Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package Cloud;
- import java.io.ByteArrayInputStream;
- import java.io.IOException;
- import java.io.PrintWriter;
- import java.io.UnsupportedEncodingException;
- import java.security.InvalidKeyException;
- import java.security.NoSuchAlgorithmException;
- import java.security.PublicKey;
- import java.security.Signature;
- import java.security.SignatureException;
- import java.security.cert.Certificate;
- import java.security.cert.X509Certificate;
- import java.security.cert.CertificateException;
- import java.security.cert.CertificateFactory;
- import javax.servlet.ServletException;
- //import javax.servlet.annotation.WebServlet;
- import javax.servlet.http.HttpServlet;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.xml.bind.DatatypeConverter;
- /**
- * Servlet implementation class SignVerify
- */
- public class SignVerify extends HttpServlet {
- private static final long serialVersionUID = 1L;
- /**
- * @see HttpServlet#HttpServlet()
- */
- public SignVerify() {
- super();
- }
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- }
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- response.setContentType("text/html; charset=utf-8");
- PrintWriter writer = response.getWriter();
- String plainText = request.getParameter("plainText");
- boolean valid = checkTicket(plainText);
- if (valid) {
- String base64Certificate = request.getParameter("certificate");
- X509Certificate certificate = null;
- try {
- certificate = rebuildCertificate(base64Certificate);
- } catch (CertificateException e) {
- writer.write(e.toString());
- }
- valid = checkCertificate(certificate);
- if (valid) {
- PublicKey publicKey = getPublicKey(certificate);
- byte[] plainBytes = getStringBytes(plainText);
- String signValue = request.getParameter("signValue");
- byte[] signBytes = decodeBase64(signValue);
- try {
- valid = verifySignature(publicKey, plainBytes, signBytes);
- } catch (InvalidKeyException e) {
- writer.write(e.toString());
- } catch (NoSuchAlgorithmException e) {
- writer.write(e.toString());
- } catch (SignatureException e) {
- writer.write(e.toString());
- }
- if (valid) {
- String subject = getSubject(certificate);
- writer.write("Welcome " + subject);
- } else {
- writer.write("Verify Fail");
- }
- } else {
- writer.write("Invalid Certificate");
- }
- } else {
- writer.write("Invalid Ticket");
- }
- }
- // 檢查這個票證是否由本伺服器發出, 並且沒有逾期.
- private boolean checkTicket(String ticket) {
- return true;
- }
- // 檢查憑證的信任鍊是否能成功建立.
- private boolean checkCertificate(Certificate certificate) {
- return true;
- }
- private byte[] decodeBase64(String base64Encoded) {
- return DatatypeConverter.parseBase64Binary(base64Encoded);
- }
- private X509Certificate rebuildCertificate(String base64Certificate)
- throws CertificateException, IOException {
- byte[] certificateBytes = decodeBase64(base64Certificate);
- ByteArrayInputStream stream = new ByteArrayInputStream(certificateBytes);
- CertificateFactory factory = CertificateFactory.getInstance("X.509");
- X509Certificate certificate = (X509Certificate) factory
- .generateCertificate(stream);
- stream.close();
- return certificate;
- }
- private PublicKey getPublicKey(Certificate certificate) {
- return certificate.getPublicKey();
- }
- private byte[] getStringBytes(String plainText)
- throws UnsupportedEncodingException {
- return plainText.getBytes("UTF-8");
- }
- private boolean verifySignature(PublicKey publicKey, byte[] plainBytes,
- byte[] signBytes) throws NoSuchAlgorithmException,
- InvalidKeyException, SignatureException {
- Signature signature = Signature.getInstance("SHA1withRSA");
- signature.initVerify(publicKey);
- signature.update(plainBytes);
- return signature.verify(signBytes);
- }
- private String getSubject(X509Certificate certificate) {
- return certificate.getSubjectDN().toString();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement