[or-cvs] r15457: Initial version of PuppeTor master and slave programs (in puppetor/branches/gsoc2008: . doc src/de/uniba/wiai/lspi/puppetor src/de/uniba/wiai/lspi/puppetor/impl src/de/uniba/wiai/lspi/puppetor/rmi src/de/uniba/wiai/lspi/puppetor/rmi/execute)
sebastian at seul.org
sebastian at seul.org
Tue Jun 24 19:45:08 UTC 2008
Author: sebastian
Date: 2008-06-24 15:45:08 -0400 (Tue, 24 Jun 2008)
New Revision: 15457
Added:
puppetor/branches/gsoc2008/doc/howtosecurermi.txt
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/CreateNetwork.java
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorSlave.java
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorTest.java
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorTestResult.java
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/RemotePuppeTor.java
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/RemotePuppeTorImpl.java
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/execute/
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/execute/PuppeTorMasterProgram.java
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/execute/PuppeTorSlaveProgram.java
puppetor/branches/gsoc2008/tools/
Modified:
puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/impl/DirectoryNodeImpl.java
Log:
Initial version of PuppeTor master and slave programs
Added: puppetor/branches/gsoc2008/doc/howtosecurermi.txt
===================================================================
--- puppetor/branches/gsoc2008/doc/howtosecurermi.txt (rev 0)
+++ puppetor/branches/gsoc2008/doc/howtosecurermi.txt 2008-06-24 19:45:08 UTC (rev 15457)
@@ -0,0 +1,68 @@
+To securely use PuppeTor to connect a testing network over untrusted networks
+such as the Internet, a public/private key environment is set up. The one instance of PuppeTor that controls the flow of the test and checks milestones will be called the master instance, all others are called slave instances. All slaves verify that the master's certificate to establish a (ssl-secured) connection to the master. The master will then validate that it knows about the client and only allow connections from clients that provide a valid certificate.
+TODO: Write a script that allows easy creation of certificates for a given network
+
+Setting up secure RMI
+
+ Stuff you will need:
+ * Java version 1.5 or above
+ * the Java keytool. This is included in the standard Java distributions,
+ the binary is located inside the JAVADIR/bin directory.
+ * a keystore to store the server's certificate and
+ * a truststore for the client to store the exported certificate
+ (instructions on how to generate your own keystore and truststore will
+ follow)
+ * a place where you can enter passwords privately
+
+ Creation of the keystore:
+ At the shell, call keytool with the -genkey option to generate a key. You
+ need to specify an alias as well, by which your key will be identified
+ inside the keystore. This alias is case-insensitive. Add the -alias option.
+ The algorithm we use will be rsa, so we need the "-keyalg RSA" option as
+ well. The file in which your keystore will be stored will be specified by
+ the -keystore option. We can specify how long the certificate should be
+ valid using the -validity option. The period is specified in days from the
+ date of creation on. Altogether, your command should look like this:
+
+ keytool -genkey -alias YourServerAlias -keyalg RSA -keystore \
+ YourKeystoreFile -validity DaysOfValidity
+
+
+ You will be asked for a password, which will be shown in plaintext. Don't
+ do this in a potentially unsafe environment. You must enter a password,
+ and later supply this password to the app so its keystore can be accessed.
+ You are free to answer anything to like to the following questions, since
+ you you will be the only one using the certificate. When you have reviewed
+ your choices, type y and then enter. At the password prompt, you can just
+ press enter again to use the same password as for your keystore.
+
+ This is all that is needed on the server side.
+
+ Exporting a self-signed certificate
+ You will need to use the -export option to export the certificate from the
+ the keystore. Once again, specify the alias and the server's keystore using
+ the -alias and -keystore options. We want to export a printable certificate,
+ so the -rfc option must be used as well. The name of the file that the
+ certificate will be stored in is specified using -file. So your command
+ should look like:
+
+ keytool -export -alias YourServerAlias -keystore YourKeystoreFile -rfc \
+ -file ServerCertificateFile.cer
+
+ You will be asked to enter the password you specified above. This will
+ export the certificate so we can use it for the truststore in the next
+ step.
+
+ Creation of the truststore:
+ The -import option is used to get the exported certificate into the
+ truststore. You will again want to specify the -alias option, like this:
+
+ keytool -import -alias YourServerAlias -file ServerCertificateFile.cer \
+ -keystore YourTruststoreFile
+
+ You will once again be asked for your password. You will be asked whether
+ you trust this certificate, answer with y and enter.
+
+ You have now set up everything that is necessary for the encryption.
+ XXX We need a description here that it is better to use different keys for
+ different slaves.
\ No newline at end of file
Modified: puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/impl/DirectoryNodeImpl.java
===================================================================
--- puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/impl/DirectoryNodeImpl.java 2008-06-24 19:22:35 UTC (rev 15456)
+++ puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/impl/DirectoryNodeImpl.java 2008-06-24 19:45:08 UTC (rev 15457)
@@ -115,7 +115,7 @@
System.out.println("Exception at write! " + e1.getMessage());
e1.printStackTrace();
}
- final InputStream read = tmpProcess.getErrorStream();
+ //final InputStream read = tmpProcess.getErrorStream();
InputStream stderr = tmpProcess.getInputStream();
InputStreamReader isr = new InputStreamReader(stderr);
Added: puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/CreateNetwork.java
===================================================================
--- puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/CreateNetwork.java (rev 0)
+++ puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/CreateNetwork.java 2008-06-24 19:45:08 UTC (rev 15457)
@@ -0,0 +1,84 @@
+package de.uniba.wiai.lspi.puppetor.rmi;
+
+import java.rmi.RemoteException;
+
+import de.uniba.wiai.lspi.puppetor.ClientApplication;
+import de.uniba.wiai.lspi.puppetor.ClientEventType;
+import de.uniba.wiai.lspi.puppetor.Event;
+import de.uniba.wiai.lspi.puppetor.EventListener;
+import de.uniba.wiai.lspi.puppetor.EventManager;
+import de.uniba.wiai.lspi.puppetor.Network;
+import de.uniba.wiai.lspi.puppetor.NetworkFactory;
+import de.uniba.wiai.lspi.puppetor.ProxyNode;
+import de.uniba.wiai.lspi.puppetor.PuppeTorException;
+
+public class CreateNetwork implements PuppeTorTest {
+ private static final long serialVersionUID = 1L;
+
+ public Object doJob() throws RemoteException, PuppeTorException {
+ final Network network = NetworkFactory.createNetwork("example1");
+
+ final ProxyNode proxy0 = network.createProxy("proxy0");
+ network.writeConfigurations();
+ if (!network.startNodes(500000)) {
+ System.out.println("Failed to start the node!");
+ return null;
+ }
+ System.out.println("Successfully started the nodes!");
+ if (!network.hupUntilUp(10, 500000)) {
+ System.out.println("Failed to build circuits!");
+ System.exit(0);
+ }
+ System.out.println("Successfully built circuits!");
+ final ClientApplication client =
+ network.createClient("client", "www.google.com", 80, proxy0
+ .getSocksPort());
+
+ // create event listener to listen for client application events
+ final EventListener clientEventListener = new EventListener() {
+
+ // remember time when request was sent
+ private long before;
+
+ public void handleEvent(Event event) {
+ if (event.getType() == ClientEventType.CLIENT_SENDING_REQUEST) {
+ before = System.currentTimeMillis();
+ } else if (event.getType() == ClientEventType.CLIENT_REPLY_RECEIVED) {
+ System.out.println("Request took "
+ + (System.currentTimeMillis() - before)
+ + " milliseconds");
+ }
+ }
+ };
+
+ // obtain reference to event manager to be able to respond to events
+ final EventManager manager = network.getEventManager();
+
+ // register event handler for client application events
+ manager.addEventListener(client.getClientApplicationName(),
+ clientEventListener);
+
+ // perform at most three request with a timeout of 20 seconds each
+ client.startRequests(3, 20000, true);
+
+ // block this thread as long as client requests are running
+ manager.waitForAnyOccurence(client.getClientApplicationName(),
+ ClientEventType.CLIENT_REQUESTS_PERFORMED);
+
+ // wait a second before shutting down the proxy
+ try {
+ Thread.sleep(1000);
+ } catch (final InterruptedException e) {
+ }
+
+ // shut down proxy
+ network.shutdownNodes();
+ System.out.println("Goodbye.");
+
+ try {
+ Thread.sleep(1000);
+ } catch (final InterruptedException e) {
+ }
+ return null;
+ }
+}
Added: puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorSlave.java
===================================================================
--- puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorSlave.java (rev 0)
+++ puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorSlave.java 2008-06-24 19:45:08 UTC (rev 15457)
@@ -0,0 +1,11 @@
+package de.uniba.wiai.lspi.puppetor.rmi;
+
+public class PuppeTorSlave {
+
+ protected final String name;
+
+ public PuppeTorSlave(final String slaveName) {
+ name = slaveName;
+ }
+
+}
Added: puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorTest.java
===================================================================
--- puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorTest.java (rev 0)
+++ puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorTest.java 2008-06-24 19:45:08 UTC (rev 15457)
@@ -0,0 +1,11 @@
+package de.uniba.wiai.lspi.puppetor.rmi;
+
+import java.io.Serializable;
+import java.rmi.RemoteException;
+
+import de.uniba.wiai.lspi.puppetor.PuppeTorException;
+
+public interface PuppeTorTest extends Serializable {
+ public Object doJob() throws RemoteException, PuppeTorException;
+ // public //hier dann halt network etc hin
+}
Added: puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorTestResult.java
===================================================================
--- puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorTestResult.java (rev 0)
+++ puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/PuppeTorTestResult.java 2008-06-24 19:45:08 UTC (rev 15457)
@@ -0,0 +1,7 @@
+package de.uniba.wiai.lspi.puppetor.rmi;
+
+import java.io.Serializable;
+
+public interface PuppeTorTestResult extends Serializable {
+ public PuppeTorTest getJob();
+}
Added: puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/RemotePuppeTor.java
===================================================================
--- puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/RemotePuppeTor.java (rev 0)
+++ puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/RemotePuppeTor.java 2008-06-24 19:45:08 UTC (rev 15457)
@@ -0,0 +1,23 @@
+/**
+ *
+ */
+package de.uniba.wiai.lspi.puppetor.rmi;
+
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+
+/**
+ * @author Sebastian Hahn
+ *
+ */
+public interface RemotePuppeTor extends Remote/*
+ * , UnreferencedXXX
+ * Unreferenced-SH
+ */{
+ public void announceNewClient(String slaveName) throws RemoteException;
+
+ public PuppeTorTest isThereNewWork(String slaveName) throws RemoteException;
+
+ public void repoprtResults(String slaveName, PuppeTorTestResult jobResult)
+ throws RemoteException;
+}
Added: puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/RemotePuppeTorImpl.java
===================================================================
--- puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/RemotePuppeTorImpl.java (rev 0)
+++ puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/RemotePuppeTorImpl.java 2008-06-24 19:45:08 UTC (rev 15457)
@@ -0,0 +1,57 @@
+/**
+ *
+ */
+package de.uniba.wiai.lspi.puppetor.rmi;
+
+import java.rmi.RemoteException;
+import java.rmi.server.UnicastRemoteObject;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * @author killerchicken
+ *
+ */
+public class RemotePuppeTorImpl extends UnicastRemoteObject implements
+ RemotePuppeTor {
+
+ private static final long serialVersionUID = 1L;
+ private static final ConcurrentHashMap<String, PuppeTorSlave> slaves =
+ new ConcurrentHashMap<String, PuppeTorSlave>();
+
+ public RemotePuppeTorImpl() throws RemoteException {
+ }
+
+ /*
+ * XXX maybe it is not a good idea to throw an Exception at the client when
+ * it has already registered? -SH
+ */
+ public void announceNewClient(final String slaveName)
+ throws RemoteException {
+ if (null != slaves.putIfAbsent(slaveName, new PuppeTorSlave(slaveName))) {
+ throw new IllegalArgumentException(slaveName
+ + " has already registered with this Server");
+ }
+ }
+
+ public PuppeTorTest isThereNewWork(final String slaveName)
+ throws RemoteException {
+ if (slaves.containsKey(slaveName)) {
+ return new CreateNetwork();
+ } else {
+ System.out.println("noch net da");
+ }
+ return null;
+ }
+
+ public void repoprtResults(final String slaveName,
+ final PuppeTorTestResult jobResult) throws RemoteException {
+ // XXX We want to let the server know that the client did some work and
+ // how it turned
+ // out to be. -SH
+ }
+
+ /*
+ * public void unreferenced() { //XXX We want to notice when clients die.
+ * Realize that we need one object per client // for this to work. -SH }
+ */
+}
Added: puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/execute/PuppeTorMasterProgram.java
===================================================================
--- puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/execute/PuppeTorMasterProgram.java (rev 0)
+++ puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/execute/PuppeTorMasterProgram.java 2008-06-24 19:45:08 UTC (rev 15457)
@@ -0,0 +1,53 @@
+package de.uniba.wiai.lspi.puppetor.rmi.execute;
+
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+
+import javax.rmi.ssl.SslRMIClientSocketFactory;
+import javax.rmi.ssl.SslRMIServerSocketFactory;
+
+import de.uniba.wiai.lspi.puppetor.rmi.RemotePuppeTorImpl;
+
+public class PuppeTorMasterProgram {
+
+ private RemotePuppeTorImpl impl;
+ final private static int port = 2050;
+ final private static String serveraddress = "78.47.18.109";
+
+ /**
+ * @param args
+ */
+ public static void main(final String[] args) {
+ setupRMI();
+ final PuppeTorMasterProgram server = new PuppeTorMasterProgram();
+ server.exportObjects();
+
+ // do stuff with the clients
+ }
+
+ private static void setupRMI() {
+ System.setProperty("javax.net.ssl.keyStore", "res/keystore");
+ System.setProperty("javax.net.ssl.keyStorePassword", "asdasd");
+ System.setProperty("javax.net.ssl.trustStore", "res/truststore");
+ System.setProperty("java.rmi.server.hostname", serveraddress);
+ }
+
+ private void exportObjects() {
+ try {
+ impl = new RemotePuppeTorImpl();
+ final Registry registry =
+ LocateRegistry.createRegistry(port,
+ new SslRMIClientSocketFactory(),
+ new SslRMIServerSocketFactory(null, null, true));
+
+ registry.bind("RemotePuppeTorImpl", impl);
+
+ System.out.println("RemotePuppeTorImpl bound in registry");
+ } catch (final Throwable th) {
+ th.printStackTrace();
+ System.out.println("Exception occurred: " + th);
+ }
+
+ }
+
+}
Added: puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/execute/PuppeTorSlaveProgram.java
===================================================================
--- puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/execute/PuppeTorSlaveProgram.java (rev 0)
+++ puppetor/branches/gsoc2008/src/de/uniba/wiai/lspi/puppetor/rmi/execute/PuppeTorSlaveProgram.java 2008-06-24 19:45:08 UTC (rev 15457)
@@ -0,0 +1,81 @@
+package de.uniba.wiai.lspi.puppetor.rmi.execute;
+
+import java.rmi.NotBoundException;
+import java.rmi.RemoteException;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+
+import javax.rmi.ssl.SslRMIClientSocketFactory;
+
+import de.uniba.wiai.lspi.puppetor.PuppeTorException;
+import de.uniba.wiai.lspi.puppetor.rmi.PuppeTorTest;
+import de.uniba.wiai.lspi.puppetor.rmi.RemotePuppeTor;
+
+public class PuppeTorSlaveProgram {
+
+ final private static int port = 2050;
+ final private static String serveraddress = "78.47.18.109";
+ final private static String slaveName = "slave1";
+
+ /**
+ * @param args
+ */
+ public static void main(final String[] args) {
+ setupRMI();
+ final PuppeTorSlaveProgram slave = new PuppeTorSlaveProgram();
+ while (slave.connectToMaster() == false) {
+ try {
+ Thread.sleep(60000); // wait one minute
+ } catch (final InterruptedException e) {
+ // and immediatly retry if we're interrupted
+ }
+ }
+
+ }
+
+ private static void setupRMI() {
+ System.setProperty("javax.net.ssl.keyStore", "res/keystore");
+ System.setProperty("javax.net.ssl.keyStorePassword", "asdasd");
+ System.setProperty("javax.net.ssl.trustStore", "res/truststore");
+ }
+
+ private boolean connectToMaster() { // XXX Really only connect to the master
+ // here -SH
+ try {
+ final Registry registry =
+ LocateRegistry.getRegistry(serveraddress, port,
+ new SslRMIClientSocketFactory());
+
+ final RemotePuppeTor server =
+ (RemotePuppeTor) registry.lookup("RemotePuppeTorImpl");
+ server.announceNewClient(slaveName);
+ try {
+ final PuppeTorTest job = server.isThereNewWork(slaveName);
+ if (job != null) {
+ final Object res = job.doJob();
+ }
+ } catch (final PuppeTorException e) { // XXX Don't die on this!-SH
+ e.printStackTrace();
+ System.out
+ .println("PuppeTor didn't do what we wanted it to do. For now, that's a fatal error. "
+ + e);
+ System.exit(1);
+ }
+ } catch (final NotBoundException e) {
+ e.printStackTrace();
+ System.out.println("We could connect, but the server is broken: "
+ + e);
+ System.exit(1);
+ } catch (final RemoteException e) {
+ e.printStackTrace();
+ System.out.println("Exception occured: " + e);
+ return false;
+ } catch (final IllegalArgumentException e) {
+ e.printStackTrace();
+ System.out.println("We're already connected to the server! " + e);
+ System.exit(1);
+ }
+ return true;
+ }
+
+}
More information about the tor-commits
mailing list