import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA1Digest;
public class PasswordServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
System.out.println("user = " + request.getParameter("user"));
System.out.println("timestamp = " + request.getParameter("timestamp"));
System.out.println("random = " + request.getParameter("random"));
System.out.println("digest = " + request.getParameter("digest"));
String user = request.getParameter("user");
String password = lookupPassword(user);
String timestamp = request.getParameter("timestamp");
String randomNumber = request.getParameter("random");
byte[] userBytes = user.getBytes();
byte[] timestampBytes = HexCodec.hexToBytes(timestamp);
byte[] randomBytes = HexCodec.hexToBytes(randomNumber);
byte[] passwordBytes = password.getBytes();
Digest digest = new SHA1Digest();
digest.update(userBytes, 0, userBytes.length);
digest.update(timestampBytes, 0, timestampBytes.length);
digest.update(randomBytes, 0, randomBytes.length);
digest.update(passwordBytes, 0, passwordBytes.length);
byte[] digestValue = new byte[digest.getDigestSize()];
digest.doFinal(digestValue, 0);
String message = "";
String clientDigest = request.getParameter("digest");
if (isEqual(digestValue, HexCodec.hexToBytes(clientDigest)))
message = "User " + user + " logged in.";
else
message = "Login was unsuccessful.";
response.setContentType("text/plain");
response.setContentLength(message.length());
PrintWriter out = response.getWriter();
out.println(message);
}
private String lookupPassword(String user) {
return "happy8";
}
private boolean isEqual(byte[] one, byte[] two) {
if (one.length != two.length)
return false;
for (int i = 0; i < one.length; i++)
if (one[i] != two[i])
return false;
return true;
}
}
class HexCodec {
private static final char[] kDigits = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a',
'b', 'c', 'd', 'e', 'f' };
public static char[] bytesToHex(byte[] raw) {
int length = raw.length;
char[] hex = new char[length * 2];
for (int i = 0; i < length; i++) {
int value = (raw[i] + 256) % 256;
int highIndex = value >> 4;
int lowIndex = value & 0x0f;
hex[i * 2 + 0] = kDigits[highIndex];
hex[i * 2 + 1] = kDigits[lowIndex];
}
return hex;
}
public static byte[] hexToBytes(char[] hex) {
int length = hex.length / 2;
byte[] raw = new byte[length];
for (int i = 0; i < length; i++) {
int high = Character.digit(hex[i * 2], 16);
int low = Character.digit(hex[i * 2 + 1], 16);
int value = (high << 4) | low;
if (value > 127)
value -= 256;
raw[i] = (byte) value;
}
return raw;
}
public static byte[] hexToBytes(String hex) {
return hexToBytes(hex.toCharArray());
}
}
|