glusk / wse Goto Github PK

Set-up a Travic-CI system

A bug found in #26.

MySqlRecord doesn't handle unknown users properly - RFC5054: 2.5.1.3. Unknown SRP User Name. In order to fix this, the following is needed:

• #30 HMAC SHA-1 implementation (because I don't like the Java built-in Mac class),
• #32FakeRecord implementation.

In #7 (comment) it was suggested to review checkstyle rules. Decide what can and should be restricted.

git clone fails with the following error message on Windows 10:

warning: the following paths have collided (e.g. case-sensitive paths
on a case-insensitive filesystem) and only one from the same
colliding group is in the working tree:

  'wse-common/src/main/java/com/github/glusk2/wse/common/crypto/srp6/rfc5054/RFC5054TestVector_A.java'
  'wse-common/src/main/java/com/github/glusk2/wse/common/crypto/srp6/rfc5054/RFC5054TestVector_a.java'
  'wse-common/src/main/java/com/github/glusk2/wse/common/crypto/srp6/rfc5054/RFC5054TestVector_B.java'
  'wse-common/src/main/java/com/github/glusk2/wse/common/crypto/srp6/rfc5054/RFC5054TestVector_b.java'
  'wse-common/src/main/java/com/github/glusk2/wse/common/crypto/srp6/rfc5054/RFC5054TestVector_S.java'
  'wse-common/src/main/java/com/github/glusk2/wse/common/crypto/srp6/rfc5054/RFC5054TestVector_s.java'

https://github.com/Glusk2/wse/blob/71028ef255745912b082a144ce9027a610c67152/wse-common/src/main/java/com/github/glusk2/wse/common/crypto/srp6/SRP6HashedSesKey.java#L29

Signature should be redefined to return a byte array.

Classes:

• SRP6CltSesKey.java
• SRP6SrvSesKey.java
• SRP6HashedSesKey.java

should be renamed in order to avoid confusion regarding the session key. What is now called a session key is more often referred to as <premaster secret> (RFC5054: Appendix B. SRP Test Vectors) or secret (BouncyCastle). In order to obtain a more secure session key, the secret is typically hashed in some way.

Is this (InMemoryRecord) class really needed?

MySqlRecord doesn't handle unknown users properly - RFC5054: 2.5.1.3. Unknown SRP User Name. In order to fix this, the following is needed:

• HMAC SHA-1 implementation,
• FakeRecord implementation.

Implement a fake SRP6 record that always returns the same values for a given user-name (I - identity).

Needed for #28.

WoW uses SRP-6 to authenticate a user with the game server. Furthermore, it makes use of the optimized message ordering as proposed here.

Since Java doesn't ship with an SRP-6 implementation (and since I couldn't find a library online that supports little-endian byte ordered integers), it'll have to be written from scratch.

Implement HMAC SHA-1.

Needed for #28.

Create an empty maven project structure that compiles without errors.

The idea is to have a multi-module project, containing:

• A core module with the server implementation
• A utility module containing code that is generic and can be used on other projects

https://github.com/Glusk2/wse/blob/master/wse/wse-core/src/main/resources/configuration.properties.example is a dead link!

Implement a simple logon server:

• add database tables
• implement the actual server
• add run instructions and a reference configuration file

The issue was found in #26.

Class InMemoryRecord should be redesigned or removed altogether.

Problems:

• equals() is not good enough because it doesn't enforce overriding
• There is code duplication (boiler-plate code) inside equals(), for example:

// Dog.java
boolean equals(Object o) {
    if (o == null || !(o instanceof Dog)) {
        return false;
    }
    Dog that = (Dog) o;
    
    /*actual equality check logic:
    return this.name.equals(that.name) && ... ;*/
}

Proposed solution:

• https://www.yegor256.com/2017/07/11/how-to-redesign-equals.html

Set-up the project work with coveralls.