Java Reference
In-Depth Information
to retrieve session information for this client. Without this session information, each HTTP
request from client to server would need to reinitialize the ciphers so that they didn't get
unsynchronized.
StealthMIDlet
retrieves the response from the server as hexadecimal ciphertext. It converts
the string to a byte array, and then decrypts the byte array using the MIDlet's incoming cipher.
The decrypted message is displayed in an
Alert
.
StealthMIDlet
makes use of the same
HexCodec
and
URLBuilder
classes that were presented
earlier in this chapter. You will need to set the MIDlet property
StealthMIDlet-URL
to point to
the location of the running
StealthServlet
.
On the server side, things are a little more complicated.
StealthServlet
should be capable
of handling multiple clients, which means it should maintain a pair of ciphers for each user
that connects. This is done using HTTP sessions, one session per user. When a client request
comes in,
StealthServlet
attempts to find two ciphers in the user's session. If they don't exist,
as will be the case the first time a user connects to the servlet, new ciphers are created. The
ciphers are initialized using keys that are unique to each user. Exactly how these keys are located
is left up to you. In this simple implementation, the
getInKey()
and
getOutKey()
methods are
hard-coded.
You should notice that the keys on the servlet side appear to be reversed from the MIDlet.
This is because the servlet's incoming cipher should decrypt using the same key as the MIDlet's
outgoing cipher.
Once
StealthServlet
has located or created the ciphers that correspond to a particular
user, it decrypts the incoming message and prints it out to the server console. Then it encrypts
a response message (also hard-coded) and sends the response back to the MIDlet.
The entire
StealthServlet
class is shown in Listing 18-6.
Listing 18-6.
The Source Code for StealthServlet
import javax.servlet.http.*;
import javax.servlet.*;
import java.io.*;
import java.util.*;
import org.bouncycastle.crypto.StreamCipher;
import org.bouncycastle.crypto.engines.RC4Engine;
import org.bouncycastle.crypto.params.KeyParameter;
public class StealthServlet extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
String user = request.getParameter("user");
// Try to find the user's cipher pair.
HttpSession session = request.getSession();
StreamCipher inCipher = (StreamCipher)session.getAttribute("inCipher");
StreamCipher outCipher = (StreamCipher)session.getAttribute("outCipher");
Search WWH ::
Custom Search