import java.io.*;
import java.text.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import java.lang.*;
import sun.misc.*;
import javax.crypto.*;
import java.math.BigInteger;
import java.math.*;
import java.sql.*;
import java.math.*;

public class testLeftFrame extends HttpServlet{

private static final long serialVersionUID = 1L;
ResourceBundle rb = ResourceBundle.getBundle("LocalStrings");

public void doGet(HttpServletRequest req,HttpServletResponse res) throws ServletException,IOException {
res.setContentType("text/html; charset =big5");
PrintWriter out = res.getWriter();

/* Test random number
testRandom tr = new testRandom();
tr.init();
String challenge = new String(tr.ChallengeID);
*/

byte[] pSignature = new byte[96];

HttpSession session = req.getSession(true);
String headerValue = new String();
Enumeration eRequestHeaderArray = req.getHeaderNames();

/* Check the browser */
while (eRequestHeaderArray.hasMoreElements()) {
String headerName = (String)eRequestHeaderArray.nextElement();
if(headerName.equals("user-agent")){
headerValue = req.getHeader(headerName);
BASE64Decoder decoder = new BASE64Decoder();
try{
pSignature = decoder.decodeBuffer(headerValue.substring(0,129)) ;
}catch(Exception e) {
out.println("<html><head>");
out.println("<meta http-equiv=\"refresh\" content=\"5; url=testLeftFrame\">");
out.println("</head>");
out.println("Sorry, your browser are not allowed");
}
}
}

if((headerValue.indexOf("MSIE")!=-1)||(headerValue.indexOf("Firefox")!=-1)||(headerValue.indexOf("Mozilla")!=-1)) {
out.println("<html><head>");
out.println("<meta http-equiv=\"refresh\" content=\"5; url=testLeftFrame\">");
out.println("</head>");
out.println("<body>");
out.println("<h3>" + "" + "</h3>");
out.println("Sorry, your browser is not allowed to access me");
out.println("If you still want to access me,Please plugin the proper browser");
session.setAttribute("Status",new String("Logout"));
out.println("<script language='JavaScript'>");
out.println("window.open('testRightFrame', target=\"main\")");
out.println("</script>");
}else if(headerValue.indexOf("Sorry")!=-1) {
out.println("<html><head>");
out.println("<meta http-equiv=\"refresh\" content=\"5; url=testLeftFrame\">");
out.println("</head>");
out.println("<body>");
out.println("<h3>" + "" + "</h3>");
out.println("Sorry, your are not allowed to access me because there is something wrong with your token");
out.println("<h3>" + "" + "</h3>");
out.println("If you still want to access me,Please make sure your ikey is fine");
session.setAttribute("Status",new String("Logout"));
out.println("<script language='JavaScript'>");
out.println("window.open('testRightFrame', target=\"main\")");
out.println("</script>");
}else {

// Browser is recognized
try {

/* Check ID and status */
String mySessionId = (String)session.getAttribute("myId");
// String status=(String)session.getAttribute("Status");
int flag = 1; // 1 if key is not valid, otherwise 0
int flag2= 1; // 1 if not test runframe, otherwise 0
byte[] mySessionIdbyte = mySessionId.getBytes();
out.println(mySessionIdbyte);
KeyFactory kf = KeyFactory.getInstance("RSA");
RSAPublicKeySpec rsaPubKeySpec = null;
String username=new String("");
if(session.getAttribute("userName")==null) {
username = req.getParameter("username");
session.setAttribute("userName",username);
}else {
username=(String)session.getAttribute("userName");
}

if(session.getAttribute("Status")==null) {
flag2=0;
} else if(((String)session.getAttribute("Status")).equals ("Logout")) {
flag2=0;
}

/* Setup the database */
String url = "jdbc:mysql://localhost/db";
Class.forName ("com.mysql.jdbc.Driver").newInstance ();
Connection conn = null;
conn = DriverManager.getConnection (url,"root","PASSWORD");
//out.println ("Database connection established");
flag = 1;

/* Select the user key from the database */
Statement stmt = conn.createStatement();
String query = "SELECT pExponent, pModulus FROM tb WHERE user = '" + username + "'";
ResultSet rs = stmt.executeQuery(query);



while (rs.next()){
String exponent = rs.getString("pExponent");
BigInteger pExponent = new BigInteger(exponent.substring(0), 16);
out.println(pExponent);
String modulus = rs.getString("pModulus");
BigInteger pModulus = new BigInteger(modulus.substring(0), 16);
out.println(pModulus);

/* checking the key */
rsaPubKeySpec = new RSAPublicKeySpec(pModulus,pExponent);
}
out.println("6");
PublicKey pubkey = (PublicKey)kf.generatePublic(rsaPubKeySpec);
out.println("7");
Cipher rsaCipher=Cipher.getInstance("RSA");
out.println("8");
rsaCipher.init(Cipher.DECRYPT_MODE, pubkey);
out.println("9");
byte[] clear = rsaCipher.doFinal(pSignature);
out.println("10");
/* loop to check the key byte by byte */
for(int i=0;i<8;i++) {
if(clear[i]==mySessionIdbyte[i]) {
flag = 0;
out.println(clear[i]);
out.println(mySessionIdbyte[i]);
out.println("abc");
} else {
out.println("<html><head>");
//out.println("<meta http-equiv=\"refresh\" content=\"5; url=testLeftFrame\">");
out.println("</head>");
out.println("<!--WHO_Challenge"+username+"-->");
out.println("<body>");
out.println(username+"---------Sorry, you are not allowed to access here");
session.setAttribute("myId",username);
session.setAttribute("Status",new String("Logout"));
out.println("<script language='JavaScript'>");
out.println("window.open('testRightFrame', target=\"main\")");
out.println("</script>");
flag = 1;
break;}

}


/* print successful login information */
if(flag == 0){
out.println("<html><head>");
out.println("<meta HTTP-EQUIV=\"REFRESH\" CONTENT=\"5; URL=javascript:parent.contents.location.reload();\ ">");
out.println("</head>");
out.println("<!--WHO_Challenge"+username+"-->");
out.println("<body>");
out.println("<h3>" + "" + "</h3>");
out.println(username+"-------Successfully Login");
out.println("<h3>" + "" + "</h3>");
session.setAttribute("myId",username);
session.setAttribute("Status",new String("Login"));
out.println("<script language='JavaScript'>");
if(flag2==0) {
out.println("12");
out.println("window.open('testRunFrame', target=\"main\");");
//out.println("parent.contents.location='testLeftFra me';");
out.println("</script>");
}

}
//generate random number
Random generator = new Random();
int randno = generator.nextInt(262143);
out.println("use this random number to login again using IE. " +randno);
//store the random no. to database
String query1 = "update tb set random ='" + randno + "'where user = '" +username+"';";
out.println(query1);
stmt.executeUpdate(query1);


}catch(Exception e) {
/* exception handling for failed login */
out.println("<html><head>");
out.println("</head>");
out.println("<meta http-equiv=\"refresh\" content=\"5; url=testLeftFrame\">");
out.println("<body>");
out.println(e.toString());
out.println("14");
out.println("--------Sorry, you are not allowed to access here ");
session.setAttribute("Status",new String("Logout"));
out.println("<script language='JavaScript'>");
out.println("window.open('testRightFrame', target=\"main\")");
out.println("</script>");
} finally {
out.println("<h3>" + "" + "</h3>");
out.println("</body></html>");
}
}
}
}











There is an error about "java.lang.ArrayIndexOutOfBoundsException"
where is the error? thx