Mirrors_Framework/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2026-05-20 01:32:18 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/Ghidra_12.1'

Browse Source
This commit is contained in:
ghidra1
2026-04-13 17:56:44 -04:00
parent 85f095fe47 5bf503fbc4
commit 82f75c985b
1 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ghidra/Features/GhidraServer/src/main/java/ghidra/server/security/PKIAuthenticationModule.java
+24 -5
View File
@@ -88,6 +88,27 @@ public class PKIAuthenticationModule implements AuthenticationModule {
return false;
}
private void checkTokenIntegrity(byte[] token) throws LoginException {
if (token.length != TOKEN_SIZE) {
throw new FailedLoginException("Invalid Signature callback");
}
boolean isZeroToken = true;
for (byte b : token) {
if (b != 0) {
isZeroToken = false;
break;
}
}
if (isZeroToken) {
throw new FailedLoginException("Invalid Signature callback");
}
if (!TokenGenerator.isRecentToken(token, MAX_TOKEN_TIME)) {
throw new FailedLoginException("Stale Signature callback");
}
}
/*
* @see ghidra.server.security.AuthenticationModule#authenticate(ghidra.server.UserManager, javax.security.auth.Subject, javax.security.auth.callback.Callback[])
*/
@@ -121,14 +142,12 @@ public class PKIAuthenticationModule implements AuthenticationModule {
try {
byte[] token = sigCb.getToken();
if (!TokenGenerator.isRecentToken(token, MAX_TOKEN_TIME)) {
throw new FailedLoginException("Stale Signature callback");
}
checkTokenIntegrity(token);
boolean usingSelfSignedCert =
DefaultKeyManagerFactory.usingGeneratedSelfSignedCertificate();
if (!DefaultKeyManagerFactory.isMySignature(usingSelfSignedCert ? null : authorities,
if (!DefaultKeyManagerFactory.isMySignature(
usingSelfSignedCert ? null : DefaultTrustManagerFactory.getTrustedIssuers(),
token, sigCb.getServerSignature())) {
throw new FailedLoginException("Invalid Signature callback");
}