Bug fixes

src/main/java/org/openautonomousconnection/protocol/packets/v1_0_0/beta/AuthPacket.java

@@ -13,7 +13,6 @@ import org.openautonomousconnection.protocol.side.server.CustomConnectedClient;
 import org.openautonomousconnection.protocol.side.server.events.S_CustomClientConnectedEvent;
 import org.openautonomousconnection.protocol.versions.ProtocolVersion;
 import org.openautonomousconnection.protocol.versions.v1_0_0.beta.INSResponseStatus;
-import org.openautonomousconnection.protocol.versions.v1_0_0.beta.TOFUFeedback;
 
 import java.io.DataInputStream;
 import java.io.DataOutputStream;
@@ -140,10 +139,10 @@ public final class AuthPacket extends OACPacket {
             try {
                 if (!protocolBridge.isVersionSupported(serverVersion)) {
                     setResponseCode(INSResponseStatus.RESPONSE_AUTH_FAILED);
-                    if (protocolBridge.getProtocolClient() != null
+                    if (protocolBridge.getProtocolClient() != null && protocolBridge.getProtocolClient().getClientINSConnection() != null) {
-                            && protocolBridge.getProtocolClient().getClientINSConnection() != null) {
                         protocolBridge.getProtocolClient().getClientINSConnection().disconnect();
                     }
+
                     return;
                 }
 
@@ -152,15 +151,9 @@ public final class AuthPacket extends OACPacket {
                 String caPrefix = objectInputStream.readUTF();
                 String caPem = objectInputStream.readUTF();
 
-                if (!caPrefix.matches("^[a-zA-Z0-9_-]+$")) {
-                    setResponseCode(INSResponseStatus.RESPONSE_AUTH_FAILED);
-                    return;
-                }
-
                 if (caPem.equalsIgnoreCase("N/A")) {
                     setResponseCode(INSResponseStatus.RESPONSE_AUTH_FAILED);
                 } else {
-
                     byte[] caBytes = caPem.getBytes(java.nio.charset.StandardCharsets.UTF_8);
                     java.security.MessageDigest md = java.security.MessageDigest.getInstance("SHA-256");
                     String fp = java.util.HexFormat.of().formatHex(md.digest(caBytes));
@@ -176,24 +169,20 @@ public final class AuthPacket extends OACPacket {
 
                     if (fpFile.exists()) {
                         String existing = FileUtils.readFileFull(fpFile).trim();
-                        TOFUFeedback feedback = protocolBridge.getProtocolClient().insFingerprintChanged(existing, fp);
+                        if (!protocolBridge.getProtocolClient().trustNewINSFingerprint(existing, fp)) {
-                        if (feedback == TOFUFeedback.DISCONNECT) {
                             setResponseCode(INSResponseStatus.RESPONSE_AUTH_FAILED);
                             protocolBridge.getProtocolClient().getClientINSConnection().disconnect();
                             return;
-                        }
+                        } else {
-                        if (feedback == TOFUFeedback.TRUST) {
                             FileUtils.writeFile(fpFile, fp + System.lineSeparator());
                             allowWritePem = true;
                         }
                     } else {
-                        TOFUFeedback feedback = protocolBridge.getProtocolClient().trustINS(fp);
+                        if (protocolBridge.getProtocolClient().trustINS(fp)) {
-                        if (feedback == TOFUFeedback.DISCONNECT) {
                             setResponseCode(INSResponseStatus.RESPONSE_AUTH_FAILED);
                             protocolBridge.getProtocolClient().getClientINSConnection().disconnect();
                             return;
-                        }
+                        } else {
-                        if (feedback == TOFUFeedback.TRUST) {
                             FileUtils.writeFile(fpFile, fp + System.lineSeparator());
                             allowWritePem = true;
                         }

src/main/java/org/openautonomousconnection/protocol/side/client/ProtocolClient.java

@@ -16,7 +16,6 @@ import org.openautonomousconnection.protocol.versions.ProtocolVersion;
 import org.openautonomousconnection.protocol.versions.v1_0_0.beta.INSRecord;
 import org.openautonomousconnection.protocol.versions.v1_0_0.beta.INSRecordType;
 import org.openautonomousconnection.protocol.versions.v1_0_0.beta.INSResponseStatus;
-import org.openautonomousconnection.protocol.versions.v1_0_0.beta.TOFUFeedback;
 
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -325,9 +324,22 @@ public abstract class ProtocolClient extends EventListener {
     public void onQuerySent(String tln, String name, String sub, INSRecordType type) {
     }
 
-    public abstract TOFUFeedback trustINS(String caFingerprint);
+    /**
+     * Called when no stored INS fingerprint exists yet (trust-on-first-use).
+     *
+     * @param caFingerprint received fingerprint of the INS CA certificate
+     * @return {@code true} to allow the connection; {@code false} to reject it
+     */
+    public abstract boolean trustINS(String caFingerprint);
 
-    public abstract TOFUFeedback insFingerprintChanged(String oldCAFingerprint, String newCAFingerprint);
+    /**
+     * Called when a stored INS fingerprint does not match the received one.
+     *
+     * @param oldCAFingerprint previously stored fingerprint
+     * @param newCAFingerprint received fingerprint of the INS CA certificate
+     * @return {@code true} to accept the new fingerprint; {@code false} to reject it
+     */
+    public abstract boolean trustNewINSFingerprint(String oldCAFingerprint, String newCAFingerprint);
 
     public static final class ClientCertificateFolderStructure {
         public final File certificatesFolder;

src/main/java/org/openautonomousconnection/protocol/versions/v1_0_0/beta/TOFUFeedback.java

@@ -1,7 +0,0 @@
-package org.openautonomousconnection.protocol.versions.v1_0_0.beta;
-
-public enum TOFUFeedback {
-
-    TRUST, DISCONNECT
-
-}