }
     }
-}
+}
+