/* * Define the client side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doClientSide() throws Exception { /* * Wait for server to get started. */ while (!serverReady) { Thread.sleep(50); } SSLSocketFactory sslsf = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); for (int i = 0; i < 10; i++) { sslOS.write(280); sslOS.flush(); sslIS.read(); } for (int i = 0; i < 10; i++) { sslOS.write(280); sslOS.flush(); sslIS.read(); } sslSocket.close(); }
public static void main(String[] args) throws IOException { System.out.println("opening a secure socket"); SSLServerSocketFactory secSocketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); SSLServerSocket secSocket = (SSLServerSocket) secSocketFactory.createServerSocket(portNo); String[] enabledCipherSuites = {"SSL_DH_anon_WITH_RC4_128_MD5"}; secSocket.setEnabledCipherSuites(enabledCipherSuites); System.out.println("Listening on port no: " + portNo); SSLSocket socket = (SSLSocket) secSocket.accept(); System.out.println("Got a connection from: " + socket.getInetAddress().toString()); PrintWriter out = new PrintWriter(socket.getOutputStream(), true); BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream())); String line = in.readLine(); while (line != null) { System.out.println(line); line = in.readLine(); } out.close(); in.close(); socket.close(); secSocket.close(); }
private CipherTest(PeerFactory peerFactory) throws IOException { THREADS = Integer.parseInt(System.getProperty("numThreads", "4")); factory = (SSLSocketFactory) SSLSocketFactory.getDefault(); SSLSocket socket = (SSLSocket) factory.createSocket(); String[] cipherSuites = socket.getSupportedCipherSuites(); String[] protocols = socket.getSupportedProtocols(); // String[] clientAuths = {null, "RSA", "DSA"}; String[] clientAuths = {null}; tests = new ArrayList<TestParameters>(cipherSuites.length * protocols.length * clientAuths.length); for (int i = 0; i < cipherSuites.length; i++) { String cipherSuite = cipherSuites[i]; for (int j = 0; j < protocols.length; j++) { String protocol = protocols[j]; if (!peerFactory.isSupported(cipherSuite, protocol)) { continue; } for (int k = 0; k < clientAuths.length; k++) { String clientAuth = clientAuths[k]; if ((clientAuth != null) && (cipherSuite.indexOf("DH_anon") != -1)) { // no client with anonymous ciphersuites continue; } tests.add(new TestParameters(cipherSuite, protocol, clientAuth)); } } } testIterator = tests.iterator(); }
public HTTPSConnectSocket(String host, int port, String urlString) throws IOException { URL url = null; try { url = new URL(urlString); } catch (MalformedURLException me) { System.out.println("Malformed url"); System.exit(1); } SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault(); ssl = (SSLSocket) ssf.createSocket(host, port); ssl.startHandshake(); // Send the CONNECT request ssl.getOutputStream().write(("CONNECT " + url.getFile() + " HTTP/1.0\r\n\r\n").getBytes()); // Read the first line of the response DataInputStream is = new DataInputStream(ssl.getInputStream()); String str = is.readLine(); // Check the HTTP error code -- it should be "200" on success if (!str.startsWith("HTTP/1.1 200 ")) { if (str.startsWith("HTTP/1.1 ")) str = str.substring(9); throw new IOException("Proxy reports \"" + str + "\""); } // Success -- skip remaining HTTP headers do { str = is.readLine(); } while (str.length() != 0); }
public static void main(String[] args) throws Exception { Properties properties = new Properties(); FileInputStream propFile = new FileInputStream("store.properties"); properties.load(propFile); final String id = properties.getProperty("ID"); final String placeForFiles = properties.getProperty("FilePlace"); int servicePort = Integer.parseInt(properties.getProperty("ServicePort")); int tcpPort = Integer.parseInt(properties.getProperty("TCPPort")); String ksName = properties.getProperty("KeyStore"); KeyStore ks = KeyStore.getInstance(properties.getProperty("KeyStoreType")); char[] password = properties.getProperty("Password").toCharArray(); char[] passwordForKey = properties.getProperty("PasswordForKey").toCharArray(); ks.load(new FileInputStream(ksName), password); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, passwordForKey); SSLContext context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), null, null); SSLServerSocketFactory ssf = context.getServerSocketFactory(); SSLServerSocket serverSocket = (SSLServerSocket) ssf.createServerSocket(tcpPort); ServiceThread serviceThread = new ServiceThread(servicePort, id); serviceThread.start(); while (!serverSocket.isClosed()) { ClientThread client = new ClientThread(placeForFiles); SSLSocket socket = (SSLSocket) serverSocket.accept(); socket.startHandshake(); client.setSocket(socket); client.start(); } }
/** * Allow the Listener a chance to customise the request. before the server does its stuff. <br> * This allows the required attributes to be set for SSL requests. <br> * The requirements of the Servlet specs are: * * <ul> * <li>an attribute named "javax.servlet.request.cipher_suite" of type String. * <li>an attribute named "javax.servlet.request.key_size" of type Integer. * <li>an attribute named "javax.servlet.request.X509Certificate" of type * java.security.cert.X509Certificate[]. This is an array of objects of type * X509Certificate, the order of this array is defined as being in ascending order of trust. * The first certificate in the chain is the one set by the client, the next is the one used * to authenticate the first, and so on. * </ul> * * @param socket The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket. * @param request HttpRequest to be customised. */ protected void customizeRequest(Socket socket, HttpRequest request) { super.customizeRequest(socket, request); if (!(socket instanceof javax.net.ssl.SSLSocket)) return; // I'm tempted to let it throw an exception... try { SSLSocket sslSocket = (SSLSocket) socket; SSLSession sslSession = sslSocket.getSession(); String cipherSuite = sslSession.getCipherSuite(); Integer keySize; X509Certificate[] certs; CachedInfo cachedInfo = (CachedInfo) sslSession.getValue(CACHED_INFO_ATTR); if (cachedInfo != null) { keySize = cachedInfo.getKeySize(); certs = cachedInfo.getCerts(); } else { keySize = new Integer(ServletSSL.deduceKeyLength(cipherSuite)); certs = getCertChain(sslSession); cachedInfo = new CachedInfo(keySize, certs); sslSession.putValue(CACHED_INFO_ATTR, cachedInfo); } if (certs != null) request.setAttribute("javax.servlet.request.X509Certificate", certs); else if (_needClientAuth) // Sanity check throw new HttpException(HttpResponse.__403_Forbidden); request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite); request.setAttribute("javax.servlet.request.key_size", keySize); } catch (Exception e) { log.warn(LogSupport.EXCEPTION, e); } }
public Socket createSocket(String host, int port) throws IOException { Socket s = this.factory.createSocket(host, port); if (s instanceof SSLSocket) { SSLSocket ssl = (SSLSocket) s; ssl.setEnabledCipherSuites(this.getNoAuthCiperSuites(ssl.getSupportedCipherSuites())); } return s; }
public Socket createSocket( InetAddress address, int port, InetAddress clientAddress, int clientPort) throws IOException { Socket s = this.factory.createSocket(address, port, clientAddress, clientPort); if (s instanceof SSLSocket) { SSLSocket ssl = (SSLSocket) s; ssl.setEnabledCipherSuites(this.getNoAuthCiperSuites(ssl.getSupportedCipherSuites())); } return s; }
public Socket createSocket(String host, int port) throws IOException { Socket s = this.factory.createSocket(host, port); if (s instanceof SSLSocket) { SSLSocket ssl = (SSLSocket) s; ssl.setUseClientMode(false); // client offers to authenticate itself ssl.setNeedClientAuth(true); } return s; }
public Socket createSocket( InetAddress address, int port, InetAddress clientAddress, int clientPort) throws IOException { Socket s = this.factory.createSocket(address, port, clientAddress, clientPort); if (s instanceof SSLSocket) { SSLSocket ssl = (SSLSocket) s; ssl.setUseClientMode(false); // client offers to authenticate itself ssl.setNeedClientAuth(true); } return s; }
/** * @param p_serverSocket * @return * @exception IOException */ protected Socket accept(ServerSocket p_serverSocket) throws IOException { try { SSLSocket s = (SSLSocket) p_serverSocket.accept(); if (getMaxIdleTimeMs() > 0) s.setSoTimeout(getMaxIdleTimeMs()); s.startHandshake(); // block until SSL handshaking is done return s; } catch (SSLException e) { log.warn(LogSupport.EXCEPTION, e); throw new IOException(e.getMessage()); } }
void doTest(SSLSocket sslSocket) throws Exception { InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); System.out.println(" Writing"); sslOS.write(280); sslOS.flush(); System.out.println(" Reading"); sslIS.read(); sslSocket.close(); }
public static SSLSocket wrapSocket(Socket socket) throws Exception { // ssl socket factory SSLSocketFactory sslSocketFactory = sslContext().getSocketFactory(); // ssl socket SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket( socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true); sslSocket.setUseClientMode(true); sslSocket.startHandshake(); return sslSocket; }
public static void main(String[] args) throws Exception { try { Class.forName("javax.security.auth.kerberos.KerberosPrincipal"); System.out.println("Kerberos is present, nothing to test"); return; } catch (ClassNotFoundException okay) { } // test SSLSocket try (Socket s = SSLSocketFactory.getDefault().createSocket()) { SSLSocket sslSocket = (SSLSocket) s; checkNotSupported(sslSocket.getSupportedCipherSuites()); // attempt to enable each of the Kerberos cipher suites for (String kcs : KERBEROS_CIPHER_SUITES) { String[] suites = {kcs}; try { sslSocket.setEnabledCipherSuites(suites); throw new RuntimeException( "SSLSocket.setEnabledCipherSuitessuites allowed " + kcs + " but Kerberos not supported"); } catch (IllegalArgumentException expected) { } } } // test SSLServerSocket try (ServerSocket ss = SSLServerSocketFactory.getDefault().createServerSocket()) { SSLServerSocket sslSocket = (SSLServerSocket) ss; checkNotSupported(sslSocket.getSupportedCipherSuites()); // attempt to enable each of the Kerberos cipher suites for (String kcs : KERBEROS_CIPHER_SUITES) { String[] suites = {kcs}; try { sslSocket.setEnabledCipherSuites(suites); throw new RuntimeException( "SSLSocket.setEnabledCipherSuitessuites allowed " + kcs + " but Kerberos not supported"); } catch (IllegalArgumentException expected) { } } } }
private static void printConnectionInfo(SSLSocket s) { SSLSession currentSession = s.getSession(); System.out.println("Protocol: " + currentSession.getProtocol()); System.out.println("Cipher Suite: " + currentSession.getCipherSuite()); System.out.println("Host: " + currentSession.getPeerHost()); System.out.println("Host Port: " + currentSession.getPeerPort()); }
/* * Define the server side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doServerSide() throws Exception { SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); /* * Signal Client, we're ready for his connect. */ serverReady = true; SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); DataOutputStream out = new DataOutputStream(sslSocket.getOutputStream()); try { // get path to class file from header DataInputStream in = new DataInputStream(sslSocket.getInputStream()); String path = getPath(in); // retrieve bytecodes byte[] bytecodes = getBytes(path); // send bytecodes in response (assumes HTTP/1.0 or later) try { out.writeBytes("HTTP/1.0 200 OK\r\n"); out.writeBytes("Content-Length: " + bytecodes.length + "\r\n"); out.writeBytes("Content-Type: text/html\r\n\r\n"); out.write(bytecodes); out.flush(); } catch (IOException ie) { ie.printStackTrace(); return; } } catch (Exception e) { e.printStackTrace(); // write out error response out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n"); out.writeBytes("Content-Type: text/html\r\n\r\n"); out.flush(); } finally { // close the socket System.out.println("Server closing socket"); sslSocket.close(); serverReady = false; } }
private static void printSocketInfo(SSLSocket s) { System.out.println("Socket class: " + s.getClass()); System.out.println(" Remote address = " + s.getInetAddress().toString()); System.out.println(" Remote port = " + s.getPort()); System.out.println(" Local socket address = " + s.getLocalSocketAddress().toString()); System.out.println(" Local address = " + s.getLocalAddress().toString()); System.out.println(" Local port = " + s.getLocalPort()); System.out.println(" Need client authentication = " + s.getNeedClientAuth()); SSLSession ss = s.getSession(); System.out.println(" Cipher suite = " + ss.getCipherSuite()); System.out.println(" Protocol = " + ss.getProtocol()); }
private Socket secureConnect() throws IOException { if (socket_factory == null) { try { SSLContext context = SSLContext.getInstance("TLS"); context.init(getKeyManagers(config.getCertFile(), config.getCertPhrase()), null, sec_rnd); socket_factory = context.getSocketFactory(); } catch (GeneralSecurityException security_exception) { throw new IOException("Failed to create SSL socket factory."); } catch (IOException io_exception) { throw new IOException("Failed to read APNS certificate."); } } SSLSocket ssl_socket = null; ssl_socket = (SSLSocket) socket_factory.createSocket(config.getHostname(service), config.getPort(service)); ssl_socket.setUseClientMode(true); return ssl_socket; }
public void run() { System.out.println("JSSE Server listening on port " + cipherTest.serverPort); Executor exec = Executors.newFixedThreadPool(cipherTest.THREADS, DaemonThreadFactory.INSTANCE); try { while (true) { final SSLSocket socket = (SSLSocket) serverSocket.accept(); socket.setSoTimeout(cipherTest.TIMEOUT); Runnable r = new Runnable() { public void run() { try { InputStream in = socket.getInputStream(); OutputStream out = socket.getOutputStream(); handleRequest(in, out); out.flush(); socket.close(); socket.getSession().invalidate(); } catch (IOException e) { cipherTest.setFailed(); e.printStackTrace(); } finally { if (socket != null) { try { socket.close(); } catch (IOException e) { cipherTest.setFailed(); System.out.println("Exception closing socket on server side:"); e.printStackTrace(); } } } } }; exec.execute(r); } } catch (IOException e) { cipherTest.setFailed(); e.printStackTrace(); // } }
public static TcpSocket makeTls(TcpSocket upgrade) { try { SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, null, null); // get SSL factory because Java loves factories! SSLSocketFactory factory = sslContext.getSocketFactory(); // create new SSL socket SSLSocket socket; if (upgrade == null) { socket = (SSLSocket) factory.createSocket(); } // upgrade an existing socket else { socket = (SSLSocket) factory.createSocket( upgrade.peer.socket, upgrade.peer.socket.getInetAddress().getHostAddress(), upgrade.peer.socket.getPort(), false); socket.setUseClientMode(true); socket.startHandshake(); } // create the new TcpSocket instance TcpSocket self = new TcpSocket(); self.peer = new TcpSocketPeer(socket); // if upgrade, then initialize socket as already connected if (upgrade != null) self.peer.connected(self); return self; } catch (Exception e) { throw IOErr.make(e); } }
/* * Define the server side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doServerSide() throws Exception { SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); /* * Signal Client, we're ready for his connect. */ serverReady = true; SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); try { InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); BufferedReader br = new BufferedReader(new InputStreamReader(sslIS)); PrintStream ps = new PrintStream(sslOS); // process HTTP POST request from client System.out.println("status line: " + br.readLine()); String msg = null; while ((msg = br.readLine()) != null && msg.length() > 0) ; msg = br.readLine(); if (msg.equals(postMsg)) { ps.println("HTTP/1.1 200 OK\n\n"); } else { ps.println("HTTP/1.1 500 Not OK\n\n"); } ps.flush(); // close the socket while (!closeReady) { Thread.sleep(50); } } finally { sslSocket.close(); sslServerSocket.close(); } }
public void afterConnect() throws IOException, UnknownHostException { if (!isCachedConnection()) { SSLSocket s = null; SSLSocketFactory factory; factory = sslSocketFactory; try { if (!(serverSocket instanceof SSLSocket)) { s = (SSLSocket) factory.createSocket(serverSocket, host, port, true); } else { s = (SSLSocket) serverSocket; } } catch (IOException ex) { // If we fail to connect through the tunnel, try it // locally, as a last resort. If this doesn't work, // throw the original exception. try { s = (SSLSocket) factory.createSocket(host, port); } catch (IOException ignored) { throw ex; } } SSLSocketFactoryImpl.checkCreate(s); // // Force handshaking, so that we get any authentication. // Register a handshake callback so our session state tracks any // later session renegotiations. // String[] protocols = getProtocols(); String[] ciphers = getCipherSuites(); if (protocols != null) s.setEnabledProtocols(protocols); if (ciphers != null) s.setEnabledCipherSuites(ciphers); s.addHandshakeCompletedListener(this); s.startHandshake(); session = s.getSession(); // change the serverSocket and serverOutput serverSocket = s; try { serverOutput = new PrintStream( new BufferedOutputStream(serverSocket.getOutputStream()), false, encoding); } catch (UnsupportedEncodingException e) { throw new InternalError(encoding + " encoding not found"); } // check URL spoofing checkURLSpoofing(hv); } else { // if we are reusing a cached https session, // we don't need to do handshaking etc. But we do need to // set the ssl session session = ((SSLSocket) serverSocket).getSession(); } }
/** * SSL/TLS negotiation. Acquires an SSL socket of a connection and carries out handshake * processing. * * @throws java.io.IOException If server negotiation fails. */ private void performSSLNegotiation() throws IOException { initSSLContext(); SSLSocketFactory ssf = context.getSocketFactory(); String ip = getRemoteAddress().getHostAddress(); int port = getRemotePort(); SSLSocket socket = (SSLSocket) ssf.createSocket(_socket_, ip, port, true); socket.setEnableSessionCreation(true); socket.setUseClientMode(true); if (protocols != null) { socket.setEnabledProtocols(protocols); } if (suites != null) { socket.setEnabledCipherSuites(suites); } socket.startHandshake(); _socket_ = socket; _input_ = socket.getInputStream(); _output_ = socket.getOutputStream(); _reader = new CRLFLineReader(new InputStreamReader(_input_, encoding)); _writer = new BufferedWriter(new OutputStreamWriter(_output_, encoding)); }
/* * Define the server side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doServerSide() throws Exception { SSLServerSocketFactory sslssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); /* * Signal Client, we're ready for his connect. */ serverReady = true; SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); sslSocket.addHandshakeCompletedListener(this); InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); for (int i = 0; i < 10; i++) { sslIS.read(); sslOS.write(85); sslOS.flush(); } System.out.println("invalidating"); sslSocket.getSession().invalidate(); System.out.println("starting new handshake"); sslSocket.startHandshake(); for (int i = 0; i < 10; i++) { System.out.println("sending/receiving data, iteration: " + i); sslIS.read(); sslOS.write(85); sslOS.flush(); } sslSocket.close(); }
public static void main(String[] args) throws Exception { String host; int port; char[] passphrase; if ((args.length == 1) || (args.length == 2)) { String[] c = args[0].split(":"); host = c[0]; port = (c.length == 1) ? 443 : Integer.parseInt(c[1]); String p = (args.length == 1) ? "changeit" : args[1]; passphrase = p.toCharArray(); } else { System.out.println("Usage: java InstallCert <host>[:port] [passphrase]"); return; } File file = new File("jssecacerts"); if (file.isFile() == false) { char SEP = File.separatorChar; File dir = new File(System.getProperty("java.home") + SEP + "lib" + SEP + "security"); file = new File(dir, "jssecacerts"); if (file.isFile() == false) { file = new File(dir, "cacerts"); } } System.out.println("Loading KeyStore " + file + "..."); KeyStore ks; InputStream in = new FileInputStream(file); ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(in, passphrase); SSLContext context = SSLContext.getInstance("TLS"); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(ks); X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0]; SavingTrustManager tm = new SavingTrustManager(defaultTrustManager); context.init(null, new TrustManager[] {tm}, null); SSLSocketFactory factory = context.getSocketFactory(); System.out.println("Opening connection to " + host + ":" + port + "..."); SSLSocket socket = (SSLSocket) factory.createSocket(host, port); socket.setSoTimeout(10000); try { System.out.println("Starting SSL handshake..."); socket.startHandshake(); socket.close(); System.out.println(); System.out.println("No errors, certificate is already trusted"); } catch (SSLException e) { System.out.println(); e.printStackTrace(System.out); } X509Certificate[] chain = tm.chain; if (chain == null) { System.out.println("Could not obtain server certificate chain"); return; } BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); System.out.println(); System.out.println("Server sent " + chain.length + " certificate(s):"); System.out.println(); MessageDigest sha1 = MessageDigest.getInstance("SHA1"); MessageDigest md5 = MessageDigest.getInstance("MD5"); for (int i = 0; i < chain.length; i++) { X509Certificate cert = chain[i]; System.out.println(" " + (i + 1) + " Subject " + cert.getSubjectDN()); System.out.println(" Issuer " + cert.getIssuerDN()); sha1.update(cert.getEncoded()); System.out.println(" sha1 " + toHexString(sha1.digest())); md5.update(cert.getEncoded()); System.out.println(" md5 " + toHexString(md5.digest())); System.out.println(); } System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]"); String line = reader.readLine().trim(); int k; try { k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1; } catch (NumberFormatException e) { System.out.println("KeyStore not changed"); return; } X509Certificate cert = chain[k]; String alias = host + "-" + (k + 1); ks.setCertificateEntry(alias, cert); OutputStream out = new FileOutputStream("jssecacerts"); ks.store(out, passphrase); out.close(); System.out.println(); System.out.println(cert); System.out.println(); System.out.println("Added certificate to keystore 'jssecacerts' using alias '" + alias + "'"); }
public static void main(String[] args) { BufferedReader sysIn = new BufferedReader(new InputStreamReader(System.in)); // Read from console PrintStream sysOut = System.out; // Print to console SSLSocketFactory mainFactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); // Get default SSL socket factory try { SSLSocket clientSocket = (SSLSocket) mainFactory.createSocket( "pop.mail.yahoo.com", 995); // create, connect, start handshake printSocketInfo(clientSocket); // Print connection info BufferedWriter serverWriter = new BufferedWriter( new OutputStreamWriter(clientSocket.getOutputStream())); // Write to server BufferedReader serverReader = new BufferedReader( new InputStreamReader(clientSocket.getInputStream())); // Read from server String serverInput = null; // Stores latest line from server String userInput = ""; // Stores lastest input line from user boolean tryRead = true; // Whether to read next line from serverReader (prevents blocking on multiline SMTP // responses) // The below booleans, used to successully close the connection, might be unnecessary boolean quitUser = false; // Whether the user has entered quit, might be unnecessary boolean openRead = true; // Whether serverReader is still open (serverInput != null) boolean openSocket = true; // Whether clientSocket is still open (clientSocket != null) // SMTP input variables boolean sendingData = false; boolean multi = false; // Main connection loop while (openSocket && openRead && !quitUser) { if (clientSocket == null) { // Break if socket is closed openSocket = false; break; } // Display server response/message if (multi) { while (tryRead) { serverInput = serverReader.readLine(); if (serverInput == null) { // If serverReader gets closed/connection broken openRead = false; tryRead = false; break; } sysOut.println(serverInput); // Check for multiline response or error if (serverInput.equals(".") || (serverInput.length() >= 4 && serverInput.startsWith("-ERR"))) { tryRead = false; } else { tryRead = true; } } } else { serverInput = serverReader.readLine(); if (serverInput == null) { // If serverReader gets closed/connection broken openRead = false; tryRead = false; break; } sysOut.println(serverInput); } multi = false; // Exit client if connection lost/closed prematurely if (openSocket == false || openRead == false) { break; } // If user previously entered quit if (userInput.length() >= 4 && userInput.substring(0, 4).equalsIgnoreCase("quit")) { quitUser = true; break; } // Get user input userInput = ""; // Reset userInput to show prompt // Read user input, display prompt if blank enter, otherwise send to server while (userInput.equals("")) { sysOut.print("C: "); userInput = sysIn.readLine(); } serverWriter.write(userInput, 0, userInput.length()); // Writing to server serverWriter.newLine(); serverWriter.flush(); tryRead = true; // Prepare for multi-line response if list, uidl, retr, or top if (userInput.equalsIgnoreCase("list") || userInput.equalsIgnoreCase("uidl") || userInput.equalsIgnoreCase("auth") || (userInput.length() >= 4 && userInput.substring(0, 4).equalsIgnoreCase("capa")) || (userInput.length() >= 4 && userInput.substring(0, 4).equalsIgnoreCase("retr")) || (userInput.length() >= 4 && userInput.substring(0, 3).equalsIgnoreCase("top"))) { multi = true; } } // Clean up all connection objects serverWriter.close(); serverReader.close(); clientSocket.close(); sysIn.close(); sysOut.close(); } catch (IOException e) { System.err.println(e.toString()); } }
public SSLSocket convertToSecureServerSocket(final Socket socket, final String domain) throws Exception { SSLSocket sslSocket = convertToSecureSocket(socket, domain); sslSocket.setUseClientMode(false); return sslSocket; }
public static void main(String[] args) throws Exception { String host = null; int port = -1; for (int i = 0; i < args.length; i++) { System.out.println("args[" + i + "] = " + args[i]); } if (args.length < 2) { System.out.println("USAGE: java client host port"); System.exit(-1); } try { /* get input parameters */ host = args[0]; port = Integer.parseInt(args[1]); } catch (IllegalArgumentException e) { System.out.println("USAGE: java client host port"); System.exit(-1); } try { /* set up a key manager for client authentication */ SSLSocketFactory factory = null; try { KeyStore ks = KeyStore.getInstance("JKS"); KeyStore ts = KeyStore.getInstance("JKS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); SSLContext ctx = SSLContext.getInstance("TLS"); BufferedReader br = new BufferedReader(new InputStreamReader(System.in)); System.out.print("Enter keystore: "); String keystoreName = br.readLine(); Console cons = System.console(); if (cons != null) { password = cons.readPassword("%s", "Password: "******"Cannot find a console to read password from. Eclipse CANNOT fork a terminal child process."); } ks.load(new FileInputStream("keystores/" + keystoreName), password); // keystore // password // (storepass) char[] cliTrustPW = "password".toCharArray(); ts.load(new FileInputStream("clienttruststore"), cliTrustPW); // truststore // password // (storepass); kmf.init(ks, password); // user password (keypass) tmf.init(ts); // keystore can be used as truststore here ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); factory = ctx.getSocketFactory(); } catch (Exception e) { e.printStackTrace(); throw new IOException(e.getMessage()); } SSLSocket socket = (SSLSocket) factory.createSocket(host, port); System.out.println("Handshake socket: " + socket + "\n"); /* * send http request * * See SSLSocketClient.java for more information about why there is * a forced handshake here when using PrintWriters. */ socket.startHandshake(); SSLSession session = socket.getSession(); X509Certificate cert = (X509Certificate) session.getPeerCertificateChain()[0]; System.out.println("Server DN: " + cert.getSubjectDN().getName()); System.out.println("Handshake socket: " + socket); System.out.println("Secure connection."); System.out.println("Issuer DN: " + cert.getIssuerDN().getName()); System.out.println("Serial N: " + cert.getSerialNumber().toString()); read = new BufferedReader(new InputStreamReader(System.in)); serverMsg = new BufferedReader(new InputStreamReader(socket.getInputStream())); out = new PrintWriter(socket.getOutputStream(), true); ois = new ObjectInputStream(socket.getInputStream()); records = new ArrayList<Record>(); boolean isLoggedIn = false; boolean isDone = false; isLoggedIn = waitForLoginData(); if (!isLoggedIn) { System.out.println( "This certificate does not have a user. \n Press the RETURN key to exit."); System.console().readLine(); out.close(); read.close(); socket.close(); return; } boolean accessDenied = false; while (!isDone) { if (accessDenied) { System.out.println( "Access denied, or no such record exists! \n Type 'help' for commands."); } System.out.print(user.getUsername() + " commands>"); msg = read.readLine(); fetchRecords(); splitMsg = msg.split("\\s+"); try { if (msg.equalsIgnoreCase("quit")) { break; } else if (msg.equalsIgnoreCase("help")) { printHelp(); } else if (splitMsg[0].equalsIgnoreCase("records")) { printRecords(); accessDenied = false; } else if (splitMsg[0].equalsIgnoreCase("edit") && (accessDenied = hasPermissions(msg))) { editRecord(splitMsg[1]); fetchRecords(); accessDenied = false; } else if (splitMsg[0].equalsIgnoreCase("read") && (accessDenied = hasPermissions(msg))) { printRecord(splitMsg[1]); accessDenied = false; } else if (splitMsg[0].equalsIgnoreCase("delete") && (accessDenied = hasPermissions(msg))) { for (Record r : records) { if (r.getId() == Long.parseLong(splitMsg[1])) { r.delete(user); accessDenied = false; } } fetchRecords(); } else if (splitMsg[0].equalsIgnoreCase("create") && (accessDenied = hasPermissions(msg))) { createRecord(); fetchRecords(); accessDenied = false; } else { accessDenied = true; } } catch (Exception e) { accessDenied = true; } } ois.close(); out.close(); read.close(); socket.close(); } catch (Exception e) { e.printStackTrace(); } }
/* * Define the server side of the test. * * If the server prematurely exits, serverReady will be set to true * to avoid infinite hangs. */ void doServerSide() throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); com.sun.net.ssl.SSLContext ctx = com.sun.net.ssl.SSLContext.getInstance("TLS"); com.sun.net.ssl.KeyManagerFactory kmf = com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509"); ks.load(new FileInputStream(keyFilename), cpasswd); kmf.init(ks, cpasswd); com.sun.net.ssl.TrustManager[] tms = new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()}; ctx.init(kmf.getKeyManagers(), tms, null); SSLServerSocketFactory sslssf = (SSLServerSocketFactory) ctx.getServerSocketFactory(); SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort); serverPort = sslServerSocket.getLocalPort(); sslServerSocket.setNeedClientAuth(true); /* * Create using the other type. */ SSLContext ctx1 = SSLContext.getInstance("TLS"); KeyManagerFactory kmf1 = KeyManagerFactory.getInstance("SunX509"); TrustManager[] tms1 = new TrustManager[] {new MyJavaxX509TrustManager()}; kmf1.init(ks, cpasswd); ctx1.init(kmf1.getKeyManagers(), tms1, null); sslssf = (SSLServerSocketFactory) ctx1.getServerSocketFactory(); SSLServerSocket sslServerSocket1 = (SSLServerSocket) sslssf.createServerSocket(serverPort1); serverPort1 = sslServerSocket1.getLocalPort(); sslServerSocket1.setNeedClientAuth(true); /* * Signal Client, we're ready for his connect. */ serverReady = true; SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept(); sslServerSocket.close(); serverReady = false; InputStream sslIS = sslSocket.getInputStream(); OutputStream sslOS = sslSocket.getOutputStream(); sslIS.read(); sslOS.write(85); sslOS.flush(); sslSocket.close(); sslSocket = (SSLSocket) sslServerSocket1.accept(); sslIS = sslSocket.getInputStream(); sslOS = sslSocket.getOutputStream(); sslIS.read(); sslOS.write(85); sslOS.flush(); sslSocket.close(); System.out.println("Server exiting!"); System.out.flush(); }