added server identity key to client bundle (#69)

* added server_identity key in client bundle, refactored EncryptionHeader
* added check on bundle processing on server to match serverIdentity key

BundleClient/app/build.gradle

@@ -77,7 +77,7 @@ dependencies {
         exclude group: 'com.google.protobuf', module:'protobuf-java'
     }
     // DDD common core
-    implementation 'com.ddd:bundle-core:0.0.1'
+    implementation 'com.ddd:bundle-core:0.0.2'
 }
 
 task prepareKotlinBuildScriptModel {

BundleClient/app/src/main/java/com/ddd/client/bundlesecurity/BundleSecurity.java

@@ -170,9 +170,10 @@ public UncompressedBundle encryptPayload(Payload payload, String bundleGenDirPat
             paths = client.encrypt(payload.getSource().getAbsolutePath(), bundleGenDirPath, bundleId);
 
             EncryptedPayload encryptedPayload = new EncryptedPayload(bundleId, new File(paths[0]));
-
             File source = new File(bundleGenDirPath + File.separator + bundleId);
-            EncryptionHeader encHeader = new EncryptionHeader(new File(paths[2]), new File(paths[3]));
+            EncryptionHeader encHeader =
+                    EncryptionHeader.builder().clientBaseKey(new File(paths[2])).clientIdentityKey(new File(paths[3]))
+                            .serverIdentityKey(new File(paths[4])).build();
             return new UncompressedBundle(bundleId, source, encHeader, encryptedPayload, new File(paths[1]));
         } catch (Exception e) {
             e.printStackTrace();

BundleClient/app/src/main/java/com/ddd/client/bundlesecurity/ClientSecurity.java

@@ -101,16 +101,18 @@ private ClientSecurity(int deviceID, String clientRootPath, String serverKeyPath
     private String[] writeKeysToFiles(String path, boolean writePvt) throws EncodingException, IOException {
         /* Create Directory if it does not exist */
         SecurityUtils.createDirectory(path);
-        String[] clientKeypaths = { path + File.separator + SecurityUtils.CLIENT_IDENTITY_KEY,
-                path + File.separator + SecurityUtils.CLIENT_BASE_KEY };
+        String[] identityKeyPaths = { path + File.separator + SecurityUtils.CLIENT_IDENTITY_KEY,
+                path + File.separator + SecurityUtils.CLIENT_BASE_KEY,
+                path + File.separator + SecurityUtils.SERVER_IDENTITY_KEY };
 
         if (writePvt) {
             writePrivateKeys(path);
         }
 
-        SecurityUtils.createEncodedPublicKeyFile(ourIdentityKeyPair.getPublicKey().getPublicKey(), clientKeypaths[0]);
-        SecurityUtils.createEncodedPublicKeyFile(ourBaseKey.getPublicKey(), clientKeypaths[1]);
-        return clientKeypaths;
+        SecurityUtils.createEncodedPublicKeyFile(ourIdentityKeyPair.getPublicKey().getPublicKey(), identityKeyPaths[0]);
+        SecurityUtils.createEncodedPublicKeyFile(ourBaseKey.getPublicKey(), identityKeyPaths[1]);
+        SecurityUtils.createEncodedPublicKeyFile(theirIdentityKey.getPublicKey(), identityKeyPaths[2]);
+        return identityKeyPaths;
     }
 
     private void writePrivateKeys(String path) throws IOException {
@@ -308,14 +310,12 @@ public String[] encrypt(String toBeEncPath, String encPath, String bundleID) thr
         inputStream.close();
 
         /* Create Encryption Headers */
-        String[] clientKeyPaths = createEncryptionHeader(encPath, bundleID);
+        String[] identityKeyPaths = createEncryptionHeader(encPath, bundleID);
 
         returnPaths.add(payloadPath);
         returnPaths.add(signPath);
 
-        for (String clientKeyPath : clientKeyPaths) {
-            returnPaths.add(clientKeyPath);
-        }
+        returnPaths.addAll(Arrays.asList(identityKeyPaths));
         return returnPaths.toArray(new String[returnPaths.size()]);
     }
 

bundle-core/pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.ddd</groupId>
     <artifactId>bundle-core</artifactId>
-    <version>0.0.1</version>
+    <version>0.0.2</version>
 
     <properties>
         <maven.compiler.source>17</maven.compiler.source>
@@ -20,6 +20,11 @@
             <artifactId>picocli</artifactId>
             <version>4.7.5</version>
         </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.32</version>
+        </dependency>
 
     </dependencies>
 </project>

bundle-core/src/main/java/com/ddd/model/EncryptionHeader.java

@@ -1,46 +1,18 @@
 package com.ddd.model;
 
+import lombok.Builder;
+import lombok.Data;
+import lombok.Getter;
+
 import java.io.File;
 
+@Data
+@Getter
+@Builder
 public class EncryptionHeader {
     private final File serverSignedPreKey;
     private final File serverIdentityKey;
     private final File serverRatchetKey;
-
-    public File getServerSignedPreKey() {
-        return this.serverSignedPreKey;
-    }
-
-    public File getServerIdentityKey() {
-        return this.serverIdentityKey;
-    }
-
-    public File getServerRatchetKey() {
-        return this.serverRatchetKey;
-    }
-
-    public EncryptionHeader(File serverSignedPreKey, File serverIdentityKey, File serverRatchetKey) {
-        this.serverSignedPreKey = serverSignedPreKey;
-        this.serverIdentityKey = serverIdentityKey;
-        this.serverRatchetKey = serverRatchetKey;
-    }
-
     private File clientBaseKey;
     private File clientIdentityKey;
-
-    public EncryptionHeader(File clientBaseKey, File clientIdentityKey) {
-        this.clientBaseKey = clientBaseKey;
-        this.clientIdentityKey = clientIdentityKey;
-        this.serverSignedPreKey = null;
-        this.serverIdentityKey = null;
-        this.serverRatchetKey = null;
-    }
-
-    public File getClientBaseKey() {
-        return clientBaseKey;
-    }
-
-    public File getClientIdentityKey() {
-        return clientIdentityKey;
-    }
 }

bundleserver/pom.xml

@@ -71,7 +71,7 @@
 		<dependency>
 			<groupId>com.ddd</groupId>
 			<artifactId>bundle-core</artifactId>
-			<version>0.0.1</version>
+			<version>0.0.2</version>
 		</dependency>
 		<dependency>
 		    <groupId>com.google.code.gson</groupId>

bundleserver/src/main/java/com/ddd/server/bundlesecurity/BundleSecurity.java

@@ -182,8 +182,8 @@ public UncompressedBundle encryptPayload(String clientId, Payload payload, Strin
             EncryptedPayload encryptedPayload = new EncryptedPayload(bundleId, new File(paths[0]));
 
             File source = new File(bundleGenDirPath + File.separator + bundleId);
-            EncryptionHeader encHeader =
-                    new EncryptionHeader(new File(paths[2]), new File(paths[3]), new File(paths[4]));
+            EncryptionHeader encHeader = EncryptionHeader.builder().serverSignedPreKey(new File(paths[2]))
+                    .serverIdentityKey(new File(paths[3])).serverRatchetKey(new File(paths[4])).build();
             return new UncompressedBundle( // TODO get encryption header, payload signature
                                            bundleId, source, encHeader, encryptedPayload, new File(paths[1]));
 
@@ -198,4 +198,12 @@ public int isNewerBundle(String bundlePath, String lastReceivedBundleID) throws
         return this.serverSecurity.isNewerBundle(bundlePath, lastReceivedBundleID);
     }
 
+    public String getServerId() throws SecurityExceptions.IDGenerationException {
+        return serverSecurity.getServerId();
+    }
+
+    public boolean bundleServerIdMatchesCurrentServer(String receivedServerId) throws SecurityExceptions.IDGenerationException {
+        return receivedServerId.equals(getServerId());
+    }
+
 }

bundleserver/src/main/java/com/ddd/server/bundlesecurity/ServerSecurity.java

@@ -558,4 +558,8 @@ public int isNewerBundle(String bundlePath, String lastBundleID) throws IOExcept
         return BundleIDGenerator.compareBundleIDs(receivedBundleID, latestBundleID, BundleIDGenerator.UPSTREAM);
     }
 
+    public String getServerId() throws IDGenerationException {
+        return SecurityUtils.generateID(ourIdentityKeyPair.getPublicKey().serialize());
+    }
+
 };

bundleserver/src/main/java/com/ddd/server/bundletransmission/BundleTransmission.java

@@ -11,6 +11,8 @@
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 import org.apache.commons.io.FileUtils;
 import org.springframework.stereotype.Service;
@@ -56,6 +58,7 @@ public class BundleTransmission {
     private ServerWindow serverWindow;
 
     private int WINDOW_LENGTH = 3;
+    private Logger logger = Logger.getLogger(this.getClass().getName());
 
     public BundleTransmission(BundleSecurity bundleSecurity, ApplicationDataManager applicationDataManager,
                               BundleRouting bundleRouting,
@@ -80,6 +83,15 @@ public void processReceivedBundle(String transportId, Bundle bundle) throws Exce
                 this.bundleGenServ.extractBundle(bundle, bundleRecvProcDir.getAbsolutePath());
         String clientId = "";
         try {
+
+            String serverIdReceived = SecurityUtils.generateID(
+                    uncompressedBundle.getSource() + File.separator + SecurityUtils.SERVER_IDENTITY_KEY);
+            if (!bundleSecurity.bundleServerIdMatchesCurrentServer(serverIdReceived)) {
+                logger.log(Level.WARNING, "Received bundle's serverIdentity didn't match with current server, " +
+                        "ignoring bundle with bundleId: " + uncompressedBundle.getBundleId());
+                return;
+            }
+
             clientId = SecurityUtils.generateID(
                     uncompressedBundle.getSource() + File.separator + SecurityUtils.CLIENT_IDENTITY_KEY);
             Optional<String> opt = this.applicationDataManager.getLargestRecvdBundleId(clientId);