001: /*
002: * Copyright (c) 2003 The Visigoth Software Society. All rights
003: * reserved.
004: *
005: * Redistribution and use in source and binary forms, with or without
006: * modification, are permitted provided that the following conditions
007: * are met:
008: *
009: * 1. Redistributions of source code must retain the above copyright
010: * notice, this list of conditions and the following disclaimer.
011: *
012: * 2. Redistributions in binary form must reproduce the above copyright
013: * notice, this list of conditions and the following disclaimer in
014: * the documentation and/or other materials provided with the
015: * distribution.
016: *
017: * 3. The end-user documentation included with the redistribution, if
018: * any, must include the following acknowledgement:
019: * "This product includes software developed by the
020: * Visigoth Software Society (http://www.visigoths.org/)."
021: * Alternately, this acknowledgement may appear in the software itself,
022: * if and wherever such third-party acknowledgements normally appear.
023: *
024: * 4. Neither the name "FreeMarker", "Visigoth", nor any of the names of the
025: * project contributors may be used to endorse or promote products derived
026: * from this software without prior written permission. For written
027: * permission, please contact visigoths@visigoths.org.
028: *
029: * 5. Products derived from this software may not be called "FreeMarker" or "Visigoth"
030: * nor may "FreeMarker" or "Visigoth" appear in their names
031: * without prior written permission of the Visigoth Software Society.
032: *
033: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
034: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
035: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
036: * DISCLAIMED. IN NO EVENT SHALL THE VISIGOTH SOFTWARE SOCIETY OR
037: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
038: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
039: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
040: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
041: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
042: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
043: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
044: * SUCH DAMAGE.
045: * ====================================================================
046: *
047: * This software consists of voluntary contributions made by many
048: * individuals on behalf of the Visigoth Software Society. For more
049: * information on the Visigoth Software Society, please see
050: * http://www.visigoths.org/
051: */
052:
053: package freemarker.debug.impl;
054:
055: import java.io.IOException;
056: import java.io.ObjectInputStream;
057: import java.io.ObjectOutputStream;
058: import java.io.Serializable;
059: import java.io.UnsupportedEncodingException;
060: import java.net.ServerSocket;
061: import java.net.Socket;
062: import java.security.MessageDigest;
063: import java.security.SecureRandom;
064: import java.util.Arrays;
065: import java.util.Random;
066:
067: import freemarker.debug.Debugger;
068: import freemarker.log.Logger;
069: import freemarker.template.utility.SecurityUtilities;
070: import freemarker.template.utility.UndeclaredThrowableException;
071:
072: /**
073: * @author Attila Szegedi
074: * @version $Id: DebuggerServer.java,v 1.3 2004/09/09 15:34:38 szegedia Exp $
075: */
076: class DebuggerServer {
077: private static final Logger logger = Logger
078: .getLogger("freemarker.debug.server");
079: // TODO: Eventually replace with Yarrow
080: private static final Random R = new SecureRandom();
081:
082: private final byte[] password;
083: private final int port;
084: private final Serializable debuggerStub;
085:
086: public DebuggerServer(Serializable debuggerStub) {
087: port = SecurityUtilities.getSystemProperty(
088: "freemarker.debug.port", Debugger.DEFAULT_PORT)
089: .intValue();
090: try {
091: password = SecurityUtilities.getSystemProperty(
092: "freemarker.debug.password", "").getBytes("UTF-8");
093: } catch (UnsupportedEncodingException e) {
094: throw new UndeclaredThrowableException(e);
095: }
096: this .debuggerStub = debuggerStub;
097: }
098:
099: public void start() {
100: new Thread(new Runnable() {
101: public void run() {
102: startInternal();
103: }
104: }, "FreeMarker Debugger Server Acceptor").start();
105: }
106:
107: private void startInternal() {
108: try {
109: ServerSocket ss = new ServerSocket(port);
110: for (;;) {
111: Socket s = ss.accept();
112: new Thread(new DebuggerAuthProtocol(s)).start();
113: }
114: } catch (IOException e) {
115: logger.error("Debugger server shut down.", e);
116: }
117: }
118:
119: private class DebuggerAuthProtocol implements Runnable {
120: private final Socket s;
121:
122: DebuggerAuthProtocol(Socket s) {
123: this .s = s;
124: }
125:
126: public void run() {
127: try {
128: ObjectOutputStream out = new ObjectOutputStream(s
129: .getOutputStream());
130: ObjectInputStream in = new ObjectInputStream(s
131: .getInputStream());
132: byte[] challenge = new byte[512];
133: R.nextBytes(challenge);
134: out.writeInt(220); // protocol version
135: out.writeObject(challenge);
136: MessageDigest md = MessageDigest.getInstance("SHA");
137: md.update(password);
138: md.update(challenge);
139: byte[] response = (byte[]) in.readObject();
140: if (Arrays.equals(response, md.digest())) {
141: out.writeObject(debuggerStub);
142: } else {
143: out.writeObject(null);
144: }
145: } catch (Exception e) {
146: logger.warn("Connection to "
147: + s.getInetAddress().getHostAddress()
148: + " abruply broke", e);
149: }
150: }
151:
152: }
153: }
|