Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package server;
- import java.io.BufferedOutputStream;
- import java.io.ByteArrayOutputStream;
- import java.io.File;
- import java.io.*;
- import java.io.FileInputStream;
- import java.io.FileNotFoundException;
- import java.io.FileOutputStream;
- import java.io.IOException;
- import java.io.InputStream;
- import java.io.ObjectOutputStream;
- import java.io.OutputStream;
- import java.io.PrintStream;
- import java.rmi.*;
- import java.rmi.server.*;
- import java.security.Certificate;
- import java.security.GeneralSecurityException;
- import java.security.InvalidKeyException;
- import java.security.Key;
- import java.security.KeyFactory;
- import java.security.KeyPair;
- import java.security.KeyPairGenerator;
- import java.security.KeyStore;
- import java.security.KeyStore.PrivateKeyEntry;
- import java.security.KeyStore.ProtectionParameter;
- import java.security.KeyStoreException;
- import java.security.NoSuchAlgorithmException;
- import java.security.NoSuchProviderException;
- import java.security.PrivateKey;
- import java.security.PublicKey;
- import java.security.spec.*;
- import java.security.*;
- import java.security.SignatureException;
- import java.security.UnrecoverableKeyException;
- import java.security.cert.CertificateException;
- import java.security.cert.X509Certificate;
- import java.security.spec.InvalidKeySpecException;
- import java.security.spec.PKCS8EncodedKeySpec;
- import java.security.spec.X509EncodedKeySpec;
- import java.sql.*;
- import java.util.*;
- import java.util.Date;
- import sun.security.tools.keytool.CertAndKeyGen;
- import sun.security.x509.*;
- public class HDSBank extends UnicastRemoteObject implements HDSBankInterface {
- private int count;
- private PublicKey pubkey;
- private PrivateKey privkey;
- private Transaction transaction;
- private String username;
- ArrayList<Account> accounts;
- private String keyStorePw;
- // JDBC driver name and database URL
- String JDBC_DRIVER = "com.mysql.jdbc.Driver";
- String DB_URL = "jdbc:mysql://localhost:3306/bankDB?verifyServerCertificate=false&useSSL=true";
- // Database credentials
- String USER = "root";
- String PASS = "root"; // TODO this shouldn't be here
- Connection conn = null;
- // Statement stmt = null; // this isn't used!!
- public HDSBank(String pw) throws IOException, GeneralSecurityException {
- this.keyStorePw = pw;
- try {
- Class.forName(JDBC_DRIVER); // Load jdbc driver
- System.out.println("Driver Loaded");
- // Open Connection
- System.out.println("Connecting to a selected database...");
- conn = DriverManager.getConnection(DB_URL, USER, PASS);
- System.out.println("====Connected database successfully===");
- } catch (Exception e) {
- System.out.println(e);
- // error handling code
- }
- File f = new File("keystores/server/serverKeyStore");
- if(f.exists() && !f.isDirectory()) {
- loadKeystore();
- }
- else {
- createKeystore();
- generateAndSave();
- }
- transaction = new Transaction();
- transaction.setDBConnection(conn);
- }
- public boolean login(String username, String password) throws RemoteException, SQLException, NoSuchAlgorithmException, InvalidKeySpecException{
- // TODO see if client exists already or not, create a function
- String queryUsername = "SELECT username, publicKey FROM User WHERE username = ? AND pw = ?";
- PreparedStatement stmt = (PreparedStatement) conn.prepareStatement(queryUsername);
- stmt.setString(1, username);
- stmt.setString(2, password);
- // stmt.setString(2, password);
- ResultSet rs = stmt.executeQuery();
- if (rs.next()) {
- // user logado
- this.username = rs.getString("username");
- System.out.println("New Client logged in: "+this.username);
- /*
- TODO isto da erro se nao receber uma PUBKEY, ta a receber int pq tamos a testar e da erro, depois e descomentar
- try {
- // PublicKey pubk = convertStringToPubKey(pubString);
- System.out.println(pubk);
- } catch (Exception e) {
- System.out.println(e);
- // error handling code
- }
- System.exit(0);
- <<<<<<< HEAD
- */
- //this.userLoggedIn = new Account(username, password, pubk); quando usarmos as pubkeys e so descomentar
- return true;
- } else {
- // username ou pass errados
- System.out.println("Username no bueno");
- return false;
- }
- } // end of login function
- protected Connection getDBConnection() {
- return this.conn;
- }
- public String say(String m) throws RemoteException {
- count++;
- System.out.println("Received msg: " + m);
- return m + count;
- }
- public String send_amount(String senderUsername, String receiverUsername, double amount, String nonce, String sendSignature) throws RemoteException, SignatureException, InvalidKeyException, NoSuchAlgorithmException, SQLException, UnsupportedEncodingException {
- // IMPLEMENT VERIFY THE SIGNATURE IS LEGIT OR NOT
- System.out.println("11111111");
- String senderpubkey = getPubKeyStrByUsername(senderUsername);
- System.out.println("222222222");
- String receiverpubkey = getPubKeyStrByUsername(receiverUsername);
- System.out.println("fodasseeeeeeeeeeeeeeeee");
- if(checkUserExists(receiverUsername)) {
- /*if(verifySignature(senderUsername, receiverUsername, amount, nonce, sendSignature)){
- System.out.println(nonce);
- System.out.println(senderUsername);
- System.out.println(receiverUsername);
- System.out.println(amount);
- System.out.println(sendSignature);
- String rs = "";
- try {
- System.out.println("ola");
- rs = transaction.sendDBTransaction(senderpubkey, receiverpubkey, convertPubKeyToString(this.pubkey), amount, "s", nonce, sendSignature, "send");
- if(rs.equals("You dont have enough money")) {
- return "NoMoney";
- }
- else if(rs.equals("Sent")) {
- return "Sent";
- }
- } catch (Exception e) {
- e.printStackTrace();
- }
- }else{
- return "Error";
- }*/
- String rs = "";
- System.out.println("***********************");
- System.out.println("USER EXISTS");
- try {
- System.out.println("ola");
- rs = transaction.sendDBTransaction(senderpubkey, receiverpubkey, convertPubKeyToString(this.pubkey), amount, "s", nonce, sendSignature, "send");
- System.out.println("hmm");
- if(rs.equals("You dont have enough money")) {
- return "NoMoney";
- }
- else if(rs.equals("Sent")) {
- return "Sent";
- }
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- else {
- return "NoUser";
- }
- return "Error";
- }
- public boolean receive_amount(String senderstrpubkey, String receiverstrpubkey, double amount) throws RemoteException {
- =======
- */
- //this.userLoggedIn = new Account(username, password, pubk); quando usarmos as pubkeys e so descomentar
- return true;
- } else {
- // username ou pass errados
- System.out.println("Username no bueno");
- return false;
- }
- } // end of login function
- protected Connection getDBConnection() {
- return this.conn;
- }
- public String say(String m) throws RemoteException {
- count++;
- System.out.println("Received msg: " + m);
- return m + count;
- }
- public boolean receive_amount(String senderstrpubkey, String receiverstrpubkey, double amount) throws RemoteException {
- boolean success = false;
- try {
- success = transaction.receiveDBTransaction(senderstrpubkey, receiverstrpubkey, "keydosv", amount, "r", "nonce", "mac", "send");
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- }
- <<<<<<< HEAD
- public String register(PublicKey clientPubKey, String username, String passhash, String name)
- throws RemoteException, SQLException {
- // returns pubkey of server? doesn't client already know? what else?
- System.out.println("=== Register Request Received ===");
- System.out.println("Username: " + username);
- System.out.println("Name: " + name);
- System.out.println("Passhash: " + passhash);
- int exists = checkUserExists(username, clientPubKey);
- if (exists == 0) {
- Account acc = new Account(username, passhash, clientPubKey);
- if (createAccount(clientPubKey, username, passhash, name)) {
- System.out.println("User created Successfully!");
- this.username = username;
- return "User created Successfully!";
- }
- // accounts.add(acc); TODO register Joao!!!!
- } else if (exists == 1) {
- return "Username is unavailable";
- } else if (exists == 2) {
- return "Public Key is unavailable";
- =======
- return success;
- }
- public ArrayList<String> check_account() throws RemoteException, SQLException {
- System.out.println("=== Check Account Request Received ===");
- String query = "SELECT Amount FROM User WHERE username = ?";
- PreparedStatement stmt = (PreparedStatement) conn.prepareStatement(query);
- stmt.setString(1, this.username);
- System.out.println("Ola");
- //System.out.println(this.userLoggedIn.getUsername());
- ResultSet rs = stmt.executeQuery();
- if (rs.next()) {
- String rsamount = rs.getString("Amount");
- ArrayList<String> trans = getPendingTransactions();
- String bal = "Your Balance: " + rsamount + " euros";
- System.out.println(rsamount);
- trans.add(0, bal);
- return trans;
- }
- return null;
- }
- public Object[] audit(PublicKey accountPubKey) throws RemoteException {
- return null;
- }
- //////////////////////////////////////////////// AUX FUNCTIONS ///////////////////////////////////////////////////////////////////////
- private boolean createAccount(PublicKey pubkey, String username, String passhash, String name) throws SQLException {
- String query = "INSERT INTO User(publicKey, username, pw, Name, Amount) VALUES (?, ?, ?, ?, ?)";
- PreparedStatement stmt = (PreparedStatement) conn.prepareStatement(query);
- stmt.setString(1, convertPubKeyToString(pubkey));
- stmt.setString(2, username);
- stmt.setString(3, passhash);
- stmt.setString(4, name);
- stmt.setInt(5, 5);
- stmt.executeUpdate();
- return true;
- }
- private int checkUserExists(String username, PublicKey pub) throws SQLException {
- String query = "SELECT * FROM User WHERE username = ?";
- PreparedStatement stmt = (PreparedStatement) conn.prepareStatement(query);
- stmt.setString(1, username);
- ResultSet rs = stmt.executeQuery();
- if (rs.next()) {
- String rsuser = rs.getString("username");
- System.out.println("Username " + rsuser + " is unavailable");
- return 1;
- }
- <<<<<<< HEAD
- private boolean checkUserExists(String username) throws SQLException {
- String query = "SELECT * FROM User WHERE username = ?";
- PreparedStatement stmt = (PreparedStatement) conn.prepareStatement(query);
- stmt.setString(1, username);
- ResultSet rs = stmt.executeQuery();
- if (rs.next()) {
- String rsuser = rs.getString("username");
- System.out.println("Username " + rsuser + " exists");
- return true;
- }
- return false;
- }
- private String convertPubKeyToString(PublicKey pub) {
- byte[] publicKeyBytes = pub.getEncoded();
- String pubkeyStr = Base64.getEncoder().encodeToString(publicKeyBytes);
- return pubkeyStr;
- }
- =======
- query = "SELECT * FROM User WHERE publicKey = ?";
- stmt = (PreparedStatement) conn.prepareStatement(query);
- stmt.setString(1, convertPubKeyToString(pub));
- rs = stmt.executeQuery();
- >>>>>>> 564c3f6e44429e773a161ed8cb6fe2c038a7394b
- if (rs.next()) {
- System.out.println("PublicKey is unavailable");
- return 2;
- }
- return 0;
- }
- private String convertPubKeyToString(PublicKey pub) {
- byte[] publicKeyBytes = pub.getEncoded();
- String pubkeyStr = Base64.getEncoder().encodeToString(publicKeyBytes);
- return pubkeyStr;
- }
- private PublicKey convertStringToPubKey(String pubString) throws NoSuchAlgorithmException, InvalidKeySpecException {
- byte[] publicBytes = Base64.getDecoder().decode(pubString);
- X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicBytes);
- KeyFactory keyFactory = KeyFactory.getInstance("RSA");
- PublicKey pubKey = keyFactory.generatePublic(keySpec);
- return pubKey;
- }
- private ArrayList<String> getPendingTransactions() throws SQLException {
- ArrayList<String> result = new ArrayList<String>();
- String query = "SELECT *"
- + " FROM Transaction "
- + "WHERE publicKeyDestiny = ?";
- PreparedStatement stmt = (PreparedStatement) conn.prepareStatement(query);
- //String sourcePub = getPubKeyStrByUsername(this.userLoggedIn.getUsername()); USE MEEEEEE
- String sourcePub = "1"; // DELETE MEEEEEE
- stmt.setString(1, sourcePub);
- ResultSet rs = stmt.executeQuery();
- if(rs.next()) {
- result.add("Pending Transactions:");
- result.add("| Transaction ID | User | Type |"
- + " Source Public Key | Amount |");
- String id = rs.getString("idTransaction");
- String fkUser = rs.getString("fkUser");
- String type = rs.getString("type");
- String publicKeySource = rs.getString("publicKeySource");
- String amount = rs.getString("amount");
- result.add(id);
- result.add(fkUser);
- result.add(type);
- result.add(publicKeySource);
- result.add(amount);
- result.add("=");
- while(rs.next()) {
- id = rs.getString("idTransaction");
- fkUser = rs.getString("fkUser");
- type = rs.getString("type");
- publicKeySource = rs.getString("publicKeySource");
- amount = rs.getString("amount");
- result.add(id);
- result.add(fkUser);
- result.add(type);
- result.add(publicKeySource);
- result.add(amount);
- result.add("=");
- }
- }
- else {
- result.add("No Pending Transactions");
- }
- return result;
- }
- private String getPubKeyStrByUsername(String username) throws SQLException {
- String query = "SELECT publicKey FROM User WHERE username = ?";
- PreparedStatement stmt = (PreparedStatement) conn.prepareStatement(query);
- stmt.setString(1, username);
- ResultSet rs = stmt.executeQuery();
- if(rs.next()) {
- String rsPub = rs.getString("publicKey");
- return rsPub;
- }
- return null;
- }
- ////////////////////////////////////////////////////////// SECURITY FUNCTIONS ////////////////////////////////////////////////////////
- boolean verifySignature(String senderstrpubkey, String receiverstrpubkey, double amount, String nonce, String sentSignature) throws SQLException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, InvalidKeyException, UnsupportedEncodingException {
- // first we need to get the public key of the user logged in
- String senderpubkeystrfromsv = getPubKeyStrByUsername(this.username);
- PublicKey senderpubkey = convertStringToPubKey(senderpubkeystrfromsv);
- System.out.println("ASSINATURA\n\n" + sentSignature);
- System.out.println("\n\n");
- System.out.println("1\n\n" + senderpubkeystrfromsv);
- Signature signature = Signature.getInstance("SHA1WithRSA");
- try{
- System.out.println("ola");
- } catch (Exception e){
- System.out.println(e);
- }
- //signature.initVerify();
- byte[] signatureBytes = Base64.getDecoder().decode(sentSignature);
- // the fields sent FROM THE CLIENT
- byte[] data0 = senderstrpubkey.getBytes("UTF8");
- byte[] data1 = receiverstrpubkey.getBytes("UTF8");
- byte[] data2 = String.valueOf(amount).getBytes("UTF8");
- byte[] data3 = nonce.getBytes("UTF8");
- System.out.println("VERYFYING\n" + signatureBytes);
- try{
- signature.initVerify(senderpubkey);
- } catch ( Exception e){
- System.out.println(e);
- }
- System.out.println("1");
- signature.update(data0);
- signature.update(data1);
- signature.update(data2);
- signature.update(data3);
- System.out.println("2");
- try{
- boolean verified = signature.verify(signatureBytes);
- if (verified) {
- System.out.println("Data verified.");
- } else {
- System.out.println("Cannot verify data.");
- }
- } catch ( Exception e){
- System.out.println(e);
- }
- <<<<<<< HEAD
- private void createKeystore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
- char[] password = this.keyStorePw.toCharArray();
- KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
- ks.load(null, password);
- FileOutputStream fos = new FileOutputStream("keystores/server/serverKeyStore");
- ks.store(fos, password);
- fos.close();
- }
- private void loadKeystore() throws IOException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
- char[] password = this.keyStorePw.toCharArray();
- =======
- System.exit(0);
- return true;
- }
- >>>>>>> 564c3f6e44429e773a161ed8cb6fe2c038a7394b
- <<<<<<< HEAD
- Key priv = keystore.getKey("HDSBank", password);
- this.privkey = (PrivateKey) priv;
- if (this.privkey instanceof PrivateKey) {
- X509Certificate cert = (X509Certificate) keystore.getCertificate("HDSBank");
- this.pubkey = cert.getPublicKey();
- }
- }
- private void generateAndSave() throws GeneralSecurityException, IOException {
- char[] password = this.keyStorePw.toCharArray();
- KeyStore ks = KeyStore.getInstance("JKS");
- InputStream readStream = new FileInputStream("keystores/server/serverKeyStore");
- ks.load(readStream, password);
- X509Certificate[] certChain = generateCertificate();
- ks.setKeyEntry("HDSBank", this.privkey, password, certChain);
- OutputStream writeStream = new FileOutputStream("keystores/server/serverKeyStore");
- ks.store(writeStream, password);
- this.privkey = (PrivateKey) ks.getKey("HDSBank", password);
- this.pubkey = certChain[0].getPublicKey();
- =======
- ////////////////////////////////////////////////////////// KEY FUNCTIONS ////////////////////////////////////////////////////////////
- private void createKeystore(String pw) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
- char[] password = this.keyStorePw.toCharArray();
- KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
- ks.load(null, password);
- FileOutputStream fos = new FileOutputStream("keystores/server/serverKeyStore");
- ks.store(fos, password);
- fos.close();
- }
- private void loadKeystore(String pw) throws IOException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
- char[] password = this.keyStorePw.toCharArray();
- FileInputStream is = new FileInputStream("keystores/server/serverKeyStore");
- KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
- keystore.load(is, password);
- Key priv = keystore.getKey("HDSBank", password);
- this.privkey = (PrivateKey) priv;
- >>>>>>> 564c3f6e44429e773a161ed8cb6fe2c038a7394b
- if (this.privkey instanceof PrivateKey) {
- X509Certificate cert = (X509Certificate) keystore.getCertificate("HDSBank");
- this.pubkey = cert.getPublicKey();
- }
- }
- <<<<<<< HEAD
- private X509Certificate[] generateCertificate() throws GeneralSecurityException, IOException {
- try{
- CertAndKeyGen keyGen = new CertAndKeyGen("RSA","SHA1WithRSA",null);
- keyGen.generate(1024);
- this.pubkey = keyGen.getPublicKey();
- this.privkey = keyGen.getPrivateKey();
- //Generate self signed certificate
- X509Certificate[] chain=new X509Certificate[1];
- chain[0]=keyGen.getSelfCertificate(new X500Name("CN=HDSBank"), (long)365*24*3600);
- =======
- private void generateAndSave(String pw) throws GeneralSecurityException, IOException {
- char[] password = this.keyStorePw.toCharArray();
- KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
- kpg.initialize(1024);
- KeyPair kp = kpg.generateKeyPair();
- >>>>>>> 564c3f6e44429e773a161ed8cb6fe2c038a7394b
- KeyStore ks = KeyStore.getInstance("JKS");
- InputStream readStream = new FileInputStream("keystores/server/serverKeyStore");
- ks.load(readStream, password);
- X509Certificate[] certChain = generateCertificate("HDSBank", kp, 360, "RSA");
- ks.setKeyEntry("HDSBank", kp.getPrivate(), password, certChain);
- OutputStream writeStream = new FileOutputStream("keystores/server/serverKeyStore");
- ks.store(writeStream, password);
- this.privkey = (PrivateKey) ks.getKey("HDSBank", password);
- this.pubkey = certChain[0].getPublicKey();
- writeStream.close();
- }
- private X509Certificate[] generateCertificate(String dn, KeyPair pair, int days, String algorithm) throws GeneralSecurityException, IOException {
- try{
- CertAndKeyGen keyGen=new CertAndKeyGen("RSA","SHA1WithRSA",null);
- keyGen.generate(1024);
- //Generate self signed certificate
- X509Certificate[] chain=new X509Certificate[1];
- chain[0]=keyGen.getSelfCertificate(new X500Name("CN=HDSBank"), (long)365*24*3600);
- return chain;
- }catch(Exception ex){
- ex.printStackTrace();
- }
- return null;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement