| 1 | package jregistrate; |
|---|
| 2 | |
|---|
| 3 | import java.io.*; |
|---|
| 4 | import java.util.*; |
|---|
| 5 | import javax.servlet.ServletException; |
|---|
| 6 | import javax.servlet.http.*; |
|---|
| 7 | import java.sql.*; |
|---|
| 8 | import org.sqlite.JDBC; |
|---|
| 9 | import javax.crypto.*; |
|---|
| 10 | import javax.crypto.spec.*; |
|---|
| 11 | import javax.xml.bind.DatatypeConverter; |
|---|
| 12 | |
|---|
| 13 | |
|---|
| 14 | /* Copyright (C) 2015 Blindspot Security LLC. All rights reserved. |
|---|
| 15 | * Author: Timothy D. Morgan |
|---|
| 16 | */ |
|---|
| 17 | public class BaseServlet extends HttpServlet { |
|---|
| 18 | protected Connection openDB() |
|---|
| 19 | { |
|---|
| 20 | Connection connection = null; |
|---|
| 21 | try |
|---|
| 22 | { |
|---|
| 23 | Class.forName("org.sqlite.JDBC"); |
|---|
| 24 | // create a database connection |
|---|
| 25 | connection = DriverManager.getConnection("jdbc:sqlite:webapps/jregistrate/WEB-INF/db/jregistrate.db"); |
|---|
| 26 | Statement statement = connection.createStatement(); |
|---|
| 27 | } |
|---|
| 28 | catch (Exception e) |
|---|
| 29 | { |
|---|
| 30 | e.printStackTrace(); |
|---|
| 31 | } |
|---|
| 32 | |
|---|
| 33 | return connection; |
|---|
| 34 | } |
|---|
| 35 | |
|---|
| 36 | public String htmlEncode(String s) |
|---|
| 37 | { |
|---|
| 38 | return s.replaceAll("&","&").replaceAll("<","<").replaceAll(">",">").replaceAll("\"", """).replaceAll("'", "'"); |
|---|
| 39 | } |
|---|
| 40 | |
|---|
| 41 | public static byte[] hexStringToByteArray(String s) |
|---|
| 42 | { |
|---|
| 43 | int len = s.length(); |
|---|
| 44 | byte[] data = new byte[len / 2]; |
|---|
| 45 | for (int i = 0; i < len; i += 2) { |
|---|
| 46 | data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) |
|---|
| 47 | + Character.digit(s.charAt(i+1), 16)); |
|---|
| 48 | } |
|---|
| 49 | return data; |
|---|
| 50 | } |
|---|
| 51 | /* |
|---|
| 52 | public static String decryptLastFour(String encrypted) throws Exception |
|---|
| 53 | { |
|---|
| 54 | byte[] cipher_text = DatatypeConverter.parseBase64Binary(encrypted); |
|---|
| 55 | SecretKey key = new SecretKeySpec(hexStringToByteArray("5369787465656E2062797465206B6579"), "AES"); |
|---|
| 56 | |
|---|
| 57 | Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); |
|---|
| 58 | //Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding"); |
|---|
| 59 | cipher.init(Cipher.DECRYPT_MODE, key); |
|---|
| 60 | byte[] plain_text = cipher.doFinal(cipher_text); |
|---|
| 61 | |
|---|
| 62 | return new String(plain_text, "utf-8"); |
|---|
| 63 | } |
|---|
| 64 | */ |
|---|
| 65 | public static String decryptLastFour(String encrypted) throws Exception |
|---|
| 66 | { |
|---|
| 67 | int i, blocksize = 16; |
|---|
| 68 | byte[] blob = DatatypeConverter.parseBase64Binary(encrypted); |
|---|
| 69 | byte[] cipher_text = new byte[blob.length-blocksize]; |
|---|
| 70 | byte[] iv = new byte[blocksize]; |
|---|
| 71 | for(i=0; i < blocksize; i++) |
|---|
| 72 | iv[i] = blob[i]; |
|---|
| 73 | for(i=blocksize; i < blob.length; i++) |
|---|
| 74 | cipher_text[i-blocksize] = blob[i]; |
|---|
| 75 | |
|---|
| 76 | SecretKey key = new SecretKeySpec(hexStringToByteArray("5369787465656E2062797465206B6579"), "AES"); |
|---|
| 77 | IvParameterSpec ivSpec = new IvParameterSpec(iv); |
|---|
| 78 | |
|---|
| 79 | Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); |
|---|
| 80 | //Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding"); |
|---|
| 81 | cipher.init(Cipher.DECRYPT_MODE, key, ivSpec); |
|---|
| 82 | byte[] plain_text = cipher.doFinal(cipher_text); |
|---|
| 83 | |
|---|
| 84 | return new String(plain_text, "utf-8"); |
|---|
| 85 | } |
|---|
| 86 | } |
|---|
