public void close() {
try {
serverSocket.close();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public static void main(String[] args) throws IOException {
System.out.println("opening a secure socket");
SSLServerSocketFactory secSocketFactory =
(SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket secSocket = (SSLServerSocket) secSocketFactory.createServerSocket(portNo);
String[] enabledCipherSuites = {"SSL_DH_anon_WITH_RC4_128_MD5"};
secSocket.setEnabledCipherSuites(enabledCipherSuites);
System.out.println("Listening on port no: " + portNo);
SSLSocket socket = (SSLSocket) secSocket.accept();
System.out.println("Got a connection from: " + socket.getInetAddress().toString());
PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
String line = in.readLine();
while (line != null) {
System.out.println(line);
line = in.readLine();
}
out.close();
in.close();
socket.close();
secSocket.close();
}
static void accept(KeyStore keyStore, char[] keyPassword, KeyStore trustStore, int port)
throws GeneralSecurityException, IOException {
SSLContext sslContext = SSLContexts.create(keyStore, keyPassword, trustStore);
SSLServerSocket serverSocket =
(SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(port);
try {
serverSocket.setNeedClientAuth(true);
SSLSocket clientSocket = (SSLSocket) serverSocket.accept();
javax.security.cert.X509Certificate peer =
clientSocket.getSession().getPeerCertificateChain()[0];
logger.info("peer: " + peer.getSubjectDN().getName());
ServerThread.handle(clientSocket);
} finally {
serverSocket.close();
}
}
public void run() {
try {
store = provideKeys ? getKeyStore(keys) : null;
KeyManager[] keyManagers = store != null ? getKeyManagers(store) : null;
TrustManager[] trustManagers = new TrustManager[] {trustManager};
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
SSLServerSocket serverSocket =
(SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket();
if (clientAuth == CLIENT_AUTH_WANTED) {
serverSocket.setWantClientAuth(true);
} else if (clientAuth == CLIENT_AUTH_NEEDED) {
serverSocket.setNeedClientAuth(true);
} else {
serverSocket.setWantClientAuth(false);
}
serverSocket.bind(new InetSocketAddress(port));
SSLSocket clientSocket = (SSLSocket) serverSocket.accept();
InputStream istream = clientSocket.getInputStream();
byte[] buffer = new byte[1024];
istream.read(buffer);
OutputStream ostream = clientSocket.getOutputStream();
ostream.write(testData.getBytes());
ostream.flush();
while (notFinished) {
Thread.currentThread().sleep(500);
}
clientSocket.close();
serverSocket.close();
} catch (Exception ex) {
exception = ex;
}
}
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doServerSide() throws Exception {
SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort);
serverPort = sslServerSocket.getLocalPort();
/*
* Signal Client, we're ready for his connect.
*/
serverReady = true;
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
try {
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(sslIS));
PrintStream ps = new PrintStream(sslOS);
// process HTTP POST request from client
System.out.println("status line: " + br.readLine());
String msg = null;
while ((msg = br.readLine()) != null && msg.length() > 0) ;
msg = br.readLine();
if (msg.equals(postMsg)) {
ps.println("HTTP/1.1 200 OK\n\n");
} else {
ps.println("HTTP/1.1 500 Not OK\n\n");
}
ps.flush();
// close the socket
while (!closeReady) {
Thread.sleep(50);
}
} finally {
sslSocket.close();
sslServerSocket.close();
}
}
@Override
public void close() throws IOException {
_sslSocket.close();
}
public void close() throws IOException {
s.close();
}
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doServerSide() throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
com.sun.net.ssl.SSLContext ctx = com.sun.net.ssl.SSLContext.getInstance("TLS");
com.sun.net.ssl.KeyManagerFactory kmf =
com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
ks.load(new FileInputStream(keyFilename), cpasswd);
kmf.init(ks, cpasswd);
com.sun.net.ssl.TrustManager[] tms =
new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()};
ctx.init(kmf.getKeyManagers(), tms, null);
SSLServerSocketFactory sslssf = (SSLServerSocketFactory) ctx.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort);
serverPort = sslServerSocket.getLocalPort();
sslServerSocket.setNeedClientAuth(true);
/*
* Create using the other type.
*/
SSLContext ctx1 = SSLContext.getInstance("TLS");
KeyManagerFactory kmf1 = KeyManagerFactory.getInstance("SunX509");
TrustManager[] tms1 = new TrustManager[] {new MyJavaxX509TrustManager()};
kmf1.init(ks, cpasswd);
ctx1.init(kmf1.getKeyManagers(), tms1, null);
sslssf = (SSLServerSocketFactory) ctx1.getServerSocketFactory();
SSLServerSocket sslServerSocket1 = (SSLServerSocket) sslssf.createServerSocket(serverPort1);
serverPort1 = sslServerSocket1.getLocalPort();
sslServerSocket1.setNeedClientAuth(true);
/*
* Signal Client, we're ready for his connect.
*/
serverReady = true;
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
sslServerSocket.close();
serverReady = false;
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
sslIS.read();
sslOS.write(85);
sslOS.flush();
sslSocket.close();
sslSocket = (SSLSocket) sslServerSocket1.accept();
sslIS = sslSocket.getInputStream();
sslOS = sslSocket.getOutputStream();
sslIS.read();
sslOS.write(85);
sslOS.flush();
sslSocket.close();
System.out.println("Server exiting!");
System.out.flush();
}
public JSSESocketFactory(AbstractEndpoint<?> endpoint) {
this.endpoint = endpoint;
String sslProtocol = endpoint.getSslProtocol();
if (sslProtocol == null) {
sslProtocol = defaultProtocol;
}
SSLContext context;
try {
context = SSLContext.getInstance(sslProtocol);
context.init(null, null, null);
} catch (NoSuchAlgorithmException e) {
// This is fatal for the connector so throw an exception to prevent
// it from starting
throw new IllegalArgumentException(e);
} catch (KeyManagementException e) {
// This is fatal for the connector so throw an exception to prevent
// it from starting
throw new IllegalArgumentException(e);
}
// Supported cipher suites aren't accessible directly from the
// SSLContext so use the SSL server socket factory
SSLServerSocketFactory ssf = context.getServerSocketFactory();
String supportedCiphers[] = ssf.getSupportedCipherSuites();
boolean found = false;
for (String cipher : supportedCiphers) {
if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher)) {
found = true;
break;
}
}
rfc5746Supported = found;
// There is no standard way to determine the default protocols and
// cipher suites so create a server socket to see what the defaults are
SSLServerSocket socket;
try {
socket = (SSLServerSocket) ssf.createServerSocket();
} catch (IOException e) {
// This is very likely to be fatal but there is a slim chance that
// the JSSE implementation just doesn't like creating unbound
// sockets so allow the code to proceed.
defaultServerCipherSuites = new String[0];
defaultServerProtocols = new String[0];
log.warn(sm.getString("jsse.noDefaultCiphers", endpoint.getName()));
log.warn(sm.getString("jsse.noDefaultProtocols", endpoint.getName()));
return;
}
try {
defaultServerCipherSuites = socket.getEnabledCipherSuites();
if (defaultServerCipherSuites.length == 0) {
log.warn(sm.getString("jsse.noDefaultCiphers", endpoint.getName()));
}
// Filter out all the SSL protocols (SSLv2 and SSLv3) from the defaults
// since they are no longer considered secure
List<String> filteredProtocols = new ArrayList<String>();
for (String protocol : socket.getEnabledProtocols()) {
if (protocol.toUpperCase(Locale.ENGLISH).contains("SSL")) {
log.debug(sm.getString("jsse.excludeDefaultProtocol", protocol));
continue;
}
filteredProtocols.add(protocol);
}
defaultServerProtocols = filteredProtocols.toArray(new String[filteredProtocols.size()]);
if (defaultServerProtocols.length == 0) {
log.warn(sm.getString("jsse.noDefaultProtocols", endpoint.getName()));
}
} finally {
try {
socket.close();
} catch (IOException e) {
log.warn(sm.getString("jsse.exceptionOnClose"), e);
}
}
}
