estuart / cs6238project2 Goto Github PK

Issue by mpuckett7
Sunday Nov 15, 2015 at 21:45 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/pull/3

• Added the ability to delete a document stored on the server. I also
  updated the document download request to return a 404 when the
  document does not exist and also updated the document upload request
  to return a 201 with the URI to access the resource.

mpuckett7 included the following code: https://github.gatech.edu/mpuckett7/CS6238Project2/pull/3/commits

There are currently two PMD warning that need to be fixed. It should be an easy fix:

if (rs.next()) {
    // result set code
}

Issue by mpuckett7
Sunday Nov 15, 2015 at 23:52 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/5

We need to add a new REST call that allows someone to update a document. This is for the "delegate" client call in the project request.

The REST call should be:

• PUT /s2dr/${documentId}

The request body should accept the following params:

• documentId: the identifier of the document to update
• clientId: the identifier of the client that we are "delegating" permissions to (probably easiest to just use the client's user name, but a true unique ID would be more "real").
• time: the time or duration we want this "delegation" to last. (I don't know a clean way to do this off the top of my head so this param can be optional for this ticket. If we need to come back and do it later that will be fine.
• permission: what permission we are delegating to the user. According to the project description, possible permissions can be READ, WRITE, BOTH, or OWNER. It probably makes sense to map this to a new Permission enum in the Java code for type-safety.
• propagationFlag: boolean flag that specifies if the client who is receiving the delegated permissions can delegate permissions further.

Database support will need to be added too (probably will need to be new tables added, and new columns to existing tables).

For simplicity's sake, a document's name should be considered it's unique ID. This is not something we would do in the "real world", but it makes fulfilling this project's requirements easier. This will include changing the DB table to use the name as the primary key.

Reading through the project requirements, I noticed that a document can be checked in with multiple security flags (test step 7.1). The task for this issue is to update the server to handle multiple security flags per document.

Fix the thread used to run the H2 server so that it can be shutdown without causing a memory leak.

Issue by mpuckett7
Sunday Nov 15, 2015 at 23:37 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/4

Uploading a document is currently supported, however we need to add the ability to set a SecurityFlag when uploading. According to the project description, the SecurityFlag can be one of three possibilities:

• CONFIDENTIALITY
• INTEGRITY
• NONE

This security flag needs to be received in the POST request body, and it should be saved in the database (a new column will need to be added to the s2dr.Documents table). It may make sense to map this to a new SecurityFlag enum in the Java code to provide a little type-safety.

Similar to the documents, we should change the userId to be the client's/user's username. This will make fulfilling the project requirements easier.

The in-memory database has served us well for scaffolding out the project, but once the schema stabilizes out, we need to make the database persist beyond volatile memory.

Add a new object CurrentUser that can be injected into other classes. This object will need to be configured when a user authenticates. It will make checking permissions easier on the server.

In order to provide a more secure way for the client to be ensured of the integrity of a document, we need to add a REST endpoint that allows the client to download the signature of the document that is stored on the server.

Issue by mpuckett7
Tuesday Nov 17, 2015 at 23:30 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/18

There was a bit of a discrepancy regarding some of the jersey dependencies and the way that the servlet was configured in Guice. I was hoping to just be able to ignore it since this was just a class project, but when trying to use the jersey-client package in our tests, I'm hitting some show-stopping exceptions due to this.

The task is to update Jersey dependencies to the 2.# libraries. This is actually going to require that the servlet gets changed in regards to how it registers itself with Guice

Issue by mpuckett7
Saturday Nov 14, 2015 at 20:07 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/pull/1

Added support for an H2 in-memory database.

mpuckett7 included the following code: https://github.gatech.edu/mpuckett7/CS6238Project2/pull/1/commits

Due to the order of checking for a user's READ permission before attempting to read the document from the database, we are actually returning a 401 when a document doesn't exist or has been deleted rather than a 404.

With the current X.509 authentication framework, we use the entire subject "block" as the username (encapsulated in one String) because that's what java.security.cert.X509Certificate provides. The task for this issue is to parse the subject's common name out to use as the username.

Issue by mpuckett7
Monday Nov 16, 2015 at 00:05 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/9

Once we have allowed a user to create an HTTPS session, we must also provide them a "logout" feature so that they can end this session. This can be done at the same time as adding support for logging in, but doesn't have to be

Right now, the passwords are stored in plain text in the database. The task for this issue is to increase security by storing only salted and hashed representations of user passwords.

Issue by estuart3
Tuesday Nov 17, 2015 at 20:01 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/16

Also need to figure out how to access the server file system from within the Java servlet.

Issue by mpuckett7
Tuesday Nov 17, 2015 at 19:31 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/14

We have the slf4j dependency to allow us to log actions on the server, but I haven't figured out how to get out code to log (currently the gretty internal stuff logs). It would be nice to at least see log statements in the console when running the server. It's probably not hard, I just haven't taken the time yet.

Enable mutual auth on the servlet so that both the client and server must present valid certs when establishing the HTTPS connection.

Right now, the servlet present a cert that is signed by Gretty. This task for this issue is to present a cert signed by our project's CA.

Issue by mpuckett7
Sunday Nov 15, 2015 at 18:01 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/pull/2

• Added the ability to upload and download files/documents. Uploaded
  files/documents are stored in the database under the s2dr.Documents
  table.
• Also cleaned up a few dependency issues.

mpuckett7 included the following code: https://github.gatech.edu/mpuckett7/CS6238Project2/pull/2/commits

Issue by mpuckett7
Monday Nov 16, 2015 at 00:03 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/7

We need to add support for a client to establish an HTTPS connection to the server. The server will also need to be able to track the logged in user so that we can check permissions and such.

Issue by estuart3
Monday Nov 16, 2015 at 00:04 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/8

For any of the rest calls that manipulate the server-state (DELETE, POST, PUT) we need to implement cross site request forgery tokens.

(https://www.owasp.org/index.php/Top_10_2010-A5)
(https://blog.whitehatsec.com/csrf-prevention-in-java/)

I bet the graders will be looking for this vulnerability when they grade us for "secure coding practices". I bet one of the frameworks we are using has this built in somewhere.

Right now, a user can have multiple "instances" of the same permission. In response to a question on Piazza, the TA said that if a user is delegating a permission to another user and that user already has that permission, the new delegation should overwrite the old. The idea is that a user can "revoke" another user's permission.

Permission Delegation should accept ALL as a valid userName. The permission should then be delegated to all users

When a user uploads a document, we need to add an "Owner" permission in the DocumentPermissions table. The "time" column should be set to "unlimited" (tbd how this will be done).

Issue by mpuckett7
Tuesday Nov 17, 2015 at 20:01 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/15

Right now, we just delete the document by removing the row from the database. We need to first overwrite the contents CLOB with all 0's and then remove the row.

Issue by mpuckett7
Tuesday Nov 17, 2015 at 22:46 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/17

The project description says that when delegating permissions for a document to other clients, there must be a time parameter that specifies how long that specific delegation is valid. Before we implement this feature, there are a few questions that we must answer. So this can be part of our discussion on Thursday on design.

Issue by mpuckett7
Monday Nov 16, 2015 at 00:16 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/13

The project description lists several different test cases of clients interacting with the server. We will need to set this up, either by Python scripts that we can manually run or we can set up some jUnit tests.

Issue by mpuckett7
Monday Nov 16, 2015 at 00:14 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/12

The project description says that we need to use tools such as FindBugs and PMD to scan our code for vulnerabilities. I have never used either of these tools. It probably wouldn't be a bad idea for this to be an ongoing thing where we analyze our code before checking it in so that we don't get to the end and have a bunch to fix.

Update the package structure to better differentiate configuration code from app specific code.

Issue by mpuckett7
Monday Nov 16, 2015 at 00:12 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/11

When a document's SecurityFlag is set to INTEGRITY, the server must sign the document with the document's key (???) before saving it to the database. The server will then need to verify the signature before sending it to clients.

Need to have scripts that allow users to generate client certificates by providing a username as a parameter. (See project spec for details)

Issue by mpuckett7
Monday Nov 16, 2015 at 00:01 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/6

Right now, the server just blindly deletes a document when it receives a request. Before deleting, we need to check that the user has permissions. One thing we need to determine is what permissions allow for deletion.

This depends on database support so that we can track which users have which permissions for certain documents (will be added in the issue for adding the delegation PUT request).

This also sort-of depends on us setting up sessions so that we can track which user is making the request (though we can fake it to work on this).

The s2dr.DocumentPermissions table uses documentId as a foreign key to the s2dr.Documents table. So if you try to delete a document when there is a permissions pertaining to it, a SqlException is thrown. The task for this ticket is to delete all permissions from the DocumentPermissions table before deleting the document from the Documents table.

Right now, we have basic permission delegation support, but we need to add in some checks to ensure that a user is

• able to propogate the permission
• figure out how to handle the weird time limit rules. (user1 delegates to user2 for 30 seconds, user2 delegates to user 3...can this time limit be beyond user2's time limit?)

Right now, only a user who has the OWNER permission can delete a file. According to a question asked on Piazza, WRITE and BOTH allow for a user to delete a file.

Issue by mpuckett7
Monday Nov 16, 2015 at 00:09 GMT
Originally opened as https://github.gatech.edu/mpuckett7/CS6238Project2/issues/10

When a document's SecurityFlag is set as CONFIDENTIALITY, we need to encrypt it before storing it in the database. According to the project description, the file should be encrypted using AES and a random key, and then the server's public key encrypts the AES key and stores it with the document meta-data in the database.

Tho decrypt the server will then decrypt the AES key using it's private key, and then decrypt the document using the AES key.