Projects‎ > ‎

Client Server Validation

Move to: Architecture section

Architecture

OpenPTK Client Applications need to be "validated" by the OpenPTK Server. The design will leverage a shared secret that is known by a given Client Applications and the Server.

Process Overview

  1. The shared secret will be used by the OpenPTK Client Application to encrypt the End User credentials.
  2. An HTTP Header is created for the encrypted credentials.
  3. The HTTP Header is added to an HTTP Request, which is sent to the OpenPTK Server.
  4. The OpenPTK Server will decrypt the End User credentials using the same shared secret.
  5. The "clear text" (JSON encoded) credentials will be used by the ServletFilter to authenticate the user
  6. A unique Session Id will be generated and a Session will be created.
  7. A Cookie with the Session Id will be part of the HTTP Response

Implementation

HTTP Header variable:

The openptk.xml file will have a Global property to define the HTTP Header variable:

<Property name="auth.client.credential" value="openptkclientcred"/>

Client Information:

The openptk.xml file has a section called <Clients> ... </Clients>. This will store OpenPTK client information such as the id and the shared secret.

<Clients>
   <Client id="portal"  secret="gKZo9rUyLeY56vSsFpR4J9GJ" />
   <Client id="uml"     secret="WeacAymEnZqP34gDQuNfDsHE" />
   <Client id="console" secret="tLlGZ1rkok865iEmvomJEl4Z" />
</Clients>

Code Example

testEncryptDecryptSecret.java
import org.openptk.crypto.CryptoIF;
import org.openptk.crypto.DESCrypto;
import org.openptk.util.RandomData;

//===================================================================
class testEncryptDecryptSecret
//===================================================================
{

   //----------------------------------------------------------------
   public static void main(String[] args)
   //----------------------------------------------------------------
   {
      testEncryptDecryptSecret test = new testEncryptDecryptSecret();

      try
      {
         test.run();
      }
      catch (Exception ex)
      {
         System.out.println(ex.getMessage());
      }

      return;
   }

   //----------------------------------------------------------------
   public void run() throws Exception
   //----------------------------------------------------------------
   {
      CryptoIF crypto = null;
      String secret = null;
      String credential = null;
      String encrypted = null;
      String decrypted = null;

      secret = RandomData.getString(24);

      credential = "{\"credential\":{\"id\":\"jbauer\",\"password\":\"ctuagent\"}}";

      crypto = new DESCrypto(secret);

      encrypted = crypto.encrypt(credential);
      decrypted = crypto.decrypt(encrypted);

      if (encrypted != null && decrypted != null)
      {
         System.out.print("PBEWithMD5AndDES:\n" +
            "    secret='" + secret + "'\n" +
            "credential='" + credential + "'\n" +
            " encrypted='" + encrypted + "'\n" +
            " decrypted='" + decrypted + "'\n");
      }

      return;
   }
}

Output

PBEWithMD5AndDES:
    secret='PifTZ0jkMZX2k7ybSohDrZzv'
credential='{"credential":{"id":"jbauer","password":"ctuagent"}}'
 encrypted='1071NYfc1Gw2VATeS8OWNywvh2H9r7crObNrVgm2IrwwBv4aHua+z6AmGC39mwgiC0GnwCKkV2s='
 decrypted='{"credential":{"id":"jbauer","password":"ctuagent"}}'