| Code with Misuse: |
class SecureConnectionHandler { @Override public void run() { InputStream is; OutputStream os; try { is = socket.getInputStream(); os = socket.getOutputStream(); } catch (IOException e) { throw new RuntimeException(e); } Certificate certificate = CertificateManager.getInstance().getCertificate(); Key privateKey = CertificateManager.getInstance().getPrivateKey(); byte[] certBytes; try { certBytes = certificate.getEncoded(); //send the certificate os.write(certBytes); ByteArrayOutputStream baos = new ByteArrayOutputStream(); byte[] buffer = new byte[1024]; while (is.read(buffer) != -1) { baos.write(buffer); } byte[] keyPacketEncrypted = baos.toByteArray(); Cipher privateCipher = Cipher.getInstance("DSA"); privateCipher.init(Cipher.DECRYPT_MODE, privateKey); byte[] keyPacketDecrypted = privateCipher.doFinal(keyPacketEncrypted); SecretKey secretKey = new SecretKeySpec(keyPacketDecrypted, "DSA"); Cipher communicationCipher = Cipher.getInstance("DSA"); communicationCipher.init(Cipher.DECRYPT_MODE, secretKey); byte[] dataBuffer = new byte[1024 * 4]; while (is.read(dataBuffer) != -1) { byte[] encryptedData = communicationCipher.doFinal(dataBuffer); handler.handle(encryptedData); } } catch (CertificateEncodingException e) { throw new RuntimeException(e); } catch (IOException e) { throw new RuntimeException(e); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } catch (NoSuchPaddingException e) { throw new RuntimeException(e); } catch (InvalidKeyException e) { throw new RuntimeException(e); } catch (BadPaddingException e) { throw new RuntimeException(e); } catch (IllegalBlockSizeException e) { throw new RuntimeException(e); } }}
|
