Java Reference
In-Depth Information
The MIDlet and servlet exchange various byte arrays, such as the timestamp, the random
number, and the message digest value. To make this work smoothly in the context of HTTP
headers, which are plain text, the byte arrays are exchanged as hexadecimal strings. A helper
class,
HexCodec
, handles the translation between hexadecimal strings and byte arrays. This
same class is used by the MIDlet and the servlet.
Let's look at the MIDlet first. Its main screen is a form in which the user can enter a user
name and a password. You might be tempted to use a
PASSWORD TextField
, but we chose not to.
For one thing, it's hard to know exactly what text you're entering. For another thing, we're
assuming that the screen of a small device is reasonably private—probably no one will be
peeking over your shoulder as you enter your password.
When the user invokes the
Login
command, the MIDlet calculates a message digest value
as described previously. It assembles various parameters into an HTTP request. It then reads
the response from the server and displays the response in an
Alert
.
The meat of the protected password algorithm is in the
login()
method. We create a time-
stamp and a random number and convert these values to byte arrays using a helper method:
long timestamp = System.currentTimeMillis();
long randomNumber = mRandom.nextLong();
byte[] timestampBytes = getBytes(timestamp);
byte[] randomBytes = getBytes(randomNumber);
The user name and password strings, which come from the MIDlet's main form, are easily
converted to byte arrays.
The entire source code for
PasswordMIDlet
is shown in Listing 18-1.
Listing 18-1.
PasswordMIDlet, a Protected Password Client
import java.io.*;
import java.util.Random;
import javax.microedition.io.*;
import javax.microedition.midlet.*;
import javax.microedition.lcdui.*;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA1Digest;
public class PasswordMIDlet
extends MIDlet
implements CommandListener, Runnable {
private Display mDisplay;
private Form mForm;
private TextField mUserField, mPasswordField;
private Random mRandom;
public void startApp() {
mDisplay = Display.getDisplay(this);
mRandom = new Random(System.currentTimeMillis());
Search WWH ::
Custom Search