Server-Side Authentication
Learn how to modify the FTP server to add authentication and build the server using certificates.
Authenticating the server
After adding authentication, our FTP service will be able to run in two modes: secure and insecure. The primary differentiation between these modes lies in how authentication is handled. The insecure mode, which we have built previously in the course, builds the server without any exchange of certificates. In the secure mode, a comprehensive two-way authentication process is enforced, where both the server and the client are subject to authentication procedures.
The server key, server certificate, and CA certificate are located within the certs directory, nested inside the src/main/resources directory. Upon compiling the project, the resulting JAR file is generated in the target directory. To run the server, we'll execute it from the target directory. To ensure the certificates are accessible on the class path as defined in the config.properties file, it is necessary to copy the certs folder into the target directory. Recall, that we have used the Maven Resources Plugin to copy the config.properties file from src/main/resources directory to the output ${basedir}/target/ directory. The relevant code from the POM file is reproduced below:
<plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-resources-plugin</artifactId><version>3.0.2</version><executions><execution><id>copy-resource-one</id><phase>generate-sources</phase><goals><goal>copy-resources</goal></goals><configuration><outputDirectory>${basedir}/target/</outputDirectory><resources><resource><directory>src/main/resources</directory><includes><include>config.properties</include></includes></resource></resources></configuration></execution></executions></plugin>
We will add another <execution> with <id> as copy-resource-two to copy the certs directory from src/main/resources to target during the build process.
<plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-resources-plugin</artifactId><version>3.0.2</version><executions><execution><id>copy-resource-one</id><!-- copy config.properties file--></execution><execution><id>copy-resource-two</id><phase>generate-sources</phase><goals><goal>copy-resources</goal></goals><configuration><outputDirectory>${basedir}/target/certs</outputDirectory><resources><resource><directory>src/main/resources/certs</directory><filtering>true</filtering></resource></resources></configuration></execution></executions></plugin>
Updating server configuration properties
The server configuration file defines the settings and parameters that control how the gRPC server behaves. The config.propertiessrc/main/resources package contains two properties to set the destination directory on the server and the temporary write path. Now we will add other properties such as the paths to server keys and certificates, the certificate authority’s path, and a flag to determine whether the server runs in insecure mode.
The server needs its own key and certificate as well as the root CA certificate. We will add properties SERVER_KEY_PATH, SERVER_CERT_PATH, and CA_CERT_PATH to the config file. In addition, we will also add a flag RUN_IN_INSECURE_MODE to toggle the mode in which the server runs. The flag is initially set to false to build the server in secure mode using certificates.
DESTINATION_DIRECTORY_ON_SERVER=/Users/IdeaProjects/grpc-ftp-project/destOnServer/TEMP_WRITE_PATH=/Users/IdeaProjects/grpc-ftp-project/destOnServer/tmpSERVER_KEY_PATH=certs/serverKey.pemSERVER_CERT_PATH=certs/serverCert.pemCA_CERT_PATH=certs/rootCACert.pemRUN_IN_INSECURE_MODE=false
Adding server constants
The values defined in the ServerConstants
SERVER_KEY_PATH: Represents the key for the path to the server’s private key file.SERVER_CERT_PATH...