/**
* Configure Client authentication for this version of JSSE. The JSSE included in Java 1.4
* supports the 'want' value. Prior versions of JSSE will treat 'want' as 'false'.
*
* @param socket the SSLServerSocket
*/
protected void configureClientAuth(SSLServerSocket socket) {
if (wantClientAuth) {
socket.setWantClientAuth(wantClientAuth);
} else {
socket.setNeedClientAuth(requireClientAuth);
}
}
public static void main(String[] args) throws Exception {
SSLContext sslContext = createSSLContext();
SSLServerSocketFactory fact = sslContext.getServerSocketFactory();
SSLServerSocket sSock = (SSLServerSocket) fact.createServerSocket(Utils.PORT_NO);
// client authenticate where possible
sSock.setWantClientAuth(true);
for (; ; ) {
SSLSocket sslSock = (SSLSocket) sSock.accept();
try {
sslSock.startHandshake();
} catch (IOException e) {
continue;
}
readRequest(sslSock.getInputStream());
SSLSession session = sslSock.getSession();
try {
Principal clientID = session.getPeerPrincipal();
System.out.println("client identified as: " + clientID);
} catch (SSLPeerUnverifiedException e) {
System.out.println("client not authenticated");
}
sendResponse(sslSock.getOutputStream());
sslSock.close();
}
}
public void run() {
try {
store = provideKeys ? getKeyStore(keys) : null;
KeyManager[] keyManagers = store != null ? getKeyManagers(store) : null;
TrustManager[] trustManagers = new TrustManager[] {trustManager};
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
SSLServerSocket serverSocket =
(SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket();
if (clientAuth == CLIENT_AUTH_WANTED) {
serverSocket.setWantClientAuth(true);
} else if (clientAuth == CLIENT_AUTH_NEEDED) {
serverSocket.setNeedClientAuth(true);
} else {
serverSocket.setWantClientAuth(false);
}
serverSocket.bind(new InetSocketAddress(port));
SSLSocket clientSocket = (SSLSocket) serverSocket.accept();
InputStream istream = clientSocket.getInputStream();
byte[] buffer = new byte[1024];
istream.read(buffer);
OutputStream ostream = clientSocket.getOutputStream();
ostream.write(testData.getBytes());
ostream.flush();
while (notFinished) {
Thread.currentThread().sleep(500);
}
clientSocket.close();
serverSocket.close();
} catch (Exception ex) {
exception = ex;
}
}
/**
* Gets a server socket - this gets as SSL socket instead of the standard socket returned in the
* base class.
*/
protected ServerSocket getServerSocket() throws IOException {
// Just to make sure it's set before we start
SSLContext context = getSSLContext(this.keystore, this.password);
SSLServerSocketFactory factory = context.getServerSocketFactory();
SSLServerSocket ss =
(SSLServerSocket)
(this.listenAddress == null
? factory.createServerSocket(this.listenPort, BACKLOG_COUNT)
: factory.createServerSocket(
this.listenPort, BACKLOG_COUNT, InetAddress.getByName(this.listenAddress)));
ss.setEnableSessionCreation(true);
ss.setWantClientAuth(true);
return ss;
}
JSSEServer(CipherTest cipherTest) throws Exception {
super(cipherTest);
SSLContext serverContext = SSLContext.getInstance("TLS");
serverContext.init(
new KeyManager[] {cipherTest.keyManager},
new TrustManager[] {cipherTest.trustManager},
cipherTest.secureRandom);
SSLServerSocketFactory factory =
(SSLServerSocketFactory) serverContext.getServerSocketFactory();
serverSocket = (SSLServerSocket) factory.createServerSocket(cipherTest.serverPort);
cipherTest.serverPort = serverSocket.getLocalPort();
serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites());
serverSocket.setWantClientAuth(true);
}
private void doQRPCGTest(boolean sendTLS, boolean settingOn, boolean listenTLS) throws Exception {
if(settingOn)
networkManagerStub.setOutgoingTLSEnabled(true);
setAccepted(false);
BlockingConnectionUtils.drain(testUP[0]);
// make sure leaf is sharing
assertEquals(2, gnutellaFileView.size());
assertEquals(1, connectionManager.getNumConnections());
// send a query that should be answered
QueryRequest query = queryRequestFactory.createQueryRequest(GUID.makeGuid(), (byte) 1,
"berkeley", null, null, null, false, Network.UNKNOWN, false, 0);
testUP[0].send(query);
testUP[0].flush();
// await a response
Message m;
do {
m = testUP[0].receive(TIMEOUT);
} while (!(m instanceof QueryReply));
// confirm it has proxy info
QueryReply reply = (QueryReply) m;
assertNotNull(reply.getPushProxies());
// check out PushProxy info
Set proxies = reply.getPushProxies();
assertEquals(1, proxies.size());
Iterator iter = proxies.iterator();
IpPort ppi = (IpPort) iter.next();
assertEquals(ppi.getPort(), 6355);
assertTrue(ppi.getInetAddress().equals(testUP[0].getInetAddress()));
// set up a ServerSocket to get give on
ServerSocket ss;
if(listenTLS) {
SSLContext context = SSLUtils.getTLSContext();
SSLServerSocket sslServer = (SSLServerSocket)context.getServerSocketFactory().createServerSocket();
sslServer.setNeedClientAuth(false);
sslServer.setWantClientAuth(false);
sslServer.setEnabledCipherSuites(new String[] {"TLS_DH_anon_WITH_AES_128_CBC_SHA"});
ss = sslServer;
} else {
ss = new ServerSocket();
}
try {
ss.setReuseAddress(true);
ss.setSoTimeout(TIMEOUT);
ss.bind(new InetSocketAddress(9000));
// test that the client responds to a PushRequest
PushRequest pr = new PushRequestImpl(GUID.makeGuid(), (byte) 1,
applicationServices.getMyGUID(),
0,
InetAddress.getLocalHost().getAddress(),
9000,
Network.TCP,
sendTLS);
// send the PR off
testUP[0].send(pr);
testUP[0].flush();
// we should get a incoming GIV
Socket givSock = ss.accept();
try {
assertNotNull(givSock);
// start reading and confirming the HTTP request
String currLine;
BufferedReader reader = new BufferedReader(
new InputStreamReader(givSock.getInputStream()));
// confirm a GIV
currLine = reader.readLine();
GUID guid = new GUID(
applicationServices.getMyGUID());
String givLine = "GIV 0:" + guid.toHexString();
assertTrue(currLine.startsWith(givLine));
} finally {
givSock.close();
}
} finally {
ss.close();
}
}
public void setWantClientAuth(boolean flag) {
if (ss instanceof SSLServerSocket) {
((SSLServerSocket) ss).setWantClientAuth(flag);
}
}
public void setWantClientAuth(boolean want) {
s.setWantClientAuth(want);
}
public void setConfiguration(ListenerConfigurationItem cfg, boolean noKeepAlive)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException,
UnrecoverableKeyException, KeyManagementException, IOException {
keepAlive = !noKeepAlive;
config = cfg;
Map props = config.getProperties();
String s = (String) props.get("port");
if (s != null) port = new Integer(s).intValue();
s = (String) props.get("backlog");
if (s != null) backlog = new Integer(s).intValue();
if (keepAlive) {
s = (String) props.get("keepAlive");
if (s != null) keepAlive = new Boolean(s).booleanValue();
}
String useSSL = (String) props.get("useSSL");
String trustAll = (String) props.get("trustAll");
if (requiresSSL || "true".equalsIgnoreCase(useSSL)) {
KeyManager[] keyManagers = null;
TrustManager[] trustManagers = null;
String keyManager = (String) props.get("keyManager");
if (keyManager != null && keyManager.length() > 0) {
try {
KeyManager manager = (KeyManager) Configuration.getBean(keyManager);
keyManagers = new KeyManager[] {manager};
} catch (Exception e) {
e.printStackTrace();
}
} else {
String keystore = (String) props.get("keyStore");
String keystoreType = (String) props.get("keyStoreType");
String keystorePassword = (String) props.get("keyStorePassword");
String keyPassword = (String) props.get("keyPassword");
if (keystore != null) {
if (keystoreType == null) keystoreType = "pkcs12";
KeyStore ks = KeyStore.getInstance(keystoreType);
ks.load(
new FileInputStream(keystore),
keystorePassword == null ? null : keystorePassword.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyPassword == null ? null : keyPassword.toCharArray());
keyManagers = kmf.getKeyManagers();
}
}
String trustManager = (String) props.get("trustManager");
if (trustManager != null && trustManager.length() > 0) {
try {
TrustManager manager = (TrustManager) Configuration.getBean(trustManager);
trustManagers = new TrustManager[] {manager};
} catch (Exception e) {
e.printStackTrace();
}
} else if ("true".equalsIgnoreCase(trustAll)) {
trustManagers =
new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) {}
public void checkServerTrusted(X509Certificate[] chain, String authType) {}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
};
} else {
String keystore = (String) props.get("caStore");
String keystoreType = (String) props.get("caStoreType");
String keystorePassword = (String) props.get("caStorePassword");
if (keystore != null) {
if (keystoreType == null) keystoreType = "pkcs12";
KeyStore caKeys = KeyStore.getInstance(keystoreType);
caKeys.load(
new FileInputStream(keystore),
keystorePassword == null ? null : keystorePassword.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(caKeys);
trustManagers = tmf.getTrustManagers();
}
}
SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(keyManagers, trustManagers, null);
ServerSocketFactory socketFactory = sslContext.getServerSocketFactory();
SSLServerSocket sslServerSocket =
(SSLServerSocket) socketFactory.createServerSocket(port, backlog);
serverSocket = sslServerSocket;
if (sslWantClientAuth) sslServerSocket.setWantClientAuth(true);
if (sslNeedClientAuth) sslServerSocket.setNeedClientAuth(true);
if (sslEnabledProtocols != null) sslServerSocket.setEnabledProtocols(sslEnabledProtocols);
if (sslEnabledCiphers != null) sslServerSocket.setEnabledCipherSuites(sslEnabledCiphers);
usingSSL = true;
} else {
serverSocket = new ServerSocket(port, backlog);
}
serverSocket.setReuseAddress(true);
setActive(true);
}
