private boolean authenticateClient() throws IOException {
String line = in.readLine();
if (line == null || line.equals(secret) == false) {
Log.warn(
Thread.currentThread().getName()
+ ": failed authentication attempt with \""
+ line
+ "\".");
out.println("Authentication failed");
return false;
}
writeNewSecret();
out.println("Authentication OK");
return true;
}
private void handleClient() {
try {
this.in = new BufferedReader(new InputStreamReader(client.getInputStream()));
this.out = new PrintWriter(new OutputStreamWriter(client.getOutputStream()));
if (authenticateClient()) {
handleRequest();
}
out.flush();
out.close();
in.close();
} catch (Exception ex) {
Log.warn(Thread.currentThread().getName() + ": failure handling client request.", ex);
} finally {
closeClientSocket();
}
}
private byte[] doSignatureFile(String[] digestNames, MessageDigest[] algorithms, byte[] manbytes)
throws IOException {
ByteArrayOutputStream out = new ByteArrayOutputStream();
PrintWriter ps = IO.writer(out);
ps.print("Signature-Version: 1.0\r\n");
for (int a = 0; a < algorithms.length; a++) {
if (algorithms[a] != null) {
byte[] digest = algorithms[a].digest(manbytes);
ps.print(digestNames[a] + "-Digest-Manifest: ");
ps.print(new Base64(digest));
ps.print("\r\n");
}
}
return out.toByteArray();
}
private void handleRequest() throws IOException {
String line = in.readLine();
if (line == null || line.length() == 0) {
Log.warn(Thread.currentThread().getName() + ": ignoring empty request.");
return;
}
if (handleCommand(line, out) == false) {
out.println(
Thread.currentThread().getName() + ": didn't understand request \"" + line + "\".");
}
}
public static void main(String args[]) throws Exception {
MessageDigest m = MessageDigest.getInstance("MD5");
PrintWriter out = new PrintWriter(new FileOutputStream("dict.txt"));
for (int i1 = 'a'; i1 < 'z'; i1++) {
System.out.println("Now Processing" + (char) i1);
for (int i2 = 'a'; i2 < 'z'; i2++)
for (int i3 = 'a'; i3 < 'z'; i3++)
for (int i4 = 'a'; i4 < 'z'; i4++) {
char[] ch = {(char) i1, (char) i2, (char) i3, (char) i4};
String passwd = new String(ch);
m.update(passwd.getBytes("UTF8"));
byte s[] = m.digest();
String result = "";
for (int i = 0; i < s.length; i++) {
result += Integer.toHexString((0x000000ff & s[i]) | 0xffffff00).substring(6);
}
out.print(passwd + " ");
out.println(result);
}
}
out.close();
}
public boolean handleCommand(String line, PrintWriter out) {
String[] split = line.split("[\t ]");
String commandName = split[0];
try {
Method[] methods = exportedInterface.getMethods();
for (Method method : methods) {
if (method.getName().equals(commandName) && method.getReturnType() == void.class) {
return invokeMethod(line, out, method, split);
}
}
throw new NoSuchMethodException();
} catch (NoSuchMethodException nsmex) {
out.println(fullName + ": didn't understand request \"" + line + "\".");
} catch (Exception ex) {
Log.warn(fullName + ": exception thrown while handling command \"" + line + "\".", ex);
out.println(fullName + ": request denied \"" + line + "\" (" + ex.toString() + ").");
} finally {
out.flush();
out.close();
}
return false;
}
public void writeLandingPage(HttpServletRequest request, HttpServletResponse response)
throws IOException {
String landingPage = getNewTokenLandingPage();
/** default to current page * */
if (landingPage == null) {
StringBuilder sb = new StringBuilder();
sb.append(request.getContextPath());
sb.append(request.getServletPath());
landingPage = sb.toString();
}
/** create auto posting form * */
StringBuilder sb = new StringBuilder();
sb.append("<html>\r\n");
sb.append("<head>\r\n");
sb.append("<title>OWASP CSRFGuard Project - New Token Landing Page</title>\r\n");
sb.append("</head>\r\n");
sb.append("<body>\r\n");
sb.append("<script type=\"text/javascript\">\r\n");
sb.append("var form = document.createElement(\"form\");\r\n");
sb.append("form.setAttribute(\"method\", \"post\");\r\n");
sb.append("form.setAttribute(\"action\", \"");
sb.append(landingPage);
sb.append("\");\r\n");
/** only include token if needed * */
if (isProtectedPage(landingPage)) {
sb.append("var hiddenField = document.createElement(\"input\");\r\n");
sb.append("hiddenField.setAttribute(\"type\", \"hidden\");\r\n");
sb.append("hiddenField.setAttribute(\"name\", \"");
sb.append(getTokenName());
sb.append("\");\r\n");
sb.append("hiddenField.setAttribute(\"value\", \"");
sb.append(getTokenValue(request, landingPage));
sb.append("\");\r\n");
sb.append("form.appendChild(hiddenField);\r\n");
}
sb.append("document.body.appendChild(form);\r\n");
sb.append("form.submit();\r\n");
sb.append("</script>\r\n");
sb.append("</body>\r\n");
sb.append("</html>\r\n");
String code = sb.toString();
/** setup headers * */
response.setContentType("text/html");
response.setContentLength(code.length());
/** write auto posting form * */
OutputStream output = null;
PrintWriter writer = null;
try {
output = response.getOutputStream();
writer = new PrintWriter(output);
writer.write(code);
writer.flush();
} finally {
Writers.close(writer);
Streams.close(output);
}
}
