标签归档:e-commerce

Security for Java and E-commerce Environments

Click here to download code (NB: You should register first)

[download id=”6″]

 

Assignment 5 (Client/Server Message Security)

Purpose: Develop an AC module to login users and accept their (typed) message. The module should comprehensively protect the message using a combination of secret and public key cryptography. Channel protection should be provided by the SSL (through JSSE), message protection by the PKCS#7 or S/MIME formats.

 

Client/Server

1. Operate server:


2. Register for users:


 

3. Login:


 

4. Chat (message transfer)


Main code:

1. AppServer.java

//Code for the connect class

class Connect

{

ObjectOutputStream streamToClient;

int ctr=0;


BufferedReader streamFromClient;


static
Vector
vector;

static
Vector
vctrList;

String message=” “;

static String str=new String(“UsrList”);

 

static

{


vector=new
Vector(1,1);

vctrList=new
Vector(1,1);

vctrList.addElement((String)str);

}

 

 

int verify(String mesg)

{


try

{

RandomAccessFile RAS=new RandomAccessFile(“UsrPwd.txt”, “r”);

int
i=0;

String str=””;

while((RAS.getFilePointer())!=(RAS.length()))

{

str=RAS.readLine();

if(str.equals(mesg))

{

ctr=1;

break;


}

}

RAS.close();

}

catch(Exception e)

{


}


return ctr;


 

}//end of verify()

 

2. clientInt.java

class TimerAction implements ActionListener

{

Socket toServer;

ObjectInputStream streamFromServer;

PrintStream streamToServer;

public
void actionPerformed(ActionEvent e2)

{

 

try

{

toServer=new Socket(“machine-name”,1001);

streamFromServer=new ObjectInputStream(toServer.getInputStream());

streamToServer=new PrintStream(toServer.getOutputStream());

message=txtMsg.getText();


//send a message to the server

streamToServer.println(“From Timer”);


//receive vectors from the server

Vector vector=(Vector)streamFromServer.readObject();

Vector vector1=(Vector)streamFromServer.readObject();


//show the online users

txtListUsers.setText(“”);

for(int j=1;j<vector1.capacity();j++)

{

txtListUsers.append((String)vector1.elementAt(j));

txtListUsers.append(“\n”);

}


//show the messsages

int i=messageCount;

for(;i<vector.capacity();i++)

{

 

txtMessages.append((String)vector.elementAt(i));

txtMessages.append(“\n”);


}

messageCount=i;

}//end of try

 

catch(Exception e)

{

System.out.println(“Exception “+e);

}

 

}//end of actionPerformed

}//end of TimerListener class

 

3.
Register.java

public
void actionPerformed(ActionEvent e1)

{

 

JButton button=(JButton)e1.getSource(); //get the source of the event

if(button.equals(btnCancel))

{

this.dispose();

}

else

{

int ver=verify(); //call the verify()

if(ver==1)

{


try

{

//establish a socket connection and create I/O socket streams

toServer=new Socket(“machine-name”,1001);

streamFromServer=new ObjectInputStream(toServer.getInputStream());

streamToServer=new PrintStream(toServer.getOutputStream());

 

//send a message to server for Registration

streamToServer.println(“RegisterInfo”);

usrName=txtUserName.getText();

usrPwd=txtUsrPwd.getPassword();

String pwd=new String(usrPwd);

 

//send the user name and password to the server

streamToServer.println(usrName+”:”+pwd);

 

//read the response from the server

String frmServer=(String)streamFromServer.readObject();

if(frmServer.equals(“Registered”))

{

new Login();

this.dispose();

}

else
if(frmServer.equals(“User Exists”))

{


showUsrExists(); //show error message

}

 

}//end of try

catch(Exception e)

{

System.out.println(“Exception “+e);

}

}//end of if

 

}//end of else

}//end of actionPerformed()

 

4. Login.java

public
void actionPerformed(ActionEvent e1)

{

JButton button=(JButton)e1.getSource();

if(button.equals(btnCancel))

{

this.dispose(); //close the current frame

}

else
if(button.equals(btnRegister))

{

new Register(); //call Register program

this.dispose();

}

else

{

 

try

{

//create socket and input-output socket streams

toServer=new Socket(“machine-name”,1001);

streamFromServer=new ObjectInputStream(toServer.getInputStream());

streamToServer=new PrintStream(toServer.getOutputStream());

 

//send message to server for login

streamToServer.println(“LoginInfo”);

UsrName=txtUsrName.getText();

UsrPwd=txtUsrPwd.getPassword();

strPwd=new String(UsrPwd);

 

//send the user name and password to the server

streamToServer.println(UsrName+”:”+strPwd);


//read the message from the server

String frmServer=(String)streamFromServer.readObject();


if(frmServer.equals(“Welcome”))

{

new clientInt(UsrName); //start the chat screen

this.dispose();

}

else

{

showdlg();//show error message

}

 

}//end of try

catch(Exception e)

{

System.out.println(“Exception Occured: “+e);

}

}//end of if..else

}//end of actionPerformed

 

SSL through JSSE

Simple client/sever includes SimpleSSLServer and SimpleSSLClient. We should configure KeyStore and TrustStore files before we operate the program.

We use keytool to generate KeyStore, clientStore and serverstore which contain the authorization for A, B and Server.

Establish authorization for Bob:


Check the authorization:


Generate certificate:


Export the certificate:


File list:


Operate server:


Operate client:


 

PKCS#7 implementation

Use java Security package. There is no PKCS#7 for digital signature in jdk. So we use BASE64 code as follows: