query identity by dynamic credentials

bab8c8c7 · Josh Ji · 05b70bf0 · bab8c8c7
Commit bab8c8c7 authored Jan 05, 2023 by Josh Ji
Hide whitespace changes
Inline Side-by-side

Showing with 48 additions and 26 deletions

src/main/java/com/prlab/idpserver/controller/RESTfulApi.java src/main/java/com/prlab/idpserver/controller/RESTfulApi.java +48 -26

No files found.
--- a/src/main/java/com/prlab/idpserver/controller/RESTfulApi.java
+++ b/src/main/java/com/prlab/idpserver/controller/RESTfulApi.java
@@ -30,33 +30,55 @@ public class RESTfulApi {


 	@PostMapping("/idp/askIdentity")
-	public String queryIdentity(@RequestBody IdentityRequest identityRequest) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
-		String sql = "SELECT * FROM identities WHERE HMACbase64 LIKE ?;";
-		List<Map<String, Object>> list =  jdbcTemplate.queryForList(sql,new Object[]{identityRequest.HMAC +"%"}, new int[]{Types.VARCHAR});
-		logger.info("identityRequest : {}, {}", identityRequest.HMAC, identityRequest.Cx);
-		Cipher aesCipher = Cipher.getInstance("AES/CBC/NoPadding");
-		IvParameterSpec IV = new IvParameterSpec(new byte[]{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00});
-
-		logger.info("encryptedCx in base64 form : "+identityRequest.Cx);
-		for(Map<String, Object> map : list){
-			byte[] sharedSecret = (byte[])map.get("SharedSecret");
-			byte[] Cx = (byte[])map.get("Cx");
-			String IDx = (String)map.get("IDx");
-			SecretKey secretKey = new SecretKeySpec(sharedSecret, "AES");
-			logger.info("IDx in db : " + IDx);
-			logger.info("sharedSecret in db : " + HexUtils.toHexString(sharedSecret));
-			logger.info("Cx in db : " + HexUtils.toHexString(Cx));
-
-			aesCipher.init(Cipher.DECRYPT_MODE, secretKey, IV);
-			byte[] encryptedCx = Base64Utils.decodeFromString(identityRequest.Cx);
-			logger.info("encryptedCx : " + HexUtils.toHexString(encryptedCx));
-			byte[] decryptedCx = aesCipher.doFinal(encryptedCx, 0, 16);
-			logger.info("decryptedCx : " + HexUtils.toHexString(decryptedCx));
-
-			if(Arrays.equals(Cx, decryptedCx)){
-				return IDx;
+	public String queryIdentity(@RequestBody IdentityRequest identityRequest){
+		logger.info("identityRequest : {}, {}", identityRequest.HMAC_base64, identityRequest.Cx_base64);
+		jdbcTemplate.execute("set block_encryption_mode='aes-256-cbc'");
+		jdbcTemplate.execute("set @zero=unhex('00000000000000000000000000000000')");
+		String sql_query_by_hmac ="select * from identities " +
+				"where ?=aes_encrypt(unhex(sha2(concat(unhex(hex(idx)),aes_decrypt(?, sharedsecret, @zero)), 256)), sharedsecret, @zero);";
+		List<Map<String, Object>> list =
+				jdbcTemplate.queryForList(sql_query_by_hmac,
+						new Object[]{Base64Utils.decodeFromString(identityRequest.HMAC_base64), Base64Utils.decodeFromString(identityRequest.Cx_base64)},
+						new int[]{Types.VARBINARY, Types.VARBINARY});
+		list.forEach(map->{
+			map.forEach((k, v)->{
+				logger.info("{}: {}", k, v instanceof byte[]?HexUtils.toHexString((byte[])v):v);
+			});
+		});
+		if(list.size()>0)
+			return (String)list.get(0).get("idx");
+		else
+			return "None";
+	}
+
+	private String queryByStaticCredentials(String cx_base64, List<Map<String, Object>> list){
+		try{
+			Cipher aesCipher = Cipher.getInstance("AES/CBC/NoPadding");
+			IvParameterSpec IV = new IvParameterSpec(new byte[]{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00});
+			logger.info("encryptedCx in base64 form : "+cx_base64);
+			for(Map<String, Object> map : list){
+				byte[] sharedSecret = (byte[])map.get("SharedSecret");
+				byte[] Cx = (byte[])map.get("Cx");
+				String IDx = (String)map.get("IDx");
+				SecretKey secretKey = new SecretKeySpec(sharedSecret, "AES");
+				logger.info("IDx in db : " + IDx);
+				logger.info("sharedSecret in db : " + HexUtils.toHexString(sharedSecret));
+				logger.info("Cx in db : " + HexUtils.toHexString(Cx));
+
+				aesCipher.init(Cipher.DECRYPT_MODE, secretKey, IV);
+				byte[] encryptedCx = Base64Utils.decodeFromString(cx_base64);
+				logger.info("encryptedCx : " + HexUtils.toHexString(encryptedCx));
+				byte[] decryptedCx = aesCipher.doFinal(encryptedCx, 0, 16);
+				logger.info("decryptedCx : " + HexUtils.toHexString(decryptedCx));
+
+				if(Arrays.equals(Cx, decryptedCx)){
+					return IDx;
+				}
 			}
+			return "None";
+		}catch (Exception e){
+			e.printStackTrace();
+			return "None";
 		}
-		return "None";
 	}
 }