diff --git a/connect/auth.go b/connect/auth.go
index 016f025b75572fbba7f6d590bb409721e80c7538..c9ed33edc8c985d73958762fac452296499a2a42 100644
--- a/connect/auth.go
+++ b/connect/auth.go
@@ -10,7 +10,6 @@
package connect
import (
- "bytes"
"context"
"crypto/rand"
"encoding/base64"
@@ -22,7 +21,6 @@ import (
"gitlab.com/xx_network/comms/connect/token"
pb "gitlab.com/xx_network/comms/messages"
"gitlab.com/xx_network/crypto/signature/rsa"
- "gitlab.com/xx_network/crypto/xx"
"gitlab.com/xx_network/primitives/id"
"google.golang.org/grpc/metadata"
)
@@ -164,63 +162,18 @@ func (c *ProtoComms) GenerateToken() ([]byte, error) {
return c.tokens.Generate().Marshal(), nil
}
-// Performs the dynamic authentication process such that Hosts that were not
-// already added to the Manager can establish authentication
-func (c *ProtoComms) dynamicAuth(msg *pb.AuthenticatedMessage) (
- host *Host, err error) {
-
- // Verify the client is attempting a dynamic authentication
- if msg.Client == nil || msg.Client.PublicKey == "" || msg.Client.Salt == nil {
- return nil, errors.New("Invalid dynamic authentication attempt!")
- }
-
- // Process the public key
- pubKey, err := rsa.LoadPublicKeyFromPem([]byte(msg.Client.PublicKey))
- if err != nil {
- return nil, errors.New(err.Error())
- }
-
- // Generate the user's ID from supplied Client information
- uid, err := xx.NewID(pubKey, msg.Client.Salt, id.User)
- if err != nil {
- return nil, err
- }
-
- // Verify the ID provided correctly matches the generated ID
- if !bytes.Equal(msg.ID, uid.Marshal()) {
- return nil, errors.Errorf(
- "Provided ID does not match. Expected: %s, Actual: %s",
- uid.String(), msg.ID)
- }
-
- // Create and add the new host to the manager
- host, err = newDynamicHost(uid, []byte(msg.Client.PublicKey))
- if err != nil {
- return
- }
- c.addHost(host)
- return
-}
-
// Validates a signed token using internal state
func (c *ProtoComms) ValidateToken(msg *pb.AuthenticatedMessage) (err error) {
// Convert EntityID to ID
- msgID, err := id.Unmarshal(msg.ID)
+ senderId, err := id.Unmarshal(msg.ID)
if err != nil {
return err
}
// Verify the Host exists for the provided ID
- host, ok := c.GetHost(msgID)
+ host, ok := c.GetHost(senderId)
if !ok {
-
- // If the host does not already exist, attempt dynamic authentication
- jww.DEBUG.Printf("Attempting dynamic authentication: %s", msgID.String())
- host, err = c.dynamicAuth(msg)
- if err != nil {
- return errors.Errorf(
- "Unable to complete dynamic authentication: %+v", err)
- }
+ return errors.Errorf("No host set up with %s, refusing contact", senderId)
}
// Get the signed token
diff --git a/connect/auth_test.go b/connect/auth_test.go
index 11692a79d6b6f256f0bb217d4cc211bc440b4d5a..c99eef216b69785301db6e37d4b3f3d946879207 100644
--- a/connect/auth_test.go
+++ b/connect/auth_test.go
@@ -14,9 +14,7 @@ import (
token "gitlab.com/xx_network/comms/connect/token"
pb "gitlab.com/xx_network/comms/messages"
"gitlab.com/xx_network/comms/testkeys"
- "gitlab.com/xx_network/crypto/csprng"
"gitlab.com/xx_network/crypto/signature/rsa"
- "gitlab.com/xx_network/crypto/xx"
"gitlab.com/xx_network/primitives/id"
"google.golang.org/grpc/peer"
"net"
@@ -345,86 +343,6 @@ func TestProtoComms_ValidateToken_BadId(t *testing.T) {
}
-// Dynamic authentication happy path (e.g. host not pre-added)
-func TestProtoComms_ValidateTokenDynamic(t *testing.T) {
- // All of this is setup for UID ----
- privKey, err := rsa.GenerateKey(csprng.NewSystemRNG(), rsa.DefaultRSABitLen)
- if err != nil {
- t.Errorf("Could not generate private key: %+v", err)
- }
- pubKey := privKey.GetPublic()
-
- salt := []byte("0123456789ABCDEF0123456789ABCDEF")
- uid, err := xx.NewID(pubKey, salt, id.User)
- if err != nil {
- t.Errorf("Could not generate user ID: %+v", err)
- }
- testId := uid.String()
- // ------
-
- // Now we set up the client comms object
- comm := ProtoComms{
- Id: uid,
- ListeningAddr: "",
- tokens: token.NewMap(),
- Manager: newManager(),
- }
- err = comm.setPrivateKey(rsa.CreatePrivateKeyPem(privKey))
- if err != nil {
- t.Errorf("Expected to set private key: %+v", err)
- }
-
- tokenBytes, err := comm.GenerateToken()
- if err != nil || tokenBytes == nil {
- t.Errorf("Unable to generate token: %+v", err)
- }
- tkn := token.Token{}
- copy(tkn[:], tokenBytes)
-
- // For this test we won't addHost to Manager, we'll just create a host
- // so we can compare to the dynamic one later
- host, err := newDynamicHost(uid, rsa.CreatePublicKeyPem(pubKey))
- if err != nil {
- t.Errorf("Unable to create host: %+v", err)
- }
- host.transmissionToken.Set(tkn)
- tokenMsg := &pb.AssignToken{
- Token: tokenBytes,
- }
-
- // Set up auth msg
- msg, err := comm.PackAuthenticatedMessage(tokenMsg, host, true)
- if err != nil {
- t.Errorf("Expected no error packing authenticated message: %+v", err)
- }
- msg.Client = &pb.ClientID{
- Salt: salt,
- PublicKey: string(rsa.CreatePublicKeyPem(pubKey)),
- }
-
- // Here's the method we're testing
- err = comm.ValidateToken(msg)
- if err != nil {
- t.Errorf("Expected to validate token: %+v", err)
- }
-
- // Check the output values behaved as expected
- host, ok := comm.GetHost(uid)
- if !ok {
- t.Errorf("Expected dynamic auth to add host %s!", testId)
- }
- if !host.IsDynamicHost() {
- t.Errorf("Expected host to be dynamic!")
- }
-
- if !bytes.Equal(msg.Token, host.receptionToken.GetBytes()) {
- t.Errorf("Message token doesn't match message's token! "+
- "Expected: %+v"+
- "\n\tReceived: %+v", host.receptionToken, msg.Token)
- }
-
-}
-
func TestProtoComms_DisableAuth(t *testing.T) {
testId := id.NewIdFromString("test", id.Node, t)
comm := ProtoComms{
diff --git a/connect/host.go b/connect/host.go
index 31ef49a03a1fc73826b0f1304fac107ca91f2a8c..dab7e784cc096db2095526946aedffbd92283c90 100644
--- a/connect/host.go
+++ b/connect/host.go
@@ -60,10 +60,6 @@ type Host struct {
// RSA Public Key corresponding to the TLS Certificate
rsaPublicKey *rsa.PublicKey
- // Indicates whether dynamic authentication was used for this Host
- // This is useful for determining whether a Host's key was hardcoded
- dynamicHost bool
-
// State tracking for host metric
metrics *Metric
@@ -121,32 +117,6 @@ func NewHost(id *id.ID, address string, cert []byte, params HostParams) (host *H
return
}
-// Creates a new dynamic-authenticated Host object
-func newDynamicHost(id *id.ID, publicKey []byte) (host *Host, err error) {
-
- // Initialize the Host object
- // IMPORTANT: This flag must be set to true for all dynamic Hosts
- // because the security properties for these Hosts differ
- host = &Host{
- id: id,
- dynamicHost: true,
- transmissionToken: token.NewLive(),
- receptionToken: token.NewLive(),
- }
-
- // Create the RSA Public Key object
- host.rsaPublicKey, err = rsa.LoadPublicKeyFromPem(publicKey)
- if err != nil {
- err = errors.Errorf("Error extracting PublicKey: %+v", err)
- }
- return
-}
-
-// Simple getter for the dynamicHost value
-func (h *Host) IsDynamicHost() bool {
- return h.dynamicHost
-}
-
// the amount of data, when streaming, that a sender can send before receiving an ACK
// keep at zero to use the default GRPC algorithm to determine
func (h *Host) SetWindowSize(size int32) {
@@ -476,16 +446,3 @@ func (h *Host) SetTestPublicKey(key *rsa.PublicKey, t interface{}) {
}
h.rsaPublicKey = key
}
-
-// Set host to dynamic (for testing use)
-func (h *Host) SetTestDynamic(t interface{}) {
- switch t.(type) {
- case *testing.T:
- break
- case *testing.M:
- break
- default:
- jww.FATAL.Panicf("SetTestDynamic is restricted to testing only. Got %T", t)
- }
- h.dynamicHost = true
-}
diff --git a/connect/host_test.go b/connect/host_test.go
index 2efeae540ffc669843bb6d0eaafdb6f5c1d9af9e..3fc48fcbf2f746cdf06f17aadbd9a9ff1076ab3c 100644
--- a/connect/host_test.go
+++ b/connect/host_test.go
@@ -96,24 +96,6 @@ func TestHost_UpdateAddress(t *testing.T) {
}
}
-// Validate that dynamic host defaults to false and can be set to true
-func TestHost_IsDynamicHost(t *testing.T) {
-
- host := Host{}
-
- if host.IsDynamicHost() != false {
- t.Errorf("Correct bool not returned. Expected false, got %v",
- host.dynamicHost)
- }
-
- host.dynamicHost = true
-
- if host.IsDynamicHost() != true {
- t.Errorf("Correct bool not returned. Expected true, got %v",
- host.dynamicHost)
- }
-}
-
// Full test
func TestHost_IsOnline(t *testing.T) {
addr := "0.0.0.0:10234"