Update on crawler: adding SSL factory

658c270a · Ludovic Apvrille · 62d8c3f4 · 658c270a · 658c270a · 658c270a
Commit 658c270a authored 9 years ago by Ludovic Apvrille
--- a/src/web/crawler/Client.java
+++ b/src/web/crawler/Client.java
@@ -41,7 +41,7 @@
   * Creation: 2015
   * @version 2.0 25/03/2016
   * @author  Marie FORRAT &Angeliki AKTYPI & Ludovic APVRILLE & Dan Huynh VO
-   * @see 
+   * @see
   */
@@ -64,7 +64,8 @@ import java.util.Arrays;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import org.apache.commons.io.FileUtils;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
 public class Client {
@@ -80,30 +81,30 @@ public class Client {
        System.out.println("\n" + Message.SUC_CREATE_REQ_MESSAGE);
        return requestMsg;
    }
    /**
     *
     * @param answerMsg
     */
    public static void analyseAnswerMessage(Message answerMsg) {
        //Analyse the message from the server,
-        //Depends on the cmd, we can determine the values 
+        //Depends on the cmd, we can determine the values
        String cmd = answerMsg.getCmd();
        // System.out.println(cmd);
        if (cmd == null) {
            System.out.println(Message.ERR_CMD);
-        } 
+        }
        else if (cmd.equals(Message.RESULT_SEARCH)) {
            //show GUI for search
            //Call Huy's function
            ArrayList<Object> res = new ArrayList();
            res = answerMsg.getContent();
            System.out.println("\n"+res);
-        } 
+        }
        else if (cmd.equals(Message.RESULT_DETAIL)) {
            //show GUI for detail of a specific record
            //Call Huy's function
@@ -111,34 +112,34 @@ public class Client {
            res = answerMsg.getContent();
            System.out.println("\n"+res);
-        } 
+        }
        else if (cmd.equals(Message.RESULT_STATISTIC)) {
            //Show picture-Use a function to convert binary to image
-            //Message.convertByteToImage(answerMsg.getImageByte());    
+            //Message.convertByteToImage(answerMsg.getImageByte());
            ArrayList<Object> resultContent = new ArrayList();
            resultContent = answerMsg.getContent();
            byte[] imgByte = (byte[]) resultContent.get(0);
            Message.convertByteToImage(imgByte,answerMsg);
            //Call Huy's function to load Image
-        } 
+        }
        else if (cmd.equals(Message.RESULT_HISTOGRAM)) {
            //Show picture-Use a function to convert binary to image
-            //Message.convertByteToImage(answerMsg.getImageByte());    
+            //Message.convertByteToImage(answerMsg.getImageByte());
            ArrayList<Object> resultContent = new ArrayList();
            resultContent = answerMsg.getContent();
            byte[] imgByte = (byte[]) resultContent.get(0);
            Message.convertByteToImage(imgByte,answerMsg);
            //Call Huy's function to load Image
-        } 
+        }
        else {
            System.out.print(Message.ERR_CMD2);
        }
@@ -150,9 +151,16 @@ public class Client {
     * @param args
     */
    public static void main(String[] args) {
+        SSLSocket client = null;
        try {
-            Socket client = new Socket("LocalHost", WebCrawler.PORT);
+            SSLSocketFactory sslSocketFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
-            TraceManager.addDev("Client has been created successfully!");
+            client = (SSLSocket)sslSocketFactory.createSocket("LocalHost",12345);
+            client.setEnabledCipherSuites(client.getSupportedCipherSuites());
+            System.out.println("Client has been created successfully!");
            ObjectOutputStream outputStream = new ObjectOutputStream(client.getOutputStream());
            ObjectInputStream inputStream = new ObjectInputStream(client.getInputStream());
@@ -161,8 +169,8 @@ public class Client {
            String cmd;
            ArrayList<String> options = new ArrayList();
            ArrayList<String> values = new ArrayList();
-            //  open up standard input 
+            //  open up standard input
            BufferedReader br;
            /* Buffer */
@@ -173,33 +181,33 @@ public class Client {
            /* Read from console */
            cmd = br.readLine();
            System.out.print("\n");
            while (true) {
                if (cmd.equals(Message.CMD_SEARCH)) {
                    options.add(Message.OPTION_KEY_WORDS);
                    options.add(Message.OPTION_DATE);
                    options.add(Message.OPTION_SCORE);
                    options.add(Message.OPTION_SYSTEM);
                    options.add(Message.OPTION_NUMBER);
                    System.out.println("Insert the keyword, the year, the score "
-                            +"the system and the number of results that you wish.");
+                                       +"the system and the number of results that you wish.");
                    System.out.println("Example:buffer-injection this-year linux 4-5 10\n");
                    String arguments = br.readLine();
                    String[] argument = arguments.split(" ");
                    for (int i = 0; i < 5; i++) {
                        //System.out.println(argument[i]);
                        values.add(argument[i]);
-                    }                    
+                    }
                    break;
-                } 
+                }
                else if (cmd.equals(Message.CMD_DETAIL)) {
                    options.add(Message.OPTION_KEY_WORDS);
                    System.out.println("Insert the cve-id that you wish.");
                    System.out.println("Example:CVE-2015-0001\n");
@@ -207,64 +215,64 @@ public class Client {
                    values.add(argument);
                    break;
                }
                //Creat a statistic image request
                else if (cmd.equals(Message.CMD_STATISTIC)) {
                    options.add(Message.OPTION_KEY_WORDS);
-                    System.out.println("Insert the systems that you wish " 
+                    System.out.println("Insert the systems that you wish "
-                                    +"to be statistically examined.");
+                                       +"to be statistically examined.");
                    System.out.println("Example:linux apache chrome windows sql\n");
                    String arguments = br.readLine();
                    values.add(arguments);
                    //String[] argument = arguments.split(" ");
-                  /*  for (int i = 0; i < argument.length; i++) {
+                    /*  for (int i = 0; i < argument.length; i++) {
-                        //System.out.println(argument[i]);
+                    //System.out.println(argument[i]);
-                        values.add(argument[i]);
+                    values.add(argument[i]);
                    }*/
                    break;
-                }  
+                }
-                 else if (cmd.equals(Message.CMD_HISTOGRAM)) {
+                else if (cmd.equals(Message.CMD_HISTOGRAM)) {
                    options.add(Message.OPTION_KEY_WORDS);
-                    System.out.println("Insert one system that you wish " 
+                    System.out.println("Insert one system that you wish "
-                                    +"to be statistically examined.");
+                                       +"to be statistically examined.");
                    System.out.println("Example:linux\n");
                    String arguments = br.readLine();
-                  /*  String[] argument = arguments.split(" ");
+                    /*  String[] argument = arguments.split(" ");
-                    for (int i = 0; i < argument.length; i++) {
+                        for (int i = 0; i < argument.length; i++) {
                        //System.out.println(argument[i]);
                        values.add(argument[i]);
-                    }*/
+                        }*/
                    values.add(arguments);
                    break;
-                }          
+                }
                else {
                    System.out.print(Message.ERR_CMD2);
                    break;
-                } 
+                }
            }
            //Create a msg with constructors
            Message msg = createRequestMessage(cmd, options, values);
            //Push the message to server
            outputStream.writeObject(msg);
            //Get back the message from server
            Message answerMsg = new Message();
            try {
                answerMsg = (Message) inputStream.readObject();
                analyseAnswerMessage(answerMsg);
-            } 
+            }
            catch (ClassNotFoundException ex) {
                Logger.getLogger(MultiThreadServer.class.getName()).log(Level.SEVERE, null, ex);
            }

--- a/src/web/crawler/DatabaseCreation.java
+++ b/src/web/crawler/DatabaseCreation.java
@@ -349,6 +349,8 @@ public class DatabaseCreation {
            vulnerabilitesSqlFile.delete();
        }
+	TraceManager.addDev("Storing in File:" + vulnerabilitesSqlFile.toString());
        /* Store Table VULNERABILITIES                                       */
        ps = conn.prepareStatement("CALL SYSCS_UTIL.SYSCS_EXPORT_TABLE (?,?,?,?,?,?)");
        ps.setString(1, null);

--- a/src/web/crawler/MultiThreadServer.java
+++ b/src/web/crawler/MultiThreadServer.java
@@ -65,6 +65,7 @@ import java.util.logging.Logger;
 import javax.xml.transform.TransformerException;
 import org.apache.commons.io.FileUtils;
 import web.crawler.WebCrawler;
+import myutil.externalSearch.Message;
 public class MultiThreadServer {

--- a/src/web/crawler/ThreadSocket.java
+++ b/src/web/crawler/ThreadSocket.java
@@ -42,7 +42,7 @@
   * Creation: 2015
   * @version 2.0 25/03/2016
   * @author  Dan Huynh VO, Ludovic APVRILLE
-   * @see 
+   * @see
   */
 package web.crawler;
@@ -54,24 +54,27 @@ import java.sql.SQLException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.xml.transform.TransformerException;
+import myutil.externalSearch.Message;
+import javax.net.ssl.SSLSocket;
 public class ThreadSocket extends Thread {
-   Socket socket = null;
+    SSLSocket socket = null;
-   DatabaseQuery database = null;
+    DatabaseQuery database = null;
    /**
     *
     * @param socket
     * @param database
     */
-    public ThreadSocket(Socket socket, web.crawler.DatabaseQuery database){
+    public ThreadSocket(SSLSocket socket, web.crawler.DatabaseQuery database){
        this.socket = socket;
        this.database=database;
    }
    @Override
    public void run() {
        try {
@@ -79,34 +82,34 @@ public class ThreadSocket extends Thread {
            //Receive from clients
            ObjectOutputStream toClient = new ObjectOutputStream(socket.getOutputStream());
            //Send to clients
-                //Create a new message to prepare getting the message from client
+            //Create a new message to prepare getting the message from client
-                Message requestMsg = new Message();
+            Message requestMsg = new Message();
-                try {
+            try {
-                    requestMsg = (Message) fromClient.readObject();
+                requestMsg = (Message) fromClient.readObject();
-                } catch (ClassNotFoundException ex) {
+            } catch (ClassNotFoundException ex) {
-                    Logger.getLogger(ThreadSocket.class.getName()).log(Level.SEVERE, null, ex);
+                Logger.getLogger(ThreadSocket.class.getName()).log(Level.SEVERE, null, ex);
-                }
+            }
-                //Print the result 
+            //Print the result
-                //System.out.println(requestMsg.getCmd());
+            //System.out.println(requestMsg.getCmd());
-                //System.out.println(requestMsg.getOptions());
+            //System.out.println(requestMsg.getOptions());
-                //System.out.println(requestMsg.getValues());
+            //System.out.println(requestMsg.getValues());
-                //Read the message and then modify the content
+            //Read the message and then modify the content
-                Message answerMsg = new Message();
+            Message answerMsg = new Message();
-                answerMsg = MultiThreadServer.analyseRequestMessage(requestMsg,database);
+            answerMsg = MultiThreadServer.analyseRequestMessage(requestMsg, database);
-                //Send it back to the client
+            //Send it back to the client
-                toClient.writeObject(answerMsg);
+            toClient.writeObject(answerMsg);
-                toClient.close();
+            toClient.close();
-                fromClient.close();
+            fromClient.close();
-                socket.close();
+            socket.close();
        } catch (IOException ex) {
            Logger.getLogger(ThreadSocket.class.getName()).log(Level.SEVERE, null, ex);
        } catch (SQLException ex) {

--- a/src/web/crawler/WebCrawler.java
+++ b/src/web/crawler/WebCrawler.java
@@ -65,6 +65,11 @@ import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.concurrent.TimeUnit;
 import static web.crawler.FileManagement.ParsingXML;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+import java.text.SimpleDateFormat;
+import java.util.Date;
@@ -119,12 +124,16 @@ public class WebCrawler {
                File thisyearfile = new File(FileNames[0]);
                thisyearfile.delete();
                File lastyearfile = new File(FileNames[1]);
                lastyearfile.delete();
                File beforelastyearfile = new File(FileNames[2]);
                beforelastyearfile.delete();
                File beforebeforelastyearfile = new File(FileNames[3]);
                beforebeforelastyearfile.delete();
                database.deleteReferencesSqlFile();
                database.deleteVulnerabilitesSqlFile();
                database.deleteSoftwaresSqlFile();
@@ -155,7 +164,7 @@ public class WebCrawler {
        } else {
            /* Read XML file and store the informations in the database          */
-            for (String xmlFile : FileNames) {
+            for (String xmlFile: FileNames) {
                ParsingXML(xmlFile, pathToFiles, database);
            }
            System.out.println("Total records insert in the database: " + database.getTotalRecordsInDatabase() + "\n\n");
@@ -177,7 +186,6 @@ public class WebCrawler {
            pathToFiles = "";
        }
-	TraceManager.addDev("PathtoFiles=" + pathToFiles);
        String thisyear = new SimpleDateFormat("yyyy").format(new Date());
@@ -216,14 +224,21 @@ public class WebCrawler {
        /* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
        /*              Server's Protocol Initialization                     */
        /* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
+ 	SSLServerSocket sslServerSocket = null;
        try {
-            ServerSocket server = new ServerSocket(PORT);
+        //    ServerSocket server = new ServerSocket(1234);
-            TraceManager.addDev("Server has been created successfully");
+		SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
+                sslServerSocket = (SSLServerSocket) factory.createServerSocket(12345);
+            System.out.println("Server has been created successfully\n");
            while (true) { //Allow a client to connect
                //Use multithread
                //If a client asks to connect, then accept it
-                new ThreadSocket(server.accept(), dbq).start();
+		SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
+                sslSocket.setEnabledCipherSuites(sslServerSocket.getSupportedCipherSuites());
+                new ThreadSocket(sslSocket, dbq).start();
            }
        } catch (IOException e) {