diff --git a/README.md b/README.md index ce98ac9..053c311 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,9 @@ # JobServ Remote Procedure Calls over the protobuf API +# Requirements +- openssl + # Building Gradle will manage dependencies, generate code, compile the java, and package the code. Simply run the folllowing command: diff --git a/buildwrapper.sh b/buildwrapper.sh index 4526b8b..85132ac 100755 --- a/buildwrapper.sh +++ b/buildwrapper.sh @@ -6,6 +6,8 @@ SERVER_PATH=resources/server CLIENT_CA_CN=jobserv-client-ca CLIENT_CN=jobserv-client CLIENT_PATH=resources/client +TEST_CA_CN=jobserv-bad-cert-ca +TEST_CN=jobserv-bad-cert TEST_PATH=resources/test rm -rf resources/* @@ -32,7 +34,7 @@ openssl req -passin pass:$SRVCAPASS -new -x509 -days 365 -key $SERVER_PATH/ca.ke echo "[+] Generating Client CA Cert" openssl req -passin pass:$CLTCAPASS -new -x509 -days 365 -key $CLIENT_PATH/ca.key -out $CLIENT_PATH/ca.crt -subj "/CN=${CLIENT_CA_CN}" echo "[+] Generating test CA Key" -openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=DontUseMe" +openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=${TEST_CA_CN}" # Generate Server Key, Signing request, cert @@ -59,7 +61,7 @@ openssl rsa -passin pass:${CLTCAPASS} -in $CLIENT_PATH/private.key -out $CLIENT_ echo "[+] Generating test key" openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/private.key 4096 echo "[+] Generating test signing request" -openssl req -passin pass:dontusethiskey -new -key $TEST_PATH/private.key -out $TEST_PATH/request.csr -subj "/CN=${DontUseMe}" +openssl req -passin pass:dontusethiskey -new -key $TEST_PATH/private.key -out $TEST_PATH/request.csr -subj "/CN=${TEST_CN}" echo "[+] Generating test certificate " openssl x509 -req -passin pass:dontusethiskey -days 365 -in $TEST_PATH/request.csr -CA $TEST_PATH/ca.crt -CAkey $TEST_PATH/ca.key -set_serial 01 -out $TEST_PATH/test.crt echo "[+] Removing passphrase from test key" diff --git a/src/main/java/JobServ/JobServClient.java b/src/main/java/JobServ/JobServClient.java index b56c409..cc23071 100644 --- a/src/main/java/JobServ/JobServClient.java +++ b/src/main/java/JobServ/JobServClient.java @@ -226,7 +226,7 @@ public class JobServClient { // fails if port is improperly formatted or if an ssl exception occurs JobServClient client; try { - client = new JobServClient(args[0], Integer.parseInt(args[1]), args[2], args[1], args[0]); + client = new JobServClient(args[3], Integer.parseInt(args[4]), args[2], args[1], args[0]); } catch (NumberFormatException e) { System.out.println("Invalid Port"); @@ -239,7 +239,7 @@ public class JobServClient { // declare pid up here so that multiple switch cases can use it int candidatePid; // parse remaining args - switch (args[2]) { + switch (args[5]) { case "new": if (args.length < 7) { System.out.println("Improper formatting, try client --help"); diff --git a/src/main/java/JobServ/JobServServer.java b/src/main/java/JobServ/JobServServer.java index a3b6021..c4ae512 100644 --- a/src/main/java/JobServ/JobServServer.java +++ b/src/main/java/JobServ/JobServServer.java @@ -31,31 +31,30 @@ public class JobServServer { private Server server; private final int port; - private final String certChainFilePath; - private final String privateKeyFilePath; - private final String trustCertCollectionFilePath; + private final SslContext ssl; + /* + * Constructor + * Sets port and builds sslContext + */ public JobServServer(int port, - String certChainFilePath, - String privateKeyFilePath, - String trustCertCollectionFilePath) { + String serverCert, + String privateKey, + String trustStore) { this.port = port; - this.certChainFilePath = certChainFilePath; - this.privateKeyFilePath = privateKeyFilePath; - this.trustCertCollectionFilePath = trustCertCollectionFilePath; + SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(new File(serverCert), new File(privateKey)); + + // Mutual TLS trust store and require client auth + sslContextBuilder.trustManager(new File(trustStore)); + sslContextBuilder.clientAuth(ClientAuth.REQUIRE); + + this.ssl = GrpcSslContexts.configure(sslClientContextBuilder).build(); } - private SslContextBuilder getSslContextBuilder() { - SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer(new File(certChainFilePath), - new File(privateKeyFilePath)); - - sslClientContextBuilder.trustManager(new File(trustCertCollectionFilePath)); - sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE); - - return GrpcSslContexts.configure(sslClientContextBuilder); - } - - // starts the GRPC API Server + /* + * start() + * this initializes the server + */ private void start() throws IOException { // TODO: this should be passed in from a configuration manager server = NettyServerBuilder.forPort(port) @@ -76,25 +75,38 @@ public class JobServServer { }); } + /* + * stop() + * This is called when ctrl+c is pressed + */ private void stop() { if (server != null) { server.shutdown(); } } - // spinlock for main() + /* + * blockUntilShutdown() + * This is more or less the main loop of the server. + * It spins until shutdown is called. + */ private void blockUntilShutdown() throws InterruptedException { if (server != null) { server.awaitTermination(); } } - // Main function. starts GRPC server and spins until server is shutdown + /* + * main() + * Entrypoint of hte server + * parses args and initializes a server object. + * calls server main loop. + */ public static void main(String[] args) throws IOException, InterruptedException { int port = 8448; // TODO: port and key/cert files should be handled by a config manager if(args.length < 3) { - System.out.println("Usage: ./jobserv-server certchain privatekey truststore"); + System.out.println("Usage: ./jobserv-server cert privatekey truststore"); return; }