True verify the owner

This preview shows page 6 - 10 out of 13 pages.

if(my_gs.groupList.checkGroup(groupName) == true) { //verify the owner if(isGroupOwner(groupName, reqToken)) {
Image of page 6
//remove user if(removeFromGroup(userName, groupName, reqToken)) { System.out.println(cEngine.formatAsSuccess("User removed from group")); response.addObject(getGroupKeysForToken(reqToken)); error = false; } } else errorMsg += "No membership to specified group"; } else errorMsg += "No such group"; } else errorMsg += "Check input before trying again"; } else errorMsg += "Message too short"; } //--SEE ALL USERS------------------------------------------------------------------------------ ---------------------- else if(message.getMessage().equals("ALLUSERS")) //Admin wants to see all of the users in existence { errorMsg = "Could not generate user list; "; if(isAdmin(reqToken))//test if they are an admin { ArrayList<String> usernameList = my_gs.userList.allUsers(); response.addObject(usernameList); System.out.println(cEngine.formatAsSuccess("Full user list added to response")); error = false; } else errorMsg = "No membership to specified group"; } //--SEND FINAL MESSAGE---------------------------------------------------------------------------- ----------------------- if(error) { response = genAndPrintErrorEnvelope(errorMsg); System.out.println(">> ("+msgNumber+"): Sending error message"); } else { System.out.println(">> ("+msgNumber+"): Sending Response: OK"); }
Image of page 7
response = cEngine.attachHMAC(response, HMACKey); cEngine.writeAESEncrypted(response, aesKey, output); } while(true); } catch(Exception e) { System.err.println("Error: " + e.getMessage()); e.printStackTrace(System.err); } } //--------------------------------------------------------------------------------- ------------------------------------- //-- UTILITY FUNCITONS //--------------------------------------------------------------------------------- ------------------------------------- //Method to create tokens private UserToken createToken(String username, PublicKey key) { //Check that user exists if(my_gs.userList.checkUser(username)) { //Issue a new token with server's name, user's name, and user's groups UserToken yourToken = new UserToken(my_gs.name, username, my_gs.userList.getUserGroups(username), key); //sign the token yourToken.sign(my_gs.signKeys.getPrivate(), cEngine); return yourToken; } else { return null; } } //Method to setup the connection protected boolean setUpConnection() { if(!super.setUpConnection()) { return false; } //the AESKey is now set. We need to get the token and deal with the MN Envelope message = (Envelope)cEngine.readAESEncrypted(aesKey, input); msgNumber++; Envelope response = new Envelope("OK"); System.out.println("\n<< ("+msgNumber+"): Request Received: " + message.getMessage()); return getTokenHandler( message, response); } public boolean getTokenHandler(Envelope message, Envelope response)
Image of page 8
{ //check the number of contents if(message.getObjContents().size() < 4) { cEngine.writeAESEncrypted(genAndPrintErrorEnvelope("Message too short"), aesKey, output); return false;//go back and wait for a new message } Integer reqMsgNumber = (Integer)message.getObjContents().get(0); //Get the username String username = (String)message.getObjContents().get(1); //Get the username String pwd = (String)message.getObjContents().get(2);//get PublicKey key = (PublicKey)message.getObjContents().get(3); //Matt, take Note -HMAC- if(!cEngine.checkHMAC(message, HMACKey)) return false; //check message number if(msgNumber.intValue() != reqMsgNumber.intValue()) { rejectMessageNumber(response, reqMsgNumber, output); return false; } System.out.println(cEngine.formatAsSuccess("Message number matches")); try { //NOTE: Its bad practice to tell the user what login error occurred //they could use it to fish for valid usernames if(username == null) { System.out.println(cEngine.formatAsError("No username")); cEngine.writeAESEncrypted(new Envelope("Login failed"), aesKey, output); return false; } else if(!my_gs.userList.checkUser(username)) { System.out.println(cEngine.formatAsError("Username not
Image of page 9
Image of page 10

You've reached the end of your free preview.

Want to read all 13 pages?

  • Fall '19

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture