?? ssl_with_signature.java
字號:
//開始解包
//int pack_len=(new Byte(buffer[3])).intValue() * 256 +(new Byte(buffer[4])).intValue();
//以下邏輯用于解決當byte大于128時轉換成int會變成負數的問題
int pack_len = 0;
if(buffer[3]>=0){
pack_len = buffer[3];
}
else
{
pack_len = buffer[3] & 127 + 128;
}
pack_len=pack_len <<8;
if(buffer[4]>=0){
pack_len += buffer[4];
}
else
{
pack_len += buffer[4] & 127 + 128;
}
Show_Debug_Message("pack_len="+Integer.toString(pack_len));
if(pack_len != recv_len-5){
Show_Message("接收到簽名請求信息的長度不對!");
//組Signature_alert包
buffer[0]=SSLSignatureType.signature_alert;
buffer[1]=ProtocolVersion.major;
buffer[2]=ProtocolVersion.minor;
buffer[3]=0; //長度高字節
buffer[4]=0; //長度低字節
int p=5; //用于定位
//random字段全部填0
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
for(int i=0;i<28;++i)buffer[p++]=0;
//警告類型
buffer[p++]=Signature_Alert_type.Format_error; //消息格式錯誤
byte[] return_message="Wrong Data Format".getBytes();
//警告原因
for(int i=0;i<return_message.length;i++)buffer[p++]=return_message[i];
buffer[3]=(byte)(((p-5)>>8) % 256); //長度不包括開頭的5個字節
buffer[4]=(byte)((p-5) % 256);
SSL_with_signature.send(socket,buffer,p); //向對方發送數據
SSL_with_signature.Show_Buffer_Hex("向"+remote_host+"發送Signature_alert包!(len="+Integer.toString(p)+")",buffer,p);
try{
socket.close(); //關閉socket
} catch (IOException e)
{
callback.CatchError("關閉socket出錯",e);
}
return ;
}
if(buffer[0] != SSLSignatureType.signature_request){
Show_Debug_Message("接收到簽名請求信息格式錯誤!");
//組Signature_alert包
buffer[0]=SSLSignatureType.signature_alert;
buffer[1]=ProtocolVersion.major;
buffer[2]=ProtocolVersion.minor;
buffer[3]=0; //長度高字節
buffer[4]=0; //長度低字節
int p=5; //用于定位
//random字段全部填0
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
for(int i=0;i<28;++i)buffer[p++]=0;
//警告類型
buffer[p++]=Signature_Alert_type.Format_error; //消息格式錯誤
byte[] return_message="Wrong Data Format".getBytes();
//警告原因
for(int i=0;i<return_message.length;i++)buffer[p++]=return_message[i];
buffer[3]=(byte)(((p-5)>>8) % 256); //長度不包括開頭的5個字節
buffer[4]=(byte)((p-5) % 256);
SSL_with_signature.send(socket,buffer,p); //向對方發送數據
SSL_with_signature.Show_Buffer_Hex("向"+remote_host+"發送Signature_alert包!(len="+Integer.toString(p)+")",buffer,p);
try{
socket.close(); //關閉socket
} catch (IOException e)
{
callback.CatchError("關閉socket出錯",e);
}
callback.CatchError("消息格式錯誤", new Exception("接收到簽名請求信息格式錯誤!"));
return;
}
try
{
//解釋請求數據,以下兩個變量用于得到對方的隨機數
long gmt_unix_time=0;
byte[] random_bytes=new byte[28];
//gmt_unix_time=((new Byte(buffer[5])).longValue() << 24)+((new Byte(buffer[6])).longValue() << 16)+((new Byte(buffer[7])).longValue() << 8)+(new Byte(buffer[8])).longValue();
//以下邏輯用于解決當byte大于128時轉換成long會變成負數的問題
if(buffer[5]>=0){
gmt_unix_time = buffer[5];
}
else
{
gmt_unix_time = buffer[5] & 127 + 128;
}
gmt_unix_time = gmt_unix_time <<8;
if(buffer[6]>=0){
gmt_unix_time += buffer[6];
}
else
{
gmt_unix_time += buffer[6] & 127 + 128;
}
gmt_unix_time = gmt_unix_time <<8;
if(buffer[7]>=0){
gmt_unix_time += buffer[7];
}
else
{
gmt_unix_time += buffer[7] & 127 + 128;
}
gmt_unix_time = gmt_unix_time <<8;
if(buffer[8]>=0){
gmt_unix_time += buffer[8];
}
else
{
gmt_unix_time += buffer[8] & 127 + 128;
}
gmt_unix_time = gmt_unix_time <<8;
if(buffer[9]>=0){
gmt_unix_time += buffer[9];
}
else
{
gmt_unix_time += buffer[9] & 127 + 128;
}
Show_Debug_Message("gmt_unix_time ="+Long.toString(gmt_unix_time));
int p=10; //用于定位
for(int i=0;i<28;i++)random_bytes[i]=buffer[p++];
SSLRandom sslrand=new SSLRandom(gmt_unix_time,random_bytes); //恢復隨機數
//結果填充到Signature_request結構
S_request.random=sslrand;
//S_request.signdata_desc_length=(new Byte(buffer[p++])).intValue() * 256 + (new Byte(buffer[p++])).intValue();
//以下邏輯用于解決byte轉換成int時高位為1變成負數的問題
int signdata_desc_length = 0;
if(buffer[p]>=0){
signdata_desc_length = buffer[p];
}
else
{
signdata_desc_length = buffer[p] & 127 + 128;
}
signdata_desc_length = signdata_desc_length <<8;
p++;
if(buffer[p]>=0){
signdata_desc_length = buffer[p];
}
else
{
signdata_desc_length = buffer[p] & 127 + 128;
}
p++;
S_request.signdata_desc_length = signdata_desc_length;
Show_Debug_Message("signdata_desc_length="+Integer.toString(S_request.signdata_desc_length));
S_request.signdata_desc=new byte[S_request.signdata_desc_length];
for(int i=0;i<S_request.signdata_desc_length;i++)S_request.signdata_desc[i]=buffer[p++];
//S_request.signdata_length=(new Byte(buffer[p++])).intValue() * 256 + (new Byte(buffer[p++])).intValue();
int signdata_length = 0;
if(buffer[p]>=0){
signdata_length = buffer[p];
}
else
{
signdata_length = buffer[p] & 127 + 128;
}
signdata_length = signdata_length <<8;
p++;
if(buffer[p]>=0){
signdata_length = buffer[p];
}
else
{
signdata_length = buffer[p] & 127 + 128;
}
p++;
S_request.signdata_length = signdata_length;
Show_Debug_Message("signdata_length="+Integer.toString(S_request.signdata_length));
S_request.signdata=new byte[S_request.signdata_length];
for(int i=0;i<S_request.signdata_length;i++)S_request.signdata[i]=buffer[p++];
byte signatureAlgorithm=buffer[p++]; //簽名算法
//int s_length=(new Byte(buffer[p++])).intValue(); //簽名值的長度
int s_length = 0;
if(buffer[p]>=0){
s_length = buffer[p];
}
else
{
s_length = buffer[p] & 127 + 128;
}
p++;
Show_Debug_Message("s_length="+Integer.toString(s_length));
byte[] signatureValue=new byte[s_length];
for(int i=0;i<s_length;i++)signatureValue[i]=buffer[p++];
DSignature dsignature=new DSignature(signatureAlgorithm,s_length,signatureValue);
S_request.request_signature=dsignature;
} catch ( Exception e)
{
System.err.println("解釋Signature_request包出錯:" + e.getMessage());
e.printStackTrace();
//組Signature_alert包
buffer[0]=SSLSignatureType.signature_alert;
buffer[1]=ProtocolVersion.major;
buffer[2]=ProtocolVersion.minor;
buffer[3]=0; //長度高字節
buffer[4]=0; //長度低字節
int p=5; //用于定位
//random字段
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>32) % 256); //從UINT32 -> UINT40
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>24) % 256);
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>16) % 256);
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>8) % 256);
buffer[p++]=(byte)(S_request.random.gmt_unix_time % 256);
for(int i=0;i<28;++i)buffer[p++]=S_request.random.random_bytes[i];
//警告類型
buffer[p++]=Signature_Alert_type.System_interal_error; //系統故障
byte[] return_message="Encounter the system interal error.Can not explain your request.".getBytes();
//警告原因
for(int i=0;i<return_message.length;++i)buffer[p++]=return_message[i];
buffer[3]=(byte)(((p-5)>>8) % 256); //長度不包括開頭的5個字節
buffer[4]=(byte)((p-5) % 256);
SSL_with_signature.send(socket,buffer,p); //向對方發送數據
SSL_with_signature.Show_Buffer_Hex("向"+remote_host+"發送Signature_alert包!(len="+Integer.toString(p)+")",buffer,p);
try{
socket.close(); //關閉socket
} catch (IOException e1)
{
callback.CatchError("關閉socket出錯" , e);
}
callback.CatchError("消息格式錯誤", new Exception("解釋簽名請求包導致系統出錯"));
return ;
}
if (RandomUsed(S_request.random)) //檢查隨機數是否已經用過,用于防止重放攻擊
{
//組Signature_alert包
buffer[0]=SSLSignatureType.signature_alert;
buffer[1]=ProtocolVersion.major;
buffer[2]=ProtocolVersion.minor;
buffer[3]=0; //長度高字節
buffer[4]=0; //長度低字節
int p=5; //用于定位
//random字段
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>32) % 256); //從UINT32 -> UINT40
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>24) % 256);
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>16) % 256);
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>8) % 256);
buffer[p++]=(byte)(S_request.random.gmt_unix_time % 256);
for(int i=0;i<28;++i)buffer[p++]=S_request.random.random_bytes[i];
//警告類型
buffer[p++]=Signature_Alert_type.Illegal_random; //非法隨機數
byte[] return_message="Illegal random".getBytes();
//警告原因
for(int i=0;i<return_message.length;++i)buffer[p++]=return_message[i];
buffer[3]=(byte)(((p-5)>>8) % 256); //長度不包括開頭的5個字節
buffer[4]=(byte)((p-5) % 256);
SSL_with_signature.send(socket,buffer,p); //向對方發送數據
SSL_with_signature.Show_Buffer_Hex("向"+remote_host+"發送Signature_alert包!(len="+Integer.toString(p)+")",buffer,p);
try{
socket.close(); //關閉socket
} catch (IOException e)
{
callback.CatchError("關閉socket出錯" , e);
}
callback.CatchError("可能受到重放攻擊", new Exception("簽名請求的隨機數剛才用過"));
return;
}
boolean Verify_Requester_Signature_OK=false; //驗證通過的標志
try{
byte request_data[]=new byte[S_request.signdata_desc_length+S_request.signdata_length]; //簽名請求的數據
for(int i=0;i<S_request.signdata_desc_length;++i)request_data[i]=S_request.signdata_desc[i];
for(int i=0;i<S_request.signdata_length;++i)request_data[i+S_request.signdata_desc_length]=S_request.signdata[i];
Verify_Requester_Signature_OK=S_request.request_signature.Verify(request_data,partner_publickey);
} catch (Exception e)
{
callback.CatchError("驗證對方簽名時出錯",e);
return;
}
if(Verify_Requester_Signature_OK){ //用對方的公鑰驗證對簽名請求的簽名
//選擇簽名算法,同時檢查自己的私鑰是否有生成簽名的能力
byte sign_algorithm=0;
if(my_privatekey.getAlgorithm().equals("RSA"))
sign_algorithm=SignatureAlgorithm.md5RSA;
else
if(my_privatekey.getAlgorithm().equals("DSA"))
sign_algorithm=SignatureAlgorithm.sha1DSA;
else
{ //受限與SSL協議,暫時不支持其他的公鑰簽名算法
//組Signature_alert包
buffer[0]=SSLSignatureType.signature_alert;
buffer[1]=ProtocolVersion.major;
buffer[2]=ProtocolVersion.minor;
buffer[3]=0; //長度高字節
buffer[4]=0; //長度低字節
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -