Make security setting available at API level.

Author: thsc42

src/net/sharksystem/asap/ASAPCommunicationSetting.java

@@ -0,0 +1,18 @@
+package net.sharksystem.asap;
+
+import net.sharksystem.asap.protocol.ASAP_AssimilationPDU_1_0;
+
+interface ASAPCommunicationSetting {
+    boolean allowedToCreateChannel(ASAP_AssimilationPDU_1_0 asapAssimilationPDU);
+
+    /**
+     * @param on if true - message must be encrypted
+     */
+    void setSendEncryptedMessages(boolean on);
+
+    /**
+     * @param on if true - message must be signed
+     */
+    void setSendSignedMessages(boolean on);
+
+}

src/net/sharksystem/asap/ASAPEngine.java

@@ -4,6 +4,7 @@
 import net.sharksystem.asap.management.ASAPManagementStorageImpl;
 import net.sharksystem.asap.protocol.*;
 import net.sharksystem.asap.util.Log;
+import net.sharksystem.crypto.ASAPCommunicationCryptoSettings;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -18,7 +19,7 @@
  * @author thsc
  */
 public abstract class ASAPEngine extends ASAPStorageImpl implements ASAPStorage, ASAPProtocolEngine, ASAPManagementStorage {
-    private DefaultPeerSecurityAdministrator securityAdministrator = new DefaultPeerSecurityAdministrator();
+    private DefaultSecurityAdministrator securityAdministrator = new DefaultSecurityAdministrator();
 
     public static final String ANONYMOUS_OWNER = "anon";
     static String DEFAULT_OWNER = ANONYMOUS_OWNER;
@@ -56,6 +57,22 @@ private void saveStatus() throws IOException {
         }
     }
 
+    PermissionControl getPermissionControl() {
+        return this.securityAdministrator;
+    }
+
+    public ASAPEnginePermissionSettings getASAPEnginePermissionSettings() {
+        return this.securityAdministrator;
+    }
+
+    public ASAPCommunicationSetting getASAPCommunicationControl() {
+        return this.securityAdministrator;
+    }
+
+    public ASAPCommunicationCryptoSettings getASAPCommunicationCryptoSettings() {
+        return this.securityAdministrator;
+    }
+
     @Override
     public ASAPChunkStorage getChunkStorage() {
         return this.chunkStorage;
@@ -374,12 +391,12 @@ public void handleASAPOffer(ASAP_OfferPDU_1_0 asapOffer, ASAP_1_0 protocol, Outp
 //        }
     }
 
-    public void handleASAPAssimilate(ASAP_AssimilationPDU_1_0 asapAssimiliationPDU, ASAP_1_0 protocol,
+    public void handleASAPAssimilate(ASAP_AssimilationPDU_1_0 asapAssimilationPDU, ASAP_1_0 protocol,
                               InputStream is, OutputStream os, ASAPChunkReceivedListener listener)
             throws ASAPException, IOException {
 
-        String sender = asapAssimiliationPDU.getSender();
-        int eraSender = asapAssimiliationPDU.getEra();
+        String sender = asapAssimilationPDU.getSender();
+        int eraSender = asapAssimilationPDU.getEra();
 
         //<<<<<<<<<<<<<<<<<<debug
         StringBuilder b = new StringBuilder();
@@ -406,7 +423,7 @@ public void handleASAPAssimilate(ASAP_AssimilationPDU_1_0 asapAssimiliationPDU,
 
         try {
             // read URI
-            String uri = asapAssimiliationPDU.getChannelUri();
+            String uri = asapAssimilationPDU.getChannelUri();
 
             // get local target for data to come
             ASAPChunk localChunk = null;
@@ -419,7 +436,7 @@ public void handleASAPAssimilate(ASAP_AssimilationPDU_1_0 asapAssimiliationPDU,
                     System.out.println(this.getLogStart()
                             + "asked to set up new channel: (uri/sender): " + uri + " | " + sender);
                     // this channel is new to local peer - am I allowed to create it?
-                    if(!this.securityAdministrator.allowedToCreateChannel(asapAssimiliationPDU)) {
+                    if(!this.securityAdministrator.allowedToCreateChannel(asapAssimilationPDU)) {
                         System.out.println(this.getLogStart()
                                 + ".. not allowed .. TODO not yet implemented .. always set up");
 
@@ -438,10 +455,10 @@ public void handleASAPAssimilate(ASAP_AssimilationPDU_1_0 asapAssimiliationPDU,
                 incomingChunk.copyMetaData(this.getChannel(uri));
             }
 
-            List<Integer> messageOffsets = asapAssimiliationPDU.getMessageOffsets();
+            List<Integer> messageOffsets = asapAssimilationPDU.getMessageOffsets();
 
             // iterate messages and stream into chunk
-            InputStream protocolInputStream = asapAssimiliationPDU.getInputStream();
+            InputStream protocolInputStream = asapAssimilationPDU.getInputStream();
             long offset = 0;
             for(long nextOffset : messageOffsets) {
                 //<<<<<<<<<<<<<<<<<<debug
@@ -466,11 +483,11 @@ public void handleASAPAssimilate(ASAP_AssimilationPDU_1_0 asapAssimiliationPDU,
             b.append("going to read last message: from offset ");
             b.append(offset);
             b.append(" to end of file - total length: ");
-            b.append(asapAssimiliationPDU.getLength());
+            b.append(asapAssimilationPDU.getLength());
             System.out.println(b.toString());
             //>>>>>>>>>>>>>>>>>>>debug
 
-            incomingChunk.addMessage(protocolInputStream, asapAssimiliationPDU.getLength() - offset);
+            incomingChunk.addMessage(protocolInputStream, asapAssimilationPDU.getLength() - offset);
             if(!changed) { changed = true; this.contentChanged();}
 
             // read all messages
@@ -664,7 +681,7 @@ private void sendChunks(CharSequence sender, String remotePeer, ASAPChunkStorage
                             chunk.getOffsetList(),
                             chunk.getMessageInputStream(),
                             os,
-                            false);
+                            this.getASAPCommunicationCryptoSettings());
 
                     // remember sent
                     chunk.deliveredTo(remotePeer);

…arksystem/asap/PeerSecuritySettings.java …m/asap/ASAPEnginePermissionSettings.javasrc/net/sharksystem/asap/PeerSecuritySettings.java renamed to src/net/sharksystem/asap/ASAPEnginePermissionSettings.java src/net/sharksystem/asap/PeerSecuritySettings.java renamed to src/net/sharksystem/asap/ASAPEnginePermissionSettings.java

@@ -2,7 +2,7 @@
 
 import java.io.IOException;
 
-interface PeerSecuritySettings {
+interface ASAPEnginePermissionSettings {
     /**
      * Engine can remember peers they encountered. It is assumed that those peers are kept with the local peer (not only
      * in this engine)
@@ -16,14 +16,14 @@ interface PeerSecuritySettings {
      * @param on
      * @throws IOException
      */
-    void setEncryptedMessagesOnly(boolean on) throws IOException;
+    void setReceivedMessagesMustBeEncrypted(boolean on) throws IOException;
 
     /**
      * Engine would ignore all unsigned messages if set true.
      * @param on
      * @throws IOException
      */
-    void setSignedMessagesOnly(boolean on) throws IOException;
+    void setReceivedMessagesMustBeSigned(boolean on) throws IOException;
 
     /**
      * Define with what peers an engine is allowed to communicate

src/net/sharksystem/asap/ASAPPeerFS.java

@@ -4,12 +4,13 @@
 import net.sharksystem.asap.protocol.*;
 import net.sharksystem.asap.util.Helper;
 import net.sharksystem.asap.util.Log;
+import net.sharksystem.crypto.ASAPCommunicationCryptoSettings;
 
 import java.io.*;
 import java.util.*;
 
 public class ASAPPeerFS implements
-        ASAPPeer, ASAPConnectionListener, ThreadFinishedListener/*, ASAPChunkReceivedListener */ {
+        ASAPPeer, ASAPConnectionListener, ThreadFinishedListener, ASAPUndecryptableMessageHandler/*, ASAPChunkReceivedListener */ {
 
     private static final String DEFAULT_ASAP_MANAGEMENT_ENGINE_ROOTFOLDER = "ASAPManagement";
     private final CharSequence rootFolderName;
@@ -121,6 +122,8 @@ private ASAPPeerFS(CharSequence owner, CharSequence rootFolderName, long maxExec
                 }
             }
         }
+
+        System.out.println(this.getLogStart() + "SHOULD also set up engine " + FORMAT_UNDECRYPTABLE_MESSAGES);
     }
 
     private void setupEngine(CharSequence folderName, CharSequence formatName) throws IOException, ASAPException {
@@ -268,12 +271,12 @@ public Set<CharSequence> getFormats() {
 
     public ASAPConnection handleConnection(InputStream is, OutputStream os) {
         ASAPPersistentConnection asapConnection = new ASAPPersistentConnection(
-                is, os, this, new ASAP_Modem_Impl(),
+                is, os, this, new ASAP_Modem_Impl(), this,
                 maxExecutionTime, this, this);
 
         StringBuilder sb = new StringBuilder();
         sb.append(this.getLogStart());
-        sb.append("handleConnection: ask any asapStorage to increment era.");
+        sb.append("handleConnection");
         System.out.println(sb.toString());
 
         // this.announceNewEra(); announce when connection is actually established
@@ -459,6 +462,15 @@ public ASAPConnection getASAPConnection(CharSequence recipient) {
     //                                              ASAP management                                           //
     ////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
+    private DefaultSecurityAdministrator defaultSecurityAdministrator = null;
+    public ASAPCommunicationCryptoSettings getASAPCommunicationCryptoSettings() {
+        if(this.defaultSecurityAdministrator == null) {
+            this.defaultSecurityAdministrator = new DefaultSecurityAdministrator();
+        }
+
+        return this.defaultSecurityAdministrator;
+    }
+
     public void pushInterests(OutputStream os) throws IOException, ASAPException {
         ASAP_1_0 protocol = new ASAP_Modem_Impl();
 /*
@@ -549,4 +561,19 @@ private Collection<ASAPEngine> getEngines() {
     private String getLogStart() {
         return this.getClass().getSimpleName() /* + "(" + this + ")" */ + "(" + this.getOwner() + "): ";
     }
+
+    //////////////////////////////// handle message this peer cannot decrypt
+    @Override
+    public void handleUndecryptableMessage(byte[] encryptedMessage, CharSequence receiver) {
+        System.out.println(this.getLogStart() + "handle undecryptable messages from " + receiver);
+
+        try {
+            ASAPEngine undecryptEngine =
+                    this.getASAPEngine(ASAPUndecryptableMessageHandler.FORMAT_UNDECRYPTABLE_MESSAGES);
+
+            undecryptEngine.add(URI_UNDECRYPTABLE_MESSAGES, encryptedMessage);
+        } catch (IOException | ASAPException e) {
+            System.out.println(this.getLogStart() + "cannot handle undecrypted messages - no engine present");
+        }
+    }
 }

src/net/sharksystem/asap/ASAPUndecryptableMessageHandler.java

@@ -0,0 +1,13 @@
+package net.sharksystem.asap;
+
+import java.util.BitSet;
+
+public interface ASAPUndecryptableMessageHandler {
+    String FORMAT_UNDECRYPTABLE_MESSAGES = "asap/undecryptable";
+    String URI_UNDECRYPTABLE_MESSAGES = "asap://undecryptable";
+    /**
+     * Peer can (and should) receive encrypted messages without being receiver. A peer is not able
+     * to encrypt that message but could store and forward. That is what ASAP is about.
+     */
+    void handleUndecryptableMessage(byte[] encryptedMessage, CharSequence receiver);
+}

src/net/sharksystem/asap/DefaultPeerSecurityAdministrator.java

@@ -0,0 +1,79 @@
+package net.sharksystem.asap;
+
+import net.sharksystem.asap.protocol.ASAP_AssimilationPDU_1_0;
+import net.sharksystem.asap.protocol.ASAP_PDU_1_0;
+import net.sharksystem.crypto.ASAPCommunicationCryptoSettings;
+
+import java.io.IOException;
+
+public class DefaultSecurityAdministrator implements ASAPCommunicationSetting,
+        ASAPEnginePermissionSettings, PermissionControl, ASAPCommunicationCryptoSettings {
+
+    private boolean encryptedMessagesOnly = false;
+    private boolean signedMessagesOnly = false;
+    private boolean sendEncrypted = false;
+    private boolean sendSigned;
+
+    @Override
+    public void setRememberEncounteredPeers(boolean on) throws IOException {
+
+    }
+
+    @Override
+    public void setReceivedMessagesMustBeEncrypted(boolean on) throws IOException {
+        this.encryptedMessagesOnly = on;
+    }
+
+    @Override
+    public void setReceivedMessagesMustBeSigned(boolean on) throws IOException {
+        this.signedMessagesOnly = on;
+    }
+
+    @Override
+    public void setSetAllowedRemotePeers(AllowedRemotePeers safetyLevel) {
+
+    }
+
+    @Override
+    public boolean setRevealEngineFormat(String peerName) {
+        return false;
+    }
+
+    @Override
+    public boolean setSendOpenMessages(String peerName) {
+        return false;
+    }
+
+    @Override
+    public boolean allowedToCreateChannel(ASAP_AssimilationPDU_1_0 asapAssimilationPDU) {
+        return true; // it is a dummy
+    }
+
+    @Override
+    public void setSendEncryptedMessages(boolean on) {
+        this.sendEncrypted = on;
+    }
+
+    @Override
+    public void setSendSignedMessages(boolean on) {
+        this.sendSigned = on;
+    }
+
+    @Override
+    public boolean allowed2Process(ASAP_PDU_1_0 pdu) {
+        if(this.signedMessagesOnly && !pdu.signed()) return false;
+        if(this.encryptedMessagesOnly && !pdu.encrypted()) return false;
+
+        return true;
+    }
+
+    @Override
+    public boolean mustEncrypt() {
+        return this.sendEncrypted;
+    }
+
+    @Override
+    public boolean mustSign() {
+        return this.sendSigned;
+    }
+}

src/net/sharksystem/asap/DefaultSecurityAdministrator.java

@@ -0,0 +1,7 @@
+package net.sharksystem.asap;
+
+import net.sharksystem.asap.protocol.ASAP_PDU_1_0;
+
+public interface PermissionControl {
+    boolean allowed2Process(ASAP_PDU_1_0 pdu);
+}

src/net/sharksystem/asap/PeerSecurityAdministrator.java

@@ -207,6 +207,10 @@ public void finish() throws ASAPSecurityException {
         }
     }
 
+    public CharSequence getReceiver() {
+        return this.recipient;
+    }
+
     ////////////////////////////////// verify
     private class InputStreamCopy extends InputStream {
         private final InputStream is;