📄 ssl_with_signature.java
字号:
//开始解包
//int pack_len=(new Byte(buffer[3])).intValue() * 256 +(new Byte(buffer[4])).intValue();
//以下逻辑用于解决当byte大于128时转换成int会变成负数的问题
int pack_len = 0;
if(buffer[3]>=0){
pack_len = buffer[3];
}
else
{
pack_len = buffer[3] & 127 + 128;
}
pack_len=pack_len <<8;
if(buffer[4]>=0){
pack_len += buffer[4];
}
else
{
pack_len += buffer[4] & 127 + 128;
}
Show_Debug_Message("pack_len="+Integer.toString(pack_len));
if(pack_len != recv_len-5){
Show_Message("接收到签名请求信息的长度不对!");
//组Signature_alert包
buffer[0]=SSLSignatureType.signature_alert;
buffer[1]=ProtocolVersion.major;
buffer[2]=ProtocolVersion.minor;
buffer[3]=0; //长度高字节
buffer[4]=0; //长度低字节
int p=5; //用于定位
//random字段全部填0
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
for(int i=0;i<28;++i)buffer[p++]=0;
//警告类型
buffer[p++]=Signature_Alert_type.Format_error; //消息格式错误
byte[] return_message="Wrong Data Format".getBytes();
//警告原因
for(int i=0;i<return_message.length;i++)buffer[p++]=return_message[i];
buffer[3]=(byte)(((p-5)>>8) % 256); //长度不包括开头的5个字节
buffer[4]=(byte)((p-5) % 256);
SSL_with_signature.send(socket,buffer,p); //向对方发送数据
SSL_with_signature.Show_Buffer_Hex("向"+remote_host+"发送Signature_alert包!(len="+Integer.toString(p)+")",buffer,p);
try{
socket.close(); //关闭socket
} catch (IOException e)
{
callback.CatchError("关闭socket出错",e);
}
return ;
}
if(buffer[0] != SSLSignatureType.signature_request){
Show_Debug_Message("接收到签名请求信息格式错误!");
//组Signature_alert包
buffer[0]=SSLSignatureType.signature_alert;
buffer[1]=ProtocolVersion.major;
buffer[2]=ProtocolVersion.minor;
buffer[3]=0; //长度高字节
buffer[4]=0; //长度低字节
int p=5; //用于定位
//random字段全部填0
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
buffer[p++]=0;
for(int i=0;i<28;++i)buffer[p++]=0;
//警告类型
buffer[p++]=Signature_Alert_type.Format_error; //消息格式错误
byte[] return_message="Wrong Data Format".getBytes();
//警告原因
for(int i=0;i<return_message.length;i++)buffer[p++]=return_message[i];
buffer[3]=(byte)(((p-5)>>8) % 256); //长度不包括开头的5个字节
buffer[4]=(byte)((p-5) % 256);
SSL_with_signature.send(socket,buffer,p); //向对方发送数据
SSL_with_signature.Show_Buffer_Hex("向"+remote_host+"发送Signature_alert包!(len="+Integer.toString(p)+")",buffer,p);
try{
socket.close(); //关闭socket
} catch (IOException e)
{
callback.CatchError("关闭socket出错",e);
}
callback.CatchError("消息格式错误", new Exception("接收到签名请求信息格式错误!"));
return;
}
try
{
//解释请求数据,以下两个变量用于得到对方的随机数
long gmt_unix_time=0;
byte[] random_bytes=new byte[28];
//gmt_unix_time=((new Byte(buffer[5])).longValue() << 24)+((new Byte(buffer[6])).longValue() << 16)+((new Byte(buffer[7])).longValue() << 8)+(new Byte(buffer[8])).longValue();
//以下逻辑用于解决当byte大于128时转换成long会变成负数的问题
if(buffer[5]>=0){
gmt_unix_time = buffer[5];
}
else
{
gmt_unix_time = buffer[5] & 127 + 128;
}
gmt_unix_time = gmt_unix_time <<8;
if(buffer[6]>=0){
gmt_unix_time += buffer[6];
}
else
{
gmt_unix_time += buffer[6] & 127 + 128;
}
gmt_unix_time = gmt_unix_time <<8;
if(buffer[7]>=0){
gmt_unix_time += buffer[7];
}
else
{
gmt_unix_time += buffer[7] & 127 + 128;
}
gmt_unix_time = gmt_unix_time <<8;
if(buffer[8]>=0){
gmt_unix_time += buffer[8];
}
else
{
gmt_unix_time += buffer[8] & 127 + 128;
}
gmt_unix_time = gmt_unix_time <<8;
if(buffer[9]>=0){
gmt_unix_time += buffer[9];
}
else
{
gmt_unix_time += buffer[9] & 127 + 128;
}
Show_Debug_Message("gmt_unix_time ="+Long.toString(gmt_unix_time));
int p=10; //用于定位
for(int i=0;i<28;i++)random_bytes[i]=buffer[p++];
SSLRandom sslrand=new SSLRandom(gmt_unix_time,random_bytes); //恢复随机数
//结果填充到Signature_request结构
S_request.random=sslrand;
//S_request.signdata_desc_length=(new Byte(buffer[p++])).intValue() * 256 + (new Byte(buffer[p++])).intValue();
//以下逻辑用于解决byte转换成int时高位为1变成负数的问题
int signdata_desc_length = 0;
if(buffer[p]>=0){
signdata_desc_length = buffer[p];
}
else
{
signdata_desc_length = buffer[p] & 127 + 128;
}
signdata_desc_length = signdata_desc_length <<8;
p++;
if(buffer[p]>=0){
signdata_desc_length = buffer[p];
}
else
{
signdata_desc_length = buffer[p] & 127 + 128;
}
p++;
S_request.signdata_desc_length = signdata_desc_length;
Show_Debug_Message("signdata_desc_length="+Integer.toString(S_request.signdata_desc_length));
S_request.signdata_desc=new byte[S_request.signdata_desc_length];
for(int i=0;i<S_request.signdata_desc_length;i++)S_request.signdata_desc[i]=buffer[p++];
//S_request.signdata_length=(new Byte(buffer[p++])).intValue() * 256 + (new Byte(buffer[p++])).intValue();
int signdata_length = 0;
if(buffer[p]>=0){
signdata_length = buffer[p];
}
else
{
signdata_length = buffer[p] & 127 + 128;
}
signdata_length = signdata_length <<8;
p++;
if(buffer[p]>=0){
signdata_length = buffer[p];
}
else
{
signdata_length = buffer[p] & 127 + 128;
}
p++;
S_request.signdata_length = signdata_length;
Show_Debug_Message("signdata_length="+Integer.toString(S_request.signdata_length));
S_request.signdata=new byte[S_request.signdata_length];
for(int i=0;i<S_request.signdata_length;i++)S_request.signdata[i]=buffer[p++];
byte signatureAlgorithm=buffer[p++]; //签名算法
//int s_length=(new Byte(buffer[p++])).intValue(); //签名值的长度
int s_length = 0;
if(buffer[p]>=0){
s_length = buffer[p];
}
else
{
s_length = buffer[p] & 127 + 128;
}
p++;
Show_Debug_Message("s_length="+Integer.toString(s_length));
byte[] signatureValue=new byte[s_length];
for(int i=0;i<s_length;i++)signatureValue[i]=buffer[p++];
DSignature dsignature=new DSignature(signatureAlgorithm,s_length,signatureValue);
S_request.request_signature=dsignature;
} catch ( Exception e)
{
System.err.println("解释Signature_request包出错:" + e.getMessage());
e.printStackTrace();
//组Signature_alert包
buffer[0]=SSLSignatureType.signature_alert;
buffer[1]=ProtocolVersion.major;
buffer[2]=ProtocolVersion.minor;
buffer[3]=0; //长度高字节
buffer[4]=0; //长度低字节
int p=5; //用于定位
//random字段
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>32) % 256); //从UINT32 -> UINT40
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>24) % 256);
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>16) % 256);
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>8) % 256);
buffer[p++]=(byte)(S_request.random.gmt_unix_time % 256);
for(int i=0;i<28;++i)buffer[p++]=S_request.random.random_bytes[i];
//警告类型
buffer[p++]=Signature_Alert_type.System_interal_error; //系统故障
byte[] return_message="Encounter the system interal error.Can not explain your request.".getBytes();
//警告原因
for(int i=0;i<return_message.length;++i)buffer[p++]=return_message[i];
buffer[3]=(byte)(((p-5)>>8) % 256); //长度不包括开头的5个字节
buffer[4]=(byte)((p-5) % 256);
SSL_with_signature.send(socket,buffer,p); //向对方发送数据
SSL_with_signature.Show_Buffer_Hex("向"+remote_host+"发送Signature_alert包!(len="+Integer.toString(p)+")",buffer,p);
try{
socket.close(); //关闭socket
} catch (IOException e1)
{
callback.CatchError("关闭socket出错" , e);
}
callback.CatchError("消息格式错误", new Exception("解释签名请求包导致系统出错"));
return ;
}
if (RandomUsed(S_request.random)) //检查随机数是否已经用过,用于防止重放攻击
{
//组Signature_alert包
buffer[0]=SSLSignatureType.signature_alert;
buffer[1]=ProtocolVersion.major;
buffer[2]=ProtocolVersion.minor;
buffer[3]=0; //长度高字节
buffer[4]=0; //长度低字节
int p=5; //用于定位
//random字段
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>32) % 256); //从UINT32 -> UINT40
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>24) % 256);
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>16) % 256);
buffer[p++]=(byte)((S_request.random.gmt_unix_time>>8) % 256);
buffer[p++]=(byte)(S_request.random.gmt_unix_time % 256);
for(int i=0;i<28;++i)buffer[p++]=S_request.random.random_bytes[i];
//警告类型
buffer[p++]=Signature_Alert_type.Illegal_random; //非法随机数
byte[] return_message="Illegal random".getBytes();
//警告原因
for(int i=0;i<return_message.length;++i)buffer[p++]=return_message[i];
buffer[3]=(byte)(((p-5)>>8) % 256); //长度不包括开头的5个字节
buffer[4]=(byte)((p-5) % 256);
SSL_with_signature.send(socket,buffer,p); //向对方发送数据
SSL_with_signature.Show_Buffer_Hex("向"+remote_host+"发送Signature_alert包!(len="+Integer.toString(p)+")",buffer,p);
try{
socket.close(); //关闭socket
} catch (IOException e)
{
callback.CatchError("关闭socket出错" , e);
}
callback.CatchError("可能受到重放攻击", new Exception("签名请求的随机数刚才用过"));
return;
}
boolean Verify_Requester_Signature_OK=false; //验证通过的标志
try{
byte request_data[]=new byte[S_request.signdata_desc_length+S_request.signdata_length]; //签名请求的数据
for(int i=0;i<S_request.signdata_desc_length;++i)request_data[i]=S_request.signdata_desc[i];
for(int i=0;i<S_request.signdata_length;++i)request_data[i+S_request.signdata_desc_length]=S_request.signdata[i];
Verify_Requester_Signature_OK=S_request.request_signature.Verify(request_data,partner_publickey);
} catch (Exception e)
{
callback.CatchError("验证对方签名时出错",e);
return;
}
if(Verify_Requester_Signature_OK){ //用对方的公钥验证对签名请求的签名
//选择签名算法,同时检查自己的私钥是否有生成签名的能力
byte sign_algorithm=0;
if(my_privatekey.getAlgorithm().equals("RSA"))
sign_algorithm=SignatureAlgorithm.md5RSA;
else
if(my_privatekey.getAlgorithm().equals("DSA"))
sign_algorithm=SignatureAlgorithm.sha1DSA;
else
{ //受限与SSL协议,暂时不支持其他的公钥签名算法
//组Signature_alert包
buffer[0]=SSLSignatureType.signature_alert;
buffer[1]=ProtocolVersion.major;
buffer[2]=ProtocolVersion.minor;
buffer[3]=0; //长度高字节
buffer[4]=0; //长度低字节
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -