public boolean verify(String hostName, SSLSession session) {
System.out.println("Server: " + hostName + ":" + session.getPeerPort());
try {
X509Certificate[] chain = session.getPeerCertificateChain();
for (X509Certificate cert : chain) {
System.out.println("DN: " + cert.getSubjectDN());
}
} catch (SSLPeerUnverifiedException e) {
e.printStackTrace();
}
System.out.println("-----");
return true;
}
static void accept(KeyStore keyStore, char[] keyPassword, KeyStore trustStore, int port)
throws GeneralSecurityException, IOException {
SSLContext sslContext = SSLContexts.create(keyStore, keyPassword, trustStore);
SSLServerSocket serverSocket =
(SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(port);
try {
serverSocket.setNeedClientAuth(true);
SSLSocket clientSocket = (SSLSocket) serverSocket.accept();
javax.security.cert.X509Certificate peer =
clientSocket.getSession().getPeerCertificateChain()[0];
logger.info("peer: " + peer.getSubjectDN().getName());
ServerThread.handle(clientSocket);
} finally {
serverSocket.close();
}
}
// Converts to javax.security
public static javax.security.cert.X509Certificate convert(
java.security.cert.X509Certificate cert) {
try {
byte[] encoded = cert.getEncoded();
return javax.security.cert.X509Certificate.getInstance(encoded);
} catch (java.security.cert.CertificateEncodingException e) {
} catch (javax.security.cert.CertificateEncodingException e) {
} catch (javax.security.cert.CertificateException e) {
}
return null;
}
// Converts to java.security
public static java.security.cert.X509Certificate convert(
javax.security.cert.X509Certificate cert) {
try {
byte[] encoded = cert.getEncoded();
ByteArrayInputStream bis = new ByteArrayInputStream(encoded);
java.security.cert.CertificateFactory cf =
java.security.cert.CertificateFactory.getInstance("X.509");
return (java.security.cert.X509Certificate) cf.generateCertificate(bis);
} catch (java.security.cert.CertificateEncodingException e) {
} catch (javax.security.cert.CertificateEncodingException e) {
} catch (java.security.cert.CertificateException e) {
}
return null;
}
private static byte[] createEncryptedPreMaster(boolean fake) {
if (fake) {
// we do not have to do this calculation to force server to think
int len = ((RSAPublicKey) cert.getPublicKey()).getModulus().bitLength() / 8;
return new byte[len];
}
byte[] preMaster = new byte[48];
preMaster[0] = (byte) 3;
preMaster[1] = (byte) 1;
SecretKey preMasterKey = new SecretKeySpec(preMaster, "RAW");
Cipher rsa;
try {
rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.WRAP_MODE, cert.getPublicKey(), new SecureRandom());
return rsa.wrap(preMasterKey);
} catch (NoSuchAlgorithmException
| NoSuchPaddingException
| InvalidKeyException
| IllegalBlockSizeException e) {
e.printStackTrace();
throw new RuntimeException("Problem", e);
}
}
public static void main(String[] args) throws Exception {
String host = null;
int port = -1;
for (int i = 0; i < args.length; i++) {
System.out.println("args[" + i + "] = " + args[i]);
}
if (args.length < 2) {
System.out.println("USAGE: java client host port");
System.exit(-1);
}
try {
/* get input parameters */
host = args[0];
port = Integer.parseInt(args[1]);
} catch (IllegalArgumentException e) {
System.out.println("USAGE: java client host port");
System.exit(-1);
}
try {
/* set up a key manager for client authentication */
SSLSocketFactory factory = null;
try {
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
SSLContext ctx = SSLContext.getInstance("TLS");
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
System.out.print("Enter keystore: ");
String keystoreName = br.readLine();
Console cons = System.console();
if (cons != null) {
password = cons.readPassword("%s", "Password: "******"Cannot find a console to read password from. Eclipse CANNOT fork a terminal child process.");
}
ks.load(new FileInputStream("keystores/" + keystoreName), password); // keystore
// password
// (storepass)
char[] cliTrustPW = "password".toCharArray();
ts.load(new FileInputStream("clienttruststore"), cliTrustPW); // truststore
// password
// (storepass);
kmf.init(ks, password); // user password (keypass)
tmf.init(ts); // keystore can be used as truststore here
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
factory = ctx.getSocketFactory();
} catch (Exception e) {
e.printStackTrace();
throw new IOException(e.getMessage());
}
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
System.out.println("Handshake socket: " + socket + "\n");
/*
* send http request
*
* See SSLSocketClient.java for more information about why there is
* a forced handshake here when using PrintWriters.
*/
socket.startHandshake();
SSLSession session = socket.getSession();
X509Certificate cert = (X509Certificate) session.getPeerCertificateChain()[0];
System.out.println("Server DN: " + cert.getSubjectDN().getName());
System.out.println("Handshake socket: " + socket);
System.out.println("Secure connection.");
System.out.println("Issuer DN: " + cert.getIssuerDN().getName());
System.out.println("Serial N: " + cert.getSerialNumber().toString());
read = new BufferedReader(new InputStreamReader(System.in));
serverMsg = new BufferedReader(new InputStreamReader(socket.getInputStream()));
out = new PrintWriter(socket.getOutputStream(), true);
ois = new ObjectInputStream(socket.getInputStream());
records = new ArrayList<Record>();
boolean isLoggedIn = false;
boolean isDone = false;
isLoggedIn = waitForLoginData();
if (!isLoggedIn) {
System.out.println(
"This certificate does not have a user. \n Press the RETURN key to exit.");
System.console().readLine();
out.close();
read.close();
socket.close();
return;
}
boolean accessDenied = false;
while (!isDone) {
if (accessDenied) {
System.out.println(
"Access denied, or no such record exists! \n Type 'help' for commands.");
}
System.out.print(user.getUsername() + " commands>");
msg = read.readLine();
fetchRecords();
splitMsg = msg.split("\\s+");
try {
if (msg.equalsIgnoreCase("quit")) {
break;
} else if (msg.equalsIgnoreCase("help")) {
printHelp();
} else if (splitMsg[0].equalsIgnoreCase("records")) {
printRecords();
accessDenied = false;
} else if (splitMsg[0].equalsIgnoreCase("edit") && (accessDenied = hasPermissions(msg))) {
editRecord(splitMsg[1]);
fetchRecords();
accessDenied = false;
} else if (splitMsg[0].equalsIgnoreCase("read") && (accessDenied = hasPermissions(msg))) {
printRecord(splitMsg[1]);
accessDenied = false;
} else if (splitMsg[0].equalsIgnoreCase("delete")
&& (accessDenied = hasPermissions(msg))) {
for (Record r : records) {
if (r.getId() == Long.parseLong(splitMsg[1])) {
r.delete(user);
accessDenied = false;
}
}
fetchRecords();
} else if (splitMsg[0].equalsIgnoreCase("create")
&& (accessDenied = hasPermissions(msg))) {
createRecord();
fetchRecords();
accessDenied = false;
} else {
accessDenied = true;
}
} catch (Exception e) {
accessDenied = true;
}
}
ois.close();
out.close();
read.close();
socket.close();
} catch (Exception e) {
e.printStackTrace();
}
}
private HashMap<String, String> readCertificateInformation(byte[] buf) {
HashMap<String, String> hashMap = new HashMap<String, String>();
try {
InputStream input = new ByteArrayInputStream(buf);
Certificate certificate =
CertificateFactory.getInstance("X.509", "BC").generateCertificate(input);
X509Certificate X509certificates = X509Certificate.getInstance(certificate.getEncoded());
String version = convertCertVersion(X509certificates.getVersion());
String issuerDN = X509certificates.getIssuerDN().toString();
String endDate =
DateFormat.format("yyyy-MM-dd HH:mm:ss E", X509certificates.getNotAfter()).toString();
String beginDate =
DateFormat.format("yyyy-MM-dd HH:mm:ss E", X509certificates.getNotBefore()).toString();
String serialNumber = X509certificates.getSerialNumber().toString(16);
String sigAlgName = X509certificates.getSigAlgName();
String sigAlgOID = X509certificates.getSigAlgOID();
byte[] sigAlgParams = X509certificates.getSigAlgParams();
String subjectDN = X509certificates.getSubjectDN().getName();
hashMap.put("version", version); // 证书的版本号
hashMap.put("issuerDN", issuerDN); // 特殊的编号
hashMap.put("beginDate", beginDate); // 返回证书最后的有效期
hashMap.put("endDate", endDate); // 返回证书的开始日期
hashMap.put("serialNumber", serialNumber); // 返回证书的序列号
hashMap.put("sigAlgName", sigAlgName); // 返回证书的签名
hashMap.put("sigAlgOID", sigAlgOID); // 返回OID签名算法从证书
if (sigAlgParams != null) {
hashMap.put("sigAlgParams", ConverterUtil.getHexString(sigAlgParams, sigAlgParams.length));
} else {
hashMap.put("sigAlgParams", null);
}
hashMap.put("subjectDN", subjectDN);
return hashMap;
} catch (Exception e) {
// recordLog(CustomUtil.LogMode.ERROR, "readCertificateInformation",
// e.getMessage(), true);
// new RuntimeException("证书异常,请稍后再试");
if (e != null) e.printStackTrace();
}
return null;
}
public void init(int port) throws IOException {
String host = "localhost";
String passwd = "";
String userPath = "";
boolean login = true;
Scanner scan = new Scanner(System.in);
FileInputStream keyfile = null;
FileInputStream trustfile = null;
URL tempLoc = server.class.getProtectionDomain().getCodeSource().getLocation();
String loc = "" + tempLoc;
loc = loc.substring(5, loc.length() - 5);
SSLSocketFactory factory = null;
Console console = System.console();
boolean terminate = false;
while (login) {
System.out.println("Type \"quit\" to exit program");
try {
System.out.println("UserID: ");
userPath = scan.nextLine();
if (userPath.equalsIgnoreCase("quit")) {
login = false;
scan.close();
System.out.println("Quit program");
terminate = true;
break;
}
clientID = userPath;
/*Users keystore password is entered*/
char[] pass = console.readPassword("Password: "******"/certificates/Users/" + userPath + "/" + userPath + "_keystore");
trustfile =
new FileInputStream(
loc + "/certificates/Users/" + userPath + "/" + userPath + "_truststore");
// SSLSocketFactory factory = null;
try {
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
SSLContext ctx = SSLContext.getInstance("TLS");
/** Set and trim path to folders */
URL tempLocation = server.class.getProtectionDomain().getCodeSource().getLocation();
String location = "" + tempLocation;
location = location.substring(5, location.length() - 5);
ks.load(keyfile, pass); // keystore
// password
// (storepass)
ts.load(trustfile, pass); // truststore
// password
// (storepass);
kmf.init(ks, pass); // user password (keypass)
tmf.init(ts); // keystore can be used as truststore here
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
factory = ctx.getSocketFactory();
login = false;
} catch (Exception e) {
System.out.println("Incorrect username or password");
}
} catch (FileNotFoundException e) {
System.out.println("Incorrect username or password");
}
}
if (!terminate) {
try {
/* set up a key manager for client authentication */
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
socket.startHandshake();
SSLSession session = socket.getSession();
X509Certificate cert = (X509Certificate) session.getPeerCertificateChain()[0];
serial = cert.getSerialNumber().toString();
BufferedReader read = new BufferedReader(new InputStreamReader(System.in));
PrintWriter out =
new PrintWriter(
new OutputStreamWriter(socket.getOutputStream(), StandardCharsets.UTF_8), true);
BufferedReader in =
new BufferedReader(new InputStreamReader(socket.getInputStream(), "UTF8"));
String msg;
String allowed = in.readLine();
if (allowed.equalsIgnoreCase("notAllowed")) {
throw new LoginException("User already logged in");
}
System.out.println("Secure connection established\n\n");
if (userPath.length() > 4) { // Patient
String fromServer;
msg = "logout";
while ((fromServer = in.readLine()) != null) {
if (fromServer.equals("listen")) {
break;
} else {
System.out.println(fromServer);
}
}
} else {
System.out.println("Succesful login! Type a command in the prompt and press enter.");
System.out.println("Help -h, Logout logout, Quit quit");
for (; ; ) {
System.out.print(">");
msg = read.readLine();
if (msg.equalsIgnoreCase("quit") || msg.equalsIgnoreCase("logout")) {
break;
}
out.println(msg);
out.flush();
String fromServer;
while ((fromServer = in.readLine()) != null) {
if (fromServer.equals("listen")) {
break;
} else {
System.out.println(fromServer);
}
}
}
}
if (msg.equals("logout")) {
System.out.println("\n\nLogged out\n");
socket.close();
in.close();
out.close();
init(port);
} else {
System.out.println("Exit client");
socket.close();
in.close();
out.close();
read.close();
}
} catch (LoginException e) {
System.out.println(e.getMessage());
init(port);
}
}
}
