Exemple #1
0
 private boolean authenticateClient() throws IOException {
   String line = in.readLine();
   if (line == null || line.equals(secret) == false) {
     Log.warn(
         Thread.currentThread().getName()
             + ": failed authentication attempt with \""
             + line
             + "\".");
     out.println("Authentication failed");
     return false;
   }
   writeNewSecret();
   out.println("Authentication OK");
   return true;
 }
Exemple #2
0
 private void handleClient() {
   try {
     this.in = new BufferedReader(new InputStreamReader(client.getInputStream()));
     this.out = new PrintWriter(new OutputStreamWriter(client.getOutputStream()));
     if (authenticateClient()) {
       handleRequest();
     }
     out.flush();
     out.close();
     in.close();
   } catch (Exception ex) {
     Log.warn(Thread.currentThread().getName() + ": failure handling client request.", ex);
   } finally {
     closeClientSocket();
   }
 }
Exemple #3
0
  private byte[] doSignatureFile(String[] digestNames, MessageDigest[] algorithms, byte[] manbytes)
      throws IOException {
    ByteArrayOutputStream out = new ByteArrayOutputStream();
    PrintWriter ps = IO.writer(out);
    ps.print("Signature-Version: 1.0\r\n");

    for (int a = 0; a < algorithms.length; a++) {
      if (algorithms[a] != null) {
        byte[] digest = algorithms[a].digest(manbytes);
        ps.print(digestNames[a] + "-Digest-Manifest: ");
        ps.print(new Base64(digest));
        ps.print("\r\n");
      }
    }
    return out.toByteArray();
  }
Exemple #4
0
 private void handleRequest() throws IOException {
   String line = in.readLine();
   if (line == null || line.length() == 0) {
     Log.warn(Thread.currentThread().getName() + ": ignoring empty request.");
     return;
   }
   if (handleCommand(line, out) == false) {
     out.println(
         Thread.currentThread().getName() + ": didn't understand request \"" + line + "\".");
   }
 }
Exemple #5
0
  public static void main(String args[]) throws Exception {
    MessageDigest m = MessageDigest.getInstance("MD5");
    PrintWriter out = new PrintWriter(new FileOutputStream("dict.txt"));

    for (int i1 = 'a'; i1 < 'z'; i1++) {
      System.out.println("Now Processing" + (char) i1);
      for (int i2 = 'a'; i2 < 'z'; i2++)
        for (int i3 = 'a'; i3 < 'z'; i3++)
          for (int i4 = 'a'; i4 < 'z'; i4++) {
            char[] ch = {(char) i1, (char) i2, (char) i3, (char) i4};
            String passwd = new String(ch);
            m.update(passwd.getBytes("UTF8"));
            byte s[] = m.digest();
            String result = "";
            for (int i = 0; i < s.length; i++) {
              result += Integer.toHexString((0x000000ff & s[i]) | 0xffffff00).substring(6);
            }
            out.print(passwd + "    ");
            out.println(result);
          }
    }
    out.close();
  }
Exemple #6
0
  public boolean handleCommand(String line, PrintWriter out) {
    String[] split = line.split("[\t ]");
    String commandName = split[0];

    try {
      Method[] methods = exportedInterface.getMethods();
      for (Method method : methods) {
        if (method.getName().equals(commandName) && method.getReturnType() == void.class) {
          return invokeMethod(line, out, method, split);
        }
      }
      throw new NoSuchMethodException();
    } catch (NoSuchMethodException nsmex) {
      out.println(fullName + ": didn't understand request \"" + line + "\".");
    } catch (Exception ex) {
      Log.warn(fullName + ": exception thrown while handling command \"" + line + "\".", ex);
      out.println(fullName + ": request denied \"" + line + "\" (" + ex.toString() + ").");
    } finally {
      out.flush();
      out.close();
    }
    return false;
  }
  public void writeLandingPage(HttpServletRequest request, HttpServletResponse response)
      throws IOException {
    String landingPage = getNewTokenLandingPage();

    /** default to current page * */
    if (landingPage == null) {
      StringBuilder sb = new StringBuilder();

      sb.append(request.getContextPath());
      sb.append(request.getServletPath());

      landingPage = sb.toString();
    }

    /** create auto posting form * */
    StringBuilder sb = new StringBuilder();

    sb.append("<html>\r\n");
    sb.append("<head>\r\n");
    sb.append("<title>OWASP CSRFGuard Project - New Token Landing Page</title>\r\n");
    sb.append("</head>\r\n");
    sb.append("<body>\r\n");
    sb.append("<script type=\"text/javascript\">\r\n");
    sb.append("var form = document.createElement(\"form\");\r\n");
    sb.append("form.setAttribute(\"method\", \"post\");\r\n");
    sb.append("form.setAttribute(\"action\", \"");
    sb.append(landingPage);
    sb.append("\");\r\n");

    /** only include token if needed * */
    if (isProtectedPage(landingPage)) {
      sb.append("var hiddenField = document.createElement(\"input\");\r\n");
      sb.append("hiddenField.setAttribute(\"type\", \"hidden\");\r\n");
      sb.append("hiddenField.setAttribute(\"name\", \"");
      sb.append(getTokenName());
      sb.append("\");\r\n");
      sb.append("hiddenField.setAttribute(\"value\", \"");
      sb.append(getTokenValue(request, landingPage));
      sb.append("\");\r\n");
      sb.append("form.appendChild(hiddenField);\r\n");
    }

    sb.append("document.body.appendChild(form);\r\n");
    sb.append("form.submit();\r\n");
    sb.append("</script>\r\n");
    sb.append("</body>\r\n");
    sb.append("</html>\r\n");

    String code = sb.toString();

    /** setup headers * */
    response.setContentType("text/html");
    response.setContentLength(code.length());

    /** write auto posting form * */
    OutputStream output = null;
    PrintWriter writer = null;

    try {
      output = response.getOutputStream();
      writer = new PrintWriter(output);

      writer.write(code);
      writer.flush();
    } finally {
      Writers.close(writer);
      Streams.close(output);
    }
  }