public HTTPSConnectSocket(String host, int port, String urlString) throws IOException { URL url = null; try { url = new URL(urlString); } catch (MalformedURLException me) { System.out.println("Malformed url"); System.exit(1); } SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault(); ssl = (SSLSocket) ssf.createSocket(host, port); ssl.startHandshake(); // Send the CONNECT request ssl.getOutputStream().write(("CONNECT " + url.getFile() + " HTTP/1.0\r\n\r\n").getBytes()); // Read the first line of the response DataInputStream is = new DataInputStream(ssl.getInputStream()); String str = is.readLine(); // Check the HTTP error code -- it should be "200" on success if (!str.startsWith("HTTP/1.1 200 ")) { if (str.startsWith("HTTP/1.1 ")) str = str.substring(9); throw new IOException("Proxy reports \"" + str + "\""); } // Success -- skip remaining HTTP headers do { str = is.readLine(); } while (str.length() != 0); }
public static SSLSocket wrapSocket(Socket socket) throws Exception { // ssl socket factory SSLSocketFactory sslSocketFactory = sslContext().getSocketFactory(); // ssl socket SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket( socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true); sslSocket.setUseClientMode(true); sslSocket.startHandshake(); return sslSocket; }
public static TcpSocket makeTls(TcpSocket upgrade) { try { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, null, null); // get SSL factory because Java loves factories! SSLSocketFactory factory = sslContext.getSocketFactory(); // create new SSL socket SSLSocket socket; if (upgrade == null) { socket = (SSLSocket) factory.createSocket(); } // upgrade an existing socket else { socket = (SSLSocket) factory.createSocket( upgrade.peer.socket, upgrade.peer.socket.getInetAddress().getHostAddress(), upgrade.peer.socket.getPort(), false); socket.setUseClientMode(true); socket.startHandshake(); } // create the new TcpSocket instance TcpSocket self = new TcpSocket(); self.peer = new TcpSocketPeer(socket); // if upgrade, then initialize socket as already connected if (upgrade != null) self.peer.connected(self); return self; } catch (Exception e) { throw IOErr.make(e); } }
/* * Define the server side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doServerSide() throws Exception { SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); /* * Signal Client, we're ready for his connect. */ serverReady = true; SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); sslSocket.addHandshakeCompletedListener(this); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); for (int i = 0; i < 10; i++) { sslIS.read(); sslOS.write(85); sslOS.flush(); } System.out.println("invalidating"); sslSocket.getSession().invalidate(); System.out.println("starting new handshake"); sslSocket.startHandshake(); for (int i = 0; i < 10; i++) { System.out.println("sending/receiving data, iteration: " + i); sslIS.read(); sslOS.write(85); sslOS.flush(); } sslSocket.close(); }
/** * SSL/TLS negotiation. Acquires an SSL socket of a connection and carries out handshake * processing. * * @throws java.io.IOException If server negotiation fails. */ private void performSSLNegotiation() throws IOException { initSSLContext(); SSLSocketFactory ssf = context.getSocketFactory(); String ip = getRemoteAddress().getHostAddress(); int port = getRemotePort(); SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, ip, port, true); socket.setEnableSessionCreation(true); socket.setUseClientMode(true); if (protocols != null) { socket.setEnabledProtocols(protocols); } if (suites != null) { socket.setEnabledCipherSuites(suites); } socket.startHandshake(); _socket_ = socket; _input_ = socket.getInputStream(); _output_ = socket.getOutputStream(); _reader = new CRLFLineReader(new InputStreamReader(_input_, encoding)); _writer = new BufferedWriter(new OutputStreamWriter(_output_, encoding)); }
public static void main(String[] args) throws Exception { String host; int port; char[] passphrase; if ((args.length == 1) || (args.length == 2)) { String[] c = args[0].split(":"); host = c[0]; port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); String p = (args.length == 1) ? "changeit" : args[1]; passphrase = p.toCharArray(); } else { System.out.println("Usage: java InstallCert <host>[:port] [passphrase]"); return; } File file = new File("jssecacerts"); if (file.isFile() == false) { char SEP = File.separatorChar; File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security"); file = new File(dir, "jssecacerts"); if (file.isFile() == false) { file = new File(dir, "cacerts"); } } System.out.println("Loading KeyStore " + file + "..."); KeyStore ks; InputStream in = new FileInputStream(file); ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(in, passphrase); SSLContext context = SSLContext.getInstance("TLS"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); context.init(null, new TrustManager[] {tm}, null); SSLSocketFactory factory = context.getSocketFactory(); System.out.println("Opening connection to " + host + ":" + port + "..."); SSLSocket socket = (SSLSocket) factory.createSocket(host, port); socket.setSoTimeout(10000); try { System.out.println("Starting SSL handshake..."); socket.startHandshake(); socket.close(); System.out.println(); System.out.println("No errors, certificate is already trusted"); } catch (SSLException e) { System.out.println(); e.printStackTrace(System.out); } X509Certificate[] chain = tm.chain; if (chain == null) { System.out.println("Could not obtain server certificate chain"); return; } BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); System.out.println(); System.out.println("Server sent " + chain.length + " certificate(s):"); System.out.println(); MessageDigest sha1 = MessageDigest.getInstance("SHA1"); MessageDigest md5 = MessageDigest.getInstance("MD5"); for (int i = 0; i < chain.length; i++) { X509Certificate cert = chain[i]; System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN()); System.out.println(" Issuer " + cert.getIssuerDN()); sha1.update(cert.getEncoded()); System.out.println(" sha1 " + toHexString(sha1.digest())); md5.update(cert.getEncoded()); System.out.println(" md5 " + toHexString(md5.digest())); System.out.println(); } System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); String line = reader.readLine().trim(); int k; try { k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; } catch (NumberFormatException e) { System.out.println("KeyStore not changed"); return; } X509Certificate cert = chain[k]; String alias = host + "-" + (k + 1); ks.setCertificateEntry(alias, cert); OutputStream out = new FileOutputStream("jssecacerts"); ks.store(out, passphrase); out.close(); System.out.println(); System.out.println(cert); System.out.println(); System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'"); }
public static void main(String[] args) throws Exception { String host = null; int port = -1; for (int i = 0; i < args.length; i++) { System.out.println("args[" + i + "] = " + args[i]); } if (args.length < 2) { System.out.println("USAGE: java client host port"); System.exit(-1); } try { /* get input parameters */ host = args[0]; port = Integer.parseInt(args[1]); } catch (IllegalArgumentException e) { System.out.println("USAGE: java client host port"); System.exit(-1); } try { /* set up a key manager for client authentication */ SSLSocketFactory factory = null; try { KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); SSLContext ctx = SSLContext.getInstance("TLS"); BufferedReader br = new BufferedReader(new InputStreamReader(System.in)); System.out.print("Enter keystore: "); String keystoreName = br.readLine(); Console cons = System.console(); if (cons != null) { password = cons.readPassword("%s", "Password: "******"Cannot find a console to read password from. Eclipse CANNOT fork a terminal child process."); } ks.load(new FileInputStream("keystores/" + keystoreName), password); // keystore // password // (storepass) char[] cliTrustPW = "password".toCharArray(); ts.load(new FileInputStream("clienttruststore"), cliTrustPW); // truststore // password // (storepass); kmf.init(ks, password); // user password (keypass) tmf.init(ts); // keystore can be used as truststore here ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); factory = ctx.getSocketFactory(); } catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } SSLSocket socket = (SSLSocket) factory.createSocket(host, port); System.out.println("Handshake socket: " + socket + "\n"); /* * send http request * * See SSLSocketClient.java for more information about why there is * a forced handshake here when using PrintWriters. */ socket.startHandshake(); SSLSession session = socket.getSession(); X509Certificate cert = (X509Certificate) session.getPeerCertificateChain()[0]; System.out.println("Server DN: " + cert.getSubjectDN().getName()); System.out.println("Handshake socket: " + socket); System.out.println("Secure connection."); System.out.println("Issuer DN: " + cert.getIssuerDN().getName()); System.out.println("Serial N: " + cert.getSerialNumber().toString()); read = new BufferedReader(new InputStreamReader(System.in)); serverMsg = new BufferedReader(new InputStreamReader(socket.getInputStream())); out = new PrintWriter(socket.getOutputStream(), true); ois = new ObjectInputStream(socket.getInputStream()); records = new ArrayList<Record>(); boolean isLoggedIn = false; boolean isDone = false; isLoggedIn = waitForLoginData(); if (!isLoggedIn) { System.out.println( "This certificate does not have a user. \n Press the RETURN key to exit."); System.console().readLine(); out.close(); read.close(); socket.close(); return; } boolean accessDenied = false; while (!isDone) { if (accessDenied) { System.out.println( "Access denied, or no such record exists! \n Type 'help' for commands."); } System.out.print(user.getUsername() + " commands>"); msg = read.readLine(); fetchRecords(); splitMsg = msg.split("\\s+"); try { if (msg.equalsIgnoreCase("quit")) { break; } else if (msg.equalsIgnoreCase("help")) { printHelp(); } else if (splitMsg[0].equalsIgnoreCase("records")) { printRecords(); accessDenied = false; } else if (splitMsg[0].equalsIgnoreCase("edit") && (accessDenied = hasPermissions(msg))) { editRecord(splitMsg[1]); fetchRecords(); accessDenied = false; } else if (splitMsg[0].equalsIgnoreCase("read") && (accessDenied = hasPermissions(msg))) { printRecord(splitMsg[1]); accessDenied = false; } else if (splitMsg[0].equalsIgnoreCase("delete") && (accessDenied = hasPermissions(msg))) { for (Record r : records) { if (r.getId() == Long.parseLong(splitMsg[1])) { r.delete(user); accessDenied = false; } } fetchRecords(); } else if (splitMsg[0].equalsIgnoreCase("create") && (accessDenied = hasPermissions(msg))) { createRecord(); fetchRecords(); accessDenied = false; } else { accessDenied = true; } } catch (Exception e) { accessDenied = true; } } ois.close(); out.close(); read.close(); socket.close(); } catch (Exception e) { e.printStackTrace(); } }