Merge pull request #2404 from RestComm/RESTCOMM-1032_1a_D1

RESTCOMM-1032 : Client Password Proposal 1a

Author: maria-farooq

restcomm/pom.xml

@@ -1157,4 +1157,4 @@
         </pluginRepository>
     </pluginRepositories>
 
-</project>
+</project>

restcomm/restcomm.application/src/main/webapp/WEB-INF/conf/restcomm.xml

@@ -11,7 +11,9 @@
 	MA 02110-1301 USA, or see the FSF site: http://www.fsf.org. -->
 <restcomm>
 	<runtime-settings>
-		<!-- The API version that will be used. -->
+        <client-algorithm>MD5</client-algorithm>
+        <client-qop>auth</client-qop>
+        <!-- The API version that will be used. -->
 		<api-version>2012-04-24</api-version>
 
 		<!-- Try to run RVD workspace projects migration to apply new naming

restcomm/restcomm.application/src/main/webapp/WEB-INF/data/hsql/restcomm.script

@@ -51,5 +51,3 @@ INSERT INTO "restcomm_incoming_phone_numbers" VALUES('PN9154cd100e894cccb9846542
 INSERT INTO "restcomm_incoming_phone_numbers" VALUES('PN268b3f55d3a84a70aae8b78bde3443b5','2017-04-13 22:03:27.925000000','2017-04-13 22:03:27.925000000','This app joins a video conf bridge with wait music playing and requires XMS media server','ACae6e420f425248d6a26948c17a9e2acf','+1244','2012-04-24',FALSE,'/restcomm/demos/video-conference.xml','POST',NULL,'POST',NULL,'POST',NULL,NULL,'POST',NULL,'POST',NULL,'/2012-04-24/Accounts/ACae6e420f425248d6a26948c17a9e2acf/IncomingPhoneNumbers/PN268b3f55d3a84a70aae8b78bde3443b5',NULL,NULL,NULL,NULL, TRUE,'0.0',NULL,NULL,NULL,NULL,NULL, NULL, NULL, NULL, 'ORafbe225ad37541eba518a74248f0ac4c')
 INSERT INTO "restcomm_incoming_phone_numbers" VALUES('PNa956a87b060b4b93bf432fce19fe79bf','2017-04-13 22:04:04.258000000','2017-04-13 22:04:04.258000000','This app adds you to a video conf bridge as a moderator and requires XMS media server','ACae6e420f425248d6a26948c17a9e2acf','+1245','2012-04-24',FALSE,'/restcomm/demos/video-conference-moderator.xml','POST',NULL,'POST',NULL,'POST',NULL,NULL,'POST',NULL,'POST',NULL,'/2012-04-24/Accounts/ACae6e420f425248d6a26948c17a9e2acf/IncomingPhoneNumbers/PNa956a87b060b4b93bf432fce19fe79bf',NULL,NULL,NULL,NULL, TRUE,'0.0',NULL,NULL,NULL,NULL,NULL, NULL, NULL, NULL, 'ORafbe225ad37541eba518a74248f0ac4c')
 INSERT INTO "restcomm_incoming_phone_numbers" VALUES('PN5eadc8c3b26a495a842bbff6aecc9f6c','2017-09-29 19:34:10.679000000','2017-09-29 19:34:10.679000000','This app calls registered restcomm client Alice using XMS for video','ACae6e420f425248d6a26948c17a9e2acf','+1246','2012-04-24',FALSE,'/restcomm/demos/video-dial-client.xml','POST',NULL,'POST',NULL,'POST',NULL,NULL,'POST',NULL,'POST',NULL,'/2012-04-24/Accounts/ACae6e420f425248d6a26948c17a9e2acf/IncomingPhoneNumbers/PN5eadc8c3b26a495a842bbff6aecc9f6c',NULL,NULL,NULL,NULL, TRUE,'0.0',NULL,NULL,NULL,NULL,NULL, NULL, NULL, NULL, 'ORafbe225ad37541eba518a74248f0ac4c')
-INSERT INTO "restcomm_clients" VALUES('CLa2b99142e111427fbb489c3de357f60a','2013-11-04 12:52:44.144000000','2013-11-04 12:52:44.144000000','ACae6e420f425248d6a26948c17a9e2acf','2012-04-24','alice','alice','1234',1,NULL,'POST',NULL,'POST',NULL,'/2012-04-24/Accounts/ACae6e420f425248d6a26948c17a9e2acf/Clients/CLa2b99142e111427fbb489c3de357f60a',NULL)
-INSERT INTO "restcomm_clients" VALUES('CL3003328d0de04ba68f38de85b732ed56','2013-11-04 16:33:39.248000000','2013-11-04 16:33:39.248000000','ACae6e420f425248d6a26948c17a9e2acf','2012-04-24','bob','bob','1234',1,NULL,'POST',NULL,'POST',NULL,'/2012-04-24/Accounts/ACae6e420f425248d6a26948c17a9e2acf/Clients/CL3003328d0de04ba68f38de85b732ed56',NULL)

restcomm/restcomm.application/src/main/webapp/WEB-INF/scripts/mariadb/init.sql

@@ -458,10 +458,6 @@ INSERT INTO restcomm_incoming_phone_numbers VALUES('PN268b3f55d3a84a70aae8b78bde
 INSERT INTO restcomm_incoming_phone_numbers VALUES('PNa956a87b060b4b93bf432fce19fe79bf','2017-04-13 22:04:04.258000000','2017-04-13 22:04:04.258000000','This app adds you to a video conf bridge as a moderator and requires XMS media server','ACae6e420f425248d6a26948c17a9e2acf','+1245','2012-04-24',FALSE,'/restcomm/demos/video-conference-moderator.xml','POST',NULL,'POST',NULL,'POST',NULL,NULL,'POST',NULL,'POST',NULL,'/2012-04-24/Accounts/ACae6e420f425248d6a26948c17a9e2acf/IncomingPhoneNumbers/PNa956a87b060b4b93bf432fce19fe79bf', true, false, false, false, true, 0.0, null, null, null, null, null, null, null, null, 'ORafbe225ad37541eba518a74248f0ac4c');
 INSERT INTO restcomm_incoming_phone_numbers VALUES('PN5eadc8c3b26a495a842bbff6aecc9f6c','2017-09-29 19:34:10.679000000','2017-09-29 19:34:10.679000000','This app calls registered restcomm client Alice using XMS for video','ACae6e420f425248d6a26948c17a9e2acf','+1246','2012-04-24',FALSE,'/restcomm/demos/video-dial-client.xml','POST',NULL,'POST',NULL,'POST',NULL,NULL,'POST',NULL,'POST',NULL,'/2012-04-24/Accounts/ACae6e420f425248d6a26948c17a9e2acf/IncomingPhoneNumbers/PN5eadc8c3b26a495a842bbff6aecc9f6c', true, false, false, false, true, 0.0, null, null, null, null, null, null, null, null, 'ORafbe225ad37541eba518a74248f0ac4c');
 
-/* Create demo clients */
-INSERT INTO restcomm_clients VALUES('CLa2b99142e111427fbb489c3de357f60a','2013-11-04 12:52:44.144000000','2013-11-04 12:52:44.144000000','ACae6e420f425248d6a26948c17a9e2acf','2012-04-24','alice','alice','1234',1,NULL,'POST',NULL,'POST',NULL,'/2012-04-24/Accounts/ACae6e420f425248d6a26948c17a9e2acf/Clients/CLa2b99142e111427fbb489c3de357f60a', NULL);
-INSERT INTO restcomm_clients VALUES('CL3003328d0de04ba68f38de85b732ed56','2013-11-04 16:33:39.248000000','2013-11-04 16:33:39.248000000','ACae6e420f425248d6a26948c17a9e2acf','2012-04-24','bob','bob','1234',1,NULL,'POST',NULL,'POST',NULL,'/2012-04-24/Accounts/ACae6e420f425248d6a26948c17a9e2acf/Clients/CL3003328d0de04ba68f38de85b732ed56', NULL);
-
 /* Create index on restcomm_call_detail_records on conference_sid column */
 CREATE INDEX idx_cdr_conference_sid ON restcomm_call_detail_records (conference_sid);
 

restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/configuration/sets/MainConfigurationSet.java

@@ -59,4 +59,8 @@ public interface MainConfigurationSet {
     long getConferenceTimeout();
 
     void setConferenceTimeout(long conferenceTimeout);
+
+    String getClientAlgorithm();
+
+    String getClientQOP();
 }

restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/configuration/sets/impl/MainConfigurationSetImpl.java

@@ -52,6 +52,8 @@ public class MainConfigurationSetImpl extends ConfigurationSet implements MainCo
     private static final String HTTP_ROUTES_PORT = "http-client.routes-port";
     private static final String HTTP_ROUTES_CONN = "http-client.routes-conn";
     private static final String CONFERENCE_TIMEOUT_KEY = "runtime-settings.conference-timeout";
+    private static final String DEFAULT_CLIENT_PASSWORD = "MD5";
+    private static final String DEFAULT_CLIENT_QOP = "auth";
     private static final long CONFERENCE_TIMEOUT_DEFAULT = 14400; //4 hours in seconds
     private static final SslMode SSL_MODE_DEFAULT = SslMode.strict;
     private SslMode sslMode;
@@ -73,6 +75,8 @@ public class MainConfigurationSetImpl extends ConfigurationSet implements MainCo
 
     public static final String BYPASS_LB_FOR_CLIENTS = "bypass-lb-for-clients";
     private boolean bypassLbForClients = false;
+    private String clientAlgorithm = DEFAULT_CLIENT_PASSWORD;
+    private String clientQOP = DEFAULT_CLIENT_QOP;
 
     public MainConfigurationSetImpl(ConfigurationSource source) {
         super(source);
@@ -161,6 +165,9 @@ public MainConfigurationSetImpl(ConfigurationSource source) {
         }catch(NumberFormatException nfe){
             this.conferenceTimeout = CONFERENCE_TIMEOUT_DEFAULT;
         }
+
+        clientAlgorithm = source.getProperty("runtime-settings.client-algorithm", DEFAULT_CLIENT_PASSWORD);
+        clientQOP = source.getProperty("runtime-settings.client-qop", DEFAULT_CLIENT_QOP);
     }
 
     public MainConfigurationSetImpl(SslMode sslMode, int responseTimeout, boolean useHostnameToResolveRelativeUrls, String hostname, String instanceId, boolean bypassLbForClients) {
@@ -271,4 +278,14 @@ public long getConferenceTimeout() {
     public void setConferenceTimeout(long conferenceTimeout) {
         this.conferenceTimeout = conferenceTimeout;
     }
+
+    @Override
+    public String getClientAlgorithm() {
+        return clientAlgorithm;
+    }
+
+    @Override
+    public String getClientQOP() {
+        return clientQOP;
+    }
 }

restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/util/DigestAuthentication.java

@@ -23,6 +23,7 @@
 import java.security.NoSuchAlgorithmException;
 
 import org.restcomm.connect.commons.annotations.concurrency.ThreadSafe;
+import org.restcomm.connect.commons.configuration.RestcommConfiguration;
 
 /**
  * @author quintana.thomas@gmail.com (Thomas Quintana)
@@ -41,36 +42,65 @@ private static String A1(final String algorithm, final String user, final String
             if (cnonce == null || cnonce.length() == 0) {
                 throw new NullPointerException("The cnonce parameter may not be null.");
             }
-            return H(user + ":" + realm + ":" + password) + ":" + nonce + ":" + cnonce;
+            return H(user + ":" + realm + ":" + password, algorithm) + ":" + nonce + ":" + cnonce;
         }
     }
 
-    private static String A2(final String method, final String uri, String body, final String qop) {
+    private static String A2(String algorithm, final String method, final String uri, String body, final String qop) {
         if (qop == null || qop.trim().length() == 0 || qop.trim().equalsIgnoreCase("auth")) {
             return method + ":" + uri;
         } else {
             if (body == null)
                 body = "";
-            return method + ":" + uri + ":" + H(body);
+            return method + ":" + uri + ":" + H(body, algorithm);
         }
     }
 
     public static String response(final String algorithm, final String user, final String realm, final String password,
-            final String nonce, final String nc, final String cnonce, final String method, final String uri, String body,
-            final String qop) {
-        validate(user, realm, password, nonce, method, uri);
-        final String a1 = A1(algorithm, user, realm, password, nonce, cnonce);
-        final String a2 = A2(method, uri, body, qop);
+    final String nonce, final String nc, final String cnonce, final String method, final String uri, String body,
+    final String qop) {
+        return response(algorithm, user, realm, password, "", nonce, nc, cnonce, method, uri, body, qop);
+    }
+
+    /**
+     * @param algorithm
+     * @param user
+     * @param realm
+     * @param password
+     * @param password2
+     * @param nonce
+     * @param nc
+     * @param cnonce
+     * @param method
+     * @param uri
+     * @param body
+     * @param qop
+     * @return
+     */
+    public static String response(final String algorithm, final String user, final String realm, final String password,
+            String password2, final String nonce, final String nc, final String cnonce, final String method, final String uri,
+            String body, final String qop) {
+        validate(user, realm, password, nonce, method, uri, algorithm);
+        String ha1;
+
+        if(!password2.isEmpty()){
+            ha1 = password2;
+        }else{
+            final String a1 = A1(algorithm, user, realm, password, nonce, cnonce);
+            ha1 = H(a1, algorithm);
+        }
+
+        final String a2 = A2(algorithm, method, uri, body, qop);
         if (cnonce != null && qop != null && nc != null && (qop.equalsIgnoreCase("auth") || qop.equalsIgnoreCase("auth-int"))) {
-            return KD(H(a1), nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + H(a2));
+            return KD(ha1, nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + H(a2, algorithm), algorithm);
         } else {
-            return KD(H(a1), nonce + ":" + H(a2));
+            return KD(ha1, nonce + ":" + H(a2, algorithm), algorithm);
         }
     }
 
-    private static String H(final String data) {
+    private static String H(final String data, String algorithm) {
         try {
-            final MessageDigest digest = MessageDigest.getInstance("MD5");
+            final MessageDigest digest = MessageDigest.getInstance(algorithm);
             final byte[] result = digest.digest(data.getBytes());
             final char[] characters = HexadecimalUtils.toHex(result);
             return new String(characters);
@@ -79,12 +109,12 @@ private static String H(final String data) {
         }
     }
 
-    private static String KD(final String secret, final String data) {
-        return H(secret + ":" + data);
+    private static String KD(final String secret, final String data, String algorithm) {
+        return H(secret + ":" + data, algorithm);
     }
 
     private static void validate(final String user, final String realm, final String password, final String nonce,
-            final String method, final String uri) {
+            final String method, final String uri, String algorithm) {
         if (user == null) {
             throw new NullPointerException("The user parameter may not be null.");
         } else if (realm == null) {
@@ -97,6 +127,21 @@ private static void validate(final String user, final String realm, final String
             throw new NullPointerException("The uri parameter may not be null.");
         } else if (nonce == null) {
             throw new NullPointerException("The nonce parameter may not be null.");
+        } else if (algorithm == null) {
+            throw new NullPointerException("The algorithm parameter may not be null.");
         }
     }
+
+    /**
+     * @param username
+     * @param realm
+     * @param password
+     * @return
+     */
+    public static String HA1(String username, String realm, String password){
+        String algorithm = RestcommConfiguration.getInstance().getMain().getClientAlgorithm();
+        String ha1 = "";
+        ha1 = DigestAuthentication.H(username+":"+realm+":"+password, algorithm);
+        return ha1;
+    }
 }

restcomm/restcomm.dao/src/main/java/org/restcomm/connect/dao/entities/Client.java

@@ -26,6 +26,7 @@
 import org.restcomm.connect.commons.annotations.concurrency.Immutable;
 import org.restcomm.connect.commons.annotations.concurrency.NotThreadSafe;
 import org.restcomm.connect.commons.dao.Sid;
+import org.restcomm.connect.commons.util.DigestAuthentication;
 
 /**
  * @author quintana.thomas@gmail.com (Thomas Quintana)
@@ -148,8 +149,14 @@ public Client setFriendlyName(final String friendlyName) {
                 voiceUrl, voiceMethod, voiceFallbackUrl, voiceFallbackMethod, voiceApplicationSid, uri, pushClientIdentity);
     }
 
-    public Client setPassword(final String password) {
-        return new Client(sid, dateCreated, DateTime.now(), accountSid, apiVersion, friendlyName, login, password, status,
+    /**
+     * @param login
+     * @param password
+     * @param realm
+     * @return
+     */
+    public Client setPassword(final String login, final String password, final String realm) {
+        return new Client(sid, dateCreated, DateTime.now(), accountSid, apiVersion, friendlyName, login, DigestAuthentication.HA1(login, realm, password), status,
                 voiceUrl, voiceMethod, voiceFallbackUrl, voiceFallbackMethod, voiceApplicationSid, uri, pushClientIdentity);
     }
 
@@ -235,8 +242,13 @@ public void setLogin(final String login) {
             this.login = login;
         }
 
-        public void setPassword(final String password) {
-            this.password = password;
+        /**
+         * @param login
+         * @param password
+         * @param realm
+         */
+        public void setPassword(final String login, final String password, final String realm) {
+            this.password = DigestAuthentication.HA1(login, realm, password);
         }
 
         public void setStatus(final int status) {

restcomm/restcomm.dao/src/test/java/org/restcomm/connect/dao/mybatis/ClientsDaoTest.java

@@ -19,6 +19,7 @@
  */
 package org.restcomm.connect.dao.mybatis;
 
+import java.io.IOException;
 import java.io.InputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -40,15 +41,21 @@
  * @author quintana.thomas@gmail.com (Thomas Quintana)
  * @author maria farooq
  */
-public final class ClientsDaoTest {
+public final class ClientsDaoTest extends DaoTest {
     private static MybatisDaoManager manager;
+    private final String realm = "org1.restcomm.com";
 
     public ClientsDaoTest() {
         super();
     }
 
     @Before
-    public void before() {
+    public void before() throws IOException {
+
+        sandboxRoot = createTempDir("accountsTest");
+        String mybatisFilesPath = getClass().getResource("/accountsDao").getFile();
+        setupSandbox(mybatisFilesPath, sandboxRoot);
+    	
         final InputStream data = getClass().getResourceAsStream("/mybatis.xml");
         final SqlSessionFactoryBuilder builder = new SqlSessionFactoryBuilder();
         final SqlSessionFactory factory = builder.build(data);
@@ -74,7 +81,7 @@ public void createReadUpdateDelete() {
         builder.setApiVersion("2012-04-24");
         builder.setFriendlyName("Alice");
         builder.setLogin("alice");
-        builder.setPassword("1234");
+        builder.setPassword("alice", "1234", realm);
         builder.setStatus(Client.ENABLED);
         builder.setVoiceUrl(url);
         builder.setVoiceMethod(method);
@@ -110,7 +117,7 @@ public void createReadUpdateDelete() {
         method = "POST";
         String newClientIdentity = "newClientIdentity";
         client = client.setFriendlyName("Bob");
-        client = client.setPassword("4321");
+        client = client.setPassword(client.getLogin(), "4321", realm);
         client = client.setStatus(Client.DISABLED);
         client = client.setVoiceApplicationSid(application);
         client = client.setVoiceUrl(url);
@@ -161,7 +168,7 @@ public void readByUser() {
         builder.setApiVersion("2012-04-24");
         builder.setFriendlyName("Tom");
         builder.setLogin("tom");
-        builder.setPassword("1234");
+        builder.setPassword("tom", "1234", realm);
         builder.setStatus(Client.ENABLED);
         builder.setVoiceUrl(url);
         builder.setVoiceMethod(method);
@@ -208,7 +215,7 @@ public void readDeleteByAccountSid() {
         builder.setApiVersion("2012-04-24");
         builder.setFriendlyName("Tom");
         builder.setLogin("tom");
-        builder.setPassword("1234");
+        builder.setPassword("tom", "1234", realm);
         builder.setStatus(Client.ENABLED);
         builder.setVoiceUrl(url);
         builder.setVoiceMethod(method);

restcomm/restcomm.dao/src/test/java/org/restcomm/connect/dao/mybatis/DaoTest.java

@@ -23,7 +23,6 @@
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.XMLConfiguration;
 import org.apache.commons.io.FileUtils;
-import org.apache.commons.io.IOUtils;
 import org.restcomm.connect.commons.configuration.RestcommConfiguration;
 import org.restcomm.connect.commons.dao.Sid;