/*
   * Define the client side of the test.
   *
   * If the server prematurely exits, serverReady will be set to true
   * to avoid infinite hangs.
   */
  void doClientSide() throws Exception {

    /*
     * Wait for server to get started.
     */
    while (!serverReady) {
      Thread.sleep(50);
    }

    SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault();
    SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort);

    InputStream sslIS = sslSocket.getInputStream();
    OutputStream sslOS = sslSocket.getOutputStream();

    for (int i = 0; i < 10; i++) {
      sslOS.write(280);
      sslOS.flush();
      sslIS.read();
    }

    for (int i = 0; i < 10; i++) {
      sslOS.write(280);
      sslOS.flush();
      sslIS.read();
    }

    sslSocket.close();
  }
Example #2
0
  public static void main(String[] args) throws IOException {

    System.out.println("opening a secure socket");

    SSLServerSocketFactory secSocketFactory =
        (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
    SSLServerSocket secSocket = (SSLServerSocket) secSocketFactory.createServerSocket(portNo);

    String[] enabledCipherSuites = {"SSL_DH_anon_WITH_RC4_128_MD5"};
    secSocket.setEnabledCipherSuites(enabledCipherSuites);

    System.out.println("Listening on port no: " + portNo);
    SSLSocket socket = (SSLSocket) secSocket.accept();

    System.out.println("Got a connection from: " + socket.getInetAddress().toString());
    PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
    BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));

    String line = in.readLine();
    while (line != null) {
      System.out.println(line);
      line = in.readLine();
    }

    out.close();
    in.close();
    socket.close();
    secSocket.close();
  }
Example #3
0
  private CipherTest(PeerFactory peerFactory) throws IOException {
    THREADS = Integer.parseInt(System.getProperty("numThreads", "4"));
    factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
    SSLSocket socket = (SSLSocket) factory.createSocket();
    String[] cipherSuites = socket.getSupportedCipherSuites();
    String[] protocols = socket.getSupportedProtocols();
    //      String[] clientAuths = {null, "RSA", "DSA"};
    String[] clientAuths = {null};
    tests =
        new ArrayList<TestParameters>(cipherSuites.length * protocols.length * clientAuths.length);
    for (int i = 0; i < cipherSuites.length; i++) {
      String cipherSuite = cipherSuites[i];

      for (int j = 0; j < protocols.length; j++) {
        String protocol = protocols[j];

        if (!peerFactory.isSupported(cipherSuite, protocol)) {
          continue;
        }

        for (int k = 0; k < clientAuths.length; k++) {
          String clientAuth = clientAuths[k];
          if ((clientAuth != null) && (cipherSuite.indexOf("DH_anon") != -1)) {
            // no client with anonymous ciphersuites
            continue;
          }
          tests.add(new TestParameters(cipherSuite, protocol, clientAuth));
        }
      }
    }
    testIterator = tests.iterator();
  }
  public HTTPSConnectSocket(String host, int port, String urlString) throws IOException {

    URL url = null;
    try {
      url = new URL(urlString);
    } catch (MalformedURLException me) {
      System.out.println("Malformed url");
      System.exit(1);
    }

    SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
    ssl = (SSLSocket) ssf.createSocket(host, port);
    ssl.startHandshake();

    // Send the CONNECT request
    ssl.getOutputStream().write(("CONNECT " + url.getFile() + " HTTP/1.0\r\n\r\n").getBytes());

    // Read the first line of the response
    DataInputStream is = new DataInputStream(ssl.getInputStream());
    String str = is.readLine();

    // Check the HTTP error code -- it should be "200" on success
    if (!str.startsWith("HTTP/1.1 200 ")) {
      if (str.startsWith("HTTP/1.1 ")) str = str.substring(9);
      throw new IOException("Proxy reports \"" + str + "\"");
    }

    // Success -- skip remaining HTTP headers
    do {
      str = is.readLine();
    } while (str.length() != 0);
  }
Example #5
0
 public static void main(String[] args) throws Exception {
   Properties properties = new Properties();
   FileInputStream propFile = new FileInputStream("store.properties");
   properties.load(propFile);
   final String id = properties.getProperty("ID");
   final String placeForFiles = properties.getProperty("FilePlace");
   int servicePort = Integer.parseInt(properties.getProperty("ServicePort"));
   int tcpPort = Integer.parseInt(properties.getProperty("TCPPort"));
   String ksName = properties.getProperty("KeyStore");
   KeyStore ks = KeyStore.getInstance(properties.getProperty("KeyStoreType"));
   char[] password = properties.getProperty("Password").toCharArray();
   char[] passwordForKey = properties.getProperty("PasswordForKey").toCharArray();
   ks.load(new FileInputStream(ksName), password);
   KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
   kmf.init(ks, passwordForKey);
   SSLContext context = SSLContext.getInstance("TLS");
   context.init(kmf.getKeyManagers(), null, null);
   SSLServerSocketFactory ssf = context.getServerSocketFactory();
   SSLServerSocket serverSocket = (SSLServerSocket) ssf.createServerSocket(tcpPort);
   ServiceThread serviceThread = new ServiceThread(servicePort, id);
   serviceThread.start();
   while (!serverSocket.isClosed()) {
     ClientThread client = new ClientThread(placeForFiles);
     SSLSocket socket = (SSLSocket) serverSocket.accept();
     socket.startHandshake();
     client.setSocket(socket);
     client.start();
   }
 }
Example #6
0
  /**
   * Allow the Listener a chance to customise the request. before the server does its stuff. <br>
   * This allows the required attributes to be set for SSL requests. <br>
   * The requirements of the Servlet specs are:
   *
   * <ul>
   *   <li>an attribute named "javax.servlet.request.cipher_suite" of type String.
   *   <li>an attribute named "javax.servlet.request.key_size" of type Integer.
   *   <li>an attribute named "javax.servlet.request.X509Certificate" of type
   *       java.security.cert.X509Certificate[]. This is an array of objects of type
   *       X509Certificate, the order of this array is defined as being in ascending order of trust.
   *       The first certificate in the chain is the one set by the client, the next is the one used
   *       to authenticate the first, and so on.
   * </ul>
   *
   * @param socket The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket.
   * @param request HttpRequest to be customised.
   */
  protected void customizeRequest(Socket socket, HttpRequest request) {
    super.customizeRequest(socket, request);

    if (!(socket instanceof javax.net.ssl.SSLSocket))
      return; // I'm tempted to let it throw an exception...

    try {
      SSLSocket sslSocket = (SSLSocket) socket;
      SSLSession sslSession = sslSocket.getSession();
      String cipherSuite = sslSession.getCipherSuite();
      Integer keySize;
      X509Certificate[] certs;

      CachedInfo cachedInfo = (CachedInfo) sslSession.getValue(CACHED_INFO_ATTR);
      if (cachedInfo != null) {
        keySize = cachedInfo.getKeySize();
        certs = cachedInfo.getCerts();
      } else {
        keySize = new Integer(ServletSSL.deduceKeyLength(cipherSuite));
        certs = getCertChain(sslSession);
        cachedInfo = new CachedInfo(keySize, certs);
        sslSession.putValue(CACHED_INFO_ATTR, cachedInfo);
      }

      if (certs != null) request.setAttribute("javax.servlet.request.X509Certificate", certs);
      else if (_needClientAuth) // Sanity check
      throw new HttpException(HttpResponse.__403_Forbidden);

      request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
      request.setAttribute("javax.servlet.request.key_size", keySize);
    } catch (Exception e) {
      log.warn(LogSupport.EXCEPTION, e);
    }
  }
 public Socket createSocket(String host, int port) throws IOException {
   Socket s = this.factory.createSocket(host, port);
   if (s instanceof SSLSocket) {
     SSLSocket ssl = (SSLSocket) s;
     ssl.setEnabledCipherSuites(this.getNoAuthCiperSuites(ssl.getSupportedCipherSuites()));
   }
   return s;
 }
 public Socket createSocket(
     InetAddress address, int port, InetAddress clientAddress, int clientPort) throws IOException {
   Socket s = this.factory.createSocket(address, port, clientAddress, clientPort);
   if (s instanceof SSLSocket) {
     SSLSocket ssl = (SSLSocket) s;
     ssl.setEnabledCipherSuites(this.getNoAuthCiperSuites(ssl.getSupportedCipherSuites()));
   }
   return s;
 }
 public Socket createSocket(String host, int port) throws IOException {
   Socket s = this.factory.createSocket(host, port);
   if (s instanceof SSLSocket) {
     SSLSocket ssl = (SSLSocket) s;
     ssl.setUseClientMode(false); // client offers to authenticate itself
     ssl.setNeedClientAuth(true);
   }
   return s;
 }
 public Socket createSocket(
     InetAddress address, int port, InetAddress clientAddress, int clientPort) throws IOException {
   Socket s = this.factory.createSocket(address, port, clientAddress, clientPort);
   if (s instanceof SSLSocket) {
     SSLSocket ssl = (SSLSocket) s;
     ssl.setUseClientMode(false); // client offers to authenticate itself
     ssl.setNeedClientAuth(true);
   }
   return s;
 }
Example #11
0
 /**
  * @param p_serverSocket
  * @return
  * @exception IOException
  */
 protected Socket accept(ServerSocket p_serverSocket) throws IOException {
   try {
     SSLSocket s = (SSLSocket) p_serverSocket.accept();
     if (getMaxIdleTimeMs() > 0) s.setSoTimeout(getMaxIdleTimeMs());
     s.startHandshake(); // block until SSL handshaking is done
     return s;
   } catch (SSLException e) {
     log.warn(LogSupport.EXCEPTION, e);
     throw new IOException(e.getMessage());
   }
 }
  void doTest(SSLSocket sslSocket) throws Exception {
    InputStream sslIS = sslSocket.getInputStream();
    OutputStream sslOS = sslSocket.getOutputStream();

    System.out.println("  Writing");
    sslOS.write(280);
    sslOS.flush();
    System.out.println("  Reading");
    sslIS.read();

    sslSocket.close();
  }
Example #13
0
  public static SSLSocket wrapSocket(Socket socket) throws Exception {
    // ssl socket factory
    SSLSocketFactory sslSocketFactory = sslContext().getSocketFactory();

    // ssl socket
    SSLSocket sslSocket =
        (SSLSocket)
            sslSocketFactory.createSocket(
                socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
    sslSocket.setUseClientMode(true);
    sslSocket.startHandshake();
    return sslSocket;
  }
Example #14
0
  public static void main(String[] args) throws Exception {
    try {
      Class.forName("javax.security.auth.kerberos.KerberosPrincipal");
      System.out.println("Kerberos is present, nothing to test");
      return;
    } catch (ClassNotFoundException okay) {
    }

    // test SSLSocket
    try (Socket s = SSLSocketFactory.getDefault().createSocket()) {
      SSLSocket sslSocket = (SSLSocket) s;

      checkNotSupported(sslSocket.getSupportedCipherSuites());

      // attempt to enable each of the Kerberos cipher suites
      for (String kcs : KERBEROS_CIPHER_SUITES) {
        String[] suites = {kcs};
        try {
          sslSocket.setEnabledCipherSuites(suites);
          throw new RuntimeException(
              "SSLSocket.setEnabledCipherSuitessuites allowed "
                  + kcs
                  + " but Kerberos not supported");
        } catch (IllegalArgumentException expected) {
        }
      }
    }

    // test SSLServerSocket
    try (ServerSocket ss = SSLServerSocketFactory.getDefault().createServerSocket()) {
      SSLServerSocket sslSocket = (SSLServerSocket) ss;

      checkNotSupported(sslSocket.getSupportedCipherSuites());

      // attempt to enable each of the Kerberos cipher suites
      for (String kcs : KERBEROS_CIPHER_SUITES) {
        String[] suites = {kcs};
        try {
          sslSocket.setEnabledCipherSuites(suites);
          throw new RuntimeException(
              "SSLSocket.setEnabledCipherSuitessuites allowed "
                  + kcs
                  + " but Kerberos not supported");
        } catch (IllegalArgumentException expected) {
        }
      }
    }
  }
Example #15
0
 private static void printConnectionInfo(SSLSocket s) {
   SSLSession currentSession = s.getSession();
   System.out.println("Protocol: " + currentSession.getProtocol());
   System.out.println("Cipher Suite: " + currentSession.getCipherSuite());
   System.out.println("Host: " + currentSession.getPeerHost());
   System.out.println("Host Port: " + currentSession.getPeerPort());
 }
Example #16
0
  /*
   * Define the server side of the test.
   *
   * If the server prematurely exits, serverReady will be set to true
   * to avoid infinite hangs.
   */
  void doServerSide() throws Exception {

    SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
    SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort);
    serverPort = sslServerSocket.getLocalPort();

    /*
     * Signal Client, we're ready for his connect.
     */
    serverReady = true;

    SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
    DataOutputStream out = new DataOutputStream(sslSocket.getOutputStream());

    try {
      // get path to class file from header
      DataInputStream in = new DataInputStream(sslSocket.getInputStream());
      String path = getPath(in);
      // retrieve bytecodes
      byte[] bytecodes = getBytes(path);
      // send bytecodes in response (assumes HTTP/1.0 or later)
      try {
        out.writeBytes("HTTP/1.0 200 OK\r\n");
        out.writeBytes("Content-Length: " + bytecodes.length + "\r\n");
        out.writeBytes("Content-Type: text/html\r\n\r\n");
        out.write(bytecodes);
        out.flush();
      } catch (IOException ie) {
        ie.printStackTrace();
        return;
      }

    } catch (Exception e) {
      e.printStackTrace();
      // write out error response
      out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
      out.writeBytes("Content-Type: text/html\r\n\r\n");
      out.flush();
    } finally {
      // close the socket
      System.out.println("Server closing socket");
      sslSocket.close();
      serverReady = false;
    }
  }
Example #17
0
 private static void printSocketInfo(SSLSocket s) {
   System.out.println("Socket class: " + s.getClass());
   System.out.println("   Remote address = " + s.getInetAddress().toString());
   System.out.println("   Remote port = " + s.getPort());
   System.out.println("   Local socket address = " + s.getLocalSocketAddress().toString());
   System.out.println("   Local address = " + s.getLocalAddress().toString());
   System.out.println("   Local port = " + s.getLocalPort());
   System.out.println("   Need client authentication = " + s.getNeedClientAuth());
   SSLSession ss = s.getSession();
   System.out.println("   Cipher suite = " + ss.getCipherSuite());
   System.out.println("   Protocol = " + ss.getProtocol());
 }
 private Socket secureConnect() throws IOException {
   if (socket_factory == null) {
     try {
       SSLContext context = SSLContext.getInstance("TLS");
       context.init(getKeyManagers(config.getCertFile(), config.getCertPhrase()), null, sec_rnd);
       socket_factory = context.getSocketFactory();
     } catch (GeneralSecurityException security_exception) {
       throw new IOException("Failed to create SSL socket factory.");
     } catch (IOException io_exception) {
       throw new IOException("Failed to read APNS certificate.");
     }
   }
   SSLSocket ssl_socket = null;
   ssl_socket =
       (SSLSocket)
           socket_factory.createSocket(config.getHostname(service), config.getPort(service));
   ssl_socket.setUseClientMode(true);
   return ssl_socket;
 }
Example #19
0
 public void run() {
   System.out.println("JSSE Server listening on port " + cipherTest.serverPort);
   Executor exec = Executors.newFixedThreadPool(cipherTest.THREADS, DaemonThreadFactory.INSTANCE);
   try {
     while (true) {
       final SSLSocket socket = (SSLSocket) serverSocket.accept();
       socket.setSoTimeout(cipherTest.TIMEOUT);
       Runnable r =
           new Runnable() {
             public void run() {
               try {
                 InputStream in = socket.getInputStream();
                 OutputStream out = socket.getOutputStream();
                 handleRequest(in, out);
                 out.flush();
                 socket.close();
                 socket.getSession().invalidate();
               } catch (IOException e) {
                 cipherTest.setFailed();
                 e.printStackTrace();
               } finally {
                 if (socket != null) {
                   try {
                     socket.close();
                   } catch (IOException e) {
                     cipherTest.setFailed();
                     System.out.println("Exception closing socket on server side:");
                     e.printStackTrace();
                   }
                 }
               }
             }
           };
       exec.execute(r);
     }
   } catch (IOException e) {
     cipherTest.setFailed();
     e.printStackTrace();
     //
   }
 }
Example #20
0
  public static TcpSocket makeTls(TcpSocket upgrade) {
    try {
      SSLContext sslContext = SSLContext.getInstance("TLS");
      sslContext.init(null, null, null);

      // get SSL factory because Java loves factories!
      SSLSocketFactory factory = sslContext.getSocketFactory();

      // create new SSL socket
      SSLSocket socket;
      if (upgrade == null) {
        socket = (SSLSocket) factory.createSocket();
      }

      // upgrade an existing socket
      else {
        socket =
            (SSLSocket)
                factory.createSocket(
                    upgrade.peer.socket,
                    upgrade.peer.socket.getInetAddress().getHostAddress(),
                    upgrade.peer.socket.getPort(),
                    false);
        socket.setUseClientMode(true);
        socket.startHandshake();
      }

      // create the new TcpSocket instance
      TcpSocket self = new TcpSocket();
      self.peer = new TcpSocketPeer(socket);

      // if upgrade, then initialize socket as already connected
      if (upgrade != null) self.peer.connected(self);

      return self;
    } catch (Exception e) {
      throw IOErr.make(e);
    }
  }
Example #21
0
  /*
   * Define the server side of the test.
   *
   * If the server prematurely exits, serverReady will be set to true
   * to avoid infinite hangs.
   */
  void doServerSide() throws Exception {
    SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
    SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort);
    serverPort = sslServerSocket.getLocalPort();

    /*
     * Signal Client, we're ready for his connect.
     */
    serverReady = true;

    SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
    try {
      InputStream sslIS = sslSocket.getInputStream();
      OutputStream sslOS = sslSocket.getOutputStream();
      BufferedReader br = new BufferedReader(new InputStreamReader(sslIS));
      PrintStream ps = new PrintStream(sslOS);

      // process HTTP POST request from client
      System.out.println("status line: " + br.readLine());
      String msg = null;
      while ((msg = br.readLine()) != null && msg.length() > 0) ;

      msg = br.readLine();
      if (msg.equals(postMsg)) {
        ps.println("HTTP/1.1 200 OK\n\n");
      } else {
        ps.println("HTTP/1.1 500 Not OK\n\n");
      }
      ps.flush();

      // close the socket
      while (!closeReady) {
        Thread.sleep(50);
      }
    } finally {
      sslSocket.close();
      sslServerSocket.close();
    }
  }
  public void afterConnect() throws IOException, UnknownHostException {
    if (!isCachedConnection()) {
      SSLSocket s = null;
      SSLSocketFactory factory;
      factory = sslSocketFactory;
      try {
        if (!(serverSocket instanceof SSLSocket)) {
          s = (SSLSocket) factory.createSocket(serverSocket, host, port, true);
        } else {
          s = (SSLSocket) serverSocket;
        }
      } catch (IOException ex) {
        // If we fail to connect through the tunnel, try it
        // locally, as a last resort.  If this doesn't work,
        // throw the original exception.
        try {
          s = (SSLSocket) factory.createSocket(host, port);
        } catch (IOException ignored) {
          throw ex;
        }
      }

      SSLSocketFactoryImpl.checkCreate(s);

      //
      // Force handshaking, so that we get any authentication.
      // Register a handshake callback so our session state tracks any
      // later session renegotiations.
      //
      String[] protocols = getProtocols();
      String[] ciphers = getCipherSuites();
      if (protocols != null) s.setEnabledProtocols(protocols);
      if (ciphers != null) s.setEnabledCipherSuites(ciphers);
      s.addHandshakeCompletedListener(this);
      s.startHandshake();
      session = s.getSession();
      // change the serverSocket and serverOutput
      serverSocket = s;
      try {
        serverOutput =
            new PrintStream(
                new BufferedOutputStream(serverSocket.getOutputStream()), false, encoding);
      } catch (UnsupportedEncodingException e) {
        throw new InternalError(encoding + " encoding not found");
      }

      // check URL spoofing
      checkURLSpoofing(hv);
    } else {
      // if we are reusing a cached https session,
      // we don't need to do handshaking etc. But we do need to
      // set the ssl session
      session = ((SSLSocket) serverSocket).getSession();
    }
  }
Example #23
0
  /**
   * SSL/TLS negotiation. Acquires an SSL socket of a connection and carries out handshake
   * processing.
   *
   * @throws java.io.IOException If server negotiation fails.
   */
  private void performSSLNegotiation() throws IOException {
    initSSLContext();

    SSLSocketFactory ssf = context.getSocketFactory();
    String ip = getRemoteAddress().getHostAddress();
    int port = getRemotePort();
    SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, ip, port, true);
    socket.setEnableSessionCreation(true);
    socket.setUseClientMode(true);

    if (protocols != null) {
      socket.setEnabledProtocols(protocols);
    }
    if (suites != null) {
      socket.setEnabledCipherSuites(suites);
    }
    socket.startHandshake();

    _socket_ = socket;
    _input_ = socket.getInputStream();
    _output_ = socket.getOutputStream();
    _reader = new CRLFLineReader(new InputStreamReader(_input_, encoding));
    _writer = new BufferedWriter(new OutputStreamWriter(_output_, encoding));
  }
  /*
   * Define the server side of the test.
   *
   * If the server prematurely exits, serverReady will be set to true
   * to avoid infinite hangs.
   */
  void doServerSide() throws Exception {
    SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
    SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort);

    serverPort = sslServerSocket.getLocalPort();

    /*
     * Signal Client, we're ready for his connect.
     */
    serverReady = true;

    SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
    sslSocket.addHandshakeCompletedListener(this);
    InputStream sslIS = sslSocket.getInputStream();
    OutputStream sslOS = sslSocket.getOutputStream();

    for (int i = 0; i < 10; i++) {
      sslIS.read();
      sslOS.write(85);
      sslOS.flush();
    }

    System.out.println("invalidating");
    sslSocket.getSession().invalidate();
    System.out.println("starting new handshake");
    sslSocket.startHandshake();

    for (int i = 0; i < 10; i++) {
      System.out.println("sending/receiving data, iteration: " + i);
      sslIS.read();
      sslOS.write(85);
      sslOS.flush();
    }

    sslSocket.close();
  }
Example #25
0
  public static void main(String[] args) throws Exception {
    String host;
    int port;
    char[] passphrase;
    if ((args.length == 1) || (args.length == 2)) {
      String[] c = args[0].split(":");
      host = c[0];
      port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
      String p = (args.length == 1) ? "changeit" : args[1];
      passphrase = p.toCharArray();
    } else {
      System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
      return;
    }

    File file = new File("jssecacerts");
    if (file.isFile() == false) {
      char SEP = File.separatorChar;
      File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security");
      file = new File(dir, "jssecacerts");
      if (file.isFile() == false) {
        file = new File(dir, "cacerts");
      }
    }
    System.out.println("Loading KeyStore " + file + "...");
    KeyStore ks;
    InputStream in = new FileInputStream(file);
    ks = KeyStore.getInstance(KeyStore.getDefaultType());
    ks.load(in, passphrase);

    SSLContext context = SSLContext.getInstance("TLS");
    TrustManagerFactory tmf =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(ks);
    X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
    SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
    context.init(null, new TrustManager[] {tm}, null);
    SSLSocketFactory factory = context.getSocketFactory();

    System.out.println("Opening connection to " + host + ":" + port + "...");
    SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
    socket.setSoTimeout(10000);
    try {
      System.out.println("Starting SSL handshake...");
      socket.startHandshake();
      socket.close();
      System.out.println();
      System.out.println("No errors, certificate is already trusted");
    } catch (SSLException e) {
      System.out.println();
      e.printStackTrace(System.out);
    }

    X509Certificate[] chain = tm.chain;
    if (chain == null) {
      System.out.println("Could not obtain server certificate chain");
      return;
    }

    BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));

    System.out.println();
    System.out.println("Server sent " + chain.length + " certificate(s):");
    System.out.println();
    MessageDigest sha1 = MessageDigest.getInstance("SHA1");
    MessageDigest md5 = MessageDigest.getInstance("MD5");
    for (int i = 0; i < chain.length; i++) {
      X509Certificate cert = chain[i];
      System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN());
      System.out.println("   Issuer  " + cert.getIssuerDN());
      sha1.update(cert.getEncoded());
      System.out.println("   sha1    " + toHexString(sha1.digest()));
      md5.update(cert.getEncoded());
      System.out.println("   md5     " + toHexString(md5.digest()));
      System.out.println();
    }

    System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
    String line = reader.readLine().trim();
    int k;
    try {
      k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
    } catch (NumberFormatException e) {
      System.out.println("KeyStore not changed");
      return;
    }

    X509Certificate cert = chain[k];
    String alias = host + "-" + (k + 1);
    ks.setCertificateEntry(alias, cert);

    OutputStream out = new FileOutputStream("jssecacerts");
    ks.store(out, passphrase);
    out.close();

    System.out.println();
    System.out.println(cert);
    System.out.println();
    System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'");
  }
Example #26
0
  public static void main(String[] args) {
    BufferedReader sysIn =
        new BufferedReader(new InputStreamReader(System.in)); // Read from console
    PrintStream sysOut = System.out; // Print to console
    SSLSocketFactory mainFactory =
        (SSLSocketFactory) SSLSocketFactory.getDefault(); // Get default SSL socket factory
    try {
      SSLSocket clientSocket =
          (SSLSocket)
              mainFactory.createSocket(
                  "pop.mail.yahoo.com", 995); // create, connect, start handshake
      printSocketInfo(clientSocket); // Print connection info
      BufferedWriter serverWriter =
          new BufferedWriter(
              new OutputStreamWriter(clientSocket.getOutputStream())); // Write to server
      BufferedReader serverReader =
          new BufferedReader(
              new InputStreamReader(clientSocket.getInputStream())); // Read from server

      String serverInput = null; // Stores latest line from server
      String userInput = ""; // Stores lastest input line from user
      boolean tryRead =
          true; // Whether to read next line from serverReader (prevents blocking on multiline SMTP
                // responses)

      // The below booleans, used to successully close the connection, might be unnecessary
      boolean quitUser = false; // Whether the user has entered quit, might be unnecessary
      boolean openRead = true; // Whether serverReader is still open (serverInput != null)
      boolean openSocket = true; // Whether clientSocket is still open (clientSocket != null)

      // SMTP input variables
      boolean sendingData = false;
      boolean multi = false;

      // Main connection loop
      while (openSocket && openRead && !quitUser) {
        if (clientSocket == null) { // Break if socket is closed
          openSocket = false;
          break;
        }
        // Display server response/message
        if (multi) {
          while (tryRead) {
            serverInput = serverReader.readLine();
            if (serverInput == null) { // If serverReader gets closed/connection broken
              openRead = false;
              tryRead = false;
              break;
            }
            sysOut.println(serverInput);
            // Check for multiline response or error
            if (serverInput.equals(".")
                || (serverInput.length() >= 4 && serverInput.startsWith("-ERR"))) {
              tryRead = false;
            } else {
              tryRead = true;
            }
          }
        } else {
          serverInput = serverReader.readLine();
          if (serverInput == null) { // If serverReader gets closed/connection broken
            openRead = false;
            tryRead = false;
            break;
          }
          sysOut.println(serverInput);
        }
        multi = false;
        // Exit client if connection lost/closed prematurely
        if (openSocket == false || openRead == false) {
          break;
        }
        // If user previously entered quit
        if (userInput.length() >= 4 && userInput.substring(0, 4).equalsIgnoreCase("quit")) {
          quitUser = true;
          break;
        }
        // Get user input
        userInput = ""; // Reset userInput to show prompt
        // Read user input, display prompt if blank enter, otherwise send to server
        while (userInput.equals("")) {
          sysOut.print("C: ");
          userInput = sysIn.readLine();
        }
        serverWriter.write(userInput, 0, userInput.length()); // Writing to server
        serverWriter.newLine();
        serverWriter.flush();
        tryRead = true;
        // Prepare for multi-line response if list, uidl, retr, or top
        if (userInput.equalsIgnoreCase("list")
            || userInput.equalsIgnoreCase("uidl")
            || userInput.equalsIgnoreCase("auth")
            || (userInput.length() >= 4 && userInput.substring(0, 4).equalsIgnoreCase("capa"))
            || (userInput.length() >= 4 && userInput.substring(0, 4).equalsIgnoreCase("retr"))
            || (userInput.length() >= 4 && userInput.substring(0, 3).equalsIgnoreCase("top"))) {
          multi = true;
        }
      }
      // Clean up all connection objects
      serverWriter.close();
      serverReader.close();
      clientSocket.close();
      sysIn.close();
      sysOut.close();
    } catch (IOException e) {
      System.err.println(e.toString());
    }
  }
Example #27
0
 public SSLSocket convertToSecureServerSocket(final Socket socket, final String domain)
     throws Exception {
   SSLSocket sslSocket = convertToSecureSocket(socket, domain);
   sslSocket.setUseClientMode(false);
   return sslSocket;
 }
Example #28
0
  public static void main(String[] args) throws Exception {
    String host = null;
    int port = -1;
    for (int i = 0; i < args.length; i++) {
      System.out.println("args[" + i + "] = " + args[i]);
    }
    if (args.length < 2) {
      System.out.println("USAGE: java client host port");
      System.exit(-1);
    }
    try {
        /* get input parameters */
      host = args[0];
      port = Integer.parseInt(args[1]);
    } catch (IllegalArgumentException e) {
      System.out.println("USAGE: java client host port");
      System.exit(-1);
    }

    try {
        /* set up a key manager for client authentication */
      SSLSocketFactory factory = null;
      try {
        KeyStore ks = KeyStore.getInstance("JKS");
        KeyStore ts = KeyStore.getInstance("JKS");
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
        SSLContext ctx = SSLContext.getInstance("TLS");
        BufferedReader br = new BufferedReader(new InputStreamReader(System.in));

        System.out.print("Enter keystore: ");
        String keystoreName = br.readLine();
        Console cons = System.console();

        if (cons != null) {
          password = cons.readPassword("%s", "Password: "******"Cannot find a console to read password from. Eclipse CANNOT fork a terminal child process.");
        }

        ks.load(new FileInputStream("keystores/" + keystoreName), password); // keystore
        // password
        // (storepass)
        char[] cliTrustPW = "password".toCharArray();
        ts.load(new FileInputStream("clienttruststore"), cliTrustPW); // truststore
        // password
        // (storepass);
        kmf.init(ks, password); // user password (keypass)
        tmf.init(ts); // keystore can be used as truststore here
        ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
        factory = ctx.getSocketFactory();
      } catch (Exception e) {
        e.printStackTrace();
        throw new IOException(e.getMessage());
      }

      SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
      System.out.println("Handshake socket: " + socket + "\n");

      /*
       * send http request
       *
       * See SSLSocketClient.java for more information about why there is
       * a forced handshake here when using PrintWriters.
       */
      socket.startHandshake();

      SSLSession session = socket.getSession();
      X509Certificate cert = (X509Certificate) session.getPeerCertificateChain()[0];
      System.out.println("Server DN: " + cert.getSubjectDN().getName());
      System.out.println("Handshake socket: " + socket);
      System.out.println("Secure connection.");
      System.out.println("Issuer DN: " + cert.getIssuerDN().getName());
      System.out.println("Serial N: " + cert.getSerialNumber().toString());

      read = new BufferedReader(new InputStreamReader(System.in));
      serverMsg = new BufferedReader(new InputStreamReader(socket.getInputStream()));
      out = new PrintWriter(socket.getOutputStream(), true);
      ois = new ObjectInputStream(socket.getInputStream());
      records = new ArrayList<Record>();

      boolean isLoggedIn = false;
      boolean isDone = false;

      isLoggedIn = waitForLoginData();

      if (!isLoggedIn) {
        System.out.println(
            "This certificate does not have a user. \n Press the RETURN key to exit.");
        System.console().readLine();

        out.close();
        read.close();
        socket.close();
        return;
      }

      boolean accessDenied = false;

      while (!isDone) {

        if (accessDenied) {
          System.out.println(
              "Access denied, or no such record exists! \n Type 'help' for commands.");
        }

        System.out.print(user.getUsername() + " commands>");
        msg = read.readLine();
        fetchRecords();
        splitMsg = msg.split("\\s+");

        try {
          if (msg.equalsIgnoreCase("quit")) {
            break;
          } else if (msg.equalsIgnoreCase("help")) {
            printHelp();
          } else if (splitMsg[0].equalsIgnoreCase("records")) {
            printRecords();
            accessDenied = false;
          } else if (splitMsg[0].equalsIgnoreCase("edit") && (accessDenied = hasPermissions(msg))) {
            editRecord(splitMsg[1]);
            fetchRecords();
            accessDenied = false;
          } else if (splitMsg[0].equalsIgnoreCase("read") && (accessDenied = hasPermissions(msg))) {
            printRecord(splitMsg[1]);
            accessDenied = false;
          } else if (splitMsg[0].equalsIgnoreCase("delete")
              && (accessDenied = hasPermissions(msg))) {
            for (Record r : records) {
              if (r.getId() == Long.parseLong(splitMsg[1])) {
                r.delete(user);
                accessDenied = false;
              }
            }
            fetchRecords();
          } else if (splitMsg[0].equalsIgnoreCase("create")
              && (accessDenied = hasPermissions(msg))) {
            createRecord();
            fetchRecords();
            accessDenied = false;
          } else {
            accessDenied = true;
          }
        } catch (Exception e) {
          accessDenied = true;
        }
      }

      ois.close();
      out.close();
      read.close();
      socket.close();
    } catch (Exception e) {
      e.printStackTrace();
    }
  }
  /*
   * Define the server side of the test.
   *
   * If the server prematurely exits, serverReady will be set to true
   * to avoid infinite hangs.
   */
  void doServerSide() throws Exception {
    KeyStore ks = KeyStore.getInstance("JKS");
    com.sun.net.ssl.SSLContext ctx = com.sun.net.ssl.SSLContext.getInstance("TLS");
    com.sun.net.ssl.KeyManagerFactory kmf =
        com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");

    ks.load(new FileInputStream(keyFilename), cpasswd);
    kmf.init(ks, cpasswd);

    com.sun.net.ssl.TrustManager[] tms =
        new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()};

    ctx.init(kmf.getKeyManagers(), tms, null);

    SSLServerSocketFactory sslssf = (SSLServerSocketFactory) ctx.getServerSocketFactory();

    SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort);
    serverPort = sslServerSocket.getLocalPort();

    sslServerSocket.setNeedClientAuth(true);

    /*
     * Create using the other type.
     */
    SSLContext ctx1 = SSLContext.getInstance("TLS");
    KeyManagerFactory kmf1 = KeyManagerFactory.getInstance("SunX509");

    TrustManager[] tms1 = new TrustManager[] {new MyJavaxX509TrustManager()};

    kmf1.init(ks, cpasswd);

    ctx1.init(kmf1.getKeyManagers(), tms1, null);

    sslssf = (SSLServerSocketFactory) ctx1.getServerSocketFactory();

    SSLServerSocket sslServerSocket1 = (SSLServerSocket) sslssf.createServerSocket(serverPort1);
    serverPort1 = sslServerSocket1.getLocalPort();
    sslServerSocket1.setNeedClientAuth(true);

    /*
     * Signal Client, we're ready for his connect.
     */
    serverReady = true;

    SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
    sslServerSocket.close();
    serverReady = false;

    InputStream sslIS = sslSocket.getInputStream();
    OutputStream sslOS = sslSocket.getOutputStream();

    sslIS.read();
    sslOS.write(85);
    sslOS.flush();
    sslSocket.close();

    sslSocket = (SSLSocket) sslServerSocket1.accept();
    sslIS = sslSocket.getInputStream();
    sslOS = sslSocket.getOutputStream();

    sslIS.read();
    sslOS.write(85);
    sslOS.flush();
    sslSocket.close();

    System.out.println("Server exiting!");
    System.out.flush();
  }