?? whiteboardservlet.java
字號:
// Copyright 2003 Nokia Corporation.
//
// THIS SOURCE CODE IS PROVIDED 'AS IS', WITH NO WARRANTIES WHATSOEVER,
// EXPRESS OR IMPLIED, INCLUDING ANY WARRANTY OF MERCHANTABILITY, FITNESS
// FOR ANY PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE
// OR TRADE PRACTICE, RELATING TO THE SOURCE CODE OR ANY WARRANTY OTHERWISE
// ARISING OUT OF ANY PROPOSAL, SPECIFICATION, OR SAMPLE AND WITH NO
// OBLIGATION OF NOKIA TO PROVIDE THE LICENSEE WITH ANY MAINTENANCE OR
// SUPPORT. FURTHERMORE, NOKIA MAKES NO WARRANTY THAT EXERCISE OF THE
// RIGHTS GRANTED HEREUNDER DOES NOT INFRINGE OR MAY NOT CAUSE INFRINGEMENT
// OF ANY PATENT OR OTHER INTELLECTUAL PROPERTY RIGHTS OWNED OR CONTROLLED
// BY THIRD PARTIES
//
// Furthermore, information provided in this source code is preliminary,
// and may be changed substantially prior to final release. Nokia Corporation
// retains the right to make changes to this source code at
// any time, without notice. This source code is provided for informational
// purposes only.
//
// Nokia and Nokia Connecting People are registered trademarks of Nokia
// Corporation.
// Java and all Java-based marks are trademarks or registered trademarks of
// Sun Microsystems, Inc.
// Other product and company names mentioned herein may be trademarks or
// trade names of their respective owners.
//
// A non-exclusive, non-transferable, worldwide, limited license is hereby
// granted to the Licensee to download, print, reproduce and modify the
// source code. The licensee has the right to market, sell, distribute and
// make available the source code in original or modified form only when
// incorporated into the programs developed by the Licensee. No other
// license, express or implied, by estoppel or otherwise, to any other
// intellectual property rights is granted herein.
package whiteboard;
import java.io.*;
import java.security.*;
import java.text.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.net.*;
import org.bouncycastle.crypto.*;
import org.bouncycastle.crypto.digests.*;
import org.bouncycastle.crypto.engines.*;
import org.bouncycastle.crypto.paddings.*;
import org.bouncycastle.crypto.params.*;
import org.bouncycastle.util.encoders.Hex;
// Simple servlet serving GET and POST requests
// Version 1.4: Custom security and encryption of HTTP body
public class WhiteboardServlet
extends HttpServlet
{
private Whiteboard whiteboard;
private ServletConfig context;
private DateFormat format = null;
private String key = null;
private UserDatabase userDB = null;
private long internalKey, counter;
private SecureRandom random;
public void init()
{
context = getServletConfig();
String dateformat = context.getInitParameter("dateformat");
key = context.getInitParameter("masterkey");
if (dateformat != null)
{
try
{
format = new SimpleDateFormat(dateformat);
}
catch (Exception e)
{
// ignore, we'll check it later
}
}
if (format == null)
{
format = DateFormat.getTimeInstance(DateFormat.SHORT);
}
// init the whiteboard data structure
whiteboard = Whiteboard.getInstance();
userDB = new UserDatabase();
// insert a mock up user
userDB.createUser("guest", "password");
try
{
random = SecureRandom.getInstance("SHA1PRNG");
}
catch (Exception e)
{
e.printStackTrace();
}
internalKey = random.nextLong();
}
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, java.io.IOException
{
String username = authenticateUsername(req, resp, "GET");
if (username != null)
{
String response = buildResponse();
String nonce = createNonce();
resp.setHeader("X-Crypto-Nonce", nonce);
String cipherText = null;
try
{
cipherText = doEncryption(response, userDB.getUser(username).getPassword(), nonce);
}
catch (Exception e)
{
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
return;
}
resp.setContentType("text/plain");
ServletOutputStream out = resp.getOutputStream();
out.print(cipherText);
}
}
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, java.io.IOException
{
String username = authenticateUsername(req, resp, "POST");
if (username != null)
{
ServletInputStream in = req.getInputStream();
ByteArrayOutputStream buffer = new ByteArrayOutputStream();
int i = -1;
while ((i = in.read()) != -1)
{
buffer.write(i);
}
String msg = null;
boolean error = false;
try
{
msg = decodeMessage(buffer.toByteArray(), userDB.getUser(username).getPassword(),
req.getHeader("X-Crypto-Nonce"));
if (msg == null || !msg.startsWith("msg="))
{
error = true;
}
else
{
msg = msg.substring(4).trim();
}
}
catch (InvalidCipherTextException e)
{
error = true;
}
catch (Throwable e)
{
error = true;
e.printStackTrace();
}
if (!error)
{
whiteboard.addMessage(new Message(username, new Date(), msg));
String nonce = createNonce();
resp.setHeader("X-Crypto-Nonce", nonce);
String cipherText = null;
String response = buildResponse();
try
{
cipherText = doEncryption(response, userDB.getUser(username).getPassword(), nonce);
}
catch (Exception e)
{
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
return;
}
resp.setContentType("text/plain");
ServletOutputStream out = resp.getOutputStream();
out.print(cipherText);
}
else
{
resp.sendError(HttpServletResponse.SC_BAD_REQUEST,
"Missing msg parameter");
}
}
}
private String doEncryption(String plainText, String password, String nonce)
throws InvalidCipherTextException
{
// this should be long enough for a DES key
String compundKey = password + ":" + nonce;
Digest digest = new MD5Digest();
byte[] key = new byte[digest.getDigestSize()];
digest.update(compundKey.getBytes(), 0, compundKey.getBytes().length);
digest.doFinal(key, 0);
byte content[] = plainText.getBytes();
BufferedBlockCipher cipherEngine = new PaddedBufferedBlockCipher(new DESEngine());
cipherEngine.init(true, new KeyParameter(key));
byte[] cipherText = new byte[cipherEngine.getOutputSize(content.length)];
int cipherTextLength = cipherEngine.processBytes(content, 0, content.length,
cipherText, 0);
cipherEngine.doFinal(cipherText, cipherTextLength);
return new String(Hex.encode(cipherText));
}
private String decodeMessage(byte[] content, String password, String nonce)
throws InvalidCipherTextException
{
String compundKey = password + ":" + nonce;
Digest digest = new MD5Digest();
byte[] key = new byte[digest.getDigestSize()];
digest.update(compundKey.getBytes(), 0, compundKey.getBytes().length);
digest.doFinal(key, 0);
byte cipherText[] = Hex.decode(content);
BufferedBlockCipher cipherEngine = new PaddedBufferedBlockCipher(new DESEngine());
cipherEngine.init(false, new KeyParameter(key));
byte[] plainText = new byte[cipherEngine.getOutputSize(cipherText.length)];
int plainTextLength = cipherEngine.processBytes(cipherText, 0, cipherText.length,
plainText, 0);
cipherEngine.doFinal(plainText, plainTextLength);
return new String(plainText);
}
private String authenticateUsername(HttpServletRequest req, HttpServletResponse resp, String method)
throws IOException
{
String username = null;
if (req.getHeader("X-Authorization") == null)
{
resp.setHeader("X-WWW-Authenticate", createDigestChallenge());
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
else
{
String xauth = req.getHeader("X-Authorization");
username = validateDigestResponse(xauth, method);
if (username == null)
{
resp.setHeader("X-WWW-Authenticate", createDigestChallenge());
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
return username;
}
private String createDigestChallenge()
{
StringBuffer challenge = new StringBuffer("X-Digest realm=\"").append(getServletName()).append("\", qop=\"auth\", ");
String nonce = createNonce();
challenge.append("nonce=\"").append(nonce).append("\", ");
Digest digest = new MD5Digest();
byte[] result = new byte[digest.getDigestSize()];
String opaque = "" + random.nextLong();
digest.update(opaque.getBytes(), 0, opaque.getBytes().length);
digest.doFinal(result, 0);
opaque = new String(Hex.encode(result));
challenge.append("opaque=\"").append(opaque).append("\"");
return challenge.toString();
}
private synchronized String createNonce()
{
String nonce = (System.currentTimeMillis() + counter++) + ":" + internalKey;
Digest digest = new MD5Digest();
byte[] result = new byte[digest.getDigestSize()];
digest.update(nonce.getBytes(), 0, nonce.getBytes().length);
digest.doFinal(result, 0);
// the string is at least result.length characters long
nonce = new String(Hex.encode(result));
return nonce;
}
private String validateDigestResponse(String challengeResponse, String method)
{
if (!challengeResponse.startsWith("X-Digest"))
{
return null;
}
challengeResponse = challengeResponse.substring(8).trim();
StringTokenizer tokenizer = new StringTokenizer(challengeResponse, ",");
String nonce = null;
String realm = null;
String opaque = null;
String uri = null;
String username = null;
String response = null;
while (tokenizer.hasMoreTokens())
{
String nextToken = tokenizer.nextToken().trim();
if (nextToken.startsWith("nonce"))
{
nonce = nextToken.substring(7, nextToken.length() - 1);
}
if (nextToken.startsWith("opaque"))
{
opaque = nextToken.substring(8, nextToken.length() - 1);
}
if (nextToken.startsWith("uri"))
{
uri = nextToken.substring(5, nextToken.length() - 1);
}
if (nextToken.startsWith("username"))
{
username = nextToken.substring(10, nextToken.length() - 1);
}
if (nextToken.startsWith("response"))
{
response = nextToken.substring(10, nextToken.length() - 1);
}
if (nextToken.startsWith("realm"))
{
realm = nextToken.substring(7, nextToken.length() - 1);
}
}
if (realm == null || nonce == null || opaque == null || uri == null || username == null || response == null)
{
return null;
}
if (!realm.equals(getServletName()))
{
return null;
}
User user = userDB.getUser(username);
if (user == null)
{
return null;
}
String A1 = username + ":" + realm + ":" + user.getPassword();
Digest digest = new MD5Digest();
int size = digest.getDigestSize();
byte[] allbytes = A1.getBytes();
byte[] result = new byte[size];
digest.update(allbytes, 0, allbytes.length);
digest.doFinal(result, 0);
A1 = new String(Hex.encode(result));
String A2 = method + ":" + uri;
allbytes = A2.getBytes();
digest.update(allbytes, 0, allbytes.length);
digest.doFinal(result, 0);
A2 = new String(Hex.encode(result));
String calculatedResponse = A1 + ":" + nonce + ":" + A2;
allbytes = calculatedResponse.getBytes();
digest.update(allbytes, 0, allbytes.length);
digest.doFinal(result, 0);
calculatedResponse = new String(Hex.encode(result));
if (calculatedResponse.equals(response))
{
return username;
}
return null;
}
// Creates the response containing a list of messages
private String buildResponse()
{
Collection messages = whiteboard.getMessages();
// if no count parameter or error during parsing
if (messages == null)
{
messages = whiteboard.getMessages();
}
ValueGenerator generator = new ValueGenerator();
generator.addValue("" + messages.size());
Iterator i = messages.iterator();
while (i.hasNext())
{
Message msg = (Message) i.next();
generator.addValue(msg.getUser());
generator.addValue(format.format(msg.getTimestamp()));
generator.addValue(msg.getContent());
}
// print the text
return generator.getString();
}
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -