public TLSServer(KeyStore keyStore, String password, String protocol, int port)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
UnrecoverableKeyException, KeyManagementException {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, password.toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
sslContext = SSLContext.getInstance(protocol);
sslContext.init(keyManagers, trustManagers, null);
cipherSuites = sslContext.getServerSocketFactory().getSupportedCipherSuites();
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Provider: " + sslContext.getProvider());
LOGGER.debug(
"Supported cipher suites ("
+ sslContext.getServerSocketFactory().getSupportedCipherSuites().length
+ ")");
for (String c : sslContext.getServerSocketFactory().getSupportedCipherSuites()) {
LOGGER.debug(" " + c);
}
}
this.port = port;
LOGGER.info("SSL Server successfully initialized!");
}
// =========================================================================================================
// HTTPS handling
private HttpServer createHttpsServer(
InetSocketAddress pSocketAddress, JolokiaServerConfig pConfig) {
// initialise the HTTPS server
try {
HttpsServer server = HttpsServer.create(pSocketAddress, pConfig.getBacklog());
SSLContext sslContext = SSLContext.getInstance(pConfig.getSecureSocketProtocol());
// initialise the keystore
KeyStore ks = getKeyStore(pConfig);
// setup the key manager factory
KeyManagerFactory kmf = getKeyManagerFactory(pConfig);
kmf.init(ks, pConfig.getKeystorePassword());
// setup the trust manager factory
TrustManagerFactory tmf = getTrustManagerFactory(pConfig);
tmf.init(ks);
// setup the HTTPS context and parameters
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// Update the config to filter out bad protocols or ciphers
pConfig.updateHTTPSSettingsFromContext(sslContext);
server.setHttpsConfigurator(new JolokiaHttpsConfigurator(sslContext, pConfig));
return server;
} catch (GeneralSecurityException e) {
throw new IllegalStateException("Cannot use keystore for https communication: " + e, e);
} catch (IOException e) {
throw new IllegalStateException("Cannot open keystore for https communication: " + e, e);
}
}
private SSLSocketFactory createSocketFactory(String domain) throws Exception {
SSLSocketFactory factory;
KeyManagerFactory keyManagerFactory = getKeyManagerFactory(keystore, KEYSTORE_PASSWORD);
SSLContext sslContext = SSLContext.getInstance("TLS");
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
keyManagers = wrapKeyManagers(keyManagers, domain);
sslContext.init(keyManagers, getAllTrustingManager(), secureRandom);
factory = sslContext.getSocketFactory();
return factory;
}
/*
* Define the client side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doClientSide() throws Exception {
/*
* Wait for server to get started.
*/
while (!serverReady) {
Thread.sleep(50);
}
/*
* See if an unknown keystore actually gets checked ok.
*/
System.out.println("==============");
System.out.println("Starting test0");
KeyStore uks = KeyStore.getInstance("JKS");
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
uks.load(new FileInputStream(unknownFilename), cpasswd);
kmf.init(uks, cpasswd);
TrustManager[] tms = new TrustManager[] {new MyJavaxX509TrustManager()};
ctx.init(kmf.getKeyManagers(), tms, null);
SSLSocketFactory sslsf = (SSLSocketFactory) ctx.getSocketFactory();
System.out.println("Trying first socket " + serverPort);
SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort);
doTest(sslSocket);
/*
* Now try the other way.
*/
com.sun.net.ssl.SSLContext ctx1 = com.sun.net.ssl.SSLContext.getInstance("TLS");
com.sun.net.ssl.KeyManagerFactory kmf1 =
com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
kmf1.init(uks, cpasswd);
com.sun.net.ssl.TrustManager[] tms1 =
new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()};
ctx1.init(kmf1.getKeyManagers(), tms1, null);
sslsf = (SSLSocketFactory) ctx1.getSocketFactory();
System.out.println("Trying second socket " + serverPort1);
sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort1);
doTest(sslSocket);
System.out.println("Completed test1");
}
public static void main(String args[]) {
int port = 6502;
SSLServerSocket server;
try {
// get the keystore into memory
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keyStore), keyStorePass);
// initialize the key manager factory with the keystore data
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyStorePass);
// initialize the SSLContext engine
// may throw NoSuchProvider or NoSuchAlgorithm exception
// TLS - Transport Layer Security most generic
SSLContext sslContext = SSLContext.getInstance("TLS");
// Inititialize context with given KeyManagers, TrustManagers,
// SecureRandom defaults taken if null
sslContext.init(kmf.getKeyManagers(), null, null);
// Get ServerSocketFactory from the context object
ServerSocketFactory ssf = sslContext.getServerSocketFactory();
// Now like programming with normal server sockets
ServerSocket serverSocket = ssf.createServerSocket(port);
System.out.println("Accepting secure connections");
Socket client = serverSocket.accept();
System.out.println("Got connection");
BufferedWriter out = new BufferedWriter(new OutputStreamWriter(client.getOutputStream()));
BufferedReader in = new BufferedReader(new InputStreamReader(client.getInputStream()));
String username = in.readLine();
String password = in.readLine();
if (username.equals("Josh") && password.equals("GoBucs")) {
out.write("Greeting Client");
} else {
out.write("Sorry, you are not authorized");
}
out.flush();
in.close();
out.close();
} catch (Exception e) {
System.out.println("Exception thrown " + e);
}
}
void main1() throws SQLException, IOException, KeyManagementException, NoSuchAlgorithmException {
netNodeTable.connectToFedAll();
SSLContext context = SSLContext.getInstance("TLS");
context.init(
defaultKmf.getKeyManagers(), new TrustManager[] {new AnyClientTrustManager()}, null);
SSLServerSocket serverSocket =
(SSLServerSocket) context.getServerSocketFactory().createServerSocket(port);
serverSocket.setNeedClientAuth(true);
userInputThread.start();
while (true) {
SSLSocket clientSocket = (SSLSocket) serverSocket.accept();
fingTable.addAndStart(new FingThread(myDb.create(), netNodeTable, fingTable, clientSocket));
}
}
JSSEServer(CipherTest cipherTest) throws Exception {
super(cipherTest);
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(
new KeyManager[] {cipherTest.keyManager},
new TrustManager[] {cipherTest.trustManager},
cipherTest.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory) serverContext.getServerSocketFactory();
serverSocket = (SSLServerSocket) factory.createServerSocket(cipherTest.serverPort);
cipherTest.serverPort = serverSocket.getLocalPort();
serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites());
serverSocket.setWantClientAuth(true);
}
/*
* If this is a secure server, we now setup the SSLContext we'll
* use for creating the SSLEngines throughout the lifetime of
* this process.
*/
private void createSSLContext() throws Exception {
char[] passphrase = "passphrase".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("testkeys"), passphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
}
public static SSLContext createSSLContext(AtomicBoolean trust) {
try {
KeyManager[] keyManagers = createKeyManagers();
TrustManager[] trustManagers =
new TrustManager[] {
dummyTrustManager(trust, (X509TrustManager) createTrustManagers()[0])
};
SecureRandom secureRandom = new SecureRandom();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, secureRandom);
return sslContext;
} catch (Exception e) {
throw new Error("Failed to initialize the server-side SSLContext", e);
}
}
public static SSLContext sslContext() throws Exception {
// trust manager
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(buildKeyStore());
// key manager
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(buildKeyStore(), KEY_STORE_PASSWORD.toCharArray());
// ssl context
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(
keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
return sslContext;
}
private Socket secureConnect() throws IOException {
if (socket_factory == null) {
try {
SSLContext context = SSLContext.getInstance("TLS");
context.init(getKeyManagers(config.getCertFile(), config.getCertPhrase()), null, sec_rnd);
socket_factory = context.getSocketFactory();
} catch (GeneralSecurityException security_exception) {
throw new IOException("Failed to create SSL socket factory.");
} catch (IOException io_exception) {
throw new IOException("Failed to read APNS certificate.");
}
}
SSLSocket ssl_socket = null;
ssl_socket =
(SSLSocket)
socket_factory.createSocket(config.getHostname(service), config.getPort(service));
ssl_socket.setUseClientMode(true);
return ssl_socket;
}
public static void main(PeerFactory peerFactory, KeyStore keyStore, String[] args)
throws Exception {
long time = System.currentTimeMillis();
String relPath;
if ((args != null) && (args.length > 0) && args[0].equals("sh")) {
relPath = pathToStoresSH;
} else {
relPath = pathToStores;
}
PATH = new File(System.getProperty("test.src", "."), relPath);
CipherTest.peerFactory = peerFactory;
System.out.print("Initializing test '" + peerFactory.getName() + "'...");
// secureRandom = new SecureRandom();
// secureRandom.nextInt();
// trustStore = readKeyStore(trustStoreFile);
CipherTest.keyStore = keyStore;
// keyStore = readKeyStore(keyStoreFile);
KeyManagerFactory keyFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, "test12".toCharArray());
keyManager = (X509ExtendedKeyManager) keyFactory.getKeyManagers()[0];
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
trustManager = (X509TrustManager) tmf.getTrustManagers()[0];
// trustManager = new AlwaysTrustManager();
SSLContext context = SSLContext.getInstance("TLS");
context.init(new KeyManager[] {keyManager}, new TrustManager[] {trustManager}, null);
SSLContext.setDefault(context);
CipherTest cipherTest = new CipherTest(peerFactory);
Thread serverThread = new Thread(peerFactory.newServer(cipherTest), "Server");
serverThread.setDaemon(true);
serverThread.start();
System.out.println("Done");
cipherTest.run();
time = System.currentTimeMillis() - time;
System.out.println("Done. (" + time + " ms)");
}
public static TcpSocket makeTls(TcpSocket upgrade) {
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, null, null);
// get SSL factory because Java loves factories!
SSLSocketFactory factory = sslContext.getSocketFactory();
// create new SSL socket
SSLSocket socket;
if (upgrade == null) {
socket = (SSLSocket) factory.createSocket();
}
// upgrade an existing socket
else {
socket =
(SSLSocket)
factory.createSocket(
upgrade.peer.socket,
upgrade.peer.socket.getInetAddress().getHostAddress(),
upgrade.peer.socket.getPort(),
false);
socket.setUseClientMode(true);
socket.startHandshake();
}
// create the new TcpSocket instance
TcpSocket self = new TcpSocket();
self.peer = new TcpSocketPeer(socket);
// if upgrade, then initialize socket as already connected
if (upgrade != null) self.peer.connected(self);
return self;
} catch (Exception e) {
throw IOErr.make(e);
}
}
static {
try {
KeyStore ks = KeyStore.getInstance("JKS");
KeyStore ts = KeyStore.getInstance("JKS");
char[] passphrase = "passphrase".toCharArray();
ks.load(new FileInputStream(keyFilename), passphrase);
ts.load(new FileInputStream(trustFilename), passphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
sslc = sslCtx;
} catch (Exception e) {
loadException = e;
}
}
/*
* Define the server side of the test.
*
* If the server prematurely exits, serverReady will be set to true
* to avoid infinite hangs.
*/
void doServerSide() throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
com.sun.net.ssl.SSLContext ctx = com.sun.net.ssl.SSLContext.getInstance("TLS");
com.sun.net.ssl.KeyManagerFactory kmf =
com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
ks.load(new FileInputStream(keyFilename), cpasswd);
kmf.init(ks, cpasswd);
com.sun.net.ssl.TrustManager[] tms =
new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()};
ctx.init(kmf.getKeyManagers(), tms, null);
SSLServerSocketFactory sslssf = (SSLServerSocketFactory) ctx.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort);
serverPort = sslServerSocket.getLocalPort();
sslServerSocket.setNeedClientAuth(true);
/*
* Create using the other type.
*/
SSLContext ctx1 = SSLContext.getInstance("TLS");
KeyManagerFactory kmf1 = KeyManagerFactory.getInstance("SunX509");
TrustManager[] tms1 = new TrustManager[] {new MyJavaxX509TrustManager()};
kmf1.init(ks, cpasswd);
ctx1.init(kmf1.getKeyManagers(), tms1, null);
sslssf = (SSLServerSocketFactory) ctx1.getServerSocketFactory();
SSLServerSocket sslServerSocket1 = (SSLServerSocket) sslssf.createServerSocket(serverPort1);
serverPort1 = sslServerSocket1.getLocalPort();
sslServerSocket1.setNeedClientAuth(true);
/*
* Signal Client, we're ready for his connect.
*/
serverReady = true;
SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
sslServerSocket.close();
serverReady = false;
InputStream sslIS = sslSocket.getInputStream();
OutputStream sslOS = sslSocket.getOutputStream();
sslIS.read();
sslOS.write(85);
sslOS.flush();
sslSocket.close();
sslSocket = (SSLSocket) sslServerSocket1.accept();
sslIS = sslSocket.getInputStream();
sslOS = sslSocket.getOutputStream();
sslIS.read();
sslOS.write(85);
sslOS.flush();
sslSocket.close();
System.out.println("Server exiting!");
System.out.flush();
}
