Ejemplo n.º 1
0
  // Method for creating a socket
  private static SSLServerSocket createSecureSocket() throws Exception {
    // Generate a generic server
    SSLServerSocket server =
        (SSLServerSocket) SSLServerSocketFactory.getDefault().createServerSocket(2877);
    // Enable ciphers
    server.setEnabledCipherSuites(server.getSupportedCipherSuites());
    // Return the socket
    return server;

    /*//Key password and file
    char[] keyPass = "******".toCharArray();
    InputStream keyStream = HID.class.getResourceAsStream(
    		"/com/arkazex/frc2877/signin/ssl.key");

    //Load the key store
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(keyStream, keyPass);
    //Initialize the key manager factory
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(
    		KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keyStore, keyPass);
    //Get the key managers
    KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
    //Initialize the SSL context
    SSLContext sslContext = SSLContext.getDefault();
    sslContext.init(keyManagers, null, new SecureRandom());
    //Get the socket factory
    SSLServerSocketFactory factory = sslContext.getServerSocketFactory();

    //Get the socket
    return (SSLServerSocket) factory.createServerSocket(2877); */
  }
 public void testSetEnabledCipherSuitesAffectsGetter() throws Exception {
   SSLServerSocket socket =
       (SSLServerSocket) SSLServerSocketFactory.getDefault().createServerSocket();
   String[] cipherSuites = new String[] {socket.getSupportedCipherSuites()[0]};
   socket.setEnabledCipherSuites(cipherSuites);
   assertEquals(Arrays.asList(cipherSuites), Arrays.asList(socket.getEnabledCipherSuites()));
 }
Ejemplo n.º 3
0
  public static void main(String[] args) throws Exception {
    try {
      Class.forName("javax.security.auth.kerberos.KerberosPrincipal");
      System.out.println("Kerberos is present, nothing to test");
      return;
    } catch (ClassNotFoundException okay) {
    }

    // test SSLSocket
    try (Socket s = SSLSocketFactory.getDefault().createSocket()) {
      SSLSocket sslSocket = (SSLSocket) s;

      checkNotSupported(sslSocket.getSupportedCipherSuites());

      // attempt to enable each of the Kerberos cipher suites
      for (String kcs : KERBEROS_CIPHER_SUITES) {
        String[] suites = {kcs};
        try {
          sslSocket.setEnabledCipherSuites(suites);
          throw new RuntimeException(
              "SSLSocket.setEnabledCipherSuitessuites allowed "
                  + kcs
                  + " but Kerberos not supported");
        } catch (IllegalArgumentException expected) {
        }
      }
    }

    // test SSLServerSocket
    try (ServerSocket ss = SSLServerSocketFactory.getDefault().createServerSocket()) {
      SSLServerSocket sslSocket = (SSLServerSocket) ss;

      checkNotSupported(sslSocket.getSupportedCipherSuites());

      // attempt to enable each of the Kerberos cipher suites
      for (String kcs : KERBEROS_CIPHER_SUITES) {
        String[] suites = {kcs};
        try {
          sslSocket.setEnabledCipherSuites(suites);
          throw new RuntimeException(
              "SSLSocket.setEnabledCipherSuitessuites allowed "
                  + kcs
                  + " but Kerberos not supported");
        } catch (IllegalArgumentException expected) {
        }
      }
    }
  }
 public String[] getSupportedCipherSuites() {
   return s.getSupportedCipherSuites();
 }
Ejemplo n.º 5
0
  public void testCipherSuitesFilter() throws Exception {
    SSLContext controlContext = SSLContext.getInstance("TLS");
    controlContext.init(null, null, null);
    SSLEngine controlEngine = controlContext.createSSLEngine();
    SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
    SSLServerSocket controlServerSocket =
        (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();

    // default
    SSLContextParameters scp = new SSLContextParameters();

    SSLContext context = scp.createSSLContext();

    CipherSuitesParameters csp = new CipherSuitesParameters();
    scp.setCipherSuites(csp);

    SSLEngine engine = context.createSSLEngine();
    SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
    SSLServerSocket serverSocket =
        (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertTrue(
        Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
    assertTrue(
        Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
    assertTrue(
        Arrays.equals(
            this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()),
            serverSocket.getEnabledCipherSuites()));

    // empty filter
    FilterParameters filter = new FilterParameters();
    scp.setCipherSuitesFilter(filter);
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(0, engine.getEnabledCipherSuites().length);
    assertEquals(0, socket.getEnabledCipherSuites().length);
    assertEquals(0, serverSocket.getEnabledCipherSuites().length);

    // explicit filter
    filter.getInclude().add(".*");
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(0, engine.getEnabledCipherSuites().length);
    assertEquals(0, socket.getEnabledCipherSuites().length);
    assertEquals(0, serverSocket.getEnabledCipherSuites().length);

    // explicit filter with excludes (excludes overrides)
    filter.getExclude().add(".*");
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(0, engine.getEnabledCipherSuites().length);
    assertEquals(0, socket.getEnabledCipherSuites().length);
    assertEquals(0, serverSocket.getEnabledCipherSuites().length);

    // explicit filter single include

    filter.getInclude().clear();
    filter.getExclude().clear();
    csp.getCipherSuite().add("TLS_RSA_WITH_AES_128_CBC_SHA");
    filter.getInclude().add("TLS.*");
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    // not all platforms/JDKs have these cipher suites
    if (!isPlatform("aix")) {
      assertTrue(engine.getEnabledCipherSuites().length >= 1);
      assertStartsWith(engine.getEnabledCipherSuites(), "TLS");
      assertTrue(socket.getEnabledCipherSuites().length >= 1);
      assertStartsWith(socket.getEnabledCipherSuites(), "TLS");
      assertTrue(serverSocket.getEnabledCipherSuites().length >= 1);
      assertStartsWith(serverSocket.getEnabledCipherSuites(), "TLS");
    }
  }
Ejemplo n.º 6
0
  public void testCipherSuites() throws Exception {
    SSLContext controlContext = SSLContext.getInstance("TLS");
    controlContext.init(null, null, null);
    SSLEngine controlEngine = controlContext.createSSLEngine();
    SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
    SSLServerSocket controlServerSocket =
        (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();

    // default
    SSLContextParameters scp = new SSLContextParameters();

    SSLContext context = scp.createSSLContext();

    SSLEngine engine = context.createSSLEngine();
    SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
    SSLServerSocket serverSocket =
        (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertTrue(
        Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
    assertTrue(
        Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
    assertTrue(
        Arrays.equals(
            this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()),
            serverSocket.getEnabledCipherSuites()));

    // empty csp

    CipherSuitesParameters csp = new CipherSuitesParameters();
    scp.setCipherSuites(csp);
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(0, engine.getEnabledCipherSuites().length);
    assertEquals(0, socket.getEnabledCipherSuites().length);
    assertEquals(0, serverSocket.getEnabledCipherSuites().length);

    // explicit csp

    csp.getCipherSuite().add(controlEngine.getEnabledCipherSuites()[0]);
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(1, engine.getEnabledCipherSuites().length);
    assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]);
    assertEquals(1, socket.getEnabledCipherSuites().length);
    assertEquals(controlEngine.getEnabledCipherSuites()[0], socket.getEnabledCipherSuites()[0]);
    assertEquals(1, serverSocket.getEnabledCipherSuites().length);
    assertEquals(
        controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]);

    // explicit csp overrides filter

    FilterParameters filter = new FilterParameters();
    filter.getInclude().add(".*");
    scp.setCipherSuitesFilter(filter);
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(1, engine.getEnabledCipherSuites().length);
    assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]);
    assertEquals(1, socket.getEnabledCipherSuites().length);
    assertEquals(controlEngine.getEnabledCipherSuites()[0], socket.getEnabledCipherSuites()[0]);
    assertEquals(1, socket.getEnabledCipherSuites().length);
    assertEquals(
        controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]);
  }
Ejemplo n.º 7
0
  public void testClientParameters() throws Exception {
    SSLContext controlContext = SSLContext.getInstance("TLS");
    controlContext.init(null, null, null);
    SSLEngine controlEngine = controlContext.createSSLEngine();
    SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
    SSLServerSocket controlServerSocket =
        (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();

    SSLContextParameters scp = new SSLContextParameters();
    SSLContextClientParameters sccp = new SSLContextClientParameters();

    scp.setClientParameters(sccp);
    SSLContext context = scp.createSSLContext();

    SSLEngine engine = context.createSSLEngine();
    SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
    SSLServerSocket serverSocket =
        (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertTrue(
        Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
    assertTrue(
        Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
    assertTrue(
        Arrays.equals(
            this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()),
            serverSocket.getEnabledCipherSuites()));

    // No csp or filter on client params passes through shared config
    scp.setCipherSuites(new CipherSuitesParameters());
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(0, socket.getEnabledCipherSuites().length);

    // Csp on client params
    scp.setCipherSuites(null);
    CipherSuitesParameters csp = new CipherSuitesParameters();
    sccp.setCipherSuites(csp);
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertTrue(
        Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
    assertEquals(0, socket.getEnabledCipherSuites().length);
    assertTrue(
        Arrays.equals(
            this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()),
            serverSocket.getEnabledCipherSuites()));

    // Cipher suites filter on client params
    FilterParameters filter = new FilterParameters();
    filter.getExclude().add(".*");
    sccp.setCipherSuites(null);
    sccp.setCipherSuitesFilter(filter);
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertTrue(
        Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
    assertEquals(0, socket.getEnabledCipherSuites().length);
    assertTrue(
        Arrays.equals(
            this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()),
            serverSocket.getEnabledCipherSuites()));

    // Csp on client overrides cipher suites filter on client
    filter.getInclude().add(".*");
    filter.getExclude().clear();
    sccp.setCipherSuites(csp);
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertTrue(
        Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
    assertEquals(0, socket.getEnabledCipherSuites().length);
    assertTrue(
        Arrays.equals(
            this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()),
            serverSocket.getEnabledCipherSuites()));

    // Sspp on client params
    SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters();
    sccp.setSecureSocketProtocols(sspp);
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertTrue(Arrays.equals(controlEngine.getEnabledProtocols(), engine.getEnabledProtocols()));
    assertEquals(0, socket.getEnabledProtocols().length);
    checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols());

    // Secure socket protocols filter on client params
    filter = new FilterParameters();
    filter.getExclude().add(".*");
    sccp.setSecureSocketProtocols(null);
    sccp.setSecureSocketProtocolsFilter(filter);
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertTrue(Arrays.equals(controlEngine.getEnabledProtocols(), engine.getEnabledProtocols()));
    assertEquals(0, socket.getEnabledProtocols().length);
    checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols());

    // Sspp on client params overrides  secure socket protocols filter on client
    filter.getInclude().add(".*");
    filter.getExclude().clear();
    sccp.setSecureSocketProtocols(sspp);
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertTrue(Arrays.equals(controlEngine.getEnabledProtocols(), engine.getEnabledProtocols()));
    assertEquals(0, socket.getEnabledProtocols().length);
    checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols());

    // Client session timeout only affects client session configuration
    sccp.setSessionTimeout("12345");
    context = scp.createSSLContext();
    engine = context.createSSLEngine();
    socket = (SSLSocket) context.getSocketFactory().createSocket();
    serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();

    assertEquals(
        controlContext.getServerSessionContext().getSessionTimeout(),
        context.getServerSessionContext().getSessionTimeout());
    assertEquals(12345, context.getClientSessionContext().getSessionTimeout());
  }