Java-Android中的Socket和ObjectInputStream
我对使用Java密码类的Socket和ObjectInputStream有一个问题。 我使用一个在套接字上编写ObjectOutputStream的客户端Android和一个从同一套接字读取ObjectInputStream的客户端Java。 这是客户端/服务器的代码 客户 [守则]Java-Android中的Socket和ObjectInputStream,java,android,security,encryption,objectinputstream,Java,Android,Security,Encryption,Objectinputstream,我对使用Java密码类的Socket和ObjectInputStream有一个问题。 我使用一个在套接字上编写ObjectOutputStream的客户端Android和一个从同一套接字读取ObjectInputStream的客户端Java。 这是客户端/服务器的代码 客户 [守则] public static void functionRegistration(String usr, String pwd) throws UnknownHostException, IOException,
public static void functionRegistration(String usr, String pwd) throws UnknownHostException, IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException{
Socket socket = new Socket(SERVER_ADDRESS_STRING, PORT_NO);
BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
BufferedReader br = new BufferedReader(new InputStreamReader(socket.getInputStream()));
socket.setSoTimeout(DEFAULT_TIMEOUT);
if(!socket.isConnected()){
System.out.println("[!] [Client] Connection problem!");
socket.close();
return;
}
//Diffie-Hellman
BigInteger shared_key = DiffieHellmanExchangeClient(socket, br, bw);
byte[] hash = ObjectHash.getByteHashCode(shared_key, SECURE_HASH_TYPE.SHA384);
//Extract IV and cipherKey
byte[] IV = new byte[16];
byte[] cipherKey = new byte[32];
int i, limit;
for(i = 0; i < IV.length; i++)
IV[i] = hash[i];
limit = i;
for(; i < hash.length; i++)
cipherKey[i - limit] = hash[i];
//Send username
bw.write(usr);
bw.write("\r\n");
bw.flush();
ObjectOutputStream oos = new ObjectOutputStream(socket.getOutputStream());
//Hash password
String passwordHash = new String(ObjectHash.getByteHashCode(pwd, SECURE_HASH_TYPE.SHA512));
//Cipher password
String encryptedPasswordHash = new String(cipherMessage(passwordHash, cipherKey));
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
IvParameterSpec ivparameters = new IvParameterSpec(IV);
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(cipherKey, "AES"), ivparameters);
oos.writeObject(new SealedObject(encryptedPasswordHash, cipher));
oos.flush();
if(br.readLine().compareTo("ACK") == 0)
Log.d("ACK", "ACK_RECEIVED");
else
Log.d("ACK","Something was wrong");
br.close();
bw.close();
socket.close();
}
private void getRegistrationUser() throws IOException, InvalidKeyException, InvalidAlgorithmParameterException{
String username = br.readLine();
System.out.println("[+] [Server - Thread " + Thread.currentThread().getId() + "] Username received");
//SHA384 of shared key
byte[] hash = ObjectHash.getByteHashCode(shared_key, SECURE_HASH_TYPE.SHA384);
byte[] IV = new byte[16];
byte[] cipherKey = new byte[32];
int j, limit;
for(j = 0; j < IV.length; j++)
IV[j] = hash[j];
limit = j;
for(; j < hash.length; j++)
cipherKey[j - limit] = hash[j];
try{
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
IvParameterSpec ivparameters = new IvParameterSpec(IV);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(cipherKey, "AES"), ivparameters);
ObjectInputStream ois = new ObjectInputStream(client.getInputStream());
String encryptedHashPassword = (String)((SealedObject)ois.readObject()).getObject(cipher);
String decryptedHashPassword = decipherMessage(encryptedHashPassword, cipherKey);
ois.close();
sendACK();
}
catch (IOException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
}
public static void function registration(String usr,String pwd)抛出UnknownHostException、IOException、InvalidKeyException、NoSuchAlgorithmException、NoSuchProviderException、NoSuchPaddingException、InvalidAlgorithmParameterException、IllegalBlockSizeException、BadPaddingException{
套接字=新套接字(服务器地址字符串、端口号);
BufferedWriter bw=新的BufferedWriter(新的OutputStreamWriter(socket.getOutputStream());
BufferedReader br=新的BufferedReader(新的InputStreamReader(socket.getInputStream());
socket.setSoTimeout(默认超时);
如果(!socket.isConnected()){
System.out.println(“[!][客户端]连接问题!”);
socket.close();
返回;
}
//迪菲·赫尔曼
BigInteger共享密钥=DiffieHellmanExchangeClient(套接字,br,bw);
字节[]哈希=ObjectHash.getByteHashCode(共享密钥,安全哈希类型.SHA384);
//摘录IV和密码匙
字节[]IV=新字节[16];
字节[]密码键=新字节[32];
int i,极限;
对于(i=0;i public static void functionRegistration(String usr, String pwd) throws UnknownHostException, IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException{
Socket socket = new Socket(SERVER_ADDRESS_STRING, PORT_NO);
BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
BufferedReader br = new BufferedReader(new InputStreamReader(socket.getInputStream()));
socket.setSoTimeout(DEFAULT_TIMEOUT);
if(!socket.isConnected()){
System.out.println("[!] [Client] Connection problem!");
socket.close();
return;
}
//Diffie-Hellman
BigInteger shared_key = DiffieHellmanExchangeClient(socket, br, bw);
byte[] hash = ObjectHash.getByteHashCode(shared_key, SECURE_HASH_TYPE.SHA384);
//Extract IV and cipherKey
byte[] IV = new byte[16];
byte[] cipherKey = new byte[32];
int i, limit;
for(i = 0; i < IV.length; i++)
IV[i] = hash[i];
limit = i;
for(; i < hash.length; i++)
cipherKey[i - limit] = hash[i];
//Send username
bw.write(usr);
bw.write("\r\n");
bw.flush();
ObjectOutputStream oos = new ObjectOutputStream(socket.getOutputStream());
//Hash password
String passwordHash = new String(ObjectHash.getByteHashCode(pwd, SECURE_HASH_TYPE.SHA512));
//Cipher password
String encryptedPasswordHash = new String(cipherMessage(passwordHash, cipherKey));
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
IvParameterSpec ivparameters = new IvParameterSpec(IV);
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(cipherKey, "AES"), ivparameters);
oos.writeObject(new SealedObject(encryptedPasswordHash, cipher));
oos.flush();
if(br.readLine().compareTo("ACK") == 0)
Log.d("ACK", "ACK_RECEIVED");
else
Log.d("ACK","Something was wrong");
br.close();
bw.close();
socket.close();
}
private void getRegistrationUser() throws IOException, InvalidKeyException, InvalidAlgorithmParameterException{
String username = br.readLine();
System.out.println("[+] [Server - Thread " + Thread.currentThread().getId() + "] Username received");
//SHA384 of shared key
byte[] hash = ObjectHash.getByteHashCode(shared_key, SECURE_HASH_TYPE.SHA384);
byte[] IV = new byte[16];
byte[] cipherKey = new byte[32];
int j, limit;
for(j = 0; j < IV.length; j++)
IV[j] = hash[j];
limit = j;
for(; j < hash.length; j++)
cipherKey[j - limit] = hash[j];
try{
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
IvParameterSpec ivparameters = new IvParameterSpec(IV);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(cipherKey, "AES"), ivparameters);
ObjectInputStream ois = new ObjectInputStream(client.getInputStream());
String encryptedHashPassword = (String)((SealedObject)ois.readObject()).getObject(cipher);
String decryptedHashPassword = decipherMessage(encryptedHashPassword, cipherKey);
ois.close();
sendACK();
}
catch (IOException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
}
private void getRegistrationUser()引发IOException、InvalidKeyException、InvalidAlgorithmParameterException{
字符串username=br.readLine();
System.out.println(“[+][Server-Thread”+Thread.currentThread().getId()+”]用户名已收到”);
//共享密钥的SHA384
字节[]哈希=ObjectHash.getByteHashCode(共享密钥,安全哈希类型.SHA384);
字节[]IV=新字节[16];
字节[]密码键=新字节[32];
int j,极限;
对于(j=0;j如何解决我的问题?不能在同一个套接字上使用多个缓冲流。他们会互相窃取数据。一切都使用对象流。没有加密/解密,您的代码是否正常工作?如果我删除Twofish操作、客户端的加密消息和服务器的解密消息,代码将无法工作。在调试中,我看到当ties打开ObjectInputStream时服务器被阻塞。我不知道为什么。我还在客户端刷新了ObjectOutputStream。在您的服务器代码中,Diffie Hellman在哪里?您是如何调试应用程序的?Diffie Hellman是正确的。我测试过了。问题是,我无法在android和服务器java之间传输套接字上的加密信息,但在客户端java和服务器java之间没有TwoFish,这可能是因为流处理;尝试在缓冲读取器上使用
ObjectInputStreamObjectInputStream