| Code with Misuse: |
class SecureConnectionHandler {
@Override
public void run() {
InputStream is;
OutputStream os;
try {
is = socket.getInputStream();
os = socket.getOutputStream();
} catch (IOException e) {
throw new RuntimeException(e);
}
Certificate certificate = CertificateManager.getInstance().getCertificate();
Key privateKey = CertificateManager.getInstance().getPrivateKey();
byte[] certBytes;
try {
certBytes = certificate.getEncoded();
//send the certificate
os.write(certBytes);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte[] buffer = new byte[1024];
while (is.read(buffer) != -1) {
baos.write(buffer);
}
byte[] keyPacketEncrypted = baos.toByteArray();
Cipher privateCipher = Cipher.getInstance("DSA");
privateCipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] keyPacketDecrypted = privateCipher.doFinal(keyPacketEncrypted);
SecretKey secretKey = new SecretKeySpec(keyPacketDecrypted, "DSA");
Cipher communicationCipher = Cipher.getInstance("DSA");
communicationCipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] dataBuffer = new byte[1024 * 4];
while (is.read(dataBuffer) != -1) {
byte[] encryptedData = communicationCipher.doFinal(dataBuffer);
handler.handle(encryptedData);
}
} catch (CertificateEncodingException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
} catch (NoSuchPaddingException e) {
throw new RuntimeException(e);
} catch (InvalidKeyException e) {
throw new RuntimeException(e);
} catch (BadPaddingException e) {
throw new RuntimeException(e);
} catch (IllegalBlockSizeException e) {
throw new RuntimeException(e);
}
}
}
|
